What Happens When a Billion Identities Are Digitized?

By Ted O’Callahan

In 2009, India had no nationally recognized form of identification. Indians carried separate ID cards relating to various government functions—taxes, subsidized food, cooking gas, water—but none served as an all-purpose identification throughout the country. And often what ID systems did exist were so systemically tainted that half of names on the rolls were fakes, while the neediest, the very people social programs were designed to help, were excluded because they couldn’t pay the required bribes.

Today, more than 1.2 billion Indians have what Paul Romer, a Nobel laureate and former World Bank chief economist, has described as “the most sophisticated ID program in the world.” The program, called Aadhaar, provides each individual with a biometrically secured, 12-digit identification number. Aadhaar represents a remarkable feat of policy, design, technology, and real-world implementation.

Aadhaar went to everyone everywhere, from Tezu to Thiruvananthapuram, from globally connected cities to remote villages that have footpaths, not roads. When elderly people with cloudy eyes were unable to get their irises scanned, a workaround was developed. When manual laborers couldn’t be fingerprinted because they had worn their hands smooth, Aadhaar’s implementers found a fix. Because of Aadhaar, many have gained access to public services they had long been entitled to. Banks and mobile phone companies have enrolled poor people who previously had been seen as too risky and cost-prohibitive to be viable customers.

With Aadhaar, India leapfrogged the identification systems of more developed nations. But in leaping forward, it landed in the middle of a global debate about who owns the data that each of us throws off in the mere act of existing. The country has engaged in a fierce debate of its own over whether Aadhaar violates individuals’ privacy, whether it is secure from hacking, and whether any entity, public or private, should have the ability to pool our full digital profiles.

A Yale SOM “raw” online case study by K. Sudhir, James L. Frank ’32 Professor of Private Enterprise and Management, professor of marketing, and director of Yale SOM’s China India Insights Program, and Shyam Sunder, James L. Frank Professor of Accounting, Economics, and Finance, uses the story of Aadhaar to examine interlocking issues of policy, technology, privacy, and economics.

“Aadhaar, as a case study, touches on most facets of management, society, and government,” says Sunder. “It touches on technology, law, social welfare, economics, and politics.”

***

Before Aadhaar, “for the rural poor, and a significant part of India is rural and poor, not having an identity was a serious problem if you wanted to get out of your village to make a living,” Sudhir says. “In a village, everybody knew you. They knew where you lived, they knew your family. But if you had to get out of that poor village in order to get an enhanced livelihood, you were a nobody. Without identification, you couldn’t rent a house, you couldn’t get a bank account, you could hardly live any aspect of life that we assume, naturally, we should all get to live.”

As a result, Sunder says, there were huge barriers to expanding economic participation. “It could be a days- or months-long affair for a person to establish their identity: whether they are x or not; whether they were born in this place or not; whether their father’s name is that or not.”

The inability to identify citizens was not just a problem for the poor. “For the government, there were massive costs in terms of fraud and loss of resources as they did not reach their intended beneficiaries,” says Sudhir.

The problems were bad enough that in 2009 the government created the Unique Identification Authority of India (UIDAI) and recruited Nandan Nilekani, co-founder of the multinational tech firm Infosys, to be its chairman. The role was a cabinet-level position.

India is a country of 1.3 billion people with 22 official languages. Its economic development in recent decades has been extraordinary, but the benefits have not touched everyone. In 2010, 40% of the population was not registered at birth, 30% could not read or write their own names, and 60% were unbanked. Just 3% of Indians paid income taxes and only 60 million had passports.

Only about half of those living below the poverty line had the ration cards they were entitled to—and perhaps half of the cards that did exist were bogus. There were so many fakes that India was subsidizing a “ghost nation,” according to Ajay Bhushan Pandey, CEO of UIDAI. “With all government subsidies, 50%, 30%, 40%, depending upon geography and time, used to be diverted,” Pandey explains. More than two-thirds of the resources allocated to helping the poor were siphoned off, according to some estimates.

