The UIDAI and the Finance Ministry have admitted through RTI that there are no designated officials certifying the identity or address and as such the UID is neither Proof of Address (PoA) nor Proof of Identity (PoI). They have also indicated that no verification or audit of the UID database has ever happened. The Aadhaar is merely a random number assigned by the UIDAI to unverified and unaudited data submitted by private parties paid for each record and is, therefore, not even a proof of existence of any person.
From the procedure announced by the UIDAI to recover lost Aadhaar numbers,it is evident that several records are returned for each biometric, and demographic information is required to narrow match to 5-10 entries. This also means that de-duplication using biometrics is a mere theoretical exercise and biometrics cannot produce a unique ID.
Furthermore, biometrics are neither permanent nor immovable. Biometrics change during the life of a person, sometimes even within a few weeks, without warning. Biometrics can be easily stolen, replicated or misused as has been demonstrated by hacking fingerprints, and iris scans of high profile targets. The enrollment agencies that have captured these biometrics have the entire demographic and biometric database along with the allotted Aadhaar numbers in their possession and as such, it can be misused or stolen. Once the biometric fails or is stolen, all the functions that have crept to link access to the biometric are denied with little or no recourse to the victim.
The Reserve Bank of India (RBI) has admitted on RTI that using the Aadhaar as the sole for electronic KYC, to open bank accounts, has resulted in removal of restriction of Anti-money Laundering Rules, violation of the RBI’s Master Circular on KYC, the recommendations of the Financial Action Task Force, and the Basel Standards of keeping customer data. They have been pressured to use Aadhaar to open such accounts through “government consultation” by the Department of Revenue and the UIDAI. This has already opened doors to finance terrorism, execute organized crime, park black money, siphon direct cash transfers of subsidy, and launder money. There are enough incidents in the country, including the arrests of terrorists with fake and multiple Aadhaar cards, that highlight the compromise of national security, money laundering and failure of distinguishing the real from fake through UID.
The use of Aadhaar for user registration on IRCTC is yet another example of oversell of the Aadhaar, bad advise and misinformation to the ministers in the NDA government.
The Home Ministry and the Defence Ministry should be extremely concerned. It is shocking that the Railways that have been plagued with terrorism are blindly putting the entire country to risk by enabling terror organisations to register fake identities on IRCTC.While a benign scenario may be large scale fake bookings to make tickets pricier by touts who were enrolment agencies for Aadhaar or those who purchased or stole such databases. It would be impossible to tell if bookings made with an Aadhaar number were made by the genuine person. Bibek Debroy, member of the Niti Ayog has raised the important issue of privacy of this number. He has complained that several reservation charts openly display PAN or Aadhaar numbers and has rightly called this as a breach of privacy.
A more dangerous scenario will be entire trains booked in fake names and used to transfer armies of anti-nationals and terrorists. After all it is not difficult for the enrolment agency to have compromised this data by selling it to anti-national elements or even be run by one. Even the current status of the enrolment agencies that opened shops is unknown. The status of the forms collected by these agencies is also unknown. They were certainly not collected by the UIDAI and archived. The use of foreign agencies as enrollers and for “de-duplication” raises questions about the whereabouts of copies of the data and the ability to cause identity theft. Neither the Home Ministry nor the Defense Ministry had conducted background checks or given security clearances to any party involved in the collection, storage or use of this data.
The US government post 9/11 under Bush administration had already discovered the use of Social Security Number had resulted in identity theft of massive proportions and had issued explicit memos to all offices about "Safeguarding Against and Responding to the Breach of Personally Identifiable Information”. This also required restricting the use of the SSN and delinking the SSN from multiple usage. The UK government under David Cameron scrapped its entire National ID cards database and outlawed its use for similar reasons.
While the mandating of Aadhaar in contempt of the Supreme Court ruling is destroying the little rule of law, and respect of law in the country. It is also a sign of maximum government, and bad governance. However, worse is the complete lack of respect for national security, failure of the machinery to identify and respond adequately to threat to the nation and a collapse of integrity and professional standards in the machinery recommending and implementing such schemes. No amount of money sunk into the Aadhaar project or perceived convenience can justify its continuation if even 1% risk of compromising national security or sovereignty exists.
Prime Minister Modi in his speech, at the launch of Digital India, rightly expressed grave concerns for cyber warfare at the click of a button. The Aadhaar has made that scenario real as every document linked to it or issued using Aadhaar will make it impossible to distinguish a genuine citizen from a fake one.
While the Railway Minister must rise to cancel any such plans, the Home Minister and Defence Minister must immediately scrap the linkage of Aadhaar to any database, require that the entire UID is destroyed as was done in the UK. This kind of compromise requires the initiation of a time-bound judicial probe by a retired CAG and Supreme Court Judge supported by the CBI to investigate the exposure of the country to serious threats to national security due to UID.
Even if your organization has been using Aadhaar as a KYC, it is high time you delinked your organizations databases from the time bomb ticking away. Even if you have obtained an Aadhaar card, it is high time you reduced your risk by refusing to link it to any databases.
Perhaps, Prime Minister Narendra Modi will rise to the occasion and do what David Cameron did in the UK – destroy the databases storing Aadhaar and outlaw any use of the number.
Anupam Saraph is a respected innovator and polymath who has been an advisor in governance, informatics and strategic planning. Anupam Saraph obtained a PhD from the Rijksuniversiteit Groningen in Informatics while working with the IMAGE team at the RIVM and IVEM in the Netherlands. He is an acclaimed leadership, strategy and innovation mentor. His leadership, innovation and foresight in diverse sectors have left lasting value.(source: Wikipedia)