Prime Minister Narendra Modi, the once upon a time staunch critic and opponent of Aadhaar numbering scheme, is not only enforcing, but also mandating usage of the UID number for his pet Digital India campaign
The Aadhaar is putting national security in jeopardy. It is destroying governance and ability to govern. It will end the rule of law and perhaps even compromise the sovereignty of India. It is facilitating money laundering. Here is a summary of why Prime Minister Narendra Modi must act on the concerns and on his election promises.
1 The Political Gimmick: Prime Minister Narendra Modi has been amongst the strongest critics of the unique identification (UID) or Aadhaar, recognizing that it was running on mere executive order and not legislative sanction, he had called it a political gimmick. He had further highlighted that neither the team that met him, nor the then Prime Minister Dr Manmohan Singh had been able to allay his concerns and fears about National Security over the UID.
2 The Purpose of UID: In the presence of over a dozen different IDs, each of which serves a purpose and is not replaceable, there is no purpose served by the UID. When issued based on already existing IDs it is only adding yet another layer of red tape. When issued by “introducers” it serves no useful purpose, as it is not subject to any audit or verification.
3 The Validity of UID: Furthermore, the Unique Identification Authority of India (UIDAI) and the Finance Ministry have admitted that there are no designated officials certifying the identity or address and as such the UID is neither proof of address (PoA) nor proof of identity (PoI). From the procedure announced by the UIDAI, to recover lost UID numbers it is evident that several records are returned for biometric and demographic information. It is required to narrow match to 5-10 entries. This also means that de-duplication using biometrics is a mere theoretical exercise and biometrics cannot produce a unique ID. The UIDAI and Ministry of Finance have both indicated that no verification or audit of the UID database has ever happened. The UID is merely a random number assigned by the UIDAI to unverified and unaudited data submitted by private parties paid for each record is therefore not even a proof of the existence of any person.
4 The Insurance of UID: In addition, biometrics are neither permanent nor immovable. Biometrics change during the life of a person, sometimes even within a year, without warning. Biometrics can be easily stolen, replicated or misused as has been demonstrated by hacking fingerprints, and iris scans of high profile targets. The enrollment agencies that have captured the biometric have the entire demographic and biometric database in their possession and as such it can be misused or stolen. Once the biometric fails or is stolen, all the functions that have crept to link access to the biometric are denied with little or no recourse to the victim.
5 The Security Risks of UID: Using the UID to establish other ID’s and claim rights as a citizen when the UID is not even a PoI, PoA or PoE or can even be stolen creates a perfect channel for identity theft and infiltration by terrorists, anti-nationals, organized criminals and illegal immigrants. It is therefore not only a threat to national security but also to the sovereignty of the country. Using the UID as the sole or electronic know your customer (KYC) to open bank accounts that have no restriction of anti-money laundering rules, the Reserve Bank of India (RBI)’s Master Circular on KYC, the Financial Action Task Force (FATF) and the Basel Standards of keeping customer data, as has been forced by the Department of Revenue and the UIDAI on the RBI, is opening doors for use of such accounts to finance terrorism, organized crime, park black money, siphon direct cash transfers of subsidy and launder money. There are enough incidents in the country that highlight the compromise of national security through UID.
6 The Sufficiency of UID:
Further, the UID is neither necessary nor sufficient to deliver any benefit, rights and entitlements. Each benefit, right or entitlement requires its own ID and information that can neither be captured by the UID nor was the UID ever needed to deliver these. The UID worsens the quality of the ID databases by eliminating genuine beneficiaries and adding fake beneficiaries as for example has been seen in Pondicherry
. The use of UID adds a new layer to the business processes creating exclusion and increasing untraceable leakages. Any leakages can be plugged by audit of the original ID databases without requiring a UID. Further process redesign to reduce steps, increase auditability reduces leakages. Neither of these has been done.
7 The Costs of UID: The UID adds cost to every business process that uses it to deliver any benefit, right or entitlement. There is no basis to show any savings effected by the use of the UID as such savings can only happen by denying the delivery of benefits, subsidies or entitlements by claiming those denied were fake entries in the ID database of the government department. Firstly there can be no claim of the UID database being free of fraudulent entries. Secondly there are no FIRs in any department against officials or fake individuals. Thirdly many genuine beneficiaries have been excluded by the use of the UID. The UID therefore has only costs, not savings. Furthermore no cost has been put to stolen identity or worse the theft of a part or the entire registry.
8 The Disenfranchising by UID: A multi billion pound National ID program was scrapped by UK Prime Minister David Cameroon as part of his election promise even after the citizens had paid for their IDs for similar reasons that promised to disenfranchise the citizens and make them helpless if such an ID did not work. The US government post 9/11 under Bush had already discovered the use of Social Security Number (SSN) had resulted in identity theft of massive proportions and had issued explicit memos to all offices about "Safeguarding Against and Responding to the Breach of Personally Identifiable Information”. This also required restricting the use of the SSN and delinking the SSN from multiple usage.
What the Prime Minister must do?
Stop the UID linkages to government programs and initiate delinking UID from all government databases.
Verify and audit the entire UID database; if it is too expensive to do so, destroy the database as was done in the UK.
Initiate a time-bound judicial probe by a retired CAG and Supreme Court Judge supported by the CBI to investigate the exposure of the country to serious threats to national security due to UID.
Audit of other government databases can be done to "clean" them without requiring any new ID. If an ID is desired or an easy method to deliver and audit benefits is desired, consider shared ID http://www.sunday-guardian.com/analysis/time-to-think-of-aadhaars-alternatives or benefit delivery described here http://www.moneylife.in/article/10-digital-solutions-to-make-india-the-best-governed-nation/38338.html.
(Dr Anupam Saraph is a Professor, Future Designer, former governance and IT advisor to Goa’s former Chief Minister Manohar Parrikar and the Global Agenda Councils of the World Economic Forum.)