Aadhaar, the biometrics-based unique identity number all Indian residents are entitled to, is being made mandatory for access to a wide range of government services. On Wednesday, the government proposed to make it mandatory for income tax filings from July. Last month, the government notified that Aadhaar, or at least proof of enrolment in Aadhaar, was mandatory for several vulnerable groups – including women rescued from trafficking, workers engaged in forced labour, schoolchildren between six and 14 years of age, and people with disabilities – to continue to receive government benefits. In the case of the schoolchildren, for instance, they will not be served mid-day meals from June if they cannot present their Aadhaar credentials.

The notifications state that the use of Aadhaar as a document of identification will bring in “transparency and efficiency”. But they, and the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, fail to specify what protection individuals will be accorded in the instance of their Aadhaar numbers being deactivated – which the Unique Identification Authority of India is authorised to carry out and has been doing in large numbers.

With the 12-digit numbers being linked to most basic services, their deactivation would have serious consequences for citizens, depriving them of their basic needs.

Authority’s powers

The Aadhaar Act regulations, which are currently in Parliament, state that an individual’s Aadhaar number may be “omitted” permanently or deactivated temporarily by the Unique Identification Authority of India, the agency responsible for issuing the numbers and managing the database. The regulations give the Authority the power to deactivate Aadhaar numbers even in the absence of an effective grievance redressal procedure for those whose numbers have been suspended.

Regulation 28 lists five circumstances under which a person’s Aadhaar number may be deactivated. These are:

  • If a child at 5 or 15 years of age fails to update biometrics afresh within two years of attaining age.
  • If biometrics were not captured despite the resident being able to provide them.
  • If enrolment is later found to have been done without valid documents.
  • If an existing photograph has been used instead of capturing a fresh photograph.
  • If information captured is flagged as having “bad data”.

Besides these five instances, there is also an omnibus reason: “Any other case requiring deactivation as deemed appropriate” by the Unique Identification Authority of India.

The regulations say that after omission or deactivation, “an agency nominated by UIDAI” may conduct a field enquiry and hear out the affected person. But this is not provided as a right to the number holder.

After the regulations were notified in September, this reporter submitted several right-to-information applications posing questions to the Unique Identification Authority of India on the deactivation process – as part of Scroll.in’s ongoing Identity Project series on the implementation of Aadhaar, which now has over a billion people enrolled. The period for which information was sought was from September 2010, when the first Aadhaar number was issued, till October 31, 2016. Most of the replies from the Authority’s regional offices were received in December and January, with a final response coming in on March 1.

Poor record-keeping

Replying to Scroll.in’s query, the Unique Identification Authority of India stated that it has deactivated 85,67,177 Aadhaar numbers for “biometric update” and 408 for “demographic update” between September 2010 and August 2016.

The Authority’s Data Update Policy states that the fingerprints and iris scans of infants and children enrolled in Aadhaar must be updated within two years of their attaining the age of five, and then again at the age of 15. If they fail to do so within this stipulated two-year period, their Aadhaar numbers will be automatically deactivated.

Demographic updates pertain to changes such as death, change of address, or to correct errors in demographic data during enrolment.

The Authority’s Technology Centre stated that it does not maintain data on deactivations according to the enrolment agency or the registrar that carried out the enrolment, or the authorised official who carried out the deactivation. It said that Aadhaar numbers requiring deactivation are simply “identified by enrolment processing systems” and the deactivation is done “without human intervention”.

The Unique Identification Authority of India stated that it does not maintain data on month-wise deactivations.

However, government data and interviews with scheme beneficiaries show that individuals in some states, such as Rajasthan, have faced glitches and authentication errors on a massive scale since Aadhaar was made mandatory to access food rations and social pensions in 2015-’16. Thousands of households could not access their legal food entitlements and pensions because of this.

Babu Singh, a construction worker, and his polio-struck wife Punni Devi with their children in Jawaja, Rajasthan. The family has not received food rations after glitches in Aadhaar biometric authentication. Image credit: Anumeha Yadav

In response to a right-to-information query asking the Unique Identification Authority of India if it maintained state-wise and district-wise deactivation data to see if some states showed more enrolment or fingerprint errors and subsequent deactivations, as a means to correct these errors, the agency said it does not maintain area-wise deactivation data.

Those whose numbers are deactivated are informed via text message on their mobile phones, it added in its reply. The Logistics Division at the Authority’s headquarters stated that the agency does not communicate the deactivation “in printed mode” or by post, leaving it unclear how they inform residents who do not own mobile phones.

The Authority said that it does not maintain a state-wise or district-wise break-up of deactivations.

