Aadhaar Number

From Justice Definitions Project

What is Aadhaar Number

The Aadhaar number is a unique 12-digit random identification number provided to Indian residents by the Unique Identification Authority of India (UIDAI) upon completing the prescribed verification procedures. This number is issued regardless of the individual's age or gender, ensuring that no two individuals share the same code.[1]

Aadhaar acts as a comprehensive data source for demographic and biometric identification of Indian residents and serves as a lifetime serial number for each individual. It is designed to be non-duplicable, and subsequent attempts to enroll an already registered identity are automatically rejected. Structurally, the first two digits of the Aadhaar number indicate the highest count of the person in the total population. Numbers beginning with "0" represent the count of the first enrolled individuals, while the next nine digits are assigned through a random program. The twelfth digit is a checksum calculated using an algorithm based on the previous eleven digits. The simplicity of this numeric-only format ensures that even individuals with minimal literacy can remember and recall their Aadhaar numbers.[2]

The use of Aadhaar as an identifier for providing government services and schemes is determined by the departments and organizations overseeing these programs.

Official Definition of Aadhaar Number

Aadhaar Number Defined in Legislation

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act, 2016, provides the legislative definition of the Aadhaar number:

  • Section 2(a): Aadhaar number refers to an identification number issued to an individual under sub-section (3) of Section 3, including any alternative virtual identity generated under sub-section (4) of the same section.
  • Section 3(4): The Aadhaar number is defined as a twelve-digit identification number assigned to an individual after verifying their demographic and biometric information. It also allows the issuance of an alternative virtual identity (VID), offering a secure alternative to using the actual Aadhaar number.

The VID is a 16-digit random number linked to the Aadhaar number, providing enhanced security and privacy. It cannot be reverse-engineered to determine the Aadhaar number. Individuals can generate, retrieve, or replace their VID through UIDAI's services, such as the mAadhaar mobile app, the UIDAI website, and SMS-based services.

Legal Provisions related to Aadhaar Number

Under Sections 7 and 57 of the Aadhaar Act, 2016, Aadhaar verification is mandated for specific schemes. As per the Ministry of Electronics and Information Technology, 314 schemes from 51 ministries require Aadhaar verification to ensure targeted delivery.[3]

As Defined in Official Reports

The UIDAI was established to provide all Indians with unique identification numbers, known as "Aadhaar," as outlined in the 2009 UIDAI report. The National Identification Authority of India Bill aimed to formalize the UIDAI’s role in issuing Aadhaar numbers to Indian residents.[4]

As Defined in Case Law

Aadhaar has been the subject of numerous Supreme Court rulings, focusing on privacy, surveillance, and exclusion from welfare benefits:

  1. 2013 Interim Order: The Supreme Court ruled that "no person should suffer for not getting Aadhaar," emphasizing that Aadhaar is voluntary and cannot be a mandatory requirement for accessing government services.
  2. Right to Privacy (2017): In a landmark decision, the court affirmed the right to privacy as a fundamental right under Article 21 of the Constitution.
  3. Constitutional Bench Review (2018): A five-judge bench upheld the Aadhaar system's validity but stipulated that Aadhaar is not mandatory for opening bank accounts, obtaining mobile SIM cards, or school admissions. The judgment also limited the use of Aadhaar for private companies.

Despite judicial scrutiny, the government has pushed for Aadhaar linkage with various services, including mobile SIM cards, bank accounts, land registration, and welfare schemes such as the Public Distribution System (PDS) and pensions. Concerns over privacy and security persist, with reports suggesting instances where HIV patients faced identity breaches due to Aadhaar-linked systems.

Justice K.S. Puttaswamy (Retd.) and Another v. Union of India (2018)

Before Aadhaar, traditional identity proofs like voter IDs and ration cards were commonly used but were susceptible to duplication and forgery. These loopholes often resulted in subsidies and benefits being diverted to ineligible individuals. To address these issues, the Aadhaar project was initiated in 2009, and Parliament passed the Aadhaar Act in 2016 to provide legislative backing.[5]

The judgment in this case underscored the provisions of Section 2(a), which assigns a 12-digit unique number to every resident based on their biometric (photograph, fingerprints, and iris scans) and demographic (name, date of birth, gender, and address) data. The UIDAI was established as the authority responsible for securing and maintaining the Aadhaar database. However, the court highlighted privacy concerns, noting that the centralized storage of biometric and demographic data posed potential threats to individual privacy. The judgment reaffirmed privacy as a fundamental right under Article 21 of the Constitution and emphasized the need for robust safeguards to prevent mass surveillance and data misuse.

