I should also point out that Aadhaar in fact attempts to capture identity itself, not merely issue a document. The founding management articulated it as a "digital atma (soul)", and the card that people use as a document today was originally meant to be a postal probe to confirm the address by delivering a receipt containing the assigned number (the only way to receive it).
That ridiculous ambition led to their many stupid choices and to further perversion as no other government department could understand what this was and how to use it, so they all invented their own usage processes – with enough loopholes to severely damage its utility as a credential.
The equivalent of a US SSN in India is PAN, the Permanent Account Number issued as a tax identifier, for both individuals and other tax-paying legal persons.
Correct, and my original draft had several paragraphs attempting to explain this, but this article was going into the print edition of the newspaper where they have a very hard limit on space. All of it got dropped.
There are a very large number of people from whom biometrics cannot be collected, or cannot be reliably collected (meaning they change rapidly):
1. Newborn babies (who are all issued Aadhaar without biometrics)
2. Children (rapid change)
3. Old people (fading eyes, wrinkled skin)
4. Workers handling harsh materials (smoothened fingertips)
5. Disabled people (missing fingers)
6. Visually impaired (iris scans won't work)
Biometrics are optional in the design of Aadhaar because all these classes have to be accommodated. But in practice? How do you distinguish between "unable to provide biometrics" and "refusing to provide biometrics with fraudulent intent"? Who makes this determination in each case where biometrics are required?
The design of Aadhaar also imagines that the machine is more reliable than the human authority using the machine, so the human does not need be trusted and government can therefore outsource citizen interactions to non-gazetted officials (ie, cheaper for the govt), who no longer have the authority to override the process when biometrics cannot be used.
This destruction of government accountability is the problem. This is the other half of the Aadhaar project. It's not just an innocent technological system, it's one that was explicitly conceived and funded as a way for one ideology within government (neoliberalism) to dismantle an older socialist ideology, without any thought for what happens to the technologically-excluded.
And what is the post-Aadhaar loss? Nobody knows, because there's no accounting. We're still in the "don't allow critical examination of Aadhaar" era of this regime.
Also, I got my COVID-19 vaccination without Aadhaar. It wasn't asked anywhere. I'm not sure what you're referring to as a connection between them.
The article doesn't make an argument around biometrics. Biometrics are needed even for getting a passport or registering a property purchase, but notice how those are never brought up in any argument around Aadhaar's use of biometrics, whether arguing for or against.
Procedural speed-ups are not because of the technology of Aadhaar, but because of the regulatory regime favouring it. The same fast processes also work without Aadhaar wherever there's been regulatory pushback against mandatory Aadhaar. For instance, video KYC works just fine without Aadhaar, and CKYC with just PAN also does instant KYC.
These are procedural decisions, not technological improvement with Aadhaar. Dig into how it works and you'll find that the technology isn't even where they claim it is.
i mentioned biometrics as historically it used to be a major point against the entire system. it is equally interesting to note that this aspect is no longer discussed as much.
we need to yet again stress on the universal part of the system. PAN might have KYC benefits, but keep in mind that there were about 67.7 million tax returns filed this year [1] compared to 1.42 billion or so living in the country. so assuming that everyone can benefit from PAN or other ID systems that are applicable for specific use cases is not enough to reach everyone.
whatever mix resulted into what Aadhaar is today, there are affordances that this allows that were previously not possible. keeping in mind that this has been a bipartisan effort, if there was indeed an existing system they could have improved, there should have been enough political and industrial will for it.
i just personally come to better appreciate it in hindsight now.
Biometrics are not discussed much these days because Aadhaar is no longer a strictly biometric id – either at enrollment or in usage.
Biometrics are not collected for toddlers and not considered reliable for under-15s, and that segment was about 30% of the population in the 2011 census. An unknown number have never updated Aadhaar to add biometrics.
Biometric auth fell into disuse with the shift to mobile internet. The government tried strong-arming Apple and Google into taking fingerprint scanners out of the hardware secure zone so they could send scanned fingerprints (minutiae) to UIDAI servers. That didn't work, so they tried coaxing OEMs to make Aadhaar phones with a second fingerprint reader. TRAI – whose chairman 2016-2020 was the ex-UIDAI head – even tried framing it as "device neutrality" borrowing from European app store regulation. None of that worked, so they just moved from biometrics to SMS OTPs for rich people, while continuing to harass poor people for it.
