Book Review: Aadhaar, A Biometric History of India’s 12-Digit Revolution
This book is perhaps the most detailed and comprehensive biography of Aadhaar and the people who played a role in its birth and evolution. The author, Shankkar Aiyar, is a veteran journalist, and has marshaled his skills and experience in bringing out this short but crisp account of what is the world’s largest biometric authentication system. The book is enriched by the access Shankkar had to the people who were central to the schema, at one point or other, including Nandan Nilekani, Rahul Gandhi, Pranab Mukherjee, and even Narendra Modi. The book traces the birth, growing pangs, the creeping at first and then uncontrolled spread of Aadhaar. A long epilogue is dedicated to the issue of privacy, which acquired urgency in the light of a case in the Supreme Court asking the government to clarify whether privacy was a fundamental right. In a most fortuitous turn of events for the book and its author, the Supreme Court, just as the book was released, ruled that privacy was indeed a Fundamental Right, but subject to reasonable restrictions. The book is, on balance, a good place to understand the roots of Aadhaar, the timeline of its evolution, and the contribution of the people involved. It, however, overlooks some of the deficiencies of Aadhaar, but perhaps that is a subject for another book.
The concept of Aadhaar, or a national identity register based on some form of fool proof authentication, is not new. As far back as 2003, a pilot project was launched by the BJP-led NDA government in thirteen states to issue National Identity Cards. In March 2006, the communist-propped Congress-led UPA government “announced a grand plan” to implement a project to provide Unique IDs for BPL (Below Poverty Level) families within 12 months. Yes, within twelve months. Seventeen months later, “the process committee, which included officials of seven departments, had held seven meetings and put up a proposal for the creation of the UID Authority.” Not a single card had been issued, but bureaucrats had kept themselves busy in making themselves look busy.
Nandan Nilekani, co-founder of Indian software services behemoth Infosys, almost became a minister in the UPA government that returned to power for a second, successive term in 2009. If we are to believe events, Rahul Gandhi – scion of the Nehru-Gandhi-Maino political family of India – was keen on inducting Nilekani as India’s HRD Minister. That, however, did not happen. Nilekani, however, was appointed the Chairperson of the UIDAI, with the rank of a cabinet minister.
Nandan Nilekani got to work, and fast, in assembling a team of people who could get things done. There was, among others, a bureaucrat – a graduate from the prestigious National Law School of India, a “liberal arts major and technology buff“, another bureaucrat with India Post, yet another bureaucrat with “experience in IT procurement“, a person from the Reserve Bank of India to help understand and navigate the regulatory hurdles, and one person with a doctorate in computer science. These were people who were adept at swimming the always-murky waters of the Indian bureaucracy, without which nothing would get done. There was not a single person in this core team that Nilekani assembled who could be called an expert or authority in cryptography, encryption, security, privacy, web architecture design, building massively scalable systems, or even professionals who excelled in complex software project management and execution.
Like every government scheme, there is a stated purpose that is meant for public consumption, and there is a real purpose, that is rarely revealed. For instance, the Congress-led UPA government waived off loans worth 52,000 crore rupees in the farm sector in 2009. This was ostensibly to help distressed farmers. The real purpose was to influence voters in the upcoming general elections to the Lok Sabha. The ploy paid off, and the UPA government returned to power in 2009 with even more seats in the elections that followed. That the loan waiver wrecked the nation’s fiscal health in the years to come was just collateral damage.
Similarly, with Aadhaar, the stated purpose was to create an identity database on residents that would be used to deliver targeted subsidies and to plug leakages. The real purpose, many speculated, was to legitimize millions of illegal immigrants that streamed into India from its porous border with Bangladesh. These illegal immigrants were useful, captive voters who were then corralled by political parties to vote en-bloc for their candidates in elections. Aadhaar was seen as a way of legitimizing these millions of illegal immigrants. While that ‘real’ reason has never, for obvious reasons, been acknowledged, it is useful to observe that while it was expressly stated that the database on residents could not be “deployed for seeking or granting citizenship“, today, the Aadhaar card is one of twelve documents listed by the Passport website as acceptable for establishing proof of address, and one of eight documents accepted as proof of date of birth. The circle of irony has been squared in a way that can happen only in India. Nor would it serve any purpose to reinforce the point that there have been countless incidents of illegal infiltrators into India being caught with fake Aadhaar cards. Governments and political parties are, by definition and practice, blind to all interests except their own.
