Aadhaar Number

From Justice Definitions Project

The Aadhaar number is a unique 12-digit random identification number provided to Indian residents by the Unique Identification Authority of India (UIDAI) upon completing the prescribed verification procedures. This number is issued regardless of the individual's age or gender, ensuring that no two individuals share the same code.[1] Aadhaar acts as a comprehensive data source for demographic and biometric identification of Indian residents and serves as a lifetime serial number for each individual. It is designed to be non-duplicable, and subsequent attempts to enroll an already registered identity are automatically rejected.

Structurally, the first two digits of the Aadhaar number indicate the highest count of the person in the total population. Numbers beginning with "0" represent the count of the first enrolled individuals, while the next nine digits are assigned through a random program. The twelfth digit is a checksum calculated using an algorithm based on the previous eleven digits. The simplicity of this numeric-only format ensures that even individuals with minimal literacy can remember and recall their Aadhaar numbers.[2]

The use of Aadhaar as an identifier for providing government services and schemes is determined by the departments and organizations overseeing these programs. Under Sections 7 and 57 of the Aadhaar Act, 2016, Aadhaar verification is mandated for specific schemes. As per the Ministry of Electronics and Information Technology, 314 schemes from 51 ministries require Aadhaar verification to ensure targeted delivery.[3]

Established as a statutory authority on July 12, 2016, under the Ministry of Electronics and Information Technology, UIDAI is tasked with assigning Aadhaar numbers and managing the entire Aadhaar lifecycle. The authority defines mechanisms for linking Aadhaar with partner databases, maintaining the central database, and updating records.

The Aadhaar database is housed in state-of-the-art facilities in Bengaluru and Manesar, featuring over 7,000 servers. It stores residents' demographic information (name, age, gender, address) and biometric data (photographs, fingerprints, and iris scans). Since the issuance of the first Aadhaar in September 2010, UIDAI has aimed to eliminate duplicate and fake identities through robust verification mechanisms.

Before the enactment of the Aadhaar Act, the UIDAI functioned as an attached office under the Planning Commission (now NITI Aayog) since January 28, 2009. To formalize Aadhaar’s legislative backing, the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act, 2016, was introduced as a money bill on March 3, 2016. It was passed in the Lok Sabha on March 11, 2016. This strategic move enabled the government to bypass the Rajya Sabha, where it lacked a majority. Despite criticism from opposition parties and privacy advocates, the legislation empowered UIDAI to assign Aadhaar numbers and manage its ecosystem.

UIDAI has continuously evolved Aadhaar's technological capabilities. Notable developments include the introduction of face authentication in July 2018 to assist individuals facing challenges with fingerprint or iris authentication. Platforms like DigiLocker, linked with Aadhaar, enable secure cloud-based document storage and retrieval.

History and Background

In 1998, after the Kargil war, the Kargil Review Commission, led by security analyst K. Subrahmanyam proposed that citizens of border villages should receive preferred identification cards, which would later be issued to all border resident states.

The Rangarajan Commission, which was formed in 2000 to reform India's statistical system, suggested the creation of a centralized database on Indian citizens in the Socio-economic Statistics chapter. The Commission delivered its findings to the government in August 2000, stating that many affluent governments and a rising number of developing countries, including China, maintain citizen databases while simultaneously assigning a unique identity number to each adult individual citizen. A citizen's unique identification number serves as confirmation of identity for a variety of purposes. The main benefit is that all of this may be handled by merely showing a citizen identity card as proof of individual identity.

In a similar vein, a 2001 ministerial panel led by LK Advani supports the recommendation for an ID card. The study stated that a "multi-purpose national identity card" initiative will begin soon, and the card will be issued initially in border settlements, then elsewhere. In late September 2001, the Ministry of External Affairs recommended issuing a required national identity card. This declaration came after reports that some people had gotten several Indian passports with different information. This was ascribed to a lack of computerization among passport centres.[4]

In December 2003, L. K. Advani introduced the Citizenship (Amendment) Bill 2003 in the Lok Sabha. It primarily aimed to grant various rights to people of Indian descent, but the measure also included Clause 14(a), which said that "the Central Government may compulsorily register every citizen of India and issue him a national identity card.[5]

