Aadhaar – Identification Simplified, Myths Busted

The questions and criticism of the Aadhaar initiative are often generated from an inadequate understanding of the programme, say two UIDAI team members.

Passports: 57 million. Ration cards: 150 million. PAN Cards: 170 million. Driving Licence: 173 million. Voter ID Cards: 600 million. Aadhaar: 950 million. And this was in December 2015.

As on March 10, 2016, Aadhaar numbers issued by the Unique Identification Authority of India (UIDAI) stand close to 990 million. Aadhaar is already the world’s largest biometric database and the first online biometric-based identity system in the world. Its technology, architecture and accuracy have been tested in different proof of concept (POC) studies, field trials and various system implementations, such as LPG subsidy disbursal, Public Distribution System (PDS), MNREGS wages, bank account opening and passport issuance. We will soon reach a point where more than 1 billion Aadhaar numbers would have been issued, with more than 95% adults in the country having an Aadhaar.

This has been quite a journey since Ranjana Sonawne from Tembhli village in Maharashtra became the first person to get an Aadhaar in August 2010. To understand the inclusive nature of this program, join any queue where establishing your  identity is mandatory to receive a government or private service, and observe the proportion of people relying on their Aadhaar to prove their identity. For many, Aadhaar is perhaps the first document of their existence – a robust proof of their identity and address that can be verified online. No more closed doors for them!

Despite the benefits, many people have raised concerns and questions regarding Aadhaar and its potential misuse. One such representation is made by independent law researcher Usha Ramanathan in her article The Law Needs to Catch Up With Aadhaar, But Not in the Way Jaitley is Promising on The Wire. Ramanathan seems to have an incorrect comprehension of information and technology around Aadhaar, and we believe it’s important to bring out the facts and dispel the myths.

Since we are not experts on legislation, we will not delve into the Aadhaar (Target Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016; that’s best left to a parliamentary discussion. However, let’s touch upon the other critical aspects and bust the myths surrounding Aadhaar.

Myth 1 – High Cost

Was there a need to have yet another identity system? Does it justify the cost? Yes, absolutely, according to the World Bank, who said the initiative is estimated to be saving the Indian government about $1 billion annually by thwarting corruption, even as it underlined that digital technologies promote inclusion, efficiency and innovation.

How are such savings possible? The answer lies in Aadhaar’s ‘uniqueness efficiency’ in the delivery of food subsidy, fuel (LPG and kerosene) subsidy, fertiliser subsidy, MNREGS wages, pensions, scholarships and other government benefits, which it achieves by curbing leakages in benefits disbursement. Aadhaar means no fake, ghost or duplicate beneficiaries. Double-dipping will become more and more difficult with Aadhaar, a number that is well de-duplicated with the use of biometrics. Direct benefits transfer removes the middle layers where most inefficiencies lie. Reduced leakages will further ensure that a higher percentage of these benefits end up reaching the intended/real beneficiaries. All this at a total cost of less than a dollar per Aadhaar, which, incidentally, is the lowest in the world for the issuance of a similar identity.

Even before the World Bank’s endorsement of Aadhaar, Delhi-based National Institute of Public Finance and Policy conducted a detailed cost-analysis study on Aadhaar in 2012. Their analysis took into account the costs of developing and maintaining Aadhaar, and of integrating Aadhaar with the schemes over the next decade. The study found that substantial benefits would accrue to the government by integrating Aadhaar with schemes such as PDS, MNREGS, fertiliser and LPG subsidies, as well as housing, education and health programmes. It found that the benefits would arise from the reduction in leakages that occur due to identification and authentication issues. Even after taking all costs into account and making modest assumptions about leakages of about 7-12% value of transfer/subsidy, the study found that the Aadhaar project would yield an internal rate of return in real terms of 52.85% to the government.

Myth 2 – Profiling

A prominent criticism of Aadhaar is that it ‘profiles’ people. The UIDAI has emphasised several times that information related to religion or caste is neither collected nor stored in the Aadhaar database. Applicants and holders are encouraged to look at their Aadhaar to confirm this. The three biometrics collected are fingerprints, an iris scan and a face photograph. The four mandatory demographic information fields are name, address, gender and date of birth (or age). Optional information fields, such as mobile number and email, are collected for communication efficiency, including for sending a one-time password (OTP) for e-Aadhaar, updates or OTP authentication. Information on parent/guardians is mandatory only for children below the age of five. This is the only information collected from applicants, and no information that can result in profiling on the basis of religion and caste is sought.

