Aadhaar – A good example of failed government project

I didn’t see it coming, maybe no one saw it coming. 4 days back I was on Twitter when the current chief of TRAI who was the boss of the Aadhaar project suddenly tweeted his Aadhaar number and posed the challenge to Twitterati to try and access his personal data that could cause him potential harm. His objective may have been to prove that people’s data is safe behind the digital system for Aadhaar he has helped build, but it didn’t go as he had thought. Successive governments have tried to make Aadhaar the single identity for people and have been making people link up all other identity details to their Aadhaar numbers. The government has been trying to make it mandatory to use Aadhaar number wherever people’s identity has to be verified, even for buying a new mobile sim card. What he didn’t seem to have counted was how deep search engines can dig into the internet and unearth data. No one hacked into the Aadhaar database but still people were able to bring out a substantial part of his personal information associated with his Aadhaar number to make his life uncomfortable.

Started as an ambitious project in 2009 at the scale of the SSN in the US with the objective of streamlining the country’s public distribution system, I believe Aadhaar has become a good case study for a failed government project. Primary reason for this is the lack of proper privacy laws. The foundation of a well strategised and executed project lies in the to-do lists which contains the activites to be done before and after the execution of the project. The process of collecting data from people was started before adequate data privacy laws were framed. It is actually weird that in spite of being a democracy, Indians live as if they are under dictatorship. Whenever governments come out with new regulations or standards, people obey them without questions because we have no awareness of the fact that governments are accountable to the people who vote them to power. In a democracy people have the right to ask questions till they are convinced. In India people who ask questions are seen as troublemakers so I have no option but to be part of the crowd.

What is even more disturbing is the fact that UIDAI, the statutory body that issues Aadhaar numbers has outsourced the collection of data and processing of enrollments to contracted bodies. After Aadhaar numbers are allotted, users have the option to modify their details on the UIDAI website. For this, OTP authentication through their registered mobile numbers is required. A year or so back I had logged in and modified my details. But 2 days back I found that I am no longer able to do the authentication because my registered mobile number and email address are both missing from my profile details. I had to go to one of the contracted bodies, pay money, suffer the arrogant behaviour of their staff and put back the data that was already there in my profile. The same happened with my father as well. When I contacted UIDAI customer service on Twitter and asked why my data was deleted, they did not even respond.

Without privacy laws and people’s data so easily available to be deleted, what worries me is what if people’s data gets manipulated. The Aadhaar act is riddled with ambiguities. Criminal procedures cannot be invoked against improper use of people’s details. More worrisome is about the security of people’s data against potential hacks especially because Aadhaar collects biometrics of people for enrollment. People simply don’t know how safe their private data is. More than data getting hijacked, identity theft could become a potent possibility and I cannot even start to think what impact it would have on the society.