In 2003, the Citizenship (Amendment) Bill introduced Clause 14(a), empowering the Central Government to register every citizen and issue national identity cards. After years of deliberation, the UIDAI was established on January 28, 2009. Nandan Nilekani, co-founder of Infosys, was appointed as its chairman. By September 2010, the first Aadhaar number was issued to a resident of Nandurbar, Maharashtra.[6]

Aadhaar has been the subject of numerous Supreme Court rulings, focusing on privacy, surveillance, and exclusion from welfare benefits:

  1. 2013 Interim Order: The Supreme Court ruled that "no person should suffer for not getting Aadhaar," emphasizing that Aadhaar is voluntary and cannot be a mandatory requirement for accessing government services.
  2. Right to Privacy (2017): In a landmark decision, the court affirmed the right to privacy as a fundamental right under Article 21 of the Constitution.
  3. Constitutional Bench Review (2018): A five-judge bench upheld the Aadhaar system's validity but stipulated that Aadhaar is not mandatory for opening bank accounts, obtaining mobile SIM cards, or school admissions. The judgment also limited the use of Aadhaar for private companies.

Despite judicial scrutiny, the government has pushed for Aadhaar linkage with various services, including mobile SIM cards, bank accounts, land registration, and welfare schemes such as the Public Distribution System (PDS) and pensions. Concerns over privacy and security persist, with reports suggesting instances where HIV patients faced identity breaches due to Aadhaar-linked systems.

As Defined in Legislation

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act, 2016, provides the legislative definition of the Aadhaar number:

  • Section 2(a): Aadhaar number refers to an identification number issued to an individual under sub-section (3) of Section 3, including any alternative virtual identity generated under sub-section (4) of the same section.
  • Section 3(4): The Aadhaar number is defined as a twelve-digit identification number assigned to an individual after verifying their demographic and biometric information. It also allows the issuance of an alternative virtual identity (VID), offering a secure alternative to using the actual Aadhaar number.

The VID is a 16-digit random number linked to the Aadhaar number, providing enhanced security and privacy. It cannot be reverse-engineered to determine the Aadhaar number. Individuals can generate, retrieve, or replace their VID through UIDAI's services, such as the mAadhaar mobile app, the UIDAI website, and SMS-based services.

As Defined in Official Reports

The UIDAI was established to provide all Indians with unique identification numbers, known as "Aadhaar," as outlined in the 2009 UIDAI report. The National Identification Authority of India Bill aimed to formalize the UIDAI’s role in issuing Aadhaar numbers to Indian residents.[7]

As Defined in Case Law

Justice K.S. Puttaswamy (Retd.) and Another v. Union of India (2018)

Before Aadhaar, traditional identity proofs like voter IDs and ration cards were commonly used but were susceptible to duplication and forgery. These loopholes often resulted in subsidies and benefits being diverted to ineligible individuals. To address these issues, the Aadhaar project was initiated in 2009, and Parliament passed the Aadhaar Act in 2016 to provide legislative backing.[8]

The judgment in this case underscored the provisions of Section 2(a), which assigns a 12-digit unique number to every resident based on their biometric (photograph, fingerprints, and iris scans) and demographic (name, date of birth, gender, and address) data. The UIDAI was established as the authority responsible for securing and maintaining the Aadhaar database. However, the court highlighted privacy concerns, noting that the centralized storage of biometric and demographic data posed potential threats to individual privacy. The judgment reaffirmed privacy as a fundamental right under Article 21 of the Constitution and emphasized the need for robust safeguards to prevent mass surveillance and data misuse.

International Experience

  1. Estonia - Estonia’s digital identity system, known as Personal Identification Code (isikukood), serves as a global benchmark. It is an 11-digit code that incorporates the individual’s sex, date of birth, and a unique serial number. This code is used for government services, digital signatures, and more.
  2. Kenya - Kenya’s National Integrated Identity Management System (NIIMS), also known as Huduma Namba, aims to provide residents with a distinct, secure, and verifiable digital identity. This initiative focuses on enhancing financial inclusion and improving government service delivery.[9]
  3. Social Security Numbers (SSNs) in the U.S. - Unlike Aadhaar, SSNs are primarily used to track workers’ earnings and compute benefits. While SSNs lack biometric verification, Aadhaar includes facial recognition, fingerprinting, and iris scanning for added security.[10]

