Aadhaar: A little resin endangers India’s welfare system

Prime Minister Narendra Modi’s welfare model is not new to India: Past leaders have also subsidized food and fuel and given houses, toilets and paid jobs to the rural poor. Modi’s advantage lies in technology.

A year before the 2014 elections that put him in power, the then Congress-led government had experimented with direct money transfers to beneficiaries, inspired by former Brazilian President Lula da Silva’s popular Bolsa Familia program. Modi took that modest $1 billion start and turned it into a $300 billion vote magnet: And he did it using 12-digit numbers.

These numbers – and the IDs they carry – are known as “Aadhaar”. It’s a biometrics-based system that almost everyone in the second most populous nation can use to prove who they are. Aadhaar, which means “foundation” in Hindi, supports more than 450 million no-frills savings accounts and has promoted the use of mobile internet for financial transactions even in remote villages. Five years ago, Nobel laureate Paul Romer endorsed Aadhaar as a role model for the world.

Increasingly, however, it looks like there’s a whole lot of epoxy putty – literally – at the basis of Modi’s welfare program.

Fingerprinting 1.33 billion people and recording their personal information and iris scans in a central repository was no easy task. It was hoped that this super-expensive database would support its costs by helping reduce waste in public programs and deter theft. This has been touted as a major benefit in a corruption-ridden country where government benefits have a hard time reaching legitimate beneficiaries.

However, activists have highlighted numerous cases of underperforming: fingerprints fade from intense physical labour; Getting data entry errors fixed can be a nightmare. These issues have been largely ignored.

Now there’s a growing problem going the other way: Aadhaar is being used very successfully – by scammers. This is due to its ubiquity combined with lax controls. While the unique ID was designed to make welfare programs more efficient, private organizations wasted no time in realizing its potential. Banks and telcos used Aadhaar to conduct online know-your-customer checks, which drastically reduced their costs of authenticating customers. In the process, Aadhaar became ubiquitous and private data appeared for sale on the dark web.

The government’s response was to sweep everything away. Anything that raises doubts about the integrity of the system will be ignored. That’s no surprise: once they’ve chosen a technology and made it universal, policymakers have no other way to build trust in transactions. In 2018, India’s Supreme Court restricted use of the database — barring private companies from using it for know-your-customer verification. Nonetheless, New Delhi has since opened legal backdoors for the private sector to further tap into.

Last month came a wake-up call about identity fraud. The Unique Identification Authority of India (UIDAI) has issued an advisory urging people not to give out photocopies of their cards “because they can be misused”. The release goes on to say that only users licensed with the agency can query the database to authenticate identity; Establishments such as hotels or cinemas are not permitted to collect or store copies. After people began to wonder why this warning was being issued when everyone’s Aadhaar information was already circulating everywhere, it was withdrawn the same day and replaced with new guidance advising people to “exercise normal caution”. .

So what’s up? The Morning Context, an Indian news website, recently issued an alarming report of fraud. It seems anyone can learn how to clone a fingerprint with epoxy putty on YouTube; and anyone can buy an ID card online. Fingerprints can be taken from digitized real estate sales deeds. Or, to steal money from bank accounts, one could hack into a mobile app used by small village shops that double as micro-ATMs for Aadhaar owners. According to the May 30 article, the total number of Aadhaar scams registered with UIDAI has increased six-fold. “There is no data on the full extent of the defrauded benefits, account demotions and criminal charges being registered,” the Morning Context added.

More disturbing than the crime is the official silence about its extent or seriousness. The Reserve Bank of India’s recently released Payments Vision 2025 points to the “significant growth of the Aadhaar-Enabled Payments System (AePS) through the Economic Correspondent-supported model”. More than 2 billion such micro-ATM transactions were carried out in the last financial year; this is a $38 billion entanglement by Aadhaar with the banking system – all on behalf of customers at the bottom of the economic pyramid. Yet RBI’s vision document, which has “integrity” as its key pillar, says nothing about making security more robust for deposit, withdrawal and transfer services used by the poor.

Then there’s social assistance: using the Aadhaar Payment Bridge system, the government transfers cash to beneficiaries. There are weaknesses here too. Back in 2018, Ram Sewak Sharma, the former head of UIDAI, publicized his Aadhaar number on Twitter, challenging privacy activists: “Show me a specific example where you can harm me!” As it turned out, someone, Sharma, succeeded to register as a legitimate farmer, and the Modi government paid him three installments in cash. It’s debatable whether the vulnerability was in Aadhaar or elsewhere, but the hacker had proved a point.

Modi’s new welfare state is based on Aadhaar. But if there are cracks in the building, they need to be acknowledged – not to deter users, but to make them more aware. At the same time, India needs a strong data protection law. Losing money is bad enough. But it’s scary when a bad actor can use a bogus transaction to get a person to a certain place or tie them to an activity. Sealing wax in the trust base is simply not enough.

Leave a Reply

Your email address will not be published.