A 5-Judge Constitution Bench at the Supreme Court will soon decide the validity of Aadhaar; but some of the myths created by the organisation that has foisted this biometric identity on people continue to be busted. Over the years, one has observed that reports touting the 'benefits' of Aadhaar appear in the media, curiously coinciding with court hearing dates. The most popular of these are the lost-and-found stories.
The Aadhaar-successes are no different. The biometrics in the Aadhaar apparently help the authorities re-unite lost family members. But is this really happening? And is Aadhaar the magic tool that will put an end to Bollywood’s favourite story line of siblings lost and separated on trains, or fairs or parted from their parents, because a quick scan in a Aadhaar database will find anybody anywhere? The truth is vastly different.
Here are some facts. The Unique Identification Authority of India (UIDAI), which has tagged Indian residents with a number, has repeatedly told the Courts that it can only provide a 'Yes' or 'No' answer to any query on Aadhaar. It also stated that all biometrics and demographic information of Aadhaar holders is never shared with anyone. UIDAI even went up to the Supreme Court to oppose efforts by the Central Bureau of Investigation (CBI) to seek access to its biometric database for investigation in a criminal case. Under these circumstances, how anyone can claim that a ‘lost’ person was united with his/her family by using Aadhaar?
Biometrics do not provide demographic details, so how is this possible? There are three big holes in this propaganda. One, biometrics of a person keep change every three years. So a perfect match can only happen if the person is recently lost and not in case of long lost persons. Forget about persons missing for years, the biometric authentication of UIDAI's chief executive Ajay Bhushan Pandey also failed, as per his submission to the Supreme Court in the Aadhaar hearings.
Documents submitted before the five-judge Constitutional Bench, list the attempts at Aadhaar authentication by Mr Pandey. There was only one attempt out of 26 attempts to use biometric authentication. And that failed!
Secondly, UIDAI itself conducted a proof of the concept trial of the Aadhaar project between March and June 2010. With regard to the false positive identification error rate (i.e. FPIR)— the proportion of identification transactions by users not enrolled in the system, in which an identifier is returned - the UIDAI said, "We will look at the point where the FPIR (i.e. the possibility that a person is mistaken to be a different person) is 0.0025%". This means, for every 1-lakh comparisons, there would be two and a half false positives. On a large scale, it means for a population of over 120 crore, there would be 18 lakh crore false positives, or, for every single Indian resident there would be 15,000 false positives! (Click to see the calculations).
According to JT D'Souza, who analysed the pilot study conducted by the UIDAI, given the well-known lacunae in our infrastructure and massive demographics, biometrics as an ID will be a guaranteed failure and result in denial of service. He said, "The sum of false acceptance rate and false rejection rate (EER) reveals only part of the problem, which is rejection or acceptance within a short duration of enrolment. The bigger problem is ageing, including health and environment factors, which causes sufficient change to make biometrics completely unusable and requires very frequent re-enrolment."
While examining this issue in 2016, the President’s Council of Advisors on Science and Technology (PCAST) in the US found that only two properly designed studies of latent fingerprint analysis had been conducted. These both found the rate of false matches (known as 'false positives') to be very high: 1 in 18
and 1 in 30.
There is still no scientific basis for concluding that a specific person must have left a fingerprint, or even for estimating the number of people who might be the source of a print.
Lastly, experts around the world have been raising doubts on the scientific validity of biometrics, especially fingerprint analysis for investigation. A 2017 research report by American Association for the Advancement of Science (AAAS) states
, courtroom testimony and reports stating or even those implying that fingerprints collected from a crime scene belong to a single person are indefensible and lack scientific foundation. “We have concluded that latent print examiners should avoid claiming that they can associate a latent print with a single source and should particularly avoid claiming or implying that they can do so infallibly, with 100% accuracy,” the report says.
No wonder, when the CBI tried to get access to Aadhaar database, UIDAI fought vigorously. Not for the sake of keeping its database safe from the hands of the investigation agency, but not to let the truth of biometric failures out in the open.
UIDAI went to the Supreme Court to deny access to CBI to the Aadhaar database. In its judgement in 2014, the apex court held that UIDAI was restrained from transferring anyone’s biometric information with an Aadhaar number to any other agency without such person’s consent in writing.
This case was related CBI's probe into a rape case of a seven-year old child, which had taken place in a school washroom. All the investigation agency could found from the crime scene was some fingerprints, which it shared with UIDAI asking them to help in identifying and tracing the person/s. UIDAI rejected the request stating that it would violate privacy of the person (this was before the Supreme Court unanimously passed judgement on Right to Privacy).