Part and parcel of the country’s dramatic economic development has been migration from rural areas to cities, but some government benefits, such as healthcare and food subsidies, were limited to people’s home village. Voting, too, was tied to a home village.

***

Many hoped that a national ID could tackle multiple problems at once—for example, by including voting registration information. But the creators of Aadhaar resisted the pressure to develop a complex system that would address every strand in a very tangled knot, and instead focused on one basic function: identification.

“At the core, it is very simply an identification system, which would say yes or no, this is or isn’t the person they claim to be,” says Sudhir. “A lot of government agencies thought Aadhaar should collect more information because that could make it more useful. The fundamental design decision was that they wouldn’t ask for anything other than these two biometric pieces of information”—an iris scan and fingerprints. “I think that was very critical. Aadhaar means foundation. At its core, it’s a foundation for your economic and social life, but no more.”

This focused approach also meant that a massive project could be completed quickly and relatively cheaply. “The estimates are that it cost less than $10 per person,” Sudhir points out. “For a billion-plus people, it cost about $10 billion to $12 billion to produce this entire system. It was very, very cost effective because it was done using a decentralized approach leveraging local resources without creating a large bureaucratic infrastructure, which is normally the way most things in India get done.”

Aadhaar’s rapid development and scaling was accomplished by meshing tech-sector skills and public policy. Registering for an Aadhaar number was, and is, ostensibly voluntary, but those who want government services need a way to prove their identity and Aadhaar is the only nationally recognized way to do it.

“At the beginning, for a lot of people, a clear incentive to register was to get more access to subsidies,” Sudhir says. Because of that incentive, Aadhaar’s designers had to create a system that could scale up quickly while ensuring no duplication and fraud. “When you’re at 1,000 people or even a million people in the system, that is easy. But when you started getting 600 million people in your database, with each new entry added you need to compare that entry against every one of the 600 million people already in the system for duplication, that is very computationally challenging. They created a very simple and cheap front end for data collection of the fingerprints and registration that was easy for people to access close to their homes, but a very sophisticated back-end infrastructure that ensured data integrity.”

Aadhaar was designed and implemented by people who had spent their careers in the digital world. They understood and valued the streamlined simplicity of establishing identity with nothing more than a number and biometric information.

“The designers were very sure from the very beginning that Aadhaar is not going to be a card because the Indian experience with cards has been mixed at best,” Sunder says. “Cards have been easy to forge, so Aadhaar was going to be just a number.”

But that pure vision quickly gave way. “People like something tangible,” Sudhir says. “The Aadhaar card was created to satisfy the civil servants’ and peoples’ need for something tangible.”

The addition of a physical card was a relatively small concession to familiarity and convenience, but it foreshadowed the complexity that was to come, as success led to add-ons and extensions.

“As a few years passed, the governments realized, ‘Actually this is very effective,’” Sudhir says, “They started mandating Aadhar as requirement for things that were not necessarily related to what Aadhaar was originally supposed to be—your income tax, government benefits not related to subsidies, etc. And the private sector, seeking to take advantage of the infrastructure, started requiring bank accounts and cell phone to be linked to your Aadhaar number.”

***

As Aadhaar’s usage snaked its way through the structure of India’s economic life, its beneficiaries began to wonder if they were sacrificing too much of their privacy,

“As Aadhar became ubiquitous across the government and private sectors, it becomes more and more feasible to track and get a complete picture of the economic (and even social) lives of people,” Sudhir says. “For market efficiency purposes, that can be very valuable. But fears of privacy came to the fore, and rightfully so, as this was not the initial purpose or an intended consequence of Aadhaar.”

Nilekani offered a blanket guarantee: “Rest assured, UIDAI does not have your information about bank accounts, shares, mutual funds, financial and property details, health records, family, caste, religion and education, etc., and will never have this information in its database.”

