Workshop on Aadhar- Issues and Challenges


Workshop on Aadhar- Issues and Challenges

Date: 20 Dec 2017
Dr. Ajay Bhushan Pandey, Chief Executive Officer (CEO), UIDAI
Shri Osama Manzar, Expert, Digital Empowerment Foundation


Record of Discussion

Subject                         :  Aadhaar: Issues and Implications 

Date                              :  20 December, 2017

Venue                           :  G-70, Parliament Library Building, New Delhi     

Experts                        :    1. Dr Ajay Bhushan Pandey, CEO, Unique Identification    Authority of India (UIDAI)

                                          2. Shri Osama Manzar, Digital Empowerment Foundation


Dr Ajay Bhushan Pandey, CEO, UIDAI and Shri Osama Manzar, founding member, Digital Empowerment Foundation appeared as resource persons for the SRI workshop on Aadhaar: Issues and Implications held on 20 December 2017. While welcoming the experts and members of Parliament, Shri Rahul Dev, Honorary Advisor, SRI said that Aadhaar is widely used but not understood as much it is used. He added that many sensitive issues relating to Aadhaar are being heard by the Constitutional Bench in Supreme Court. It is therefore important that the members of Parliament are aware of the issues and implications of Aadhaar.                        

While making Power Point Presentation, Dr Ajay Bhushan Pandey, CEO, UIDAI said, “Aadhaar number is a 12-digit random number issued by the UIDAI (“Authority”) to the residents of India after satisfying the verification process laid down by the Authority.” Justifying the need of Aadhaar, he further added, “Aadhaar is a strategic policy tool for social and financial inclusion, public sector delivery reforms, managing fiscal budgets, increase convenience and promote hassle-free people-centric governance. Aadhaar can be used as a permanent Financial Address and facilitates financial inclusion of the underprivileged and weaker sections of the society and is therefore a tool of distributive justice and equality” 

Shri Osama Manzar from Digital Empowerment Foundation began his presentation by referring to UIDAI website which states, “to provide for good governance, efficient, transparent and targeted delivery of subsidies, benefits and services, the expenditure for which is incurred from the Consolidated Fund of India, to individuals residing in India through assigning of unique identity numbers.”

 Shri Manzar pointed out various shortcomings and problems faced by people following the mandatory use of Aadhaar. He emphasized that if Aadhaar is just another proof of identity like voter identity card, what is the need of making it mandatory for availing various services? He referred to the Supreme Court ruling in October 2015 which ruled that the use of Aadhaar, India's biometric-based identity number for residents, to access public benefits like pensions and provident fund was voluntary, not mandatory. However, he lamented that the Rajasthan Government started the process of seeding or linking the Aadhaar numbers of all pension beneficiaries to bank accounts in March of that year. Those without Aadhaar or bank accounts were struck off the pension list and declared dead.

Shri Manzar also talked about Infrastructure problems. He stated that poor delivery of Aadhaar scheme has led to social exclusion and denial of civil rights. People cannot access rations, pensions and wages. Even HIV patients, transgenders cannot access medical services without Aadhaar. He also shared certain instances of denial of ration as the e-POS did not recognize biometric or identify ration card number. He therefore stressed upon the need of strengthening digital devices, internet connectivity, database syncing and digital infrastructure.

Shri Manzar further indicated that there is no synchronisation of Government databases. States like Rajasthan and Andhra Pradesh have their own IDs linked to PDS. He further added that there is no clarity between Supreme Court, Central Government or State Governments and RBI.

Shri Manzar also talked about the following policy and implementation challenges:

  • Linking of Aadhaar started so as to plug leakages in the system. However, of the 7 major Aadhaar linked welfare schemes (PDS, NREGA, ICDS, LPG, fertilizer subsidy, IAY, Pension Scheme, Janani suraksha yojna etc.), only DBTL has been cited as a success story, saving Rs 15000 crore. On close scrutiny, this claim is misleading. According to CAG, the fall in oil prices account for 92% of the savings attributed to DBTL.
  • No provision for differently abled people who are unable to use Aadhaar linked schemes. No machines to collect biometrics of severely disabled and old people at home.
  • Denial of financial inclusion schemes such as Pension or MNREGA or fertilizer subsidies. The Aadhaar and PDS details could not be matched on the system despite various layers of identification recorded—name, address, UID, finger print and even iris scan.
  • Duplication of authentication and enrolling services which has led to increasing the cost of enrollment of citizens. For example - both UIDAI and NPR are entrusted with the job of enrolling residents and collection of their biometric details. Presently, UIDAI collects data from 24 states/UTs. NPR collects from 12 states/UTs.