CBI then sent a CD containing the fingerprints requesting UIDAI to compare them with its Aadhaar database. UIDAI, however, claimed that it did not have the requisite technology to parse through all the biometric information it held to run the comparison process. The Goa Bench of the Bombay High Court, then directed the Director General of the Central Forensic and Scientific Laboratory to appoint an expert along with any other expert UIDAI itself suggested to ascertain the competence of Aadhaar database. UIDAI then filed a special leave petition before the Supreme Court against the interim order of the HC.
In its order on 24 March 2014, the apex court stayed interim order passed by the Bombay HC for appointment of an expert. The SC also restrained the UIDAI from sharing any biometric information in its database without the consent of the owner of such data in writing.
Now consider reports of Aadhaar helping people re-uniting with own family. Mr Pandey, CEO of UIDAI told Global Conference on Cyberspace (GCCS) 2017 in November last year that as many as 500 missing children have been traced over past few months through Aadhaar.
He said this happened in instances where a child found in an orphanage underwent Aadhaar enrolment and it was found that his/her 12-digit biometric identifier had already been made! Looks like a classic Bollywood script where siblings were united through a locket or mark on body!
Later in February 2018, Mr Pandey repeated his propaganda in his keynote address at the 21st National Conference on e-governance held at the Hyderabad. He claimed
, “Aadhaar is being used to trace and unite missing children with their loved ones. Bollywood’s favourite script of two long-lost brothers reuniting after 20 years will no longer be relevant. Bollywood directors will have to look for other ideas henceforth!”
A review report from the US Department of Justice
on Federal Bureau of Investigation (FBI)’s handling of the Mayfield case, states, “…the Mayfield case illustrates a particular hazard of the Integrated Automated Fingerprint Identification System (IAFIS) computer program. IAFIS is designed to find candidate fingerprints having the most minutiae arrangements similar to the encoded minutiae from the latent print. These candidates should include the correct match of the print (if it is in the FBI database), but will also include the closed possible non-matches. In this case, the true source of the print was not in the IAFIS database, but the computer found an unusually close non-match. The enormous size of the IAFIS database and the power of the IAFIS program can find a confusingly similar candidate print. The Mayfield case demonstrates the need for particular care in conducting latent fingerprint examinations involving IAFIS candidates because of the elevated danger of encountering a close non-match”.
As on 2012, IAFIS houses fingerprints and criminal histories of seven crore subjects in the criminal master file, 3.1 crore civil prints and fingerprints from 73,000 known and suspected terrorists processed by the US or by international law enforcement agencies, says a report from the FBI.
For the sake of comparison, UIDAI’s Aadhaar database contains records of over 121 crore Indian residents. This includes fingerprints of 10 fingers, iris scans of both eyes and demographic details of Aadhaar holders. If IAFIS with its limited database find it difficult to match biometrics, how UIDAI is able to match such an extra-ordinary feat to uniting missing persons should make biometric researchers and experts from across the world hang in their heads in shame! But they are simply ignoring UIDAI’s big claims of 100% matching of biometrics with a single individual. May be they are jealous of UIDAI’s big achievement!
While most examiners no longer claim the 100% accuracy of a fingerprint analysis, they are using moderating terms like examiners can ‘identify’ or are ‘practically certain of’ as the source of a latent print during court testimony and reports.
However, Mr Pandey and the UIDAI seems to be certain about 100% matching skills of its Aadhaar database. May be the CBI should now go in appeal to get access to Aadhaar database for investigation in criminal cases!
According to AAAS report, at present there is no adequate scientific basis for to measure 100% accuracy and establish validity of latent fingerprint examinations.
“There is no basis for estimating the number of individuals who might be the source of a particular latent print. Hence, a latent print examiner has no more basis for concluding that the pool of possible sources is probably limited to a single person than for concluding it is certainly limited to a single person,” the report concludes.
May be Mr Pandey and UIDAI can teach all researchers across the world how to accurately match individual fingerprint from among a huge database of over a billion Indian residents, who have Aadhaar!
Validity of Aadhaar, whether it is under the Aadhaar scheme or the Aadhaar Act, is already under challenge on the touchstone of Article 21 of the Constitution. Various facets of Article 21 are pressed into service. First and foremost is that it violates Right to Privacy and Right to Privacy is part of Article 21 of the Constitution. Secondly, it is also argued that it violates human dignity, which is another aspect of Article 21 of the Constitution.
Hope the 5-Judge Bench of Supreme Court relieve citizens from the hardships of Aadhaar and save from false propaganda of UIDAI and its proponents.