Aadhaar as a unique id was always a galaxy-brained idea when there's no biometrics for children, no removal of dead people, and confusion of uniqueness in an identity scheme vs uniqueness in a much smaller welfare scheme where there's always surplus population who will never notice identity theft.
The only good thing about Aadhaar is the card – it's given people a document that's near-universally accepted. But the Aadhaar card is an organic development that was not part of the original design – where the card was merely meant to be a receipt delivered via the post as a probe to confirm the address – and remains an afterthought in the narrative. Even today you'll find Aadhaar proponents who don't understand how the card is a very different thing from the digital id they associate Aadhaar with.
Not just for privacy, but broken processes and duplicitous technological claims. It doesn't solve the problems that people assume it does. It does solve other problems, which is why there's so much enthusiasm for enforcing it.
But it's hard getting mainstream attention for how these are different sets of problems.
India's equivalent of SSN is PAN, the Permanent Account number, which predates Aadhaar by decades.
DBT is also older than Aadhaar and uses IFSC + account numbers. An Aadhaar layer was added to it, wherein a new mapper from Aadhaar number to IFSC was added, but the additional indirection only creates additional opportunity for error and fraud, as the Airtel Payments Bank fraud demonstrated on a mass scale.
Jio's onboarding of 4G customers was not exclusively based on Aadhaar eKYC. They accepted any valid id, as I personally tested, but somehow Aadhaar propagandists fail to quote the break-up of IDs used.
Please, do a cross-check that you're not citing from propaganda material.
It is designed to be a universal foreign key. The number is supposed to be confidential, but almost no one treats it as such, and the founding CEO of the organisation (since retired) has repeatedly argued in public that the number should be public, and the official policy of regarding it as confidential was a poor compromise made to satisfy privacy critics. Since the architecture is not designed around confidential numbers, there is no actual way to keep it confidential.
Tokenization was promised and implemented in a rush while petitions against Aadhaar were being heard in the Supreme Court in 2018, but the tokens (called "virtual id") are not usable anywhere.
You give it to every service provider that has internal reasons to prevent double sign-up (usually: state sponsored subsidy)
Or if you don’t comply, the service provider will share their entire database with UIDAI (Unique ID Authority of India) and discover your Aadhaar number and add it to your record themselves. This scheme was colourfully marketed as “inorganic seeding” and ran without legal backing for several years.
If an Aadhaar number shows up twice in the database, it is considered a duplicate and the extra entry is deleted from the service provider’s database.
If no Aadhaar number shows up for a customer, it is considered a ghost and that person is also removed from the database. Sample side effects:
1. Several individuals who depended on the state for food grains were now classified as ghosts and died of hunger. The government attempted to dismiss the news as too fantastical to be true.
2. In an experimental case, this was done on a voter database in one state, and two million individuals found they could not vote in the 2019 elections because their voter identification was deleted. The government saved a shitload of money by not bothering to notify these individuals, also in violation of a legal requirement for due process.
Somewhere in the middle of these delightful experiments, they acknowledged that it was a bad idea to allow random service providers to upload their entire customer database, so they stopped the service. This enlightenment conveniently came after every major provider had run through the program once.
Later still, they acknowledged that if a service provider can add an Aadhaar number against a customer’s record without the customer’s consent, then nothing prevented fraud from occurring within the service provider. The solution to this problem was to acknowledge that Aadhaar numbers are confidential, so that an individual is protected from fraud in their name — as long as they manage to keep their number confidential.
Of course, no solution was found for service providers adding random Aadhaar numbers to create new ghosts.
Oh, and incidentally, it is not possible to perform biometric authentication on a dead person, and so it is not possible to mark an Aadhaar holder as deceased. The dead cannot certify their own death, and as RS Sharma — that founding Director General (whose post was later designated as CEO) keeps telling everyone [1][2], Aadhaar numbers were designed to be public and usable only against biometric authentication.
So now by design, Aadhaar numbers are perpetual, valid as long as they are in use, and any service provider can claim to be providing service to any Aadhaar number, and dead people can’t complain about deficient service, which is most convenient for fraudsters. The dead live on as ghosts in the machine.
That ridiculous ambition led to their many stupid choices and to further perversion as no other government department could understand what this was and how to use it, so they all invented their own usage processes – with enough loopholes to severely damage its utility as a credential.