The ghosts in Aadhaar’s database

No attempt is being made to find these new-age ghosts because it would then prove that the Aadhaar programme is a giant failure.

WrittenBy:Meghnad S
Date:
Article image
  • Share this article on whatsapp

While on one hand Aadhaar is being hailed as the one-shot solution to prevent leakages in subsidy delivery, on the other hand, a massive story in HuffPost challenges that very narrative, thereby turning it on its head.

subscription-appeal-image

Support Independent Media

The media must be free and fair, uninfluenced by corporate or state interests. That's why you, the public, need to pay to keep news free.

Contribute

This comes after an investigation by Tribune in January this year which revealed that it is possible to access the Aadhaar database using a hacked software being sold by anonymous people over WhatsApp for a measly sum of Rs 500.

The Tribune story explained how it is possible to get access to the Aadhaar database. What’s more, by paying Rs 300 more, it is possible to also get a software that enables printing these Aadhaar cards. The latest story published in Huffpost takes it a step further by showing that it is possible to even create Aadhaar numbers and enter them into the official database using an illegal software patch. The implications of this revelation are crazy and it would be a folly to ignore them.

HuffPost got its hands on a patch—being sold using Whatsapp for only Rs 2,500—which not only alters the current software being used to enrol individuals but also bypasses the biometric security measures required to create new IDs. Essentially, this enables fake Aadhaar IDs to be created in bulk and entered into the official UIDAI database. The software also enables anyone to use a photograph of a registered operator and use the iris scan function to start making entries.

In July, Unique Identification Authority of India (UIDAI) claimed that Aadhaar has enabled savings to the tune of Rs 90,000 crore by preventing leakages. J Satyanarayana, chairman of the UIDAI said: “We were able to weed out bogus and duplicate beneficiaries by using Aadhaar.”

But now the big question is: Are these Aadhaar numbers, which they are using to weed out bogus beneficiaries, even real? What if the IDs themselves are bogus ones created using an illegal software patch?

This is not just a scenario being pulled out of thin air. Another story in Times of India this week points out that massive quantities of siphoning is already happening in Uttar Pradesh. This story details how the software used for distributing ration under PDS has been hacked and how government officials might be hand-in-glove since they are the only ones who have usernames and passwords to successfully enable these transactions.

Aadhaar numbers of genuine beneficiaries are being replaced by other numbers—probably even made-up numbers—to pilferage ration. Apart from exclusion caused by enrolment goof-ups and mismatches during biometric authentication, this opens up a new can of worms. Not only are genuine beneficiaries getting excluded, Aadhaar is also enabling non-beneficiaries to get their share of subsidised ration. So what are these savings that the UIDAI and government keep talking about? Who are they saving this taxpayer money from?

The basic premise of Aadhaar is to identify the correct beneficiary and then ensure that Government services are delivered only to the identified person, that too after a series of checks that validates their proper authentication. If a patched software is available to create fake IDs and to make sure subsidies reach these fake individuals, it is worth asking repeatedly: what sort of savings is the government talking about?

The whole premise of Aadhaar as an effective policy falls apart. All it took was one illegal software patch, sold widely over WhatsApp, paid for using digital wallets and made usable using simple “Ctrl C + Ctrl V” combination.

The government has blacklisted 49,000 enrollment agencies to date for fleecing and overcharging people. Now the bigger question here is: Was this the only reason they were blacklisted? It is definitely possible that the authorities knew about this racket and therefore blacklisted these operators. The problem gets worse when you consider the fact that there is no way to find out how many fake and genuine Aadhaar numbers have been created. By virtue of design, every number must be considered as genuine, otherwise, it defeats the purpose of authentic identification.

The success of Aadhaar completely depends on this and it cannot be any other way. Given the circumstances, the constant claims of UIDAI that “there has been no breach in the database” are not surprising. They have to say this for the survival of the project— even if it is at the risk of coming off as an utterly clueless entity.

Just look at this one story from July in the New Indian Express about how even the UIDAI has no clue how many incorrect Aadhaar cards have been seeded in their database. The story claims, “A recent internal communication between UIDAI officials had pegged that around 1 to 1.5% of all enrolments made in the last seven years have ‘mixed biometrics’ — around six to nine lakh Aadhaar numbers in Karnataka and around 1.3 to 1.9 crore all over India.”

The term ‘mixed biometrics’ here is used to mean incorrect seeding. But with the HuffPost revelation, it might also include fake Aadhaar IDs. The authority cannot fix these entries unless the citizens themselves come to them and tell them about authentication failures or wrongly entered personal information. If the citizens don’t exist at all, what happens in that case? These ghosts just stay in the database as it is?

Removal of ghost entries in various government delivery systems becomes nearly impossible if the basic Aadhaar database itself is vulnerable to ghost entries. Since Aadhaar is being made mandatory across the board, it is actually legitimising the existence of these ghosts within the system. The old ghosts are being eliminated to make way for new, legitimised, digital ghosts who can indulge in wide-spread corruption and subsidy siphoning. No attempt is being made to find these new age ghosts because it would then prove that the Aadhaar program is a giant failure.

The HuffPost story also points out how the patch disables the geo-location security feature when doing enrollments. This one element makes it a giant national security issue as well. We have already seen instances of a Pakistani spy & Lord Hanuman getting Aadhaar numbers, even putting it to use. How many more of such fake entries have been created? There is a very real possibility that Aadhaar numbers have been created remotely by an enemy country to give legitimacy to people who can prove to be a real threat to us.

Bottom line: Aadhaar is doing the opposite of what it had set out to achieve. It has ended up legitimising corruption. It’s turning out to be a political gimmick.

This man was right all along:

subscription-appeal-image

Power NL-TNM Election Fund

General elections are around the corner, and Newslaundry and The News Minute have ambitious plans together to focus on the issues that really matter to the voter. From political funding to battleground states, media coverage to 10 years of Modi, choose a project you would like to support and power our journalism.

Ground reportage is central to public interest journalism. Only readers like you can make it possible. Will you?

Support now

You may also like