Aadhaar insecurities

The damning media revelations of a serious back-door security breach that gives unauthorised persons unfettered access to the demographic data mapped to a billion-plus Aadhaar numbers have yet again shaken public faith in the robustness of the security architecture of the unique ID project. The latest exposé, by The Tribune, comes on top of other reports of data leaks which have compromised the data that the public either gave the UIDAI in good faith or was coerced into coughing up by successive governments. In every such case, the UIDAI and the Government have responded with cavalier unconcern — and a disquieting tendency to punitively go after the whistle-blower. In the most recent instance, rather than seek to address legitimate public misgivings over the breach of data that is mapped to virtually their entire financial universe, the UIDAI has filed an FIR against, among others, the journalist; and on social media platforms, the BJP has airily dismissed the well-documented report as “fake news”.

Beyond the clunky handling and the optics, there is a more serious issue at stake. At the heart of all these Aadhaar-linked security problems lies the fact that in the rush to give the unique ID enterprise the universality — indeed, the ubiquity — that policymakers whimsically deemed was necessary, the Government outsourced much of the enrolment and maintenance procedures to private operators without implementing fail-safe security protocols. Last year, the Government acknowledged in Parliament that in the past seven years, nearly 34,000 operators had been blacklisted for “polluting” the UIDAI ecosystem. Even in the latest instance, the unauthorised gateway to access Aadhaar data was abused by village-level enterprise operators initially hired — and subsequently fired — by the Government in order to make Aadhaar cards more widely available. Any attempt at plugging the loopholes must begin there, although it may already be too late, given that the demographic data has been hacked into.

Aadhaar was initially intended as an instrument of ‘inclusion’ — by giving authoritative proof of identity to the underprivileged who were falling through societal cracks. But since then it has morphed in many directions, with successive governments incrementally seeing it as a ‘silver bullet’ to address everything that afflicts governance in India, from inadequate financial inclusion to failure of last-mile delivery of welfare services to poor tax compliance to black money and even terrorism. Today, Aadhaar symbolises the cradle-to-grave overreach of a Big Government that is obsessively delighting in a new toy. And somewhere along the way, Aadhaar appears to have gone from being a facilitator of inclusion to an instrument of exclusion. And, as The Tribune report establishes, there are gaping holes in the security architecture. Perhaps the ongoing case in the Supreme Court will give occasion to review the merits of the project in its entirety.