Myth 3 – Proof of residence vs citizenship

Another criticism of the Aadhaar programme is that it is being given to everyone without identifying citizenship. The UIDAI has clarified that Aadhaar is for ‘residents’ and not just for ‘citizens’, a position that has remained unchanged since the programme was first initiated. Anyone who states otherwise is misrepresenting the facts.

Many Indians who go to the US obtain a social security number, which makes it easy and convenient for them to access services. This is similar to Aadhaar. As for the concern of illegal Bangladeshi migrants getting an Aadhaar, a reality check is required. What is the objective of refusing someone an Aadhaar if he/she already has a ration card, a voter ID card and/or other government documents? The Demographic Data Standards and Verification Procedures committee prescribes a list of valid 18 proof of identity and 33 valid proof of address documents for getting an Aadhaar. If someone already has those documents, the UIDAI can hardly be blamed for issuing them an Aadhaar. Who decides legality? If an enrollment operator uses his discretion to decide who is and isn’t eligible for an Aadhaar on personal whims, we’ll only be encouraging exclusion and fraudulent practices.

Myth 4 – Biometric and data theft

The Aadhaar programme has often been questioned because UIDAI collects biometrics and data “that can be stolen” or “sold to other countries”, and the security of which cannot be guaranteed. All government data resides in government databases just like all bank account data, including passwords, resides in bank databases. But does this mean we should stop putting our money into bank accounts?

The UIDAI has ensured security of data – both physically and at the application level – by applying leading technical and process practices. The UIDAI has also established two large-scale data centres to ensure complete security of data and applications, and it regularly conducts audits by reputed third party agencies to keep its systems and processes up to date.

In a utopian world, perhaps such government programs can exist without any private contractors. In the real world, however, private technology companies’ expertise and experience must be leveraged to successfully implement programs of such scale and ambition. Having said this, it’s important to clarify that the Aadhaar platform is built mostly on open source technologies, with propriety technologies being used only where necessary.

While adopting any propriety software for biometrics, the design approach followed by the UIDAI is to have multiple vendors in an architectural layer, with a payment model put in place such that the vendors are incentivised to improve quality, accuracy and speed. These vendors or their services can be replaced, as has happened, if they do not meet stringent service level agreements. The involvement of private sector players is designed such that the guiding principles for scale-up and quality are followed, and the business model encourages only the best to remain. An example of this is the more than 100 enrolment agencies deployed on ground, such that no monopolistic practices can creep in, and that they are penalised for any compromise of quality and conditions of contract.

Myth 5 – Exclusion

The Aadhaar programme is often said to be exclusivist. But with over 990 million Aadhaar numbers issued, it is the most inclusive identity system in India today. The number of Jan Dhan accounts that have been opened because of Aadhaar in the last two years is further testimony to the impact of the programme in enabling financial inclusion. Aadhaar-enabled micro-ATMs at post-offices are expected to have a transformational impact in furthering the cause of financial inclusion with respect to basic services, including deposits, withdrawals and balance inquiries, even in remote areas.

As far as exclusion in delivery of other services due to biometric authentication accuracy is concerned, it is important to go beyond scratching the surface. A detailed iris authentication POC done by the UIDAI in a semi-urban setting found that the accuracy was 99.73% for “two iris authentication” with a false acceptance rate of one in one million. Further, eight POCs done on fingerprint authentication proved that 99% accuracy could be achieved at a false acceptance rate of one in 10,000.

Biometric authentication is a platform, and service providers are expected to use their wisdom in using the platform. Biometric authentication is not the only platform available from the UIDAI; it offers demographic and OTP authentication as well. The UIDAI’s focus to get mobile numbers updated indicated the direction it wants to take – to give service providers another reliable option for authentication. Service providers can even build their own OTP authentication for exception handling. There can be multiple factors of authentication to ensure that nobody gets left out, including electronic and traditional paper-based authentication. Of course a good system design would require service providers to do exception handling in tandem with fraud detection.

