Identity Project

Explainer: Aadhaar is vulnerable to identity theft because of its design and the way it is used

A centralised database, dual use as identifier and authenticator, and lack of sound legal framework are its main weaknesses.

Recent reports of the misuse of Aadhaar – the 12-digit unique identification number that the Indian government is pressuring all residents to obtain – have brought back concerns about the privacy and security of the project. In February, six employees of telecom service provider Reliance Jio were arrested for the fraudulent use of fingerprints to activate and sell SIM cards. There were also reports that month about Axis Bank and other entities storing and using biometric data without authorisation. Another report indicates that personal information, including Aadhaar numbers, can be freely obtained through a simple online search. In a society where Aadhaar is rapidly becoming the key for citizens to access every service, claims about its security merit more rigorous analysis.

Any robust identification mechanism must be able to prevent or adequately remedy identity theft. Identity theft occurs when someone’s identity is wrongfully appropriated, usually to commit crimes. In the case of Aadhaar, its design and application are likely to make identity theft easier. Unfortunately, even the legal framework seems inadequate to address these risks.

Flawed design

Aadhaar’s design is based on a centralised database called the Central Identities Data Repository that stores every individual’s demographic and biometric information. The aggregation of personal information in one centralised database makes it vulnerable to exploitation, making it a valuable target for hackers, states and identity thieves. Additionally, research suggests that in addition to external threats, centralised databases are also vulnerable to errors and misuse by custodians of the database themselves.

In 2005, researchers came out with a report examining a proposal for a unique, biometric ID in the United Kingdom. In the context of identity theft, the report stated that it was impossible to guarantee the security of such a vast database, which is likely to be accessed millions of times daily and be involved in the exchange of a large amount of valuable information. In 2010, the government there passed a legislation to repeal the project.

Problematic application

Besides structural vulnerabilities, the use of the Aadhaar number as a ubiquitous, universal identifier further heightens the risk of identity theft. The scheme of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, suggests that the number is only to be used to authenticate one’s identity – that is, to prove if a person is who she claims to be. However, an essential feature of the Aadhaar framework is seeding. Seeding allows organisations to feed Aadhaar numbers into their own databases, allowing them to uniquely identify beneficiaries or customers. The presence of one unique number for every individual across multiple public and private databases makes the convergence of this information easier. The legal framework does not prohibit this, and the safeguards for the security of these parallel databases are scant.

The dual use of Aadhaar as an identifier as well as an authenticator increases the probability of identity theft. An authenticator works well if it is confidential (for example, a password or PIN). Conversely, an identifier’s efficacy depends on it being openly available and widely used (for example, one’s name). In 2008, the United States federal regulator for consumer protection came out with a report on the correlation between the social security number and identity theft. Identity theft affects more than 7% of the adult American population, and has resulted in losses over $100 billion.

While there are several differences between the social security number and Aadhaar, the former has become the most common way for organisations in the United States to match individuals with their information. The report attributed the high rate of identity theft in America to the twin use of the social security number as an identifier as well as an authenticator. It stated that the social security number was not suitable for authentication because it was commonly used and easily accessible. Even in Australia, the extensive use of the tax file number has had a similar impact on identity theft.

Proponents of Aadhaar would argue that this comparison is unfair as neither of these identifiers use biometrics for authentication. However, it is well established that biometrics, too, are fallible. From creating gummy fingers – artificial fingers made of gelatin – to capturing fingerprints from photographs, biometric technology has been compromised even without sophisticated tools or methods. On the contrary, the use of biometrics raises the additional concern that in the event they are compromised, they cannot be re-issued like ordinary passwords or PINs. When biometrics are combined with a universal identifier like Aadhaar and subsequently compromised, an identity thief can instantly gain access to multiple services, while simultaneously preventing the individual from obtaining legitimate benefits she might be entitled to.

Inadequate legal framework

These design and application vulnerabilities are exacerbated in the absence of strong legal protections. The Aadhaar Act and its corresponding regulations reveal several weaknesses at multiple stages – at the time of enrolment itself, in detecting identity theft, and with respect to legal remedies after the crime has been detected.

The law allows an individual to enrol for Aadhaar without any document as proof of identity, through an introducer. An introducer can be any individual who vouches for the identity of the person in question, so long as she has an Aadhaar number herself. This makes it easy for individuals to enrol with a false or fraudulent identity. Reports indicate that a bank account can now be opened using Aadhaar, enabling individuals to take part in financial transactions with fraudulent credentials.

Further, if and when identity theft is committed, individuals may never come to know as the law does not require the Unique Identification Authority of India – the agency responsible for issuing Aadhaar numbers and managing the database – to inform citizens about a data breach.

Other impediments to discovering identity theft include the fact that the law imposes a fee for individuals to inspect their own authentication logs and this, too, is limited to a period of six months. The United States experience with identity theft suggests the crime can go undetected for years.

Even if an individual were to surpass these obstacles and discover such fraud, the law provides limited avenues for relief. While identity theft is a punishable offence under the Aadhaar Act, an individual has no power to initiate proceedings even if the crime has been detected. The Act only allows the Authority to initiate criminal proceedings. The individual’s only remedy is to register a complaint with the Authority’s grievance redressal centre, which has no accountability under the law. Most importantly, identity theft has been known to result in large financial losses or emotional distress. However, the provisions under the Aadhaar Act are criminal in nature, leaving individuals without an adequate remedy for compensation.