As defined in International Instruments

UNCITRAL Model Law on Identity Management and Trust Services

The UNCITRAL Model Law on the use and cross-border recognition of identity management and trust services serves as an useful addition to existing UNCITRAL texts in the area of electronic commerce, supporting states in developing new laws if none already exist, or in improving existing laws that regulate the use of identity management and trust services, especially those that deal with cross-border issues.[6]

This Law covers the use of identity management and trust services in the context of commercial activities and trade-related services, as well as their cross-border recognition. Nothing in this law needs a person's identity. Apart from what is specifically mentioned in this legislation, nothing in this law impacts how any law pertaining to data privacy and protection applies to identity management services or trust services. Nothing in this law obligates someone to use a trust service or identity management program, or to use a specific program without the consent of that individual.[7]

Council of Europe Guidelines on National Digital Identity

The Guidelines on National Digital Identity adopted by the Consultative Committee of the Convention for the protection of individuals with regard to automatic processing of personal data (Convention 108) has highlighted the need of having a national “digital” identity. The document elaborates that analogue national identities are now being digitized. Such a scheme is important since the digital national identity along with demographic details and biometric information is useful to extend benefits to individuals such as healthcare and social welfare schemes. The provision of a national digital identity will aid in representing the legal status of an individual and can also be useful in the commercial sector. Therefore, national digital identity has been considered synonymous to “legal identity” for it increases one’s access to socio-economic schemes, rights and privileges.[8]

International Experience

  1. Estonia - Estonia’s digital identity system, known as Personal Identification Code (isikukood), serves as a global benchmark. It is an 11-digit code that incorporates the individual’s sex, date of birth, and a unique serial number. This code is used for government services, digital signatures, and more.
  2. Kenya - Kenya’s National Integrated Identity Management System (NIIMS), also known as Huduma Namba, aims to provide residents with a distinct, secure, and verifiable digital identity. This initiative focuses on enhancing financial inclusion and improving government service delivery.[9]
  3. Social Security Numbers (SSNs) in the U.S. - Unlike Aadhaar, SSNs are primarily used to track workers’ earnings and compute benefits. While SSNs lack biometric verification, Aadhaar includes facial recognition, fingerprinting, and iris scanning for added security.[10]

Aadhaar and the Public Distribution System (PDS)

The Aadhaar number was conceived to uniquely verify residents' identities and streamline critical applications, such as the Public Distribution System (PDS). The UIDAI emphasizes the importance of the PDS in implementing the Right to Food and improving food security through Aadhaar integration.[11]

Role of Aadhaar in the PDS

Aadhaar acts as a foundation for a more effective PDS, providing governments with the flexibility to implement Aadhaar in stages. Aadhaar-based identification ensures clear targeting of beneficiaries, inclusion of marginalized groups, and elimination of fake or duplicate entries. It also facilitates Aadhaar-based authentication, guaranteeing food delivery to intended recipients and enabling real-time verification at fair price shops (FPS).[12]

Benefits of Aadhaar in PDS Implementation

  1. Unique Identification: Aadhaar ensures one unique number per beneficiary, eliminating duplicates and improving targeting accuracy. This feature allows governments to effectively identify eligible beneficiaries and eliminate fraudulent or duplicate entries in the PDS database.
  2. Portability: Beneficiaries can collect entitlements from any FPS in the state, enhancing access and reducing dependency on specific outlets. This portability ensures that migrants and individuals not tied to a single location can still access their entitlements seamlessly.
  3. Real-Time Authentication: Biometric or demographic authentication enables governments to verify entitlement delivery, reducing leakages. Real-time verification ensures that the benefits reach the intended recipients and prevents intermediaries from misusing the system.
  4. Supply Chain Transparency: Aadhaar-based tracking of foodgrain movement curbs diversions and identifies bottlenecks. This helps streamline the supply chain and ensures timely delivery of foodgrains to FPS.
  5. Management Information System (MIS): Aadhaar-linked cloud-based MIS improves inventory management, procurement, and accountability. An efficient MIS ensures real-time tracking of foodgrain stock levels, procurement status, and distribution progress.
  6. Electronic Benefit Transfers (EBT): Aadhaar-enabled EBT allows flexible entitlement collection and customized foodgrain access during shortages. By linking entitlements to Aadhaar, governments can directly transfer benefits to beneficiaries' accounts, ensuring transparency and reducing dependency on intermediaries.