Where NPR handles enrolments, they get from UIDAI. Protection of data is not covered by Aadhaar Act. This is a clear violation of Aadhaar Act.

On the issue of Aadhaar and Data Protection, Shri Manzar said that OECD countries recognise Health, Genetic, Financial, Ethnic, Racial, Religious belief, Sexual orientation as Sensitive Personal Information. Government of India recognises Passwords, Financial information such as Bank account or credit card or debit card or other payment instrument details, Physical, physiological and mental health condition, Sexual orientation, Medical records and history and Biometric information as Sensitive Personal Information.

Shri Manzar stressed upon the fact that biometric information cannot be changed. Unlike passwords which can be changed if compromised, biometric information remains the same. So, it is important that when biometric information is collected, it stored in a high secure database and protected. However, UIDAI has faced trouble collecting biometric information, authenticating it, and recognising customer details. 

As regards data protection, he said that Agencies approved by government to collect sensitive personal information have been found to have links to security companies in the USA. He therefore cautioned that Indian citizens’ data is not safe.

At the end of the presentation, Shri Manzar talked about the following possible solutions:

  • Allow for longer gestation period before enforcing Aadhaar linked rations and services.
  • Conduct trials and phase by phase roll out so infrastructural and technical issues can be addressed.
  • Aadhaar Act must address accountability of UIDAI in case of data breaches. Currently UIDAI does not have to disclose breaches to users.
  • Data Protection Act must address gaps in security that Aadhaar Act fails to address. We must protect citizens from foreign laws.
  • Validity and acceptance of Aadhaar as a valid document needs to be assured. Even if Aadhaar exists, checkers ask for other document like voter card. In that case the very purpose of Aadhaar identity is defeated. Is Aadhaar a one man one national identity? In that case will every citizen will get equal importance and respect? 
  • The objectives, awareness and real good intentions of Aadhaar has still not reached the people. The messages and communications have been not symmetric and have created confusion and doubts. These need to be addressed.

After the presentations, members of Parliament raised following issues relating to Aadhaar which were responded to by the experts:

1.  How can it be ensured that from Aadhaar possibly there is no leakage of data?

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI: Allaying the fear of leakage of Aadhaar data, he said that when someone puts fingerprint at a PDS shop or bank for Aadhaar authentication, the same captures his/her Aadhaar number. He explained that Aadhaar has a RF software which encrypts fingerprint then and there, and then the same is sent to UIDAI data centre where comparison is made whether the Aadhaar number is matching with the fingerprint/iris or not. Based on that answer, the bank decides to give services or not.  It is therefore, out of bounds for the bank and other people to see anyone’s data, he said. He further added that 4.5 crore Aadhaar authentications are happening every day.

In the same vein, on the issue of lack of digital infrastructure which is preventing many people to avail benefits, CEO, UIDAI said “it is a misconception that Aadhaar Act says that unless and until the finger print of an individual matches, he will be denied benefits. It is completely incorrect.” 

He referred to a notification under Section 7 which says that wherever the authentication is not working, a manual register will be maintained.  Based on that, one can be given the benefits. He further clarified that if someone does not have an Aadhaar Number or not been given any Aadhaar Number, he/she is entitled to get the benefit  based on ration card or voter identity card.  But, if somebody says, “I am principally against the Aadhaar, or I will not enroll for Aadhaar, I will not show you my Aadhaar Card, I will not give you my biometric” and based on my Voter ID card give me the benefit”, the Act says no.

“This is law of the Parliament.  On the one hand, we have to balance this interest and on the other hand, we have to protect the interest of the beneficiaries. Sometimes the biometric machines would not work.  A person may not be having an Aadhaar Number.  Do we deny him the benefit? No, we do not deny. This Section is the soul of the Aadhaar” he emphasized.

Replying to a question asked later on the reported incidents of death of 4-5 people in Jharkhand due to denial of ration for want of Aadhaar in Jharkhand, he said that they have written to the Jharkhand Government regarding this matter and there should be an enquiry of such incidents. He strongly said that a strict action should be taken against the official concerned or the ration shop.

2.  Why Aadhaar should be made mandatory?

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI: He said that without making Aadhaar mandatory, pilferage can not be stopped. He argued that if Aadhaar is not made mandatory, fake or bogus beneficiaries would keep on availing services by deliberately not enrolled with Aadhaar. This will defeat the very purpose of Aadhaar.

