The story so far: On September 21, international credit rating agency Moody’s Investor Service released a report, ‘Decentralised Finance and Digital Assets’, which advocates for decentralised digital identity systems instead of centralised biometric systems like India’s Aadhaar. Referring to “security and privacy vulnerabilities posed by centralised ID systems like Aadhaar”, the report states “the [Aadhaar] system faces hurdles, including the burden of establishing authorisation and concerns about biometric reliability.”
How has India reacted?
The government has strongly refuted these claims. Terming Aadhaar as “the most trusted digital ID in the world,” the government stated that “it is evident that the authors of the report are unaware that the seeding of Aadhaar in the MGNREGS database has been done without requiring the worker to authenticate using their biometrics, and that even payment to workers under the scheme is made by directly crediting money in their account and does not require the worker to authenticate using their biometrics.”
What was the rationale for Aadhaar?
Aadhaar is a unique identification number given to all Indian residents by the Unique Identification Authority of India (UIDAI). During enrolment for Aadhaar, demographic details of individuals along with their biometric fingerprints and iris scans are collected as they are considered to be unique identifiers of individuals. These details are stored in the Aadhaar database. The objectives of UIDAI were to ensure that all residents have a unique ID and to curb corruption in accessing welfare programmes by eliminating “ghost” and “fake” individuals. To understand this, consider accessing rations under the Public Distribution System. An individual is called a ‘ghost’ if they access rations in the name of a dead person, and a ‘fake’ if they access rations even though they are not officially entitled to it. To ensure that an individual accessing rations is not a ghost or a fake, the government linked the database of ration card holders with the Aadhaar database. When an individual tries to access rations at a ration shop, they have to do so using their biometrics or iris scans with the ration dealer. These are then sent through the internet to the Aadhaar database for authentication.
Editorial | Identity pangs: On Aadhaar and concerns
The government favours Aadhaar for several other government-to-citizen cash transfer programmes. By removing ghosts and duplicates, the government has claimed substantial savings in welfare schemes through the usage of Aadhaar.
What is Aadhaar’s role in cash withdrawals?
To direct a payment using Aadhaar for MGNREGA, there are at least three steps. First, a worker’s Aadhaar number must be linked to her job card. Second, her Aadhaar must be linked to her bank account. Third, the Aadhaar number must be linked correctly through her bank branch with a mapper of the National Payments Corporation of India, which acts as a clearing house of Aadhaar-based payments. Aadhaar becomes the financial address of the individual and cash transferred by the government gets deposited to the last Aadhaar-linked bank account. Individuals can withdraw money from their Aadhaar-linked bank account from private banking kiosks or through private banking correspondents who use their point of sale (PoS) machines to authenticate individuals using their biometrics. This platform is known as the Aadhaar-enabled Payment System (AePS).
Why is Aadhaar’s use concerning?
In the case of rations for example, several organisations and researchers have provided evidence demonstrating that the main type of corruption is quantity fraud, which happens when, say the entitlement for a ration card holder is 35 kg of rice but the dealer only gives 30 kg. Aadhaar has no role in either detecting or preventing this fraud. In many rural areas, people have to make multiple trips to ration shops, to authenticate with no guarantee that the authentication will work. Lack of reliable internet, fading fingerprints among daily wage workers, lack of phone connectivity to get an OTP etc. lead to denials. Older women, people with disabilities, or those living in remote areas are more prone to hardships and exclusions due to such stringent biometric authentication requirements. The data on the number of attempts to authenticate and the extent of authentication failures are not public. A report by the Comptroller and Auditor General of India (CAG) from 2022 states “UIDAI did not have a system to analyse the factors leading to authentication errors.”
Explained | Gaps in Aadhaar-enabled Payment System (AePS) abused by cybercriminals
In Aadhaar-based payments, error in any step results in payment failures. Different spellings in the job card and in the Aadhaar database can result in authentication failures. Most workers are unaware which account their Aadhaar was last linked to as financial institutions in rural areas tend to coerce workers to link their Aadhaar with bank accounts without consent. This leads to wages getting diverted to some account without the worker’s knowledge. For example, Aadhaar payments of people got redirected to Airtel wallets causing much havoc. Misdirected payments through Aadhaar are difficult to detect and are nearly impossible to resolve. These happen when one person’s Aadhaar number gets linked to somebody else’s bank account. Researchers such as Jean Drèze, Reetika Khera, Rahul Lahoti and Anand Venkatnarayanan have demonstrated that the savings claims of the governments are misleading. Obtained through RTIs, the government has also claimed that using Aadhaar in MGNREGA has reduced delays in wage payments.
A recent working paper using 31 million MGNREGA wage transactions demonstrates no statistical evidence of these claims and points to lack of sufficient funds as the reasons for delays. For critics, exclusions resulting from accessing rights due to Aadhaar are constitutional violations.
What are the security concerns?
Banking correspondents using the AePS operate without any accountability framework. Some of them ask individuals to biometrically authenticate multiple times. Each authentication gives access to the banking correspondents to operate the individual’s bank account. Several studies and news reports have highlighted how using AePS, money from workers’ accounts have been withdrawn or that they have been signed up for government insurance programmes without their knowledge. These can also be found only through ground testimonies. The ₹10 crore scholarship scam in Jharkhand from 2020 exemplifies this.
What is the current impasse?
The government’s push to make Aadhaar-based payments mandatory in MGNREGA has faced much resistance from workers and field officials. To achieve 100% saturation of linking job cards with Aadhaar, reports in The Hindu and a recent paper by Chakradhar Buddha and Laavanya Tamang in the Economic & Political Weekly show that job cards of several alive and active rural workers have been deleted on grounds that they are dead or “ghosts.” Last year, 19% of MGNREGA workers got deleted, at least four times more than earlier years. The government has pushed for Aadhaar in other matters such as linking voter IDs with Aadhaar. A recent Court order has said that this is not mandatory. Critics are, however, apprehensive based on their experience of Aadhaar in welfare programmes that was pushed without pilots, disregarding evidence on how it has spawned new forms of corruption, undermining transparency and accountability.
The writer teaches at Azim Premji University, Bengaluru, and is affiliated with LibTech India