International Frameworks

UNCITRAL Model Law on Identity Management and Trust Services

The UNCITRAL Model Law on the use and cross-border recognition of identity management and trust services serves as an useful addition to existing UNCITRAL texts in the area of electronic commerce, supporting states in developing new laws if none already exist, or in improving existing laws that regulate the use of identity management and trust services, especially those that deal with cross-border issues.[11]

This Law covers the use of identity management and trust services in the context of commercial activities and trade-related services, as well as their cross-border recognition. Nothing in this law needs a person's identity. Apart from what is specifically mentioned in this legislation, nothing in this law impacts how any law pertaining to data privacy and protection applies to identity management services or trust services. Nothing in this law obligates someone to use a trust service or identity management program, or to use a specific program without the consent of that individual.[12]

Council of Europe Guidelines on National Digital Identity

The Guidelines on National Digital Identity adopted by the Consultative Committee of the Convention for the protection of individuals with regard to automatic processing of personal data (Convention 108) has highlighted the need of having a national “digital” identity. The document elaborates that analogue national identities are now being digitized. Such a scheme is important since the digital national identity along with demographic details and biometric information is useful to extend benefits to individuals such as healthcare and social welfare schemes. The provision of a national digital identity will aid in representing the legal status of an individual and can also be useful in the commercial sector. Therefore, national digital identity has been considered synonymous to “legal identity” for it increases one’s access to socio-economic schemes, rights and privileges.[13]

Aadhaar and the Public Distribution System (PDS)

The Aadhaar number was conceived to uniquely verify residents' identities and streamline critical applications, such as the Public Distribution System (PDS). The UIDAI emphasizes the importance of the PDS in implementing the Right to Food and improving food security through Aadhaar integration.[14]

Role of Aadhaar in the PDS

Aadhaar acts as a foundation for a more effective PDS, providing governments with the flexibility to implement Aadhaar in stages. Aadhaar-based identification ensures clear targeting of beneficiaries, inclusion of marginalized groups, and elimination of fake or duplicate entries. It also facilitates Aadhaar-based authentication, guaranteeing food delivery to intended recipients and enabling real-time verification at fair price shops (FPS).[15]

Benefits of Aadhaar in PDS Implementation

  1. Unique Identification: Aadhaar ensures one unique number per beneficiary, eliminating duplicates and improving targeting accuracy. This feature allows governments to effectively identify eligible beneficiaries and eliminate fraudulent or duplicate entries in the PDS database.
  2. Portability: Beneficiaries can collect entitlements from any FPS in the state, enhancing access and reducing dependency on specific outlets. This portability ensures that migrants and individuals not tied to a single location can still access their entitlements seamlessly.
  3. Real-Time Authentication: Biometric or demographic authentication enables governments to verify entitlement delivery, reducing leakages. Real-time verification ensures that the benefits reach the intended recipients and prevents intermediaries from misusing the system.
  4. Supply Chain Transparency: Aadhaar-based tracking of foodgrain movement curbs diversions and identifies bottlenecks. This helps streamline the supply chain and ensures timely delivery of foodgrains to FPS.
  5. Management Information System (MIS): Aadhaar-linked cloud-based MIS improves inventory management, procurement, and accountability. An efficient MIS ensures real-time tracking of foodgrain stock levels, procurement status, and distribution progress.
  6. Electronic Benefit Transfers (EBT): Aadhaar-enabled EBT allows flexible entitlement collection and customized foodgrain access during shortages. By linking entitlements to Aadhaar, governments can directly transfer benefits to beneficiaries' accounts, ensuring transparency and reducing dependency on intermediaries.

Governments can adopt Aadhaar-linked features incrementally, starting with identification and gradually incorporating authentication and MIS capabilities, depending on cost and feasibility. This phased approach empowers PDS beneficiaries, offering portability, flexibility, and tailored benefits.