3.  How people especially in remote and interior areas can be educated and made aware about Aadhaar so that everyone can understand and avail benefits.

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI: He agreed that the areas which are remote, would require a lot of efforts and people who are illiterate and do not understand, have to be explained. He apprised that the Government of India has issued 139 notifications under Section 7 of the Act regarding NREGA, PDS, Pension, scholarships etc.  “These things are detailed in such a manner that not even one per cent is denied of the benefit while carrying out such big reform.” He said. 

Shri Rahul Dev, Honorary Advisor, SRI further added that the system is so large that everyone does not have the same level of knowledge about Aadhaar which has resulted in reports of many incidents i.e. denial of admission in schools or hospitals for want of Aadhaar card, leakage of data on some websites etc. He stressed upon the need to find ways.

4.  Do we have the capacity to manufacture two crore new Aadhaar cards required every year.  What is the preparation for it? 

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI: He informed that at one point of time in India, 20 lakh Aadhaar cards were being issued every day.  In 2012, 2013, and 2014, 20 lakh cards were issued every day, particularly when Aadhaar was made mandatory for LPG connection. For making new cards, there are 40,000 centres functional. Further, 15,000 Aadhaar centres in post offices and another 14,000 in banks are being set up.

In response to question of present status of Aadhaar enrolment in Jammu and Kashmir, he stated that the work of Aadhaar enrolment in the State commenced late. 58 branches of J&K bank are providing Aadhaar services in the State. Further, the State Government has been requested to set up more number of enrolment centres.

5.  How to integrate and provide Aadhaar authentication?

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI: He informed that 4.5 crore authentications are being done every day. He explained that authentication is a much simpler task which requires small fingerprint device. It can be attached to mobile phone or attached to the laptop. Then authentication can also happen by sending OTP on mobile, and then one can authenticate. He briefed that we have the capacity to take this 10 crore every day and plans are afoot to increase the number to 40 crore authentication every day.

6.  What is the reason to link mobile phones with Aadhaar? In case someone uses more than one mobile SIM or one bank account, then how many times Aadhaar verification will be done?

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI: Addressing the need to link mobiles to Aadhaar, Dr Bhushan replied that most of the crimes involve the use of mobiles phone. Mobile enables networking which helps in planning. However, when the police start investigation and enquires about the owner of the mobile phone, it is often found that on the basis of voter identity card, many SIM cards were issued without the knowledge of the person concerned. When an individual gives voter id, it can also be misused to issues SIMS to others Supreme court therefore ordered on 6 February 2017, that all the SIM connection to be verified with the Aadhaar card so as to prevent fraud and misuse of any individual identity.

A regards Aadhaar verification in case of more than one mobile phone or bank account, he said that the same has to be done every time, a new mobile number has been taken or a new bank account has been opened.

7.  How to check the risk of misuse of Aadhaar data by banks or telecom companies? Someone’s Aadhaar data may also be used by others to get SIM card as is the case with voter identity card?

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI: Replying to such apprehension, he cautioned that in Aadhaar system, only one fingerprint has to be given. If an individual is asked to give fingerprints more than 4 times, people should be aware that there is something wrong. He further added that during the enrollment of Aadhaar, either e-mail or phone number has been linked. Every time, an individual’s Aadhaar is used, he/she gets SMS on his/her registered mobile. If some other person is found to be using the identity proof of an individual without his/her consent, he/ she can go to the police and file a complaint.

8.  How much expenditure has been incurred on Aadhaar since 2010?

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI: Regarding the total cost of money spent on Aadhaar and estimated cost per year in the future, Dr Bhushan replied that till date Rs. 9000 crore has been spent on the project including capital and maintenance cost. Since last 7 years, 119 crore people has been enrolled and every year, there are 4.5 crore authentication work happening. He mentioned that not more than 1 dollar has been spent on single Aadhaar card. Upon the worthiness of spending so much of fund on Aadhaar, he replied that in the last two and half years, all the bogus duplicate accounts have been removed from ration card and LPG. Government official has claimed that there is a saving of Rs. 57,000 crore.

Dr Bhushan also referred to an independent study of World bank which has also stated that Aadhaar will save 11 billion US dollar or Rs.70,000 crore per year by removing fake account in subsidies and benefits provided by the Government. He summed up that against the spending of round 1.5 thousand crore per year, Rs. 70,000 crore per year are likely to be saved, hence its’ justifiable to spend 6000-7000 crore as one time cost.

