Data is the new gold and Aadhaar is the tool to get it

A cashless economy built on Aadhaar allows the government and businesses to track every transaction of citizens.


What does the push for a cashless economy have to do with India’s Aadhaar project? A lot. How much does either have to do with improving the lives of the poor? Very little, unfortunately.

The Unique Identity project was first marketed as serving the altruistic purpose of providing those without an identity, especially the poor, unique and unimpeachable identities through biometrics. It was said that Aadhaar would help the poor prove their existence to the state; it would root out ghosts and duplicates and make corruption and leakages a thing of the past. The project was imparted a benign veneer by claiming the number was voluntary.

Seven years later, evidence has been accumulating that the old, the disabled, the poor get excluded because of Aadhaar, but no one in the government seems to care.

This is not surprising: what is unravelling now suggests that the ambition of the Aadhaar project was not services to the poor, or combating corruption or leakage, but something else.

After all, Nandan Nilekani, the first chairperson of the Unique Identification Authority of India, the agency that issues Aadhaar numbers and manages the database, had said very early in the project that the Aadhaar project was not quite about an identity – it was about creating an “identity platform” on which many “apps” (software applications) were to be built.

A cast of characters has now begun to climb into public view, who were earlier in the Unique Identification Authority of India, and now operate as “volunteers” creating products that are built on the Aadhaar platform. The same products are then “evangelised” or sold to the government to ensure they are adopted widely in a short time.

What we are seeing is Aadhaar as a business bonanza built upon the backs of the poor.

Which institutions and instruments are involved?

First, there is the India Stack. This is a stack of applications being built on the Aadhaar platform. In the beginning, it emerged from within the Unique Identification Authority of India. A strategy overview document of the Authority and a report of the Technology Advisory Group for Unique Projects from January 2011 reveals the expectation that the Authority was to become a private company called a National Information Utility when it reached a “steady state”. By 2012, essentially because of civil society watchfulness, it seemed unlikely that this would happen.

What followed was the emergence of a private entity with members drawn from the Unique Identification Authority. The Indian Software Product Industry Roundtable, better known as iSpirt, was constituted in 2013 as a collection of software businesses. Nilekani is the mentor.

Apart from Nilekani, at least two other ex-employees of the Unique Identification Authority of India who, as members of iSpirt, have been in the core team that built India Stack: Pramod Varma, who was the Chief Technology Architect of Aadhaar, and Sanjay Jain, its Chief Product Manager.

All those working for the India Stack are avowedly “volunteers” – Pramod Varma and Sanjay Jain are paid employees of Ek Step while they volunteer in building the India Stack. Ek Step is a philanthropic organisation set up by Nandan Nilekani and his wife Rohini Nilekani along with Shankar Maruwada.

India Stack creates Aadhaar-based apps and “evangelises” them to the government – a term that Nilekani uses in his book Rebooting India and as Pramod Varma explains in this video.

The same people who worked within the government to set the framework for Aadhaar went on to create products in the private sector to harness its commercial potential – a clear case of conflict of interest.

What products have they evangelised?

Soon after Aadhaar was launched in 2009, an Aadhaar-authentication API was created. API stands for Application Programming Interface, which allows users to open up their technology for others to use. Plainly, from the very start, the founders of Aadhaar wanted to open it up for use by businesses.

In 2011, National Payment Corporation of India, a private company registered in December 2008 with Narayana Murthy as its first Chairperson, launched the Aadhaar Payments Bridge and the Aadhaar-enabled Payments System, which allows for the movement of funds from one Aadhaar number to another without the need for bank account numbers.

Next, in 2012, the Aadhaar-based electronic Know Your Customer (eKYC) was launched, which is now being used by banks, financial institutions and private companies, including Reliance Jio.

The Aadhaar-based electronic signature (eSign) was “evangelised” to the government in 2015. It took just eight months, as Pramod Varma explains, from a concept paper they wrote to a gazette notification. “We went everywhere,” he said, “from the Law Ministry to…We went through everywhere.”

In 2016, the Aadhaar-based DigiLocker, a platform to electronically store certificates and documents, was launched. The National Payment Corporation of India launched the United Payments Interface, a platform that mainstreams the use of Aadhaar in all retail money transfers from one person to another.

What does this have to do with the cashless agenda?

The cashless push has been the most open statement so far that Aadhaar, and projects that work around it, are about the emergence of new forms of business that use our data as property. In the foreword of a Credit Suisse report published in June 2016, Nilekani wrote about a $600 billion opportunity created by cashless payments on “Aadhaar-enabled biometric smartphones.”

