Six senior retired civil servants have written to Prime Minister Narendra Modi expressing alarm at the rapid spread of Aadhaar, the government’s Unique Identity project, to virtually all walks of life.

“We are concerned that the UID has, step by little step, encroached upon, and disrupted, the lives of many and denied their entitlements to many more, particularly amongst the poor,” the former Indian Administrative Services officers wrote in their letter dated October 6, 2017.

Accusing the government of having been less than transparent in regard to several important aspects of Aadhaar, the letter said that many of the government’s decisions are difficult to justify or even comprehend. “Meanwhile, the ecosystem promoting Aadhaar has been conducting campaigns of obfuscation and misinformation,” the letter said.

Calling for an objective review of the project, the letter asked for a course correction without any loss of time. “If it is found that there has been an administrative overreach, the decisions in question should promptly be reversed.”

Following is the full text of the note enclosed by them to the prime minister detailing their critical concerns and specific suggestions.

As we await the Supreme Court’s consideration of Aadhaar, the debate on the Unique Identity rages, and the government, despite specific court orders, continues to push it vigorously.

There has never been anything like Aadhaar in India. It now affects everyone and every activity from birth to death. And yet this is not how Aadhaar was conceived. The objective of the UID was to eliminate multiple and fake identities to ensure better targeting of subsidies. How did this transformation take place?

The journey of Aadhaar has indeed been remarkable. Accorded the highest priority by successive governments at the two ends of the political spectrum, the project has covered almost the entire population of India, digitising crores of records and issuing cards to each individual. The Aadhaar UID has also been empowered for a multitude of operations from opening bank accounts to securing passports and driving licences, even mobile connections by private players. These are no mean achievements.

Meanwhile, media reports and field surveys have poured in from across the country regarding leakages, malpractices and fraud; biometric mismatch and the rejection of genuine cases; errors in the demographic data, disentitlement and exclusion. The UIDAI has registered criminal cases for preparing fake Aadhaar cards, for hacking databases and so on. Assertions made by high public authorities have been contested for not being backed by verifiable data.

We have, therefore, tried to go behind the debate to ascertain the reality by critically examining the basic premise of Aadhaar, the experience on the ground, the text of the Aadhaar Act and its subordinate legislations, and the gap between the stated objectives and their realisation.

We are disturbed by the state of affairs because we find that Aadhaar is not what it has been presented to be. There has clearly been an uncommon haste in its implementation and a determined effort to extend it well beyond what is envisaged in the Act. The enthusiasm with which the UIDAI and the government have extolled the virtues of Aadhaar, and the disdain with which all criticism has been dismissed, point to the need for an unbiased review.

The forces that are pushing Aadhaar are indeed powerful. This per se is not objectionable, since Aadhaar does open up enormous business opportunities. Unfortunately, this lobby has stooped to misinformation campaigns and to intimidation and denigration of the project’s critics. We are loath to cite an individual instance, but feel compelled to do so because of its ominous significance. We allude here to the campaign of the team led by Shri Sharad Sharma of iSpirit and IndiaStack, entities that are deeply involved with the Aadhaar enterprise. When these individuals were exposed on social media, instead of being chastised for spreading falsehoods, they were actually congratulated by Shri Nandan Nilekani and other luminaries of the industry for being ‘brave’ enough to apologise! With vested interests of such stature in support, Aadhaar seems to have descended into the realm of post-truth and alternative facts.

It is incredible that no one really knows how Aadhaar has been performing. This is because the UIDAI, which is the sole repository of all information on Aadhaar, has resolved not to disclose any data; it has even refused information under the RTI, on grounds of national security.

The UIDAI now processes more than two crore Aadhaar authentications every day; 331 crore cases were dealt with between September 2012 and December 2016. About 40,000 cases have been registered for malpractices by the UIDAI. And yet no analysis of the experience has been made available to the public. This secrecy not only undermines the credibility of the UIDAI, but also raises questions about its intentions. Could it be that the data is so damaging as to vitiate the entire Aadhaar exercise? The UIDAI has chosen to keep its decision making opaque and its data beyond the pale of public scrutiny.

The fears of surveillance, security and profiling are possibly more real than we might believe them to be. We shall, however, confine ourselves to issues closer to the field and focus here on five aspects of Aadhaar where the decisions clearly need to be revisited.