The government was not linking these records, but the concern really was that the Aadhaar number could serve as an anchor point for such a profile. Even if the government didn’t assemble it, did that guarantee companies wouldn’t? Time magazine noted, “Many view [Aadhaar] as a mass surveillance tool that infringes on privacy rights.”

India’s success at creating an ID opened up an array of questions. Did an Aadhaar number offer too much of a temptation to data miners? Was regulation required to prevent each individual from being assigned to a digital caste?

“Big data allows us to sift through and make sense of data in richer ways than has ever been possible,” Sudhir says. “Now, when the telecom company, the bank, your school, and the hospital have your Aadhaar number, it’s a small step to linking up your behavior with communications, finance, education, health, and everything else.”

Aadhaar has also struggled with security questions. One newspaper, the Tribune in the city of Jalandhar, reported that for 500 rupees, about $7, a reporter was able to buy access to the Aadhaar database through an anonymous seller on WhatsApp. A government official posted his Aadhaar number on Twitter challenging hackers to “do any harm.” Hackers then posted his cell numbers, address, and date of birth. They also claimed to have deposited a single symbolic rupee in the official’s bank account, according to the Times of India. In each case, the government offered broad assurances that the data was secure, but questions persisted.

For some, the problem with Aadhaar was that it was too effective in revealing previously private economic activity. “What suddenly happened is that a lot of people realized they had incentive to keep the government from seeing the details of their finances, whether that was outright fraud or simply really rich people who didn’t want their entire set of transactions made visible,” Sudhir said, “When you have a situation like that—we see this in the U.S. as well—the vested interests use concern for the masses as a means to sabotage a program that they want to get rid of.”

Those with such a vested interest in undermining Aadhaar seized on any opportunity to attack it, either directly or through proxies. “They started finding all the ways in which they could critique Aadhaar, rightfully in many cases, but by also conflating unrelated but emotionally sensitive issues, by amplifying and magnifying every problem, instead of taking a nuanced approach. Aadhaar became a lightning rod that everyone could critique.”

Sunder adds, “In India, just about everything gets politicized.” Which doesn’t mean that some of the complaints weren’t valid. “There are issues. Some poor people don’t get their subsidies because of errors in the system. The privacy issues are also real. However, it would be better to separate the privacy issues from the identification issues as far as possible, to fix the problems in steps. But it was all happening at the same time, so there was a lot of confusion.”

***

Any complex system will require iterative improvements, but some see Aadhaar as too flawed to fix. Reetika Khera, a development economist at the Indian Institute of Management, published a scathing op-ed in the Washington Post. “India’s inefficient, unsecured, centralized data system offers a cautionary tale for the rest of the world,” she writes. “The Aadhaar project, even before its ambitions have been fully realized, has caused deaths, data breaches, banking fraud, and hardship.”

Khera cites at least 15 deaths that could be attributed to errors in identity verification by the Aadhaar system that resulted in people starving or being denied hospital care. In addition, there are instances of people not receiving wages or welfare payments because of errors with the integration of Aadhaar and banking systems.

In Khera’s view, a core threat posed by Aadhaar is the potential for 360-degree profiling. “Since the system breaks down the various data silos and funnels the biometric and demographic data of over a billion people into one centralized database, this bulky mechanism creates numerous opportunities for error—some of them deadly.” She adds, “A project that is increasingly violating Indians’ right to life and privacy must be dismantled.”

The rhetoric may be extreme, says Sudhir, but the point is well taken. “Civil society is right to be worried. Even though the concerns may be a little bit overblown at this point, we don’t know the future. When all these data points can be put together, the government could know a lot of things. You could potentially get a surveillance state.”

India needs to figure how to balance the benefits of Aadhaar and the privacy concerns it raises, he says. “In democracies, certain kinds of data are better off not being stored. I think the debates going on in India right now about what the limits are when it comes to recording economic lives of people, are healthy and important for society.”

