Indians, like many global citizens, are becoming increasingly entangled in a complex digital web, with the Aadhaar system serving as the central spider. While seemingly innocuous at first glance, this government-mandated digital identity system has led to a myriad of concerns, from privacy violations to systemic oppression. The initial public outcry against its implementation was ignored by government at the time and has largely been swept under the rug since, leaving a trail of distress, subjugation, and helplessness in its wake.
Aadhaar’s mandated usage has facilitated a digital panopticon, enabling not only the government but also private entities to pry into and control the lives of millions. From spam calls to stalking to starvation, Aadhaar-linked phone numbers and biometrics have become a gateway for intrusion into the personal lives of individuals, particularly women. With little regard for the distress caused, the system has forced itself into every aspect of daily life.
Moreover, Aadhaar’s centralized nature raises profound concerns about data security and individual privacy. Reports of data breaches and the unauthorized sharing of personal information for commercial gain have only added to the growing apprehension among the populace. Just five days ago saw the personal data of a whopping 815 million Indians exposed in one of the nation’s most damaging data breaches. This centralised honey-pot of personally identifying information, which included names, phone numbers, addresses, Aadhaar numbers and passport information, was available for sale on the web, reminiscent of dog collars listed on Amazon. It took a US based firm, Resecurity, to disclose the hack.
Aadhaar is not alone in its design. Like other centralised topologies, it deputises external parties for the purpose of authentication and service provision. Yet to do so, Aadhaar provides access to the underlying identifying data which has the consequence of expanding attack vectors. This touches on a critical distinction; raw data versus analysis based on this data. Leaks of the latter are much less serious than leaks of the former.
Because the standards of external participants cannot be guaranteed, these authentication and KYC agencies, and the client businesses they share identity data with, become a weak link in the privacy chain and are hence subject to attack. Aadhaar based identity leaks of 300 million, 20 million and 100 million users occurred in this manner in 2019, 2020 and 2021 respectively. There’s a great writeup on this at the Hypersign blog here.
It’s easy for the eyes to glaze over when thinking of such large numbers. Yet every one of those tens of millions of identity violations relates to a real person who has to face the consequences of forced participation in a digital identity system. Those consequences can be quite profound and personal. Just last night for example, I was on a call with a technology entrepreneur I know in India who told me about the stress that Aadhaar has put on one of his cousins.
Because one can’t even purchase a bra in a shop without revealing your Aadhaar linked phone number, she has been the victim of stalkers who have called or messaged her directly after retail shopping. These creeps could be employees of the lingerie shop, snoopy customers in the vicinity at the point of sale, or anyone else who happened to (even briefly) come into possession of the number and its associated metadata once it is in the digital domain.
An unseen consequence of centralised digital identity systems then is women having to deal with stalkers who call to say “I enjoyed watching you buy that bra”. These are the details that those in suits sitting behind mahogany desks never broach when promoting such policies. Those of us free from such centralised digital human-stocktakes can only imagine the feeling of violation inherent in going to bed wondering whether your innocent clothing purchase has attracted yet another stalker.
To make things worse, with residential address not immune from the talons of such systems, such unwanted company could be calling you from outside your bedroom window. It’s the 1996 horror movie “Scream” manifest. Those who do live under such systems need not imagine. They exist daily with these and other consequences of mandated state involvement in the world of digital identity. It’s the cardinal issue of our time yet, it garners fails to garner commensurate attention and thought.
These aren’t academic accusations or shrill hypotheticals either, especially to the many like Sita from Karkala village, Lassadiya Panchayat, in India’s North West. Despite her attempts to work with Aadhaar, her fingerprints simply were not accepted by the digital arbiter and she was consequently denied both work and rations. Being a single woman with no alternative income, she was left to starve. Her frail condition, and those of many like her, should have been an unambiguous indicator of a failed safety-critical system, yet to officialdom, it is treated with somewhat less urgency. “Please contact technical support” is of little help when you’re hungry at 2o’clock on a Sunday morning.
Like air-crash investigators examining smoldering wreckage to explain failures in the safety-critical systems of the sky, people starving in the streets should lead to the immediate suspension and investigation of the responsible systems at fault on the ground. Yet somehow, we are more touched by the loss of a few hundred people in a air crash than we are thousands, or even millions at the hands of a government mandate digital predator.
This likely has much to do with a particular property of centralised digital ID systems: dehumanisation. Our humanity is wounded when we see video footage of a child’s shoe or a suitcase smoldering away at the site of an aviation incident, yet suffering born from digital discrimination has no such manifestation that is so readily pointed to. Centralised digital identity systems reduce our humanity to a number, a statistic, something to be lost in a spreadsheet. To introduce mandatory systems capable of such abuse without the commensurate maturity, technical alternatives and respect for widespread resistance is a stain upon our species.
