There is no doubt in my mind that most people still do not understand what is Aadhaar. One reason is that there has been little real debate around what Aadhaar is because of a lot of slick PR by those who built it. There is a need to understand it before we criticise it or attempt to repair its failings.
1) Aadhaar Escaped Initial Scrutiny
The UPA government spent thousands of crore on Aadhaar with no debate in or outside Parliament, no legislative backing for it and most importantly, not one word on legal accountability for the authenticity of this biometric database.
As a result, thousands of crore were spent on creating a biometric database, which conducted very poor verification of identities and did not and does not have any details of who was a citizen.
The only time Aaadhar was scrutinised was by the Standing Committee on Finance which concluded very correctly that having poor verification and without having citizenship identification, Aadhaar was simply a collection of fingerprints of people whose identity was unverified. The Standing Committee recommended that Aadhar be merged with the National Population Register.
2) Aadhaar Bill
This government brought the Aadhaar Bill, repositioned it as a subsidy delivery platform and encouraged parliamentary debate.
It has developed a strategy to use Aadhaar and other tools to launch a sharp attack on the vexed and cursed problem of leakages, ghost and fraudulent claimants to public subsidies. It has addressed the issue of lack of verification and fake entries by making UIDAI statutorily responsible for verifying the entries.
3) 100 Crore Unverified Aadhaar Cards
The issue of use of Aadhaar as an ID for purposes goes beyond subsidies, ie to ensuring access to airports, as an ID to open bank accounts, for air tickets. Obviously, this goes beyond the remit of what the Aadhaar bill was supposed to be for.
When there is clear evidence all over of fake Aadhaars, what safeguards has UIDAI taken before Aadhaar is being permitted to be used as an identification card or tool? This needs to be answered.
The issue of rampant fake Aadhaar entries is a real one and it’s a direct consequence of the sloppy way this database was built.
While the Aadhaar Act passed in 2016 makes it the responsibility of the UIDAI to issue Aadhaar numbers only after verification – the government must know that between 2010 and 2014 there were over 60 crore and then 2014 and 2016 over additional 40 crore – totally 100 crore Aadhaar numbers with little or no verification.
Through the entire term of the UPA, Aadhaar numbers were issued with almost non-existent form of verification. This involved numerous small companies becoming enrolment agencies that were paid for each enrolee and who would collect the biometrics and collect documents without any responsibility of authenticity. There are hundreds and thousands of reports of enrolment agencies that took bribes to issue Aadhaar cards.
4) Using Aadhaar as an ID Card
While using Aadhaar to deliver subsidies is an acceptable cost of fakes, to use it as an ID is creating a situation of systemic risk. If this is not resolved and fixed at this stage, you will create a cascading crisis of fake and ghost bank accounts, voters and passport holders that you will find very difficult to unravel later.
There are solutions to this, but to develop that solution, we need to first accept that there are some shortcomings with Aadhaar.
5) Audit of Database
The problems of ghost and fake entries in Aadhaar will need to be addressed through an audit or cleanup or re-verification of the database. This is unavoidable. Ignoring it is unacceptable in the interests of the country.
6) Linking Aadhaar with Subsidy Delivery
There is another question for the Minister to ponder upon. Is it your case that non-citizens are entitled to government subsidies? There is a legal proposition that as a citizen and taxpayer, I can object to or insist that subsidies not be provided to any non-citizen till the needs of all our citizens are met.
If that proposition holds, then doesn’t it imply that citizenship information is essential for any subsidy delivery? This shortcoming of Aadhaar too can be fixed, provided that the government first accepts that this is required.
7) Plugging Leakages in Schemes
Secondly, moving to the main focus of Aadhaar – to better delivery of public subsidies. The issue of mandatory or non-mandatory needs to be discussed. I am also a petitioner in the PIL in the Supreme Court. The Act that Parliament passed is very clear: Aadhaar can be used as well as other IDs to avail benefits and subsidies.
I am of the view that there should be a roadmap to ensure that eventually Aadhaar will be the sole gateway for needy Indians to avail government subsidies and benefits. It is but natural for the government to ensure that money for the poor and needy reach only the poor and needy.
