An Aadhaar of Dangerous Liaisons

This initiative of the government is fraught with problems as biometric data can get mismatched and cards deactivated, bringing life to a complete standstill

~By Sujit Bhar


In the US, some witness protection programmes help people change their identities so completely that they can be said to have “fallen off the face of the earth”. Their past and all documentation can be systematically erased so that technically, the person ceases to exist. A new identity is then created. This is a complicated process and involves several US government agencies and is meant to keep the person safe from any dangerous person he may have been a witness against.

Something similar can happen in India, too, with Aadhaar cards—containing vital biometric information—being linked to many services. These proposed linkages include bank accounts (credit and debit cards and general transactions), PAN cards (the entire taxation pro­cess), subsidy delivery systems, insurance policies (including medical insurance), phone connections, and so on. There will soon be a time when Aadhaar will also be linked to passports. Deacti­vation would not only jeopardise travel but would mean losing one’s identity and life grinding to a halt.

And that is what happened recently when the Unique Identification Authority of India (UIDAI) deactivated 8.1 million Aadhaar cards for mismatches in biometric details. With no specific le­gal system in place to check it, deactivation means losing out on many services.

CARDS DEACTIVATED

Dr CPN Thakur, 73, learnt this the hard way recently when he tried to get a Rel­iance Jio Wi-Fi connection. He was as­ked to verify his Aadhaar biometrics, but found to his horror that his fingerprints did not match. His is among the 8.1 million deactivated cards. With age, his skin had lost its elasticity and hence his fingerprint patterns did not match with what was recorded. He was refused the service.

Part of the problem is inherent flaws in the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, which allows this to happen. Thakur moved the Supreme Court against the UIDAI, arguing that Aadhaar (Enrolment and Update) Regulations No. 6 (U/s 54 of the Act) provide for “enrolment of residents with biometric exceptions”. (See box on Regulation 6) The petitioner also cited Section 31 (1) of the Act on upgradation of biometrics, which states: “In case any demographic information of an Aadhaar number holder is found incorrect or changes subsequently, the Aadhaar number holder shall request to alter such demographic information in his record in the Central Identities Data Repository in such manner as may be specified by regulations.” The petitioner (India Legal is in possession of a copy of his petition) put in a request on May 29, 2017, for updating his biometric information. That was rejected “due to poor quality of fingerprints”. The case is pending in the apex court.

Photo: Biswarup Ganguly/Wikimedia
Photo: Biswarup Ganguly/Wikimedia

There have also been tragic instances where lack of Aadhaar cards have deprived people of government benefits and led to deaths. Recently, two persons died as they could not avail of their rations because they could not travel to the fair price shop to collect it by giving their fingerprints. This has led to criticism of the Aadhaar scheme. The very purpose of this Act was to benefit the poor. But with the technology that the entire process is riding on being found faulty, it is backfiring against the government’s poverty alleviation programme.

India Legal also has inside information that some top sitting judges and many lawyers also faced problems when their fingerprints did not match the Aadhaar database when they tried to access certain services. If this is the case at the top levels, imagine the plight of the poor, said a senior judicial officer.

Regulation No. 6

Aadhaar (Enrolment and Update) Regulation No. 6, which deals with enrolment of residents with biometric exceptions, says:

For residents who are unable to provide fingerprints, owing to reasons such as injury deformities, amputation of the fingers/hands or any other relevant reason, only iris scans of such residents will be collected.

For residents who are unable to provide biometric information contemplated by these regulations, the authorities shall provide for handling of such exceptions in the enrolment and update software, and such enrolment shall be varied out as for the procedure as may be specified by the authority for this purpose.

FINGERPRINT ISSUE

But why do fingerprints not match? Do they really change with time?