Governments can adopt Aadhaar-linked features incrementally, starting with identification and gradually incorporating authentication and MIS capabilities, depending on cost and feasibility. This phased approach empowers PDS beneficiaries, offering portability, flexibility, and tailored benefits.

Challenges

  1. Aadhaar-Based Payment Systems - Many remote places require people to make many journeys to ration stores, where there is no assurance that the verification would be successful. Denials can result from a number of factors, including poor fingerprint quality among daily wage workers, poor phone connectivity, and so on. The amount of unsuccessful authentication attempts and the number of tries at authentication are not publicly available. In 2022, the Comptroller and Auditor General of India (CAG) reported that UIDAI lacked a system for analyzing the causes that contribute to authentication mistakes.[13]
  2. Security Concerns - The AePS is used by banking correspondents who do not have an accountability system in place. A few of them need biometric authentication from people more than once. The banking correspondents are able to manage the individual's bank account with each  authentication. Numerous research and news articles have described how AePS has been used to take money out of employees' accounts or sign them up for government insurance programs without their knowledge. Additionally, these are only discovered through firsthand accounts. A prime example of this is the 2020 Jharkhand scholarship scandal, which included ₹10 crore.[14]
  3. Data Breaches - According to a survey by the US-based cybersecurity company Resecurity, 81.5 crore Indians, or approximately 815 million, have had their personally identifiable information exposed on the dark web, as reported by Business Standard. Name, father's name, phone number, other number, passport number, Aadhaar number, and age are among the information that was exposed.[15]

Way Ahead

  1. Improved Security Measures - Masked Aadhaar numbers should replace irrelevant asterisks or slashes for enhanced security.[16]
  2. Alternative Identification - Introduce other identification systems like PAN cards for government services to reduce over-reliance on Aadhaar.[17]
  3. Targeted Reforms - Legislative amendments should address the current gaps, ensuring robust privacy and security safeguards.[18]

References

  1. https://www.uidai.gov.in/en/16-english-uk/aapka-aadhaar/14-what-is-aadhaar.html
  2. https://m2pfintech.com/blog/validate-aadhaar-numbers-using-the-verhoeff-algorithm-in-flutter/
  3. https://uidai.gov.in/en/media-resources/uidai-documents/parliament-questions/lok-sabha/3815-aadhaar-linked-welfare-schemes.html
  4. https://prsindia.org/files/bills_acts/bills_parliament/2010/uid_report.pdf
  5. https://main.sci.gov.in/supremecourt/2012/35071/35071_2012_Judgement_26-Sep-2018.pdf
  6. https://uncitral.un.org/sites/uncitral.un.org/files/media-documents/uncitral/en/mlit_en.pdf
  7. https://uncitral.un.org/sites/uncitral.un.org/files/media-documents/uncitral/en/mlit_en.pdf
  8. https://edoc.coe.int/en/data-protection/11578-guidelines-on-national-digital-identity.html
  9. https://cipit.strathmore.edu/an-overview-of-the-digital-id-system-and-the-unique-personal-identifier-in-kenya/
  10. https://scroll.in/article/823570/despite-the-comparisons-indias-aadhaar-project-is-nothing-like-americas-social-security-number
  11. http://www.livemint.com/Politics/BfeNi5AreTn1cJ8ROIzxXM/NDA-kicks-off-PDS-reforms.html
  12. https://prsindia.org/files/bills_acts/bills_parliament/2010/Circulated_Aadhaar_PDS_Note.pdf
  13. https://www.thehindu.com/news/national/the-concerns-of-using-aadhaar-in-welfare-schemes-explained/article67366706.ece
  14. https://www.thehindu.com/news/national/the-concerns-of-using-aadhaar-in-welfare-schemes-explained/article67366706.ece
  15. https://www.livemint.com/news/india/aadhaar-data-leak-massive-data-breach-exposes-815-million-indians-personal-information-on-dark-web-details-here-11698712793223.html
  16. https://www.livemint.com/news/india/aadhaar-data-leak-massive-data-breach-exposes-815-million-indians-personal-information-on-dark-web-details-here-11698712793223.html
  17. https://www.newsclick.in/Aadhaar-Advisory-Continuing-Saga-UIDAI-Breach-Privacy-Rights
  18. https://thewire.in/law/can-the-aadhaar-act-and-a-data-protection-act-coexist
Retrieved from "https://jdc-definitions.wikibase.wiki/w/index.php?title=Aadhaar_Number&oldid=5639"