9.  What is the target deadline to enroll every citizen through Aadhaar and how to make people aware especially in the remote areas about the opening of Aadhaar centre in banks and post office? To what extend Aadhaar has reduced duplicity?

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI: He said that at least 6-7 months will be required to enroll all the citizens through Aadhaar. He explained that since the work started late in North East and Jammu and Kashmir, these areas will take sometimes. As regards children, he said that Aadhaar enrollment of the children is on the process.

Regarding duplicity, he reiterated that it’s impossible to get two Aadhaar for one individual. He opined that there should be a linking of voter id and Aadhaar, so that if a person is having two or three voter identity cards, Aadhaar would automatically identify it and reject other account. This system will benefit PDS and LPG.

Further he said that in order to make people aware especially in the rural areas, there is a toll free number 1947. From the toll free number 1947, people can enquire about Aadhaar enrollment centre in the locality. Also through the medium of newspaper and radio, efforts are being made to spread the awareness.

10.  Aadhaar should be made national identity card.

During the interaction, some members pointed out to the incidents of a number of people coming to India on a tourist visa and staying permanently. They suggested that Aadhaar should be made national identity card. However, some members suggested that if a person has not enrolled himself into Aadhaar system, his pension and other things should not be stopped arbitrarily. Drawing attention to incidents of handicap or bed-ridden patients who could not enroll himself for Aadhaar and whose pension was cut, it was suggested that the Government should facilitate Aadhaar enrolment for them.

11.  With Aadhaar a lot information is involved. In case of a cyber attack from any country, how would the Government prevent it and how could it save the information that is there in Aadhaar?

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI: He said, “The whole design of Aadhaar is such that the Aadhaar is passed on optimal ignorance, and federated data basis. For example, I may be having five mobile, two of Jio, two of Vodofone, etc. I go and link it. My Aadhaar number is recorded in Vodofone etc. Aadhaar does not get to know anything. We are only saying yes and no. We don’t know how many mobile you have. Jio does not keep your biometrics, it only gets your Aadhaar number, etc. UIDAI only gets your biometric and Aadhaar number and does not know any of your mobile numbers. Similarly thing is about bank account. All the data remain federated.”

He further stated that the question of security and cyber attack will come only if data is centralized at one place. Aadhaar data is never kept in one place. He added that at UIDAI, name, address, gender, date of birth, iris are kept and under the Aadhaar Act, it is prohibited to collect other information. If someone has properties, he/she can go and tell Aadhaar number there, whoever is keeping that record. UIDAI will not get those information, and data at UIDAI is not at one place.

12.  You talked about tracing missing children. Which is the authority to get all the details? Who will ask and to whom we will give?

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI: He informed that as a part of Aadhaar enrolment drive, all the Collectors have been asked to go to children home, schools, anganwadis and orphan homes where enrolment is done for every child presuming that they don’t have Aadhaar number. Any child who already has Aadhaar number, his/her Aadhaar number cannot be generated. In case of such children, their Aadhaar number is communicated and his name, old address, everything is displayed.

13.  Why Google and Apple are not positive about Aadhaar?

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI:  “Aadhaar is our system.  Why will any foreign company like Google or Apple be positive about it? We should not be worried about it.  They are collecting so much of data.  As a country, we should be very careful as to how much data they are collecting. So we should be negative about them rather they being negative about us.   What we do in our country is our business.” he said.

14.  Whether Aadhaar data can be used a tool by the authority for surveillance of citizens?

Response of Dr Ajay Bhushan Pandey, CEO, UIDAI:  He replied that Google can trace one’s location but as Aadhaar doesn’t have such information, there is no scope of surveillance in absence of them. He underlined that as per the Aadhaar act, any attempt to collect such kind of information would land person in jail for three years. He gave the example of a case in Tamil Nadu where UIDAI politely refused to provide thumb impression of former Chief Minister late Jayalalitha to the Court citing Aadhaar Act.

He also cited a sensitive case of rape in Goa which was handed over to the CBI. Some finger prints were found on the glass. The CBI requested UIDAI to match them. But the request was denied so as to save the privacy. Even when the magistrate and later Mumbai high court ordered to match the finger prints, UIDAI appealed against the order in Supreme Court which gave a stay order and said that it was very important to protect the privacy, so CBI could adopt other ways of investigation.

The workshop there after concluded at 1830 hrs.