The Aadhaar team did not seem to have much of an idea on how to build a system with the complexity of Aadhaar. That they did seems more an accident of coincidences than the output of forethought. A forty-five page document, titled “UIDAI STRATEGY OVERVIEW – CREATING A UNIQUE IDENTITY NUMBER FOR EVERY RESIDENT IN INDIA“, was published in April 2010 (available here). There were a total of two lines on the “Security Design” in the document. A grand total of one page was dedicated to “Project Risk“, within which there was one line for “Privacy and security risks” that went like this – “The UIDAI will have to ensure that resident data is not shared or compromised.” A high-school student could have written that line. It was no surprise, therefore, that every problem that the system encountered in acquiring biometric data was predictably unanticipated, and “patches” were written to fix those problems. The system, over a period of time, has very likely come to resemble the classic nightmare that is every poorly designed system – a mishmash of spaghetti code, patches upon patches that increase the fragility of the application, introducing new vulnerabilities waiting to be exploited, and making future maintainability even more of a nightmare. If iris scans were of poor quality – a patch was written. If Aadhaar cards were issued to chairs, trees, coriander, and other inanimate objects – a patch was written. An Aadhaar card enrolment took place for someone with the photograph of a dog – a patch was written. When such gaffes became public, the Aadhaar cards were cancelled. For every miss, for every mess, there was a “fix”. Never a plan, never a design, always a patch, a fix, a kludge. Never were systemic issues acknowledged, let alone addressed. It was always a “third-party error”, always “human error”.
Mr. Nilekani’s reactions to questions on the security of Aadhaar were illuminating. His opinion on the security of Aadhaar seemed to vary with the weather; if in the spring he claimed Aadhaar to be secure, by autumn he worried over the state of security of Aadhaar. On April 2, 2017, Mr. Nilekani thundered – “Show me even one example of data theft. Aadhaar is very, very secure.” Four months later, he fretted – “absolutely, security is going to be a big concern.”
Perhaps the state of the execution and lack of a coherent vision around Aadhaar was captured by the Parliamentary Standing Committee on Finance, to which the National Identification Authority of India Bill 2010 was sent. In December 2011, it wrote that “The UID scheme has been conceptualized with no clarity leaving many things to be sorted out during the course of its implementation; and is being implemented in a directionless way with a lot of confusion. The scheme which was initially meant for BPL families has been extended for all residents in India and to certain other persons.” Admittedly, this was to some extent an exercise in political grandstanding, given that Standing Committee was chaired by BJP politician, Yashwant Sinha.
A spanner in the works was thrown into the Aadhaar juggernaut by the NAC. The NAC – National Advisory Council – was a supra-constitutional authority created by the Congress Party, and which allowed Mrs Sonia Gandhi and a select bunch of activists chosen by her to exercise unbridled and unaccountable influence over the government, subverting the very essence of a democracy. Sreemoy Talukdar, in an article, described the NAC as “power without responsibility“. He wrote that “the Congress president ran the UPA regime by proxy, eroding the authority of prime minister’s office and undermining the provisions of the Indian Constitution. And she and her coterie wielded this enormous power without even a shred of responsibility.” Shankkar calling it a “political innovation” is surely one of the kindest descriptions I have read of the NAC. Nonetheless, and surprisingly enough, to the credit of NAC member and economist Jean Dreze, it was he who put his finger on the dangers of Aadhaar – “I am opposed to the UID project on grounds of civil liberties. Let us not be naive. This is not a social policy initiative – it is a national security project.”
Political protection money thus had to be paid before Aadhaar could proceed any further. That happened through some well-orchestrated political theatrics, where the mother-appointed NAC raised concerns about the creation of a “deep state“, while the son, Mr. Rahul Gandhi, son of the Italian-born Congress Party President, Mrs Sonia Gandhi, brokered a compromise. Thus, in an act of political theatre befitting Indian politics, the first Aadhaar card was issued to a person in Tembhali in Nandurbar, in the western state of Maharashtra, ruled at the time by the Congress Party. Nandurbar was where Mrs Sonia Gandhi had held her first political rally after seizing power of the Congress Party in a coup in 1998 that involved locking up the then Congress Party President, Sitaram Kesri, in the toilet. The “optics” were decided by “the political regime.”
Either the entire nation of a billion-plus people has misunderstood Rahul Gandhi’s intellectual prowess, or perhaps Shankkar is kinder to him in his book. Rahul Gandhi is most famous for his tenuous grasp of even the most basic of facts. Sample these few examples (Rahul Gandhi’s gaffes | Hindustan Times)
- In 2013, he most famously stated – “This morning, I got up at night.”
- In 2017, in Bengaluru, he spoke about “every single city in Bangalore“.
- In 2013, again, in an election speech, he declared – “Gujarat is bigger than UK. In fact, India is bigger than Europe and USA put together.”
- In an election speech in Firozabad, he talked about setting up a potato factory.
