Answering the Aadhaar Questions Raised by YourStory Article
I am answering the questions raised by Ritesh Dwivedy on YourStory called 5 questions for the anti-Aadhaar brigade. It’s also available on UIDAI website . Readers may want to read that first. Also everyone is welcome to share or republish my answers under CCBYSA.
Same or similar questions have been asked and answered before at many venues. You probably didn’t get a chance to read them. Hence I am answering them here. I will try to keep it short and to the point. Also title of your article is misleading. Article is not a question paper like the title suggests. It’s more like a “Guide book to cracking IIT/JEE”. It has frequently asked questions and canned answers by author. Maybe it’s time for the guidebook authors to look for not-so-frequently asked questions. That would make everyone think. May be….
Let’s start with the introduction
And yet, we hear so much anti-Aadhaar news. So why would anyone oppose Aadhaar? There are people with vested interests or extreme ideology – they do not want corruption to go away, they are middlemen who have been making crores through corrupt practices, or they believe in extreme anti-state ideologies.
I started reading the article thinking it will lead to a good discussion about tech, policy, privacy, social impact etc. But if someone starts an introduction with blaming the opposition. Calling them supporters of corruption, middle men, extreme even before laying out questions. Then it doesn’t instil confidence about the quality of questions. I was kind of disappointed with the questions. But then I choose to answer because it can help.
Q1: How many more years do you want India to remain a ‘developing’ nation?
ANS: I want India to be developed country from tomorrow. There you have my answer.
Now in your canned answer you say we can’t become a developed country without taking everyone along with us. I agree. But you also go ahead and suggest DBT makes 100% of “aid” to reach the right person. But you conveniently forgot not every “aid” can be delivered to a bank account. Lets take one simple example of PDS. How will Aadhaar make sure the person who is under PDS+Aadhaar gets 100% of the rice he is promised and the quality he is promised. At most Aadhaar can make sure right person signed up or was present at the delivery spot. It can’t guarantee anything else. It can’t guarantee timeliness, quantity, quality or absence of bribery. Sorry the only reason you gave is not completely applicable. Just to burst your bubble just a unique identity is not going to make India developed.
Q2: Why are you silent on all the benefits we are seeing as a result of Aadhaar?
We do recognize the benefits but with eye for detail.
In the canned answer you give examples how the Aadhaar is beneficial. You didn’t link them to the sources. Here are a few links with a counter view.
- How private companies are using Aadhaar to try to deliver better services (but there’s a catch)
- By making Aadhaar mandatory, Delhi’s government schools are shutting their doors to migrant children
- Aadhaar trouble: How a woman’s wages under MGNREGA were transferred to someone else’s account
- Dissent and Aadhaar
There are literally hundreds. Just Google.
Not sure how you came to this conclusion. We agree there are benefits from a unique identity and hence from Aadhaar too. We also know benefits always come with the cost. I like to see both and then make an informed decision.
Q3: Why are you misleading the Indian public about Aadhaar through fear-mongering and sensationalism?
No we aren’t.
In your canned answer you call “dataleaks” as data disclosures and also make a claim that “In fact, people’s digital identity remains secure!”.
Since you have not gone into details. I will do that. Let’s take an example from the report Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information, Website of Chandranna Bima Scheme by Govt. of Andhra Pradesh, the website publishes Partial Aadhaar Numbers, Name, Father’s/Husband’s Name, age, caste, mobile number, gender, partially masked bank account number, IFSC Code, Bank Name and details of the nominee etc.
I was especially disappointed with this question because you also head an online start up. Talk to your security team and see how much information they think is enough to conduct an effective Social Engineering attack. Many transactions can be done with just Aadhaar number and OTP. Makes social engineering much more easy. In the mean time ask your startup’s security team how happy they or your customers will be if their’s data of similar type leaks. Security is not just about keeping password or biometrics safe.
You probably know the after effects of Ashley Madison data breach. Now imagine the kind of effect if the HIV/AIDS patient’s profile data along with Aadhaar number leaks. With Aadhaar they can be uniquely identified. So again it’s not always about safe biometrics.
There is much more to the security and privacy argument. I would suggest you to [read this post on reddit which explains other aspects which I have not gone in detail here.
Q4: Why are you willing to give biometrics to foreign govts and corporations, but not to your own govt?
We have, for example for passport. Important terms to know are purpose, choice and consent.
A very popular question on social media is – How can you give biometrics for US visa but not to your own government. But it’s important to remind everyone that one needs to have passport before getting visa. Everyone who has a passport has given their biometrics to GoI. Again the purpose of the collection is clear and is by choice.
You also talked about the biometrics on phone. Now to assume everyone has a phone or has a phone with biometrics capability is a little too much to assume. Many of us don’t have a phone with biometrics. Happy to announce I don’t need phone with biometrics to pay taxes.
You also talk about and I quote ” control over its usage” and ” strict protection of the law”. Here you talk about the control over data and usage. Under Aadhaar Act citizen citizen don’t have any legal rights to the data. If its is leaked or misused I am not considered an aggrieved party. I cannot sue UIDAI or others involved. That is the kind of protection I get. Of course there is also “National Security” clause under which all the data including authentication records (which they save) can be shared. We need a complete and separate article on that. So I am going to leave it at that.
Q5: Why are you opposed to using technology to benefit the nation?
No we aren’t.
You say I quote
Bank account data, PAN data, credit card information, and user information from online accounts, etc. have all been leaked in the past or have seen frauds, yet we have not stopped using online banking, abolished the PAN system, dismantled credit cards, or disconnected from the internet.
Everything mentioned here is can be replaced or I can get rid of the account (except PAN). I can also sue people responsible for it for damages. But in case of Aadhaar I can do neither.
It’s also an interesting question. As part of this question you expect “a sensible discussion by all.” and ” constructive arguments”. Now go back to your introduction paragraph see if its sensible or constructive to call the critics as corrupt, middle men or corrupt.
To answer your question. There are many technologies that are built with the aim building the Nation. But not everything with good intention can benefit the people of this nation. We think the way Aadhaar & its ecosystem is today is not beneficial to Indians given the risks. Its also important to know technology can’t solve all problems.
Hope my answers helped you. Ask more questions.