Since its launch in 2009, India’s e-Identity program, Aadhaar has been the subject of intense debate. Its ardent supporters promote it as a solution to the country’s notoriously wasteful welfare system and its opponents label it a gross violation of privacy. Being Aadhaar-registered myself and having studied the development of the program extensively, the merits on both sides are evident. Given the scale and significance of the Aadhaar program, its evolution over the past nine years offers valuable lessons for the future of eID across the world. It is worth noting however that eID refers not to a single type of identity solution, but to a host of different solutions, varying in scope, objectives and underlying technologies.
The roots of Aadhaar can be traced back to a 2005 report by the Government of India which shed light on the inefficiencies of the Targeted Public Distribution System (TPDS) – the mechanism through which subsidized food, cooking fuel and fertilizers, among other necessities, were delivered to qualifying citizens. At the time of publication of the study, it was found that only 43% of the government expenditure on food subsidies reached the Below Poverty Line (BPL) populations. 
These findings led to a process of extensive reflection on the means to streamline the subsidy delivery process, culminating in the formation of the Unique Identification Authority of India (UIDAI) in 2009, which today manages the Aadhaar program. As stated by the UIDAI, “Aadhaar is a strategic policy tool for social and financial inclusion, public sector delivery reforms, managing fiscal budgets, increase convenience and promote hassle-free people-centric governance. Aadhaar can be used as a permanent Financial Address and facilitates financial inclusion of the underprivileged and weaker sections of the society and is therefore a tool of distributive justice and equality”
Aadhaar is a randomly generated 12-digit number, unique to each Aadhaar holder. In order to obtain an Aadhaar number, residents are required to provide a combination of demographic information and biometric information including ten fingerprints, two iris scans and a facial photograph. According to the Aadhaar Act 2016, enrollment in the program is entirely voluntary. However, this hasn’t been entirely true in practice as shall be highlighted in the following sections.
Since the issuance of the first Aadhaar number in 2010, 1.19 billion unique Aadhaar numbers have been issued to Indian residents, making it by far the most inclusive government identity program in the country.  With its open APIs, Aadhaar has served as a foundation upon which an entire ecosystem of services has emerged, including eKYC, digital signatures, instant payment infrastructures, etc.
The launch of eKYC led to a significant fall in the cost of customer onboarding, leading to financial inclusion on an unprecedented scale. The Economist estimates that the cost of KYC is likely to have fallen from 1,500 Indian Rupees (USD 23.43) before Aadhaar to as low as 10 Indian Rupees (USD 0.16) currently.  As of October 2017, the annual per capita income in India was estimated to be USD 1,990.  As a result, prior to Aadhaar, large sections of Indians were not economically feasible customers for banks. The government reports that 309 million new bank accounts have been opened since August 2014, bringing hundreds of millions of unbanked Indians into the formal economy.  This has been supported in part by the introduction of Aadhaar based eKYC.
Linkages of Aadhaar numbers to bank accounts enabled the launch of the Direct Benefit Transfer (DBT) scheme by means of which subsidy benefits are deposited directly into the bank accounts of beneficiaries. DBT has helped plug leakages in subsidy delivery by fighting black marketing and eliminating fake identities, which deprived deserving citizens of their subsidies. The government claims that DBT has saved the exchequer USD 8.9 billion between 2013-14 and 2016-17.  The veracity of these claims has come under intense scrutiny by diverse actors, including the country’s own Comptroller and Auditor General. Nonetheless, even critics do admit that the DBT scheme has led to savings despite the inflated figures reported by the government.
While the developmental potential held by Aadhaar has been displayed in the financial inclusion and savings recorded by the government, the future of Aadhaar rests upon the government addressing the privacy challenges associated with it. The usage of biometric data and the storage of this data in a centralized database have raised concerns since the conception of the project. The validity of these concerns was vindicated in 2017 when a YouTube clip displayed a replay attack, i.e. when the biometric capture is stored on a computer and reused for future authentication transactions.
In May 2017, a report by an NGO, The Centre for Internet and Society (CIS), revealed that four government portals had published data which revealed the Aadhaar numbers of 130-135 million residents and the bank account numbers of around 100 million residents.  And earlier this year, it was reported that at a price of USD 8, racketeers were selling administrator access to Aadhaar portals through which one could key in any Aadhaar number to find the corresponding name, address, postal code, phone number, email ID and photograph.  The UIDAI has dismissed this as a case of misreporting and the validity of this report remains unconfirmed.
To the UIDAI’s credit, there have been developments which bolster security over the past year. In September 2017, the UIDAI enforced the “Aadhaar Registered Devices” technical specifications which limit participation on the Aadhaar authentication network to devices complying with the newly established security standards. In January 2018, the UIDAI announced the launch of Virtual ID, a randomly generated temporary 16-digit number, with the objective of preserving the secrecy of the permanent Aadhaar numbers. Nonetheless, privacy concerns remain, paramount among them being the storage of biometric data on the UIDAI databases.
In the aftermath of the privacy breaches, the future of Aadhaar currently hangs in the balance. The constitutionality of the Aadhaar Act (2016), which provides legal backing to the project, is the subject of litigation at the country’s Supreme Court. While petitioners have long challenged Aadhaar on grounds of breaching privacy, it is over the past year that the legal battles have gained impetus. The current government is pushing to make Aadhaar mandatory to access subsidies and to link Aadhaar numbers to bank accounts, phone numbers, income tax records and several other vital documents. While by law, enrollment in the program is entirely voluntary, the recent government push to make Aadhaar mandatory to access subsidies and basic services in the economy, is raising the costs of staying out of the system significantly.
In August 2017, in a landmark judgement, the Supreme Court ruled that the Right to Privacy is a fundamental right. In light of this judgement, challenges to the constitutional validity of Aadhaar are expected to revolve around three arguments: collection of biometric data amounts to a violation of bodily integrity, Aadhaar violates the right to informational self-determination and the threat of a surveillance state posed by linking Aadhaar to a host of services in the economy.  The Supreme Court of India has begun hearing petitions challenging the constitutional validity of the program.
 Planning Commission, Government of India, March 2005
 UIDAI Aadhaar Dashboard, January 2018
 The Economist, December 2016
 International Monetary Fund, Accessed on 29th January 2018
 Government of India, Accessed on 16th January 2018
 Government of India, Accessed on 16th January 2018
 The Center for Internet and Society, May 2017
 The Tribune, January 2018
 The Wire, August 2017
Featured Image Credits: Max Pixel
Melden Sie sich an für unser Newsletter und erhalten immer die neusten Einblicke von Procivis.
Sign up for our newsletter and receive the lastest news from Procivis