“Such a use of digital footprints will bring millions of consumers and small businesses (who are in the informal sector) to join the formal economy to avail of affordable and reliable credit,” he said. “And as data becomes the new currency, financial institutions will be willing to forego transaction fees to get rich digital information on their customers.”

Together, the state and businesses are eyeing the ability to track every transaction of every person. Seeding Aadhaar in every database, and making Aadhaar the identifier for every transaction, makes the individual visible to the companies and the state – even as the service provider becomes more and more opaque, and we know less and less about how our data is being used.

The National Payment Corporation of India is at the centre of the cashless agenda. Nilekani was in discussion with NPCI even when he was Chairperson of the Unique Identification Authority of India. After he stepped down, he became an honorary consultant, and persuaded the NPCI to adopt the Aadhaar number as the “identifier”, or the link number that enables transfer of funds.

The Unified Payment Interface, a product of the National Payment Corporation of India, was launched in August 2016. In October 2016, a report on the experiment titled ‘Making 5-minute inclusive loans a reality with India Stack’ acknowledged the collaboration of the Indian government with USAID, an agency of the United States government that has been pushing the cashless agenda, consulting firms like Dalberg and Catalyst, and the software association iSpirt.

This report said, among other things, that customers in India seemed not to have any understanding of the implications of allowing their data to be shared: that is, privacy and data security concerns are very real, but people don’t seem to understand them.

The report also said there are “operational” and “regulatory challenges” which need to be addressed. It described the Reserve Bank of India’s insistence on the use of biometrics for authentication on the United Payment Interface as an obstacle. Why? Because biometrics are unreliable, as has been demonstrated again and again.

After demonetisation, the RBI has changed its position for small value transactions on the United Payment Interface, for a start, and has recognised two factor authentication, including the mobile phone number and a One-time Password. While this smooths the way for financial companies, fingerprint authentication failure continues to be an obstacle for people to access their food rations and pensions.

In March 2016, while the Aadhaar Act was being hustled through Parliament as a Money Bill – which it most certainly is not – Nilekani wrote in the Indian Express that the law now cleared the way for “cashless, paperless, presenceless” transactions. That is the framework for the present cashless push. Think about it: no cash, no paper to record the transactions, documents which will be virtually stored in a digital locker, and no presence of anyone who may be held accountable. And, of course, as we know is the situation today, no payments regulator.

What, in the meantime, has been happening on the Aadhaar project?

It is claimed that over a billion people are on the Aadhaar database. It is claimed that all this happened because people enrolled voluntarily. We know this is not true. Court orders, six in three years, prohibiting the government from making Aadhaar mandatory, have been flouted with impunity. All evidence that biometrics is excluding the poor and the old from services and entitlements is being studiously ignored. Between 30%-60% are unable to use their fingerprints to authenticate, but it seems no one wants to know. On September 30, 2011, a biometrics expert demonstrated in the Planning Commission that fingerprints can be faked rather easily – that too was sidestepped.

The Attorney General, while arguing on behalf of the Aadhaar project in the Supreme Court in August 2015, asserted that the people of this country do not have a right to privacy. Around the same time, in the case to strike down defamation as a crime, the government was saying that they had to protect the privacy rights of the people, and so needed defamation to be treated as a crime.

The Supreme Court has ordered that the Aadhaar number can only be used in six areas – rations in the public distribution system, liquefied petroleum gas, the Jan Dhan Yojana, the National Rural Employment Guarantee Act, and pensions – and that too, voluntarily. The court has also said it shall be used nowhere else. But its orders have been treated with contempt. The court de-prioritising these cases has given government and businesses a sense of invincibility.

“Partnership” between government and business is what the Technology Advisory Group for Unique Projects report recommended, and that seems to have been taken seriously enough for public consultation being thrown out altogether. Data is the new property, and the state and business make plans to share the newly minted ability to track every transaction of every person. Coercion is the new normal, where state power will be used, repeatedly, to compel people to submit. Law is an impediment and is so treated. The Supreme Court’s orders are an irritant, and are best treated with contempt. The court finds the questions of constitutional significance, but sees no urgency to hear and decide.

People’s rights are a thing of the past, to be replaced by conveniences that business may provide. The citizen disappears, and the customer is all that is left. As for the poor, with their unworkable biometrics, their illiteracy, their digital incapacities, their dependence on the state for services – it makes business sense to use them to market an identity project, but little else.