Opinion: Aadhaar ID system is effective, but at risk of huge fraud


Activists have highlighted numerous incidents of denial of benefits.

Prime Minister Narendra Modi’s model of welfarism is not new to India: previous rulers also subsidized food and fuel, and gave the rural poor houses, toilets and paid work. Prime Minister Modi’s advantage comes from technology.

A year before the 2014 elections that brought it to power, the government, then led by Congress, piloted direct cash transfers to recipients, inspired by the popular Bolsa Familia program of former Brazilian President Lula da Silva.

Prime Minister Modi took that modest $1 billion start and turned it into a $300 billion vote magnet: And he did it with the help of 12-digit numbers.

These numbers – and the identity cards that carry them – are known as “Aadhaar”. It’s a biometrics-based system through which almost everyone in the second most populous country can prove who they are.

Aadhaar, which means “foundation” in Hindi, supports more than 450 million no-frills savings accounts and has boosted the use of mobile internet for financial transactions, even in remote villages. Five years ago, Nobel Prize-winning economist Paul Romer endorsed Aadhaar as a model for the world.

Increasingly, however, it looks like there’s quite a bit of epoxy putty – quite literally – in the very bedrock of Prime Minister Modi’s welfare package.

Fingerprinting 1.33 billion people and saving their personal information and iris scans to a central repository was no small feat. It was hoped that this super expensive database would pay its cost by helping to reduce waste in public programs and preventing theft.

See also  Death of the KK singer: the last performance of an emblematic musician leaves Internet users moved

This was touted as a big plus in a corruption-ridden country where state benefits struggle to reach legitimate beneficiaries.

However, activists have highlighted numerous incidents of denial of benefits: fingerprints fade with intense manual labor; correcting data entry errors can be a nightmare. These issues have been largely ignored.

Now there is a growing problem in the other direction: Aadhaar is being used very successfully – by scammers. Blame it on ubiquity combined with lax controls. While the unique identifier was designed to make welfare programs more efficient, private entities wasted no time in realizing its potential.

Banks and telecom operators have used Aadhaar to perform online “know your customer” verifications, which has significantly reduced their customer authentication costs. In the process, Aadhaar became ubiquitous and private data began to appear for sale on the dark web.

The government’s response was to sweep everything away. Anything that questions the integrity of the system is ignored. It’s no surprise: after choosing a technology and making it universal, policymakers have no other way to build trust in transactions.

In 2018, India’s Supreme Court restricted the use of the database – and banned private entities from using it for know-your-customer checks. Nonetheless, New Delhi has since opened legal backdoors for the private sector to continue exploiting.

A red flag about identity fraud came last month. The Unique Identification Authority of India, or UIDAI, has issued a notice asking people not to give out photocopies of their cards ‘because they can be misused’. Additionally, the advisory states that only users licensed with the authority can query the database to authenticate the identity; establishments such as hotels or cinemas are not permitted to collect or retain copies.

See also  I'm a woman who can only sleep with my friend - the others go at it like rabbits

After people started to wonder why this warning was being issued when everyone’s Aadhaar information was already circulating everywhere, it was taken down the same day and replaced with new guidelines that advised people “to exercise caution normal”.


So what’s going on? The Morning Context, an Indian news site, recently made an alarming account of scams. It seems anyone can learn how to clone a fingerprint with epoxy putty on YouTube; and anyone can buy an ID card online.

Fingerprints can be taken from digitized deeds of sale. Or, to steal money from bank accounts, one could hack a mobile app used by small village shops that double as micro ATMs for Aadhaar holders. The total number of Aadhaar frauds registered with the UIDAI increased sixfold last year, according to the May 30 article.

“There is no data on the total extent of defrauded social benefits, downgraded accounts and recorded criminal complaints,” Morning Context added.

More troubling than the crime is the official silence on its prevalence or severity. The Reserve Bank of India’s recently released Payments Vision 2025 nods to the “significant growth of the Aadhaar Enabled Payments System (AePS) through the Trade Correspondent Support Model”.

More than 2 billion of these micro-ATM transactions took place last year; it is a $38 billion entanglement of Aadhaar with the banking system – all on behalf of clients at the bottom of the economic pyramid. Yet, the RBI’s vision document, which has “integrity” as a key pillar, has nothing to say about enhancing security for deposit, withdrawal and transfer services used by the poor.

See also  Nagpur Congress leader Sheikh Hussain is accused of insulting PM Modi

Then there is the social welfare plank: the Aadhaar payment bridge system is the way the government transfers money to beneficiaries. Even here there are weaknesses.

In 2018, Ram Sewak Sharma, the former head of UIDAI, went public with his Aadhaar number on Twitter and dared privacy activists: “Show me a concrete example where you can hurt me!” It turns out that someone managed to register Sharma as an eligible farmer and Prime Minister Modi’s government gave him three installments of free money. You can split hairs on whether the vulnerability was in Aadhaar or elsewhere, but the hacker had proven a point.

Prime Minister Modi’s new welfarism rests on Aadhaar. But if there are cracks in the building, they should be recognized – not to scare users away, but to make them more aware. At the same time, India needs a strong data protection law. Losing money is bad enough. But it’s scary if a bad actor can place a person in a specific location or tie them to an activity using a bogus transaction. Sealing wax in the foundation of trust simply will not suffice.

(Except for the title, follow The New Zealand Times on Social Platforms.)



Please enter your comment!
Please enter your name here