Aadhaar increasingly resembles a good idea marred by terrible execution. The rush to expand enrolment had led to all sorts of franchisees being roped in to enrol people and indiscriminate authorisation of agencies to collect data and authenticate identity using the Unique Identification Authority of India (UIDAI) database — that would be the most charitable explanation for the incidents of deviations from ideal Aadhaar-related practice that get reported.
The UIDAI’s response has been lame and, in the latest instance of filing a police case against a reporter for writing about Aadhaar-malpractice, condemnable. The officer who decided to file a case against the journalist in question has attacked free speech and the government must decide for itself where it stands on the subject.
Last year, an incident came to light of local storage of the biometric data accessed from the Aadhaar database for the purpose of identification. Data security is not just a question of the technical soundness of the electronic fortification built around a database. It is also, and for practical purposes, primarily, a question of the protocols surrounding usage of the database and human usage of those protocols. The authority would appear to suffer from serious lapses on the latter count.
Age and manual labour appear to make fingerprints less distinct than they used to be. Unless initial capture, storage, retrieval and reading are all of the highest quality, fingerprints might cease to match the image stored by the authority. Reports have come to light of instances that can only be explained by such a deficiency in the system. It is time to rethink the Aadhaar project in terms of the tech, protocols for data collection and usage and the legal ecosystem for its secure use.