***

There have been lawsuits about Aadhaar from its earliest days. India’s Supreme Court came out with two key rulings. The first addressed privacy without considering Aadhaar directly. Its strong stance could have meant the end of Aadhaar, but the second ruling, a 547-page unanimous decision, delineated the ways that Aadhaar could be used by the public and private sector.

“Similar to what has happened in Europe, India’s Supreme Court declared privacy to be a fundamental right in 2017,” Sudhir says. “When privacy is a fundamental right, Aadhaar clearly has the potential to violate this right. The Supreme Court came up with a very nice compromise in its judgment, preserving the best of Aadhaar while addressing the privacy issues. The judgment is quite nuanced and consistent with what is feasible.”

Under that compromise, the government has greater access to Aadhaar information than private businesses.

“The Supreme Court said it’s okay to require the use of Aadhaar for government benefits and for taxation purposes,” notes Sunder, “but not for banking and not for EKYC—Electronic Know Your Customer—which is what was letting companies verify the identity of customers.”

That might seem like a blow to one of Aadhaar’s primary purposes—to give the poor access to the country’s economic life. “On first glance, if you can’t identify people electronically, the cost to the economy and the cost to the citizens are quite high,” Sudhir says. “EKYC has allowed for massive increases in enrollment for telecom and banking. But it is not as bad as it seems.”

The solution is a “virtual Aadhaar ID.” “Instead of giving your 12-digit Aadhaar number, which is linked to your biometrics,” Sudhir explains, “you can request a virtual Aadhaar ID number to provide each firm you want to do business with an ID that is temporarily linked to your Aadhaar for identification. The virtual Aadhaar ID allows companies to verify identity, but it prevents the company from linking a person’s behavior within a bank to their cell phone bills because the telecom company would have verified through another virtual Aadhaar ID.”

***

How should a vast new system be judged? For the improvements relative to what it replaced? For the unintended consequences? For its failings? For the opportunities it creates?

India is the world’s second largest mobile phone market, with more than 1.2 billion mobile phones, behind only China. The fast, low-cost digital identity verification Aadhaar enables played a role in that.

In 2014, the government created Jan Dhan accounts to offer financial services for the poor through public-sector banks. There are now over 200 million such accounts. In addition, the private sector has developed cellphone-based digital wallets that allow for cash transfers and payments.

In 2017, the Economist famously declared that “the world’s most valuable resource is no longer oil, but data.” The magazine warns that navigating this new economy will require a “radical rethink” about who owns and controls data. The dynamic between governments, companies, and the public shifts as data becomes the currency and the source of power.

“Governments could encourage the emergence of new services by opening up more of their own data vaults or managing crucial parts of the data economy as public infrastructure, as India does with its digital-identity system, Aadhaar,” the magazine says. At the same time, it warns, the digital economy favors massive monopolistic companies, which will necessitate a different approach to antitrust. “If governments don’t want a data economy dominated by a few giants, they will need to act soon.”

Sudhir agrees that Aadhaar will need to be carefully guided: “I think regulation is necessary to mandate and make sure people do things in the right way to allow both authentication and efficiency. But the architects designed things in an eminently scalable way that should let us solve these problems.”

“I think we could get the best of both worlds,” he adds. “Privacy as well as the efficiency benefits that Aadhaar identification provides. I’m pretty optimistic, overall.”

Moving information from a village clerk’s filing cabinet to the cloud makes it infinitely more useful, but it doesn’t ensure accountability in how it is managed. Ultimately, Aadhaar is an unfathomably large database capable of tracking the flux of the nation, the daily births and deaths of a country of 1.3 billion. Is anyone willing to say there are no ghosts in the machine? Apparently not.

“The error rates have not yet been made public,” Sunder says. “People have been asking about them, and they have not yet disclosed them. Whatever the error rates and vulnerability of this unique public infrastructure to hacking, I believe Aadhaar is far more secure than the rickety systems it replaces. And it has been only a decade since it was conceived, designed, and implemented. Development of the system continues.”

Learn more about the Yale SOM case study about Aadhaar.