On March 20, 2013, the minister for parliamentary affairs and planning in the then Congress-led government, Rajeev Shukla, told the Lok Sabha in response to a parliamentary question that the Unique Identification Authority of India had deactivated 3,84,237 Aadhaar numbers under the biometric exception clause, as enrolling agencies had waived biometric requirements even for those who did not qualify for the exemption. The clause is used in case of people with physical disabilities or injuries.

The Authority, however, did not share such details when Scroll.in sought information on deactivation numbers on the basis of reasons. It simply said these were done for biometric and demographic updates.

“Most deactivations occur as children are required to update their biometrics when they turn five or 15 years old, and if their data is not updated, their Aadhaar numbers get deactivated,” Vikash Shukla, senior manager, communications and public outreach, with the Authority told Scroll.in at the time of the agency’s response to the right-to-information application.

Emailed queries were also sent to the office of the Authority’s chief executive officer, ABP Pandey, on Friday (March 17), asking how the agency planned to address concerns that lack of prior notice of deactivation could cut off residents from important services, and whether it would start notifying residents by post too. They remained unanswered.

The Authority stated that an automated system takes care of Aadhaar deactivations, and that number-holders are only informed via SMS.
It added that it does not inform residents of the suspension of their Aadhaar numbers by post.

Children and Aadhaar

Among the government schemes for which Aadhaar has been made mandatory, many are for children, including free and compulsory school education up to 14 years of age, mid-day meals, and scholarships. Experts have questioned the logic of Aadhaar for children.

“If biometric data changes so often for children, why is the government interested in collecting their biometrics at all?” asked Dr Dipa Sinha, development economist at Ambedkar University in Delhi and a member of the Right to Food Campaign. “If their biometrics keep changing, how can the government claim a biometrics-linked identity number will help improve delivery of services in children’s schemes such as mid-day meals? Does the government even know if the biometrics is not formed at 14 years 11 months but is formed at 15 years, or will they keep experimenting to find out?”

Sinha pointed out that suspending the Aadhaar numbers of children without prior notice to their parents, or notification only by text message post-deactivation will lead to large-scale problems in children’s access to health, nutrition and education.

Lawyer and researcher Prashant Reddy Thikkavarapu questioned the lack of proper procedure in deactivation. “The law and regulations should specify which official is authorised to carry out deactivation, provide prior notification and mandatory hearing in law,” he said. “Instead, the Authority is stating that this is a system where artificial intelligence is depriving people of Aadhaar numbers automatically, without human intervention.”

If the Aadhaar Act says every resident has a legal right to obtain an Aadhaar number, how can the regulations give the Authority the administrative discretion to deactivate an individual’s number without prior notice, he asked.

Reddy pointed out that the previous National Identification Authority of India Bill, 2010 drafted by the Congress-led United Progressive Alliance government had provided for an Identity Review Committee, comprising nominees of the prime minister, leader of the Opposition, and a Union cabinet minister to monitor Aadhaar usage patterns and submit an annual report to Parliament. But the Aadhaar Act had diluted this requirement. “Such a committee could have provided independent oversight over the UIDAI and transparency in how Aadhaar numbers are being used, what do the usage patterns show, but now there is no such provision,” he said.

Grievance redressal

The Unique Identity Authority of India, in its response to the right-to-information request, stated that it does not have information on officials, within it or outside, who are authorised to carry out deactivations. It also did not share information on the policy and procedure followed with respect to officials responsible for grievance redressal.

In response to the query on the grievance redressal process, the Authority stated that it receives complaints both through a portal of the Department of Administrative Reforms and Public Grievances, an online platform used by various ministries, and through post.

It shared information on year-wise and state-wise grievances received between 2010 and 2016 on the “PG portal”, but added that it did not maintain any record for offline grievances submitted on paper.

The Authority stated it does not maintain a record of offline grievances.
State-wise grievances received online by the Authority.

With growing evidence of a high rate of Aadhaar authentication failure, even for genuine beneficiaries, because of fingerprint errors or inadequate infrastructure, regulation 32 provides for the setting up of a contact centre, or a call centre number 1947 where people can register their grievances and receive a “unique reference number for further tracking”. This is the main avenue for grievance redressal, not district or block-level offices where residents can register their complaints.

The regulations say that users can get grievances resolved by visiting the Authority’s regional offices, but these exist only in eight states.

In response to a query about officials responsible for grievance redressal, it stated that its contact centre or 1947 call centre services have been outsourced to Tata Business Service Solutions and M/S SMPL. “These firms have their own policies to recruit customer care executives [voice and non-voice], and it is their internal matter,” the Authority said.

The Aadhaar regulations provide for a contact centre for complaints and grievances, whose services have been outsourced.