1. The biometric fiasco

The first is the total dependence on fingerprint biometrics, an intrinsically unreliable technology, given that devices for iris recognition will not be widely available for use in the near future.

The UIDAI’s own proof of concept (POC) trials for fingerprint recognition showed an error of up to 15 percent with the best finger and 5 percent when two fingers were tried. There is little public awareness of these limitations.

The implications are serious and worrisome, for the numbers involved are very large. Thus, with a population of 80 crore under PDS, rejections can be as high as 12 crore, and will not be less than 4 crore; the technology ensures that this be so. Evidence from reports and surveys in Rajasthan, Andhra Pradesh and Jharkhand support this assumption.

According to the State of Aadhaar Report 2016 -17 by IDinsight, in the case of pensions in Andhra Pradesh, the rate of fingerprint authentication failure after three attempts was as high as 17.4 percent. In Telangana, the failure rate under MGNREGA averaged 7.8 percent.

A five percent error rate in fingerprint recognition has been confirmed both by the CEO of UIDAI and its former Chairman. Granted that there may be variations from state to state and, over time, improvements may be made and the initial glitches overcome, yet the exclusions would continue to be unacceptably high.

The problem is further compounded in rural areas disadvantaged by the poor quality of basic facilities and services. Critical to the success of Aadhaar are uninterrupted power supply, Internet connectivity, efficient fingerprint recognition devices, secure and reliable encryption and transmission of data, and well-trained staff. If one or more of these requirements are not met, the rates of rejection increase sharply. Field experience across states corroborates this assertion.

On these considerations alone, the proposal for the complete and exclusive dependence on fingerprint biometrics should have been eschewed.

Further, a clear provision for alternative modes of establishing one’s identity in the event of a failure of the Aadhaar identification ought to have been made. Instead, every case of mismatch is being celebrated as the elimination of a duplicate; and, in consequence, claims of huge savings are being made. In contrast, in Chhattisgarh, where this problem was duly acknowledged, the state government decided to accept alternative modes of identification.

The following steps are essential to remedy the situation:

  •   The complete reliance on biometric identification must be discarded and alternatives specific to each scheme adopted. This is the only way the ensuing disentitlement and exclusion can be avoided. Suitable modifications will be required in the Aadhaar Act, in the Aadhaar (Enrolment and Update) Regulations and in the Aadhaar (Authentication) Regulations.  
  •   In particular, Section 7 of the Aadhaar Act, which enables the government to make Aadhaar mandatory, must be amended to recognise first, the possibility of the failure of Aadhaar authentication and second, in the event of such failure, specifically to provide for alternate means to establish one’s identity.    
  •   In the same vein, any notification or guideline issued to make Aadhaar mandatory for a scheme, process or activity, should clearly provide for alternate methods of recognition when the Aadhaar fails.  
  •   Until such time as the availability of basic infrastructure - electricity, Internet connectivity, secure and efficient recognition devices - is ensured in a given area, alternative modes of identification should be accepted there.  

2. The defective demographic database

The second is that the demographic database for Aadhaar is not authenticated.

The credibility of this database is of vital importance. Any error of recording or transcription may lead to a mismatch and in consequence, to the rejection of the Aadhaar identification. In view of this, it is intriguing that at the time of enrolment, no verification of the information provided was considered necessary; the instructions were that information should be recorded in whatever form and manner it was given. On this basis, 100 crore Aadhaar cards were issued before the Act was passed by Parliament.

Moreover, the desired data could be provided even without any supporting documents: by an “introducer” or by the head of family, if he himself was an Aadhaar number holder. Documents like the ration card and PAN card, though considered unreliable, were also accepted for Aadhaar enrolment.

The actual enrolment was often conducted by relatively small agencies with a local presence, at times several stages removed from the original contracting parties; there was virtually no supervision or check on the correctness of the data recorded. There was a wide variation in the quality of equipment, training of personnel and fidelity of recording and transmission of biometrics and demographic data. Government agencies were not associated.

There are reports of large-scale inaccuracies, with instances of entire populations of villages recording the same date of birth, of errors in the names or addresses and so on. This has occasioned great hardship in authentication, but the authorities seem to be in denial.