To draw an analogy with the banking world, saying that biometric authentication accuracy causes exclusion is similar to saying ATMs cause exclusion because many places in India do not have ATMs. Or perhaps, saying that internet banking causes exclusion because many people in India do not have internet access. It’s an unnecessary and false connection of ‘cause’ and ‘effect’.

Also, the Aadhaar number, similar to the US’ social security number, has multiple applications that are not even linked to the use of the authentication platform. Direct benefits transfer for LPG subsidy is one such example of an Aadhaar-based application where authentication is not required.

Myth 6 – Wrongful inclusion

The Aadhaar programme has also been criticised for wrongful inclusion, which means one person is able to the benefits of another person. This criticism has no foundation in truth as no such case has been pointed out. One can draw an analogy to forgery, and the using a fake document or signature. The Aadhaar authentication platform works at a minimum false acceptance rate of around one in 10,000. This means a person with fraudulent intent will have to try 10,000 different Aadhaar numbers at different service delivery outlets in the country till a false match happens and he/she is able to wrongly access someone else’s benefit. Given the odds, such forgery is unlikely.

Myth 7 – Last-mile service delivery using Aadhaar is a problem

Connectivity trends and Internet infrastructure will continue to improve in India, boosting the Aadhaar programme. But Aadhaar authentication works over GPRS connectivity too. When heavy rains marooned large parts of Tamil Nadu, and all banks and ATMs were shut down, banking correspondents armed with Aadhaar-enabled micro-ATMs helped people withdraw cash from their bank accounts. The Aadhaar-enabled payment system is just one of the applications of the Aadhaar authentication platform.

Of course there are other challenges in last-mile delivery, such as the literacy levels of service delivery operators and the risks in cash handling. But it is pertinent to realise that the UIDAI cannot be blamed for such environmental factors, and that solutions to these problems have to be found outside the realm of the UIDAI.

Myth 8 – Privacy violations

Most of us have one or more identity/address documents, such as a passport, ration card, PAN card, driving licence, vehicle registration documents or a voter ID card. The government departments managing these already have our data. Aadhaar is no different. We give our data to banks, to insurance companies and to telecom companies for accounts, policies and mobile connections. LPG distributors get our data when we get a gas connection. Similarly when you create an email account, the service provider gets your data, as does an app provider when you install an app on your phone. An article in The Huffington Post illustrated what most people miss when they sign up on Facebook and choose not to read the terms and conditions – the social networking site has access to all your information.

We believe that the world has more access to personal details of ‘privacy supporters’ through their articles, blogs, and email, Facebook and Linkedin accounts, where they probably signed off their rights to privacy by accepting, without realising, the terms and condition. These have far greater chances of ‘misuse’ than the Aadhaar database, which CANNOT be shared with anyone without the consent of the Aadhaar-holder.

We live in a connected world and we trust reputed agencies to be the custodians of our data. Privacy must be respected, but suspecting a programme like Aadhaar of violating privacy is clearly going overboard.

Benefits outweigh the risks

The increased savings and efficiency in public service delivery due to the usage of Aadhaar would make dubious business practices redundant (which is just the beginning of Aadhaar usage) and will encourage public debate to be muddled with myths and misinformation. Readers need to be aware to make intelligent judgement based on data, facts and logic.

Every new change of system comes with inherent risks and challenges. But when the benefits, especially to the weaker and underprivileged sections of society, outweigh the risks and challenges significantly, it makes sense to adopt the new system and a new way of life that is more efficient and more effective. Needless to say, the UIDAI should continue to focus on secure and convenient updates, the enrollment of children and newborns, the enrollment of those who are still left out, accessible permanent locations for enrollment and update, and most importantly, continued and absolute de-duplication through an optimal orchestration of biometric and demographic data checks. Over the next few years, biometric technology and accuracy is expected to improve and become more cost-effective, and the same goes for connectivity up to the village level. Our estimate is that over the next two to three years, service providers will figure out how to use the Aadhaar platform effectively, thus making it ubiquitous for secure and convenient identification, and for better delivery of public and private services.

Piyush Peshwani and Bhuwan Joshi were part of the UIDAI team from the private sector, and can be reached at [email protected] and [email protected].