Corruption and leakages harm the poor and needy the most. So, the biggest beneficiary of ensuring that money for poor reach only the poor are the poor.
The government and minister must realise that many government departments are issuing rules making Aadhaar mandatory both for subsidies and most dangerously as primary IDs. More recently, to my question to the HRD ministry, they responded in contradiction to their own notification on this issue. So, confusion exists in many ministries and departments.
8) Fixing Accountability with UIDAI
A lot of the problems around Aadhaar can be placed squarely at the doorstep of the UIDAI, its vague and contradictory regulations, and lack of clear guidelines for its use. Proper oversight of UIDAI is lacking and needs to be put into place. For several years during UPA rule it was because there was a celebrity head of the UIDAI who spent considerable time trumpeting the virtues of Aadhaar in the media and so blunted any attempt at proper oversight.
The Aadhaar Act needs amendments on the issue of UIDAI accountability, because as custodians of this very important database, they need to be held to account because the implications in terms of security and other issues are significant.
9) Issue of Privacy
The third point is data integrity and the broader issue of privacy. In recent times, as more and more people have become aware of Aadhaar and its design and its expansion into other areas, more and more concerns about its design and operations have surfaced.
Some are legitimate concerns, many are caused by a lack of understanding and lack of communication and transparency by UIDAI. The concerns of a surveillance state are misplaced if certain safety measures are put into place.
10) No Grievance Redressal Mechanism
Aadhaar’s architecture of a centralised database is an archaic way of storing sensitive data and therefore represents a serious data security risk.
There could have been far smarter and better ways to store these large databases. But this government inherited what it has and there is no wishing it away without wasting a lot of public money.
Despite mandatory and substantive provisions laying out the requirement of verification, the Aadhaar Act and the regulations made thereunder remain silent on the liability of the UIDAI, or its personnel, in case of non-compliance, contravention, or violation of such provisions. There is no grievance redressal mechanism for those who suffer data breaches or leaks.
11) Action Against the Miscreants
In a modern and increasingly digital world that is being created, a set of rights for digital consumers vis a vis the custodian of data is a must. The current section on offences and penalties in the Act is in effect an incentive to lack of accountability of the UIDAI.
The proof is simple – despite all the overwhelming evidence of fake Aadhaars, there is no action by UIDAI on any of the enrolling agencies. Despite widespread evidence of misuse of access, the UIDAI has not taken any action.
12) Gauging Performance of UIDAI
The solution is to make UIDAI accountable. I would suggest regulations that require it to mandatorily disclose performance of its database in terms of errors and frauds and in addition a standing committee to oversee it, preferably a Parliamentary Standing Committee on National Identity Programme.
13) Burden on the User to Get Justice
The broader issue of privacy raises legitimate questions about the role and responsibility of the state or other agencies that are custodians of our digital footprints at a time of rapid digitisation of our lives and economies. The leader of the House conceded that he believes that privacy is a fundamental right even without waiting for the Supreme Court to opine on this.
The current protections to consumers and citizens under both the Aadhaar Act and the IT Act is skewed in favour of those who hold the data and places an extraordinary burden on the individual or user to get justice. I would encourage the government to enter this discussion, because many are concerned about this.
14) Balancing Privacy Rights and National Security Concerns
I understand that our national security concerns are sometimes at odds with the privacy rights of our citizens. But as the world’s largest democracy and soon perhaps the world’s leading digital democracy, we must take an enlightened and global lead in showing how we can balance our citizens’ rights to privacy and our national security considerations. I have heard the minister say there are enough safeguards in the IT and Aadhaar Act. With great respect, he is wrong.
As ‘onlining’ of our lives increases and our digital signature and footprint is increasingly all over, we will be met with scenarios and changes that we didn’t anticipate or were aware of. Constant change is the normal in this world. These kinds of debates will help the government and Parliament keep reviewing and adapting to these changes and challenges.
(The writer is a Rajya Sabha MP. These are excerpts from his speech in Parliament on 10 April 2017. The views expressed above are the author’s own. The Quint neither endorses nor is responsible for the same.)
Join The Quint on WhatsApp. Type “JOIN” and send to 9910181818.