The poor drafting of the legislation only exacerbates the architectural vulnerabilities of Aadhaar. The law lacks effective checks to prevent identity theft and provide adequate redressal to victims of the crime. In the United States, proposals to combat identity theft have repeatedly emphasised on restricting the use of the social security number, especially by private companies. In light of the recent security breaches related to Aadhaar, the government must introspect on its use as a universal identifier.

Kritika Bhardwaj works as Programme Officer with the Centre for Communication Governance at the National Law University Delhi.

We welcome your comments at letters@scroll.in.
Sponsored Content BY 

How sustainable farming practices can secure India's food for the future

India is home to 15% of the world’s undernourished population.

Food security is a pressing problem in India and in the world. According to the Food and Agriculture Organization of the UN (FAO), it is estimated that over 190 million people go hungry every day in the country.

Evidence for India’s food challenge can be found in the fact that the yield per hectare of rice, one of India’s principal crops, is 2177 kgs per hectare, lagging behind countries such as China and Brazil that have yield rates of 4263 kgs/hectare and 3265 kgs/hectare respectively. The cereal yield per hectare in the country is also 2,981 kgs per hectare, lagging far behind countries such as China, Japan and the US.

The slow growth of agricultural production in India can be attributed to an inefficient rural transport system, lack of awareness about the treatment of crops, limited access to modern farming technology and the shrinking agricultural land due to urbanization. Add to that, an irregular monsoon and the fact that 63% of agricultural land is dependent on rainfall further increase the difficulties we face.

Despite these odds, there is huge potential for India to increase its agricultural productivity to meet the food requirements of its growing population.

The good news is that experience in India and other countries shows that the adoption of sustainable farming practices can increase both productivity and reduce ecological harm.

Sustainable agriculture techniques enable higher resource efficiency – they help produce greater agricultural output while using lesser land, water and energy, ensuring profitability for the farmer. These essentially include methods that, among other things, protect and enhance the crops and the soil, improve water absorption and use efficient seed treatments. While Indian farmers have traditionally followed these principles, new technology now makes them more effective.

For example, for soil enhancement, certified biodegradable mulch films are now available. A mulch film is a layer of protective material applied to soil to conserve moisture and fertility. Most mulch films used in agriculture today are made of polyethylene (PE), which has the unwanted overhead of disposal. It is a labour intensive and time-consuming process to remove the PE mulch film after usage. If not done, it affects soil quality and hence, crop yield. An independently certified biodegradable mulch film, on the other hand, is directly absorbed by the microorganisms in the soil. It conserves the soil properties, eliminates soil contamination, and saves the labor cost that comes with PE mulch films.

The other perpetual challenge for India’s farms is the availability of water. Many food crops like rice and sugarcane have a high-water requirement. In a country like India, where majority of the agricultural land is rain-fed, low rainfall years can wreak havoc for crops and cause a slew of other problems - a surge in crop prices and a reduction in access to essential food items. Again, Indian farmers have long experience in water conservation that can now be enhanced through technology.

Seeds can now be treated with enhancements that help them improve their root systems. This leads to more efficient water absorption.

In addition to soil and water management, the third big factor, better seed treatment, can also significantly improve crop health and boost productivity. These solutions include application of fungicides and insecticides that protect the seed from unwanted fungi and parasites that can damage crops or hinder growth, and increase productivity.

While sustainable agriculture through soil, water and seed management can increase crop yields, an efficient warehousing and distribution system is also necessary to ensure that the output reaches the consumers. According to a study by CIPHET, Indian government’s harvest-research body, up to 67 million tons of food get wasted every year — a quantity equivalent to that consumed by the entire state of Bihar in a year. Perishables, such as fruits and vegetables, end up rotting in store houses or during transportation due to pests, erratic weather and the lack of modern storage facilities. In fact, simply bringing down food wastage and increasing the efficiency in distribution alone can significantly help improve food security. Innovations such as special tarpaulins, that keep perishables cool during transit, and more efficient insulation solutions can reduce rotting and reduce energy usage in cold storage.

Thus, all three aspects — production, storage, and distribution — need to be optimized if India is to feed its ever-growing population.

One company working to drive increased sustainability down the entire agriculture value chain is BASF. For example, the company offers cutting edge seed treatments that protect crops from disease and provide plant health benefits such as enhanced vitality and better tolerance for stress and cold. In addition, BASF has developed a biodegradable mulch film from its ecovio® bioplastic that is certified compostable – meaning farmers can reap the benefits of better soil without risk of contamination or increased labor costs. These and more of the company’s innovations are helping farmers in India achieve higher and more sustainable yields.

Of course, products are only one part of the solution. The company also recognizes the importance of training farmers in sustainable farming practices and in the safe use of its products. To this end, BASF engaged in a widespread farmer outreach program called Samruddhi from 2007 to 2014. Their ‘Suraksha Hamesha’ (safety always) program reached over 23,000 farmers and 4,000 spray men across India in 2016 alone. In addition to training, the company also offers a ‘Sanrakshan® Kit’ to farmers that includes personal protection tools and equipment. All these efforts serve to spread awareness about the sustainable and responsible use of crop protection products – ensuring that farmers stay safe while producing good quality food.

Interested in learning more about BASF’s work in sustainable agriculture? See here.

This article was produced by the Scroll marketing team on behalf of BASF and not by the Scroll editorial team.