  • It is imperative that the demographic data be correct. This can only be ensured through a comprehensive exercise similar to the revision of electoral rolls to enable individuals to rectify errors in their Aadhaar cards. This drive must be conducted in a systematic manner to cover every village and every ward in the country.
  •   In parallel, the provisions for enrolment in the Aadhaar Act and its Regulations should be made more stringent and rigorous.  

3. The Extension of Aadhaar without reason, as a policy imperative

The third is the persistent, and accelerated, extension of Aadhaar to every activity.

Aadhaar is now required by a new-born for her birth certificate, by a couple for registering its marriage, and by every soul before leaving for its heavenly abode.

An Act of Parliament sets out both the scope and the limitations of Aadhaar. Section 7 of the Act governs the adoption of Aadhaar for any scheme. Having been passed as a money bill, the Act has a direct nexus with the Consolidated Fund of India, and cannot, therefore, apply to activities falling outside this domain. The legality of each case of extension must be examined with reference to this context.

And yet, there seem to be no norms or procedures for prescribing Aadhaar for a particular activity. Evidently, the extension of Aadhaar is being pursued under a policy directive. It is being mandated mechanically, with inadequate deliberation. There is little attempt to analyse, evaluate the pros and cons, and assess the implications.

Consequently, we have several applications of Aadhaar which are an unnecessary impediment to accessing public goods and services. They only serve to cause gratuitous distress to common people. To illustrate,

  •   Midday meals for schoolchildren, when their identity is known to all and attendance is recorded for the day.   
  •   Treatment for TB patients under the national TB eradication programme, when their hospital record is available.  
  •   School admissions for children, when their admission papers and particulars of their parents, residence, etc. have already been submitted.  
  •    Lately, prospective organ donors, who had completed all the requisite formalities, have been denied this final generosity for want of Aadhaar!  

Such a situation is clearly untenable. The following correctives are needed.

  •   All further extensions of Aadhaar should be done only after intense scrutiny.    
  •   Adoption of Aadhaar for new programmes must be examined on a case-by-case basis. The objective should be efficiency, better delivery of benefits and services and convenience of the target groups. If the incorporation of Aadhaar does not lead to a significant value addition, and if the presumed inefficiencies can effectively be avoided by improving the programme design and streamlining the supervision, the proposal of extension should be dropped.  
  •   All the schemes where Aadhaar has been made mandatory (117 at last count) must be reviewed. These include all those notified under Section 7 of the Aadhaar Act, and also the activities outside the purview of the Act. Where the requirement of Aadhaar is found to be unjustified, or illegal under the Act, the orders should be withdrawn.  
  •   It is imperative to issue explicit guidelines laying down the norms and processes to be followed before extending Aadhaar to any scheme. The decision-making process should be transparent and include consultation with all the stakeholders. 

4. Corruption and the limitations of Aadhaar

The fourth is the premise that the UID is essential to bring about efficiency, to ensure that benefits reach the target groups, and to eliminate corrupt practices.

While this logic has a certain appeal in an environment of all pervasive scam fatigue, it will not be prudent to apply it across the board. The responsibility to ensure efficiency and minimise the scope for corruption lies primarily within the scheme design. Aadhaar is relevant only to the limited extent of “identity duplication”, and it is useful only where that is a major problem. It is essential, in fact, to look beyond Aadhaar and to examine the scheme in its entirety.

It is well documented that the avenues for corruption and misappropriation are multi-layered and convoluted. The loopholes in each scheme need to be plugged with reference to its framework. There are no shortcuts.

The following examples substantiate this postulate; these relate to programmes that are crucial for the most vulnerable – the landless, children and the elderly, the SC and ST communities – programmes which must not be discontinued.

  • Under PDS, the malpractices include poor quality of food grains, adulterated rations, and short weighments. In fact, under the revamped PDS post the National Food Security Act, fake ration cards do not seem to be an issue. The experience of Chhattisgarh and other states confirm this.
  • For midday meals, the large-scale pilfering of stocks, poor quality of meals, fabrication of records are the important concerns.
  • In pensions, there is misappropriation through the connivance of government officials and bank staff, short payments, and fudging of accounts.
  • In MGNREGA, the issues go well beyond fake job cards: collusion between the bank and the panchayat, ‘theft’ of a part of the wages, substandard construction material, inflated measurement books, and substitution of labour by earthmoving equipment.

