This series has flagged a puzzling trend. State governments are struggling to use Aadhaar-based fingerprint authentication in ration shops. At the same time, a rising number of companies are integrating Aadhaar into their databases.
The answers vary depending on whom you ask. Former officials of the Unique Identification Authority of India, the government agency which issues Aadhaar numbers and manages the database, blame state governments and banks for poor execution of Aadhaar-based welfare delivery. State governments in turn blame banks and poor internet connectivity and the failures of biometrics-based technology.
Out today, the second part of my story on companies, aadhaar and privacy.
As the previous story in this series reported, some companies are using Aadhaar to share customer and business partner information. This could aid the rise of data-broking companies like Acziom in the United States that hold ever more detailed profiles of people.
They can also be used to deny products, services or information to you. Google, as the Guardian reported in 2015, showed “an ad for a career coaching service advertising “$200k+” executive positions 1,852 times to men and 318 times to women”. In the process, they could deepen existing inequalities.
Or they can just peer into your personal life – as the taxi app Uber showed with its subsequently deleted “Rides of Glory” blogpost on what rides made between 10 pm and 4 am revealed about people’s sex lives.
Given such stakes, and the proliferation of the uses of Aadhaar, it is important to take a closer look at India’s privacy regime. Even as the use of customer data intensifies among Indian companies, what are the protections that exist?
Aadhaar, as India’s Unique Identity Project is called, aims to give a 12-digit unique identity number to all residents by collecting their fingerprint and iris scans. As of September, its database, maintained by the Unique Identity Authority of India, held the names, addresses and biometric information of more than 105 crore people.
But, quietly, a range of private sector companies have started using it. This includes verification firms like Authbridge, banks like HDFC, telecommunications companies like Reliance Jio, among others.
So far, most discussions on Aadhaar have focused on its utility for welfare delivery and the risk of government surveillance. But as private sector companies incorporate Aadhaar into their systems, fresh questions and concerns are emerging about what this means.
Monika Chowdhry, who heads the marketing division of Swabhimaan Distribution Services, the company that created TrustID, defended the app, saying it offers the valuable service of verifying people’s identities. “In our day to day life, we do a lot of transactions with people – like maids or plumbers. Till now, you would have to trust them on what they said about themselves and what others said about the quality of their work.” The company is solving that problem, she said. “We are saying ask the person for their Aadhaar number and name and we will immediately tell you if they are telling the truth or not,” Chowdhry said.
Chowdhry said that over time, the Aadhaar number of individuals will be used to create a private verified database of TrustIDs. “Our plan is to create a rating mechanism,” she said. Referring to the option for maid, plumbers and other service providers on the app, she added: “People like you and me, we have Linkedin and Naukri. What do these people have?”
By now the contours of the events are known. On Tuesday morning, the Supreme Court referred to a Constitution Bench the question of whether Indians have a fundamental right to privacy. The same afternoon, when the judges reconvened, they restricted the use of the government’s biometrics-based identity project Aadhaar to only the public distribution system for food grains, kerosene and LPG.
These orders are unmistakably significant. But what do they mean for the public and the ambitious Aadhaar programme? Why is the Aadhaar project, which seeks to do no more than assign a unique number to all Indians, getting snared in questions of privacy?
I write again on Aadhaar after a long hiatus. See the tag cloud for other links on the project as well.
The finance ministry has decided to limit Aadhaar’s role in its welfare scheme payments and, instead, use ATM-enabled RuPay cards for last-mile authentication to withdraw money. While it will continue to use Aadhaar for opening accounts and to eliminate ghosts and duplicates from beneficiary rolls, the ministry has decided to give RuPay ATM cards with bank accounts being opened under to-be-announced financial inclusion drive, Sampoorn Vittiyea Samaveshan, government officials told ET. “We do not want that an account holder should be restricted on a particular technology platform. By providing RuPay powered ATM card the account holder can transact on multiple platforms,” a senior finance ministry official said on the condition of anonymity. This is a large blow to the Unique Identification Authority of India (UIDAI) which has, till now, regarded authentication services as one of its principal functions.
…While researching this story, ET reviewed two drafts produced by the Department of Financial Services – one in June, and the second in July. The draft dated 8 July, 2014, says: “This account would be linked with the Aadhaar number of the account holder and would become the single point for receipt of Direct Benefit Transfers (DBT) from Government/Local Bodies.”
According to a source close to the UIDAI, who spoke to ET on the condition of anonymity, this phrasing suggests that while Aadhaar numbers might be seeded into bank accounts, it might not be used for authentication. In other words, once the cash flows into the Aadhaar-linked bank account, last-mile authentication when the money is being withdrawn will be done using the authentication systems of either the relevant bank or the last-mile service provider – like a Banking Correspondent (BC) company.
Not using Aadhaar for last mile authentication has significant fallouts for the UIDAI. Which, among other things, has the Aadhaar-enabled Payment System as one of its key components, and sees authentication services as one of its principal functions and revenue streams.
a small update on the ongoing churn over aadhaar and dbt. a purely online story, this.