The digital database of the Civil Registration System, or CRS, of India, the most comprehensive records of the Indian population that includes district-wise birth-and death-registration certificates, has been compromised for the last two years at least. A four-month long investigation by The Caravan revealed that the official login IDs of a large number of registrars across India, which is being used to generate birth and death certificates online, are up for sale for just Rs 1,800. The registrars’ login details are being sold to the vast network of over four lakh Village Level Entrepreneurs—the workforce implementing various Digital India schemes at the grassroots level, under the Common Service Centre network of the ministry of electronics and information technology. The VLEs, in turn, are using them to generate certificates at just Rs 200–250 per customer.
The Caravan has observed the working of this operation, including the messages shared by the VLEs and videos of the process through which the certificates are generated. The VLEs ask their online customers to fill in a form with personal details that need to be entered in the certificate, and within five minutes, a certificate is produced using a registrar’s login details. While the official process requires applicants to provide documentary proof in support of the details to be entered into the certificates, the VLEs creating these certificates have no such requirement. The certificate produced is then shared with the customer online as a PDF file.
The authenticity of these fraudulently produced certificates is evidenced by the fact that a QR code on the certificates, when scanned, directs the reader to the entry of the certificate on the CRS’s official website, crsorgi.gov.in. The only discernible way to distinguish the genuine certificates from the fraudulent ones appears to be that the registrars mentioned in the fake certificates are identified as officers of a different district in the same state than the area of the birth or death concerned.
The operation was even found to be active in Punjab, where the state uses a separate portal for registration of births and deaths in the state, and not the central government’s CRS portal. However, the registrars responsible for registration in the state were still given the facility to generate login IDs for the CRS portal, which have been compromised and taken over by the operatives behind the scheme. “Those who are in possession of the master ID of a district registrar have further generated new or additional ID of an already existing sub-registrar by changing his official email without his knowledge,” one 26-year-old VLE from Jalandhar told me. Like all the other VLEs who spoke to me, he spoke on the condition of anonymity. They later delete the ID and create fresh ones as per further demand.
Such an effective breach into the central database of the birth- and death-registration records has opened a pandora’s box of potential implications. For instance, the frequently answered questions page of the official CRS website lists the benefits of birth registration, which includes enrolment in electoral rolls and the National Population Register. The ability to create fictitious birth records is a powerful tool at a time when the central government, led by Narendra Modi and the Bharatiya Janata Party, intends to implement the Citizenship (Amendment) Act of 2019 and a pan-India National Register of Citizen.