India's digital Universal ID program is deeply flawed, say critics

Using electricity-reliant technology in the hinterland is just one big problem amongst many say observers. But the government doesn't seem to care.

Video: Scared of identity theft? Follow these top tips to prevent it

When the Indian government embarked on the plan to issue a compulsory nationwide universal identification (UIDAI) and accompanying digital payment system, the idea was that technology would act as an efficient tool for service delivery as well as a panacea for rampant corruption.

Delivery of food and other resources, including payment transfers, by the Indian government has been the backbone of a government system that attempts to alleviate the stresses faced by a large, impoverished rural population. This would now be enhanced by a superbly efficient system was the thinking.

Read also: Microsoft: We're developing blockchain ID system starting with our Authenticator app

Instead, critics maintain that the Aadhar system has not only not helped the process of providing welfare or stemming corruption, but that it has instead exposed huge tranches of private data to massive security breaches undertaken by rogue profiteers.

TECHNOLOGY A BURDEN IN THE HINTERLAND

Economist Reetika Khera has been a strident critic of the program and in her editorial in the New York Times, she said that the process of authenticating identity -- which necessitates getting your fingerprints read by a hand-held machine -- requires a reliable electricity supply to access servers via the internet, something that is still extremely fickle in parts of India, especially in the north. If any of the many steps involved in authenticating identity fails, applicants are denied their food, as has been the case.

Also, physical presence of the beneficiary is required for authentication today versus the past when a relative or neighbour could be dispatched to avail of the benefit, said Khera, which means that the old and infirm are most vulnerable. There have been instances where beneficiaries have starved to death from failure to go in person to provide authentication under the new system and avail of food.

Khera said that she along with several economists conducted a survey of 900 households in an impoverished state in Northern India called Jharkhand comparing villages that did and did not have the Aadhar system in place for buying grain. What they discovered shocked them. The villages where the Aadhar system was compulsory had a failure rate in buying grain five times (20 percent) that of those villages where it was not (4 percent).

Plus, Khera said that no evidence exists that Aadhaar has stymied corruption. According to calculations by Khera and her colleagues, the level of skimming by those doling out the benefits was the same (7 percent) proving that no large scale instances of identity fraud exist in rural India.

VULNERABLE DATA

The other serious issue concerns data security. Last November, the UIDAI office boasted that "Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI."

Yet, an investigation by The Tribune newspaper in India revealed that for the paltry sum of $8 paid to an anonymous seller advertising his or her services over WhatsApp, the newspaper got instant access to more than 1 billion Aadhar numbers. Plus, provided with a "gateway" and a login and password, the Tribune journalist was able to punch in any Aadhar number and immediately avail of that individual's details such as name, address, postal code (PIN), photo, phone number, and email.

As ZDNet reported a few months ago, the past data breaches concerning Aadhar are nothing new. One large breach took place on a system operated by state-owned utility company Indane, where all the Aadhar information collected from citizens for bill-paying purposes that should be private was leaked.

Read also: IBM Security Report: Why biometric security is going mainstream (TechRepublic)

What is infinitely worse is that the government's UIDAI department first issued a strong denial of any such breach, something that is turning out to be a typical response to these instances by this government. "There is no truth in this story as there has been absolutely no breach of UIDAI's Aadhaar database. Aadhaar remains safe and secure," the department said in a Twitter statement. It then took several weeks to fix the flaw.

With the Indian government increasingly insisting on an Aadhar number for even basic things like a phone connection or a marriage registration -- a fundamentally unconstitutional diktat -- coupled with its arrogant, head-in-the-sand attitude and inability to keep private data secure, Indian citizens are looking at catastrophic consequences down the digital road ahead.

PREVIOUS AND RELATED COVERAGE

Is the Indian government developing a tool for mass surveillance of its citizens?

If the tender is successful, it could be a disaster for the privacy of Indian citizens.

How WhatsApp has emerged as an unwitting messenger of hate and division in India

Opinion: While the app has been widely used in the past to goad religious groups into violent acts, the dissemination of deeply bigoted fake news during the state elections in Karnataka is a small example of how technology is destined to adversely affect the 2019 federal elections.

Cambridge Analytica whistleblower reveals firm's shady dealings in Indian politics

It isn't so surprising that India, with its multitude of political parties, was a perfect place for the UK firm to thrive.

Legislation for Australian automated facial recognition enters Parliament

Proposed laws are touted to reduce identity crime, prevent terrorism, and keep people safe at this year's Gold Coast Commonwealth Games.