The entanglement of private companies within the Aadhaar ecosystem further complicates matters. With numerous layers of authentication and business processes stacked on top of one another, the difficulty of opting out of Aadhaar’s grasp has left many feeling ensnared in an inescapable labyrinth. The mandatory linkage of Aadhaar to essential services, coupled with the lack of viable alternatives, has effectively monopolised the digital identity landscape, leaving individuals with no choice but to surrender their data and privacy to the whims of centralised authority.
The repercussions extend beyond mere inconvenience. Dissenting voices, including intellectuals and activists, find themselves silenced or incarcerated for speaking out against the system. There is an unspoken level of permissible public disapproval which one is best not to misjudge in India. Walk around in public with an “Aadhaar sucks” sign and you wont be walking around, freely at least, a week later.
How can I make such claims? Simply because they come to me directly from India. In one case, I learned of researchers from a university in the country’s North who were involved in criticising Aadhaar through a philosophical lens. They are now in jail. Although such enforcement is the responsibility of state governments, it seems very supportive of what is known as the central government and their national digital ID system. There’s obviously something very important about the continued infliction of Aadhaar on the population.
My contact observed that he’s never seen college professors being jailed, even going back five decades. Clearly there are motivations for the government to keep a lid on well-reasoned arguments against Aadhaar, and there are many. Incarceration, after all, has proven to be a timelessly reliable tool for tyrants. This serves as a stark reminder of the far-reaching arm of the system, curtailing freedom of expression and perpetuating a climate of fear and intimidation.
Then there’s the hell of biometrics. Unlike a leaked phone number, retinas, faces and fingerprints are not easily updated. Those attributes that form part of our physical bodies, once surrendered to monolithic centralised digital identity systems, are no longer our own and the damage caused by those who seek to use that data nefariously follows us, literally, wherever we walk. Yet biometric identification has proliferated with Aadhaar at a rate that far exceeds anything that could resemble caution.
Take AtomX and their ticketing system that gatekeeps access to events such as concerts at stadiums. Simply show your face to the system on entry and from your immutable physical characteristics, it will identify whether you are a valid ticket holder. Sounds cool? Sure. Incalculably dangerous? Absolutely. AtomX champions their ability to “get people in quicker”, which seems a superficial benefit when it comes at potentially civilisation ending cost.
Why do I say this? Well it is hardly an opinion, more so a highlighting of history. We are ultimately discussing the digital version of the Kennkarte, the mandatory state-issued identity document deployed by Nazi Germany. That system was used to impose highly granular identity base discrimination even between shop vendors and innocent customers, and it utilised identity data collected by the government of the pre-Weimar German Empire; well before the Holocaust could have been imagined.
In Berlin for example, those labelled as Jewish by their identity card (or a host of other eclectic labels umbrellaed by the term “undesirables”) were only permitted to shop between 4pm and 5pm, by which time most food stock had been exhausted during the war. Furthermore, Arian customers who happened to arrive during the “Jewish shopping hour” went straight to the front of the queue. These are the types of policies that can be, and have been, enforced when a centralised body holds the reigns of identity management in a competition free environment.
Access management is not a trivial component of life and making granular, centralised decisions about who can access what in real time based on faces and fingerprints is a topology that risks completely inverting a society’s approach to trust and liberty. Being denied legitimate access to a concert is one thing, to food is another. Yet to Aadharr, they’re one and the same.
What then does the future look like for India? Unfortunately, the rollout of centralised digital identity systems seems to be a one-way operation. Once they become embedded into a nation, especially into the business realm that invests in amalgamating their own value stacks, they are incredibly sticky. In this case, what has been imposed by government can largely only be removed by government. For the unfortunate population of India then, they are on the rollercoaster now until its ultimate conclusion. My heart truly goes out to them.
One may ask what the motivation for such systems is when they are imposed on a population against its will. Humans are very much incentive driven creatures. It’s generally reliably to predict human behaviour based on the motivations at play. The Indian government went to great effort and cost to connect even the most remote villages to the internet in preparation for Aadhaar. To sweeten the deal, a program that provided millions of people with a free mobile phone and SIM card was launched via the Reliance group. Given the financial and political costs involved in dangling these carrots, one can only guess at the concealed offsetting benefits that manifest in terms of centralised control and power. Nothing in life, after all, is free.
More staggering than the persistent use of a clearly broken system, is the fact that privacy-preserving technology already exists in the identity management space, with private sector entrepreneurs building systems that do a much better job right now. It is difficult to ignore the suspicion that the continued use of a socially unpopular and technical inferior system must only be the result of undisclosed benefits accruing to those elites who perpetuate it. The unbridled power wielded by the ruling party in pushing through such a system, regardless of public dissent and technical vulnerability, underscores a worrisome erosion of democratic values.
It is imperative for countries yet to adopt centrally mandated digital identity to learn from India. The fusion of identity management with the domains of control, surveillance and police poses a grave threat to the very fabric of a free-ish society. It is high time for a reassessment and a reclamation of the fundamental rights and values that make up the bedrock of a thriving democracy. Only through a collective effort to challenge and dismantle the oppressive shackles of systems like Aadhaar can India and the world truly look to a bright future where individuals retain ultimate custody and control of their privacy and identity.