Aadhaar: India’s billion-person biometric database is the world’s biggest privacy experiment
The use of social security numbers and biometric databases is not unusual these days, but there’s nothing else on the scale of what India is doing in this field. Its Aadhaar system – the name means ‘foundation’ in Hindi – aims to provide everyone in India with a randomly-generated, unique 12-digit number associated with their fingerprints and iris scans. Already, the biometric data of around 90% of India’s citizens have been gathered, and over one billion Aadhaar numbers have been issued.
The intentions are good. In a country of 1.3 billion, there are only around 65 million passport holders. That makes it hard for many – especially the poor – to establish their identity, for example when opening bank accounts or applying for government social welfare and subsidy schemes. The Aadhaar number, backed up by biometrics, is designed to help hundreds of millions of people access services more easily. The Indian government also sees Aadhaar as a valuable weapon in the fight against corruption by creating unique identifiers for every citizen that can help to catch fraud.
But there are problems. As the Times of India reported, for some people, fingerprints are not available as biometrics, because hard manual labour flattens fingerprint patterns, which also fade with age. Another issue is poor Internet connectivity in some areas, which makes confirming the identity of people by contacting the central biometric database a slow and frustrating process.
More worrying than these technical issues, which can probably be overcome, is a fundamental shift in Aadhaar’s role in Indian society. Now that most people there have an Aadhaar number, the government is trying to use it for everything – and to make it compulsory despite privacy concerns. In 2015, arguing in favor of the move, the country’s attorney general told the Indian Supreme Court:
“Constitution makers did not intend to make right to privacy a fundamental right”
In a recent case before the Supreme Court, the Indian government asserted that making Aadhaar obligatory was lawful because:
“One cannot have an absolute right over his or her body”
So far, the Supreme Court has refused to allow Aadhaar to be made compulsory, and has repeatedly reminded the Indian government of that fact. Nonetheless, the latter keeps expanding the services for which Aadhaar is indispensable, and has just published guidelines that make it mandatory for all future government online services to be based on Aadhaar’s authentication system. Already, Indians need an Aadhaar number in order to submit a tax return, and it has been announced that mobile phone numbers will be linked to Aadhaar records in the future. The list continues to grow.
However convenient linking government and business services to Aadhaar and its biometrics might be, there are evident risks. If the biometric data is compromised, it will affect an increasing number of key services. Moreover, unlike passwords, biometrics cannot be changed if they leak out. Writing in The Indian Express, the CEO of UIDAI, the body running Aadhaar, insisted these fears are overblown:
Aadhaar accords the highest importance to privacy. Since its inception, it has adopted the principle of privacy by design which is achieved through minimal data, federated databases and optimal ignorance which in turn ensures that no agency is able to track and profile any individual. The UIDAI during Aadhaar enrolment collects minimal data — that is, name, address, date of birth, gender and biometrics. When people use Aadhaar for accessing services, their information remains in silos of federated databases of those agencies. No one agency can have a 360 degree view of a person. Each agency remains optimally ignorant.
Nonetheless, major data breachers have already occurred. A report from the Centre for Internet and Society claims that over 100 million Aadhaar numbers and bank numbers of pensioners have been leaked online by four government schemes. There is the risk that the main Aadhaar database will be compromised one day, since there is no such thing as perfect security. Another vulnerability arises from the companies gathering biometric information: the Indian government admits it has suspended 34,000 service providers for helping to create “fake” identification numbers or not following proper processes.
In addition to the threat of illegal access by criminals, legislation was passed in 2016 that gives central government agencies legal access to Aadhaar for the purposes of national security. When the law was introduced, Reuters reported that the government said it had taken steps to ensure citizens’ privacy would be respected and that the authority to access data would be exercised only in rare cases. Against a background of repeated denials by the Indian government that privacy is a fundamental right, that’s not much of an assurance. Sunil Abraham, executive director of the Centre for Internet and Society, saw other dangers in giving the authorities access to the world’s largest biometric database:
“It is very easy to capture iris data of any individual with the use of next generation cameras. Imagine a situation where the police is secretly capturing the iris data of protesters and then identifying them through their biometric records.”
As enrolment of the Indian nation nears completion, the system’s reach is repeatedly being extended. Aadhaar is clearly in a state of flux, and its final contours are not yet clear. If the dangers are avoided, it could stand as a demonstration of how to use biometrics for authentication on a massive scale. If, on the other hand, anything goes seriously wrong, it could become the world’s biggest privacy disaster.
Featured image by Biswarup Ganguly.