Debasis Ghosh, director-in-charge, Finger Print Bureau, CID, West Bengal, told India Legal: “Fingerprints develop by the time a child is six months old. They stay the same till death. Yes, the skin elasticity of old people does change and certain characteristics of the fingerprints do change, but not all. The science of fingerprints deals with several characteristics of fingerprints and matching them.” (See box on finger­print characteristics)

UIDAI chairperson J Satyanarayana (second from left) needs to address many questions. Photo: uidai.gov.in
UIDAI chairperson J Satyanarayana (second from left) needs to address many questions. Photo: uidai.gov.in

Ghosh said the lack of elasticity happens in very few people. “At the forensic and fingerprint department, we are trained to assume certain patterns. We have a Supreme Court order which allows us a certain degree of guesswork in dealing with smudged or faded fingerprints. The problem arises when this work is transferred to a computerised system,” he said. “A software is not always working with artificial intelligence which is foolproof and capable of a certain degree of guesswork. This needs a human touch, and that is what the Supreme Court has allowed us. Hence, even a small change in pattern will result in rejection by the software.”

Another issue is the way fingerprints are collected. Ghosh added: “When I went to give my fingerprint for Aadhaar, I gave them my identity and I did it the right, scientific way because I am an expert in it. Collectors assigned for Aadhaar aren’t trained in this. Hence, there are problems at the collection stage itself. I would dare say that 60-70 percent of all fingerprints collected are unworkable.”

Sankar Dutta Roy, a former director of the same bureau, said that the calloused hands of a labourer would show different fingerprints. “But give it time to heal and the patterns come back. The original fingerprint ridges come back when the skin grows back. This has been the basis of all forensic study in catching criminals for a long time,” he told India Legal. He, too, said that untrained people were collecting fingerprints and, therefore, the collection method was faulty. “For example, the right way to give a thumb impression is a ‘rolling’ method where even the sides come into the scan. That is not followed, hence not scanned,” he said.

Deactivation of Aadhaar

Almost 8.1 million Aadhaar numbers have been deactivated so far by the Unique Identification Authority of India for a number of reasons as per Section 27 and 28 of the Aadhaar (Enrolment and Update) Regulations, 2016. These could include multiple Aadhaars issued in one name or discrepancies in the biometric data or supporting documents.

UIDAI wants each Aadhaar holder to check the Authority’s website if his Aadhaar is active. With internet penetration through desktops at just under 8 percent and mobile internet usage only at 30 percent, this is a highly ambitious directive.

Those whose Aadhaar has been deactivated should visit the nearest enrolment centre along with the supporting documents. Also remember, Aadhaar can get deactivated upon non-usage of the same for three consecutive years. Think of the plight of those in remote villages and what will happen to various subsidies if Aadhaar is deactivated.

PRIVACY MATTER

Aadhaar has also been buffeted with the privacy issue which is being heard by the Supreme Court. Calcutta High Court senior advocate Arunava Ghosh said it is criminal to take away “the accrued and vested rights of a person”. “These rights may either have been acquired over the years or vested in him by the state. They may not be fundamental rights, but are as strongly protected by law as any other. Think of our right to property and our right to travel; they are constitutional rights that we exercise and in doing so, we need the basic infrastructure of banks and travel documents. If these are withdrawn from us, we are being denied them.” And this could happen if one’s fingerprint does not match and the Aadhaar number is deactivated.

Another issue is that Aadhaar details have also been leaked to the public. Sec­tion 29 of the Aadhaar Act says: “29. (1) No core biometric information, collected or created under this Act, shall be— (a) shared with anyone for any reason whatsoever; or (b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.”

The Act also says: “(3) No identity information available with a requesting entity shall be—(a) used for any purpose, other than that specified to the individual at the time of submitting any identity information for authentication; or security and confidentiality of information.” With respect to “restriction on sharing information”, the Act says: No information can be “(b) disclosed further, except with the prior consent of the individual to whom such information relates.” Though these are the provisions of the Act, little is done when such information is leaked. Recently, it was learnt that 210 government sites had made Aadhaar data public. This goes against sub-section 4 of the Act, which says: “(4) No Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations.”

However, a hacker can easily enter the database and modify a multitude of biometric details to effect immediate and automatic deactivation of a huge number of Aadhaar numbers.The result will be a breakdown in societal as well as the security structure of the country. Criminal investigation agencies such as the CID’s fingerprint bureau keep their databases a heavily guarded secret, accessible only to sections of the security establishment. In contrast, UIDAI’s database seems porous, without adequate firewalls.

A disaster could just be waiting to happen.