[Aadhaar debate] Response to the questions raised by supporters


This is a response to the questions raised by Ritesh Dwivedy published here called 5 questions for the anti-Aadhaar brigade. It’s also available on UIDAI website.

Same or similar questions have been asked and answered before at many venues. You probably didn’t get a chance to read them. Hence I am answering them here. I will try to keep it short and to the point.

First off, I believe the title of the article is misleading. The article is not like a question paper as the title suggests. It’s more like a ‘Guidebook to cracking IIT/JEE’. It has frequently asked questions and canned answers by the author. Maybe it's time for the guidebook authors to look for the not-so-frequently asked questions. That would make everyone think.

Let’s start with the introduction. The author writes: “And yet, we hear so much anti-Aadhaar news. So why would anyone oppose Aadhaar? There are people with vested interests or extreme ideology – they do not want corruption to go away, they are middlemen who have been making crores through corrupt practices, or they believe in extreme anti-state ideologies.”

I started reading the article thinking it will lead to a good discussion about tech, policy, privacy, and social impact etc. But if someone starts an introduction with blaming the opposition and calling them supporters of corruption, it doesn’t instill confidence about the quality of questions. I was kind of disappointed with the questions. But then I choose to answer because it can help. Here are my responses to the questions.

“Q1: How many more years do you want India to remain a ‘developing’ nation?”

ANS: I want India to be developed country from tomorrow. There you have my answer.

Now in your canned answer, you say we can’t become a developed country without taking everyone along with us. I agree. You also suggest DBT makes 100 percent “aid” reach the right person. But you conveniently forget not every “aid” can be delivered to a bank account.

Let’s take one simple example of PDS. How will Aadhaar make sure the person who is under PDS+Aadhaar gets 100 percent of the rice he is promised and the quality he is promised. At most, Aadhaar can make sure the right person signed up or was present at the delivery spot. It can’t guarantee anything else. It can’t guarantee timeliness, quantity, quality, or absence of bribery. Sorry, the reason you gave is not completely applicable. To burst your bubble, just a unique identity is not going to make India developed.

"Q2: Why are you silent on all the benefits we are seeing as a result of Aadhaar?”

ANS: We do recognise the benefits but with an eye for detail.

In the canned answer, you give examples how the Aadhaar is beneficial. You didn’t link them to the sources. Here are a few links with a counter view.

There are literally hundreds. Just Google. Not sure how you came to this conclusion.

We agree there are benefits from a unique identity and hence from Aadhaar too. We also know benefits always come with the cost. I would like to see both and then make an informed decision.

“Q3: Why are you misleading the Indian public about Aadhaar through fear-mongering and sensationalism?”

ANS: No we aren’t.

In your canned answer, you call “dataleaks” as data disclosures and also make a claim that “In fact, people’s digital identity remains secure.”

Since you have not gone into details, I will do that. Let’s take an example from the report Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information. The website of Chandranna Bima Scheme by Govt. of Andhra Pradesh publishes partial Aadhaar numbers, name, father’s/husband’s name, age, caste, mobile number, gender, partially masked bank account number, IFSC code, bank name, and details of the nominee etc.

I was especially disappointed with this question because you also head an online startup. Talk to your security team and see how much information they think is enough to conduct an effective social engineering attack.

Many transactions can be done with just Aadhaar number and OTP. Makes social engineering easier. In the meantime ask your startup’s security team how happy they or your customers will be if their data (of similar type) leaks. Security is not just about keeping password or biometrics safe.

You probably know the after effects of Ashley Madison data breach. Now imagine the kind of effect if the HIV/AIDS patient’s profile data along with Aadhaar number leaks. With Aadhaar, they can be uniquely identified. So again it’s not always about safe biometrics.

There is much more to the security and privacy argument. I would suggest you read this post on Reddit which explains other aspects which I have not gone in detail here.

“Q4: Why are you willing to give biometrics to foreign govts and corporations, but not to your own govt?”

ANS: We have, for example, for the passport. Important terms to know are purpose, choice, and consent.

A very popular question on social media is – ‘How can you give biometrics for the US visa but not to your own government.’ But it’s important to remind everyone that one needs to have a passport before getting a visa.

Everyone who has a passport has given their biometrics to the government. Again, the purpose of the collection is clear and is by choice.

You also talked about the biometrics on phone. Now to assume everyone has a phone or has a phone with biometrics capability is a little too much to assume. Many of us don’t have a phone with biometrics. Happy to announce I don’t need a phone with biometrics to pay taxes.

You also talk about, and I quote, ”control over its usage” and “strict protection of the law”. Here you talk about the control over data and usage. Under Aadhaar Act citizen, citizens don’t have any legal rights to the data. If it is leaked or misused I am not considered an aggrieved party. I cannot sue UIDAI or others involved. That is the kind of protection I get. Of course, there is also the “National Security” clause under which all the data, including authentication records (which they save), can be shared. We need a complete and separate article on that. So I am going to leave it at that.

“Q5: Why are you opposed to using technology to benefit the nation?”

ANS: No we aren’t. You say, and I quote, “Bank account data, PAN data, credit card information, and user information from online accounts, etc. have all been leaked in the past or have seen frauds, yet we have not stopped using online banking, abolished the PAN system, dismantled credit cards, or disconnected from the internet.”

Everything mentioned here can be replaced or I can get rid of the account (except PAN). I can also sue people responsible for it for damages. But in the case of Aadhaar, I can do neither.

It's also an interesting question. Because as part of this question you expect “a sensible discussion by all” and “constructive arguments”. Now go back to your introduction paragraph see if it’s sensible or constructive to call the critics as corrupt, middlemen or extreme.

To answer your question.

There are many technologies that are built with the aim of building the nation. But not everything with good intention can benefit the people of this nation.

We think the way Aadhaar and its ecosystem is today is not beneficial to Indians given the risks. It is also important to know technology can’t solve all problems.

Hope my answers helped you. Ask more questions.

(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)


Updates from around the world