An issue is currently being debated in India’s courts that could affect the development of blockchain-based identity programs worldwide.
I’m talking about the Aadhaar platform, which is leaving a trail of takeaways for others to learn from.
Given the proliferation of startups and official institutions looking at the problem of self-sovereign, immutable digital identities, a look at Aadhaar’s successes and obstacles could help with the design of lofty goals and sweeping implementation.
In 2010, the Indian government issued the first Aadhaar identity number, a unique rendering of personal data, with the aim of documenting all of India on a digital platform using biometric identifiers.
That in itself is staggering – how do you coordinate the inscription of 1.3bn people, including the scanning of fingerprints and irises for each individual?
The first main takeaway is that it is possible. In just over 6 years, approximately 1.15bn people have been issued Aadhaar numbers, including almost 100% of the over-18 population. That’s more than the entire populations of the US, Europe, Australia and South Korea combined.
True, it took a massive rollout of administrators and digital readers, but the Unique Identification Authority of India (UIDAI) showed that it could be done. At its peak, over 1 million people were being processed each day.
Second, certain rules need to be set out from the beginning. Is the program mandatory or optional? If mandatory, how will enforcement be carried out? If optional, how will the old and new systems cohabitate?
The Aadhaar program is optional. But a recent amendment to the Income Tax act stipulated that an Aadhaar number was required to file a return – which pretty much makes it mandatory. Last week the Supreme Court upheld this law, but also ruled that those without an Aadhaar number should still be able to pay taxes, until the broader privacy issues can be decided by the Constitutional bench. On the one hand, good news (for now) for privacy activists and for citizens who don’t (for whatever reason) have a card. On the other, an administrative mess for the government, which could have been mitigated with clearer parameters at the outset.
Also, one of the main incentives for the government is the opportunity to streamline administration and reduce “leakage”, the amount of aid paid to “false” identities. However, there is still some confusion as to whether or not an Aadhaar number is a requisite for government aid. Several official agencies seem to think that it is, but the Supreme Court has ruled that it isn’t.
Furthermore, while the first cards were introduced in 2010, legislation backing the project (the Aadhaar Act and the Aadhaar Regulations) did not pass until 2016, and is often criticized as being unclear.
Third, the privacy issue will always be a problem, however great the efficiencies. Concerns have been raised about the lack of clear regulation on the process of sharing identity information, as well as the lack of redress and appeal if you feel your data has been mishandled.
The Aadhaar Act mentioned above authorises any official at the level of District Judge or higher to access an individual’s identity information, excluding the biometric data – that limitation doesn’t apply to officials with rank of Joint Secretary or higher. Given India’s reputation as the “most corrupt country in Asia”, this raises some concerns.
And while the government understandably wants to standardize administration, some groups are raising the alarm over the volume of data on each individual the government would have in its power, the capacity for tracking and the spectre of mass surveillance.
The fourth lesson, a surprising one, is that biometrics are complicated. It turns out that not everyone has fingerprints that lend themselves to being scanned. Apart from the very young, manual labourers often have worn hands due to repeated handling of rough objects. One area in north Delhi reported a 10% fail rate when reading fingerprints.
The same goes for eyes – the elderly often have degraded irises, so getting a clear reading can be challenging.
Fifth, even with biometrics, falsifications will emerge. In some cases, inscription agencies took advantage of a rule that said that biometrics were not always required (if fingerprints or irises were not clear, for instance), In others, hackers were able to bypass the scanning requirements.
Sixth, census statistics are unreliable, which makes it more difficult to plan and implement projects that affect populations. The Aadhaar web page shows what percentage of the population are inscribed, by province. In Delhi, that reaches almost 120%. It turns out that the population figures are “estimates”.
Seventh, “inclusion” is elusive but possible. While bringing undocumented citizens “into” the system was touted as one of the main goals – millions of people don’t even have a birth certificate due to an inefficient registry system – apparently almost all of those who enrolled in Aadhaar already had an official ID.
So, what about those without? Over 200,000 undocumented citizens took advantage of the “introducer” option, in which someone with an Aadhaar number vouches for someone with no official identification.
And, it’s worth noting that the Aadhaar number does not substitute a government-issued ID, so it cannot be used for cross-border travel, for instance. However, Aadhaar holders without any other ID can now get mobile phones and open bank accounts, something that they couldn’t do before.
Takeaway number eight is that any broad platform needs to be designed for growth. Even after the successful rollout and the years of experience with the system, experts admit that they don’t know what else the platform will be adapted for, or what other functionalities will be built on top. However, Aadhaar has been designed to allow other private and public applications, and already innovations and apps are emerging from the ecosystem.
The hope is that Aadhaar will become a “universal id”, in that it grants the holder access to a wide range of services. Also, it aims to reduce onboarding expenses for businesses such as mobile operators, landlords, employers and even banks, allowing them to bypass most of the cumbersome KYC requirements by using information already in the system.
The last lesson is to question the technology. Aadhaar is not a blockchain solution. That in itself calls into question the need to use the blockchain for national identity. If the verification of the data needs to be centralized, and if transparency is not a fundamental feature, then a distributed database could suffice.
True, the idea of identity being centralized in the hands of the government may be disquieting to many. But for a digital version to be useful on a national or pan-national scale, it needs to be accepted by the jurisdictions in question. What will incentivize governments to cede control over the fundamental role of granting citizenship?
The Aadhaar project is encouraging in that it is leading the way in showing what can be done today. Blockchain technology, however, allows us to contemplate other forms of identity, new uses for that information, and evolving roles for government. It is inviting us to think about what could be done tomorrow.