- He put the number of seats in the Lok Sabha at 546 (the Lok Sabha has 545 seats).
and so on…
So when Shankkar writes that “Rahul Gandhi had looked at the work done in cash transfers in Latin America … and felt it could be done in India too” a raising of the eyebrows is quite in order. In the more than ten years that Rahul Gandhi has been in public life as a politician, there has yet to emerge a single instance of him having expounded intelligently on even a single issue of substance. Even speeches he had delivered in Parliament have been done with the help of cheat sheets. Therefore, for Rahul Gandhi to have studied “cash transfers” in other countries calls for a leap of faith most would be unwilling to take.
It was widely expected by many, including several BJP supporters, that Aadhaar would be scrapped once a BJP-led government came to power in the general elections in May 2014. The BJP’s prime-ministerial candidate, Narendra Modi, had tweeted twice about Aadhaar in the run up to the general elections to elect the next Lok Sabha in 2014. One tweet was a barb directed Nandan Nilekani, the Congress Party’s candidate from Bengaluru.
The second tweet was targeted more at the fundamental flaws in Aadhaar, viz, security. It held out hope that a scheme as perilous to the long-term security of the nation as Aadhaar would be shelved immediately upon the BJP’s coming to power.
That was not to be. After a thirty-minute meeting with Nandan Nilekani in July 2014, the Prime Minister made a stunning u-turn with respect to Aadhaar. Gone was any talk of the “security threats” that Aadhaar posed. In its place emerged generalities like “I knew Aadhaar had potential“, “Our problem was not with the idea of Aadhaar“, and so on. Aadhaar had been resuscitated, and like a mutant zombie, was set loose with even more vengeance on the nation.
While flexibility and malleability of opinion on issues is an essential trait of any successful politician, few politicians would like to be compared with Mrs Indira Gandhi on the issue of ideology or politics. It needn’t be reminded that it was Mrs Indira Gandhi who suspended Fundamental Rights and imposed a state of internal Emergency for twenty-one months between 1975 and 1977. It was the darkest period of Indian democracy. Mrs Indira Gandhi is also faulted with cementing dynastic politics, with systematically undermining every democratic institution in the country, including the judiciary itself, and under whose regime corruption became embedded into the fabric of Indian society. Yet, there is an inescapable parallel drawn between Narendra Modi and Indira Gandhi in the book. The author quotes from the former RBI Governor, I.G. Patel‘s book – “There was nothing basically ideological about Mrs Gandhi. Everything was as it suited her at the time.” Shankkar then goes on to quote Mrs Gandhi’s ideological calisthenics before commenting, “Narendra Modi is not bound by conventional definitions of ideology. His approach is based on political entrepreneurship, and policy is essentially an instrument to consolidate and expand political subscription.” Perhaps I have read it wrong, but this is most damning an indictment of the Prime Minister, Narendra Modi, and a brutal one at that, but delivered with the softest of touches by Shankkar.
Despite a Supreme Court order in August 2015, that ordered the Union of India to “give wide publicity in the electronic and print media including radio and television networks that it is not mandatory for a citizen to obtain an Aadhaar card“, the government brazenly ignored these orders and made it mandatory for taxpayers to quote their Aadhaar number to file their income taxes. Banks badgered customers to link their Aadhaar numbers to their bank accounts, locking out and freezing scores of accounts for lack of compliance. Numerous such incidents of organized anarchy by the government abounded. The Supreme Court’s orders were flouted with impunity, without consequence.
In the Epilogue, Shankkar writes, “Realistically, therefore, using Aadhaar would be an arduous way to snoop when more convenient ways exist.” That is technically true. It, however, in many ways, misses the trees for the woods. What Aadhaar is forcing the entire nation to do is to link every single aspect of every citizen’s online and digital existence with a single number. Whether it is registering births, marriages, deaths, pensions, buying or selling a property, filing income tax, allowing someone to appear for their examinations, operating bank accounts, and even using mobile phones, the central, state, or local governments are forcing the people to tie increasingly large parts of their existence with a single number. There is little to no accountability with respect to securing this data. Every successive failure, data breach is attributed to various causes. Never is the system blamed. No one in the government, tasked with keeping this data secure, is held accountable. We already know that digital surveillance is pervasive – you call someone up on your mobile phone to talk about getting your home furnished, and moments later you start getting ads on the subject. Aadhaar makes it child’s play for advertisers to harvest this information to build up a complete profile on you. But that is not possible, you say, because the government will not sell Aadhaar data. Your actual biometric data may not be sold, but every other aspect of your digital existence that is tied with Aadhaar will be.
Shankkar’s book is probably as close to a complete official biography of Aadhaar as we are likely to get for some time. It has dates, places, and names down to an astonishing level of detail. The book is the one place to go for people wanting to understand the history of Aadhaar, and its progression from an idea, to its launch, its being sidelined, resuscitation in 2013, and its eventual adoption by the BJP in 2014.