Evidently, Aadhaar will not rid us of such corruption. In fact the focus on Aadhaar shifts attention away from the root causes of corruption, and Aadhaar comes to serve as a smokescreen.

  • Field verifications, inspections, door to door surveys, regular updates, supervision at disbursement time, transparent systems of payments, social audits and public hearings, measures which have fallen into disuse, need to be revived. Technology can also help with computerisation, digitalisation of databases, linkages between activities, and effective MIS.
  • What is needed is the will to take on the vested interests, break the nexus with criminal elements, and not depend merely on technological solutions or administrative interventions. There has to be a seriousness of intent. The enthusiasm that is being shown for Aadhaar could in fact be displayed in the implementation of the Lokpal Act, protection of whistle-blowers, grievance redressal and further strengthening of the RTI.

5. Regulating Commercialisation & Data Protection

The fifth area of concern is the opening up of the Aadhaar database for commercialisation.

The government seems to have adopted a laissez-faire approach in this regard. In the absence of effective regulation and control, misuse and unauthorised trading of personal data, rent seeking by intermediaries and touts, issuance of fake cards, targeting of Aadhaar number holders, and such like abuses have become all too common. The CEO of UIDAI has registered about 40,000 cases for various malpractices; there would be far more which have not come to light.

The penal provisions in the Act have not proved to be a serious deterrent. Far greater thought must be given to preserving the sanctity of the UID database and its operations. The recent hacking of Aadhaar data by an IIT alumnus has demonstrated how fragile the system is. The unabated seeding of Aadhaar in different databases has introduced new vulnerabilities into the system by providing access to hitherto isolated silos through a common platform. There is a real and patent risk of misuse of this wealth of personal information by unscrupulous elements. The possibility of unauthorised use by overreaching state agencies also cannot be ruled out.

The issue of profiteering by commercial entities offering Aadhaar based services does not seem to have been examined at all. On the contrary, there is a specific provision (14 m) in the Aadhaar (Authentication) Regulations to the effect that the government or the UIDAI shall have no say in the charges levied by service providers to their clients.

Some other aspects of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, also need to be reviewed. The concentration of authority in the UIDAI is overwhelming. Interestingly, there is no judicial redress for an aggrieved individual. Her existence is contingent on an authentication by the UIDAI: if it fails, she is left in the lurch; she has no avenues of appeal outside the UIDAI. Further, an exasperated Aadhaar number holder does not have the liberty to surrender the Aadhaar card. Aadhaar’s voluntary label is therefore less than convincing.

The Parliamentary Committee, which had examined the National Identification Authority of India (NIAI) Bill, 2010, had made extensive recommendations for its amelioration. These suggestions have largely been ignored while formulating the present law which was rushed through Parliament as a money bill. This short-circuited the established legislative process. Clearly, the Aadhaar Act requires a rigorous, de novo scrutiny, and a broad-based discussion in public forums.

We have not gone into the larger issues of privacy, surveillance, security, and profiling, which have been addressed by the Apex Court’s Constitution bench. We must, however, observe that civil society greatly prizes the right to be left alone. It includes the right not to be put out there and exposed involuntarily. The mandatory seeding of Aadhaar numbers for accessing public utilities such as water and electricity, and banking and other state services is tantamount to forced disclosure of personal information. This gives enormous powers to the state which could misuse them to curtail the individual’s right to privacy. Such curtailment may amount to the denial of the freedoms guaranteed under the provisions of Articles 19 and 21 of the Constitution. This aspect needs deeper examination.

(MK Bezboruah)
Formerly Chairman,
3rd Delhi Finance Commission

(Surjit Kishore Das)
Formerly Chief Secretary,
Govt. of Uttarakhand

(Kamal Kant Jaswal)
Formerly Secretary to Govt. of India,
Dept. of Information Technology

(CK Koshy)
Formerly Additional Chief Secretary,
Govt. Of Gujarat

(Lalit Mathur)
Formerly Director General, NIRD,
Ministry of Rural Development

(Dr VV Rama Subba Rao)
Formerly Additional Chief Secretary,
Govt. of Gujarat