- One of the most important identification documents that have assumed the role of the ubiquitous entity in the country is none other than Aadhaar. As reports suggest, around 1.3 billion residents, including 99.9% of adults, have been assigned this pan-India biometric identifier. As a consequence of such widespread reach, it is the single most important database in India and one which is the de facto yardstick for all other databases. Looking back will reveal that it is no less than an unprecedented phenomenon as the first Aadhaar was issued only in September 2010.
PC: Idemia
- It took a mere four years from its tentative conceptualization to issuing the first 12-digit number, and then just another six years to cover a billion people. It’s a remarkable achievement indeed. As in any other government department, the Comptroller and Auditor General this week presented its performance audit of Aadhaar’s regulator, the Unique Identification Authority of India (UIDAI). The audit covered its mature phase, from 2014-15 to 2018-19. By that time, it had already generated about a mind-boggling 800 million Aadhaar numbers.
- Given this backdrop, CAG’s audit portrays an unsatisfactory picture of the systems and processes in UIDAI. The main takeaway is the laxity in the organization, which not only generates data for India’s most important identity but also is entrusted with safely storing it. This level of laxity is worrying because of the risk it entails. For the uninitiated, UIDAI operates Aadhaar through a layer of subcontractors by appointing registrars for enrolment who, in turn, subcontract. So, when an applicant’s biometrics are uploaded to the Central Identities Data Repository, it may be executed by the third layer of subcontractors.
PC: Garimachouhan
- A similar system is in place when a financial intermediary seeks to authenticate the identity of a potential customer by using the Aadhaar database. CAG’s report shows looseness in the process all through. Often, UIDAI neither has granular data nor is it able to pinpoint the cause for failure. For example, UIDAI is unable to identify the cause of authentication failures forcing people to pay to update their biometrics. In 2018-19, there were about 30 million biometric updates, of which 73% were voluntary updates. CAG observed they were mostly on account of authentication failures.
- The audit also showed that even at the first stage of enrolment there were problems with duplicate Aadhaars. Most worrisome perhaps is the lack of oversight of subcontractors as many failed to comply with UIDAI’s requirement in getting their operations audited annually by information systems auditors. This has a bearing on data security. Thus, UIDAI having more robust systems in place becomes inevitable. Also, getting a better grip on its own data and cracking the whip on its subcontractors is par for the course move too. Understand, a billion hope rest on it, and any indiscretion will be counterproductive.
