The New Oil

Aadhaar’s mixing of public risk and private profit

01 May 2018

IT WAS A BLACK-AND-WHITE PHOTOGRAPH of a crowded street, centred on a man glancing backwards into the camera. His face sat in the crosshairs of a computer-generated box populated with a mobile number, a date of birth, an address and other personal information. Superimposed above this was a 12-digit number, with four digits redacted: a representation of an Aadhaar number, the biometrics-backed digital identifier that the government has looked to impose on every resident of India. A few other faces in the crowd were framed by boxes crowned with Aadhaar numbers too. Above the image were a few lines of text, one of them reading, “Welcome aboard @On_grid team.”

The text and image were part of a tweet by India Stack in February 2017, announcing that OnGrid had joined a select group of its user entities. India Stack is a set of Aadhaar-specific application programming interfaces, or APIs—code that allows and governs communication between various programmes, as, for instance, when an app on your phone interacts with an e-retailer’s database or a payment gateway. In effect, India Stack’s APIs are building blocks in the software architecture required by many third-party entities, whether public or private, to use Aadhaar. OnGrid, a private company, provides background checks on employees for companies hiring blue-collar workers. It verifies individuals’ identities using their Aadhaar data, but also collates data from numerous other sources to show their employment history, criminal background, and more.

India Stack had taken the tweeted image from OnGrid’s homepage. Many were quick to call it frightening and dystopic—an illustration of Aadhaar’s potential use for mass surveillance. India Stack took the image down from its Twitter feed within hours, but OnGrid’s practices still came in for scrutiny. “Does it mean that Aadhar, PAN, passport etc docs for a given individual will be linked and available on your server?” one person tweeted. One of the company’s founders, Piyush Peshwani, replied, “With consent, yes. The record belongs to the Aadhaar-holder and only he/she decides what stays on it and what doesn’t.” Another user responded, “You have removed the image and repeated the same thing in words.”

Aadhaar was already deeply controversial at the time the tweet appeared. The first attempt to win legislative backing for the scheme, under the previous, Congress-led government, failed spectacularly. In 2011, the parliament’s standing committee on finance—led by a member of the BJP, which was then in the opposition—found Aadhaar to be “riddled with serious lacunae and concern areas,” and declared that it had “been conceptualized with no clarity of purpose … and is being implemented in a directionless way with a lot of confusion.” A retired judge who filed the first legal challenge to Aadhaar, in 2012, told the Supreme Court that the scheme “is a clear violation of citizens’ privacy,” and complained that the government was going ahead with the scheme despite its rejection by the parliament. When Aadhaar finally became part of law, with the Aadhaar Act passed in March 2016, it was under a government headed by the same BJP that had emphatically opposed it earlier. The government chose the unusual route of passing the legislation as a money bill—a route typically reserved for bills that deal only with the use of public funds, and which bypassed the Rajya Sabha, where the government does not have a majority. Critics argued that the Aadhaar Act pertained to issues including civil liberties, national security and social policy, and could not be defined as a money bill. A Congress leader challenged the move in the Supreme Court.

The concerns and controversies over Aadhaar have only escalated ever since. A May 2017 report by the Bengaluru-based think tank Centre for Internet and Society showed that the Aadhaar numbers of over 130 million people had been published on government websites, along with their names, bank account numbers and other personal details. In January 2018, The Tribune published a story of how one of the paper’s reporters gained access to a portal with data from every Aadhaar holder after paying a middle man just Rs 500. Other major leaks of Aadhaar-linked data have been surfacing with alarming frequency. Meanwhile, there have been multiple reports of poor people being denied access to welfare benefits, including food aid, because of failures in authenticating their identities using Aadhaar, whether due to network problems or their fingerprints being worn down from old age or manual labour. Some reports have connected such denial to starvation deaths.

Aria Thaker is a journalist who reports on the intersection of technology and politics for Quartz India. She was formerly a copy editor at The Caravan.

Keywords: privacy Nandan Nilekani government biometric data Aadhaar data biometric UIDAI IndiaStack Khosla Labs