The Aadhaar, with any responsible project management, would never have hit release candidate status, let alone be deployed with sensitive data of the population of the largest democracy on the planet. The flaws of the project are innumerable. From design to deployment. From malintent to incompetence.

Biometrics are not secret

The entire internet secures data with established protocols like passwords and 2-factor authentication. For some reason, the Aadhaar is based on biometrics – which, as Dr. Pandey recently mentioned in an interview are not secret to begin with. Except, he mentioned it as a worst case scenario – of even the biometrics database being breached – not being a problem, because “your biometrics are anyway in the public domain, right?”. A project this size has got deployed without realizing that because biometrics are often easily found in the public domain, no one else has been irresponsible enough to use them solely in an irrevocable manner to provide access to sensitive data.

The project was not well planned

From initially being solely an authentication of identity, midway through enrolments, Aadhaar also became an identity and address proof in a bid to increase its utility and adoption for KYR. Of course, the numbers enrolled till that point were not revoked, but that does not matter, because…

Aadhaar data is not verified anyway

No one verifies the documents on the basis of which Aadhaar is provided. So it does not matter. A wrong name and address will at best result in the physical Aadhaar card failing to deliver at the provided address. The fake Aadhaar holder can download and print the card and use it as an authentic one anyway. An innocent downside of this is that when the countless illiterate people of India provide an inaccurate address or the undertrained and error prone operators enter the wrong address, they are creating an Aadhaar card that can’t be delivered or used. From the start, the postal department has been plagued by the problem of undeliverable Aadhaar cards.

Biometrics are not an accurate match, but an estimated one

Since no two fingerprints are exactly alike – including those taken of the same person, of the same finger, at the same time, immediately after each other – the matching of fingerprints is done according to a percentage of the match. This can include fingerprints of another person that are similar enough and it can exclude fingerprints of the original person if they seem different enough. This is a direct result of a poor design choice in using biometrics to begin with. This cannot be avoided using biometrics. Because there is no way to provide a high percentage of accurate matches and accurate exclusion of mismatches with biometrics. It is not possible because that is the nature of the technology chosen. It is probabilistic – in the sense, when you validate fingerprints, the response is that it is “probably” a match or not, not a confirmed yes/no like say – authenticating with your Twitter or Google account.

In a well-tested project, this fatal flaw would have been caught well before being deployed. But then Aadhaar is not a well-tested project. It is being deployed and tested with human guinea pigs at the cost of lives and individual finances and well being of countless of the most vulnerable people of the country.

There are countless problems with Aadhaar, but these are the ones that are at the root of practical, security issues for people.

Problems related to exclusion

A lack of Aadhaar or a lack of Aadhaar linking or a lack of Aadhaar authenticating result in the exclusion of people in receiving their entitlements from the state. This has caused several deaths from starvation. While the government is assuring the Supreme Court that no one is denied their entitlements because of Aadhaar, it is also the same government that argued for an exception for welfare benefits under the Section 7, when the Supreme Court ordered an extension to the March 31 deadline for linking Aadhaar. A simple question here is that if no one was being denied their entitlements because of Aadhaar, what was the problem if the entitlements were included in the extension? Aadhaar would not be mandatory – the government was already claiming Aadhaar was not mandatory. This is, because the government was misleading the Supreme Court and the widespread denial of entitlements is indeed being carried out and it is not an accident. It is probably a rather ruthless way of saving money – the so-called “savings” because of Aadhaar, that have repeatedly been shown to be denied to people and not denied to “ghosts” or illegitimate claimants. Whose liability is this?

Expenses of Aadhaar compliance

While the government stresses the “free” aspect of Aadhaar, the reality of it is that the denial of entitlements due to Aadhaar has resulted in a desperate rush for making as well as updating Aadhaar before a limited number of operators, and the operators, who themselves operate on very flimsy margins have been found to be charging several hundred rupees to people who want to make an Aadhaar in countless instances.

Additionally, particularly in rural India, Aadhaar centres are not available as densely as in metros, and people often have to spend money on travel or spend work days in order to get an Aadhaar made or updated. Who is responsible for this expense forced on people in order to obtain a “free” card, without which they will not get their basic rights?

Denials of compensations, like farm loan waivers or insurance

Farmers may be distressed and committing suicide and loan waivers been announced as humanitarian assistance, but that does not mean that the government will miss a trick to force people to link their desperation to their Aadhaar or be denied of their entitlement. Further, when the hasty implementation turned out to be flawed, there were costs related to it. People who were not able to get their loans waived. Banks hastily paying interns to link Aadhaar numbers to the emergency loans.

There are countless people facing trouble at work because their employers want their Aadhaar number for their Provident fund, which is mandatory for all salaried employees. They run the risk of losing their jobs for lack of Aadhaar.

There are instances of people being denied insurance claims without an Aadhaar. People who paid premiums for their insurance but when they needed the money, it was denied to them and they had to struggle to pay the unexpected expense as well. Or when money they had already earned failed to arrive because of MNREGA payments being denied over Aadhaar. Who will take responsibility for the stress caused by money people are entitled to being delayed or altogether denied?

Denial of healthcare and life essentials

There are countless instances of denial of medical assistance to people without an Aadhaar. Stories of people dying in hospitals without being admitted, because they didn’t have an Aadhaar. Women delivering babies at hospital gates because they were refused admission for lack of Aadhaar.  And of course, the deaths from starvation when PDS rations or meagre pensions vanished because of Aadhaar. Who compensates for this loss of life or any health complications caused?

The costs of fraud

There have been instances of fraud having been carried out using Aadhaar. So far, either people who have been scammed lose money, or banks have repaid them. There are very few instances where culprits have been caught and arrested, and still fewer ones where the scammed money was recovered. As Aadhaar leaks continue and even biometrics attached to Aadhaar numbers are revealed – the Gujarat PDS scam, the biometrics stored and available on government sites and biometrics that could easily be lifted from the belongings of someone with money by those around them… these scams are only going to go. Biometrics compromised can’t be revoked and reset like passwords and can thus be repeatedly misused. Who is going to keep absorbing this cost?

These are just a few examples. The reckless rampage of Aadhaar without regard for consequences is putting financial stresses on some of the most poor and vulnerable people, on those in desperate emergencies, those needing immediate medical care, those needing food and meagre pensions for their very survival, already floundering banks that are being forced to add new processes free of cost, and compensate for frauds…. has the government or UIDAI thought through the consequences of their actions on those who are forced to fund them?

For that matter, given the poor quality of the Aadhaar project compared with the money invested in it, who is responsible for the loss to government funds in both spendings on the project as well as the constant emergency measures being necessitated due to its many problems?

Who is liable for Aadhaar? Who is liable for the liabilities from Aadhaar? Who pays?