Challenges

  1. Aadhaar-Based Payment Systems - Many remote places require people to make many journeys to ration stores, where there is no assurance that the verification would be successful. Denials can result from a number of factors, including poor fingerprint quality among daily wage workers, poor phone connectivity, and so on. The amount of unsuccessful authentication attempts and the number of tries at authentication are not publicly available. In 2022, the Comptroller and Auditor General of India (CAG) reported that UIDAI lacked a system for analyzing the causes that contribute to authentication mistakes.[16]
  2. Security Concerns - The AePS is used by banking correspondents who do not have an accountability system in place. A few of them need biometric authentication from people more than once. The banking correspondents are able to manage the individual's bank account with each  authentication. Numerous research and news articles have described how AePS has been used to take money out of employees' accounts or sign them up for government insurance programs without their knowledge. Additionally, these are only discovered through firsthand accounts. A prime example of this is the 2020 Jharkhand scholarship scandal, which included ₹10 crore.[17]
  3. Data Breaches - According to a survey by the US-based cybersecurity company Resecurity, 81.5 crore Indians, or approximately 815 million, have had their personally identifiable information exposed on the dark web, as reported by Business Standard. Name, father's name, phone number, other number, passport number, Aadhaar number, and age are among the information that was exposed.[18]

Way Ahead

  1. Improved Security Measures - Masked Aadhaar numbers should replace irrelevant asterisks or slashes for enhanced security.[19]
  2. Alternative Identification - Introduce other identification systems like PAN cards for government services to reduce over-reliance on Aadhaar.[20]
  3. Targeted Reforms - Legislative amendments should address the current gaps, ensuring robust privacy and security safeguards.[21]
  1. https://www.uidai.gov.in/en/16-english-uk/aapka-aadhaar/14-what-is-aadhaar.html
  2. https://m2pfintech.com/blog/validate-aadhaar-numbers-using-the-verhoeff-algorithm-in-flutter/
  3. https://uidai.gov.in/en/media-resources/uidai-documents/parliament-questions/lok-sabha/3815-aadhaar-linked-welfare-schemes.html
  4. https://www.synergiafoundation.org/insights/op-eds/aadhaar-and-its-history-contempt-court
  5. https://www.synergiafoundation.org/insights/op-eds/aadhaar-and-its-history-contempt-court
  6. https://uidai.gov.in/en/about-uidai/unique-identification-authority-of-india.html
  7. https://prsindia.org/files/bills_acts/bills_parliament/2010/uid_report.pdf
  8. https://main.sci.gov.in/supremecourt/2012/35071/35071_2012_Judgement_26-Sep-2018.pdf
  9. https://cipit.strathmore.edu/an-overview-of-the-digital-id-system-and-the-unique-personal-identifier-in-kenya/
  10. https://scroll.in/article/823570/despite-the-comparisons-indias-aadhaar-project-is-nothing-like-americas-social-security-number
  11. https://uncitral.un.org/sites/uncitral.un.org/files/media-documents/uncitral/en/mlit_en.pdf
  12. https://uncitral.un.org/sites/uncitral.un.org/files/media-documents/uncitral/en/mlit_en.pdf
  13. https://edoc.coe.int/en/data-protection/11578-guidelines-on-national-digital-identity.html
  14. http://www.livemint.com/Politics/BfeNi5AreTn1cJ8ROIzxXM/NDA-kicks-off-PDS-reforms.html
  15. https://prsindia.org/files/bills_acts/bills_parliament/2010/Circulated_Aadhaar_PDS_Note.pdf
  16. https://www.thehindu.com/news/national/the-concerns-of-using-aadhaar-in-welfare-schemes-explained/article67366706.ece
  17. https://www.thehindu.com/news/national/the-concerns-of-using-aadhaar-in-welfare-schemes-explained/article67366706.ece
  18. https://www.livemint.com/news/india/aadhaar-data-leak-massive-data-breach-exposes-815-million-indians-personal-information-on-dark-web-details-here-11698712793223.html
  19. https://www.livemint.com/news/india/aadhaar-data-leak-massive-data-breach-exposes-815-million-indians-personal-information-on-dark-web-details-here-11698712793223.html
  20. https://www.newsclick.in/Aadhaar-Advisory-Continuing-Saga-UIDAI-Breach-Privacy-Rights
  21. https://thewire.in/law/can-the-aadhaar-act-and-a-data-protection-act-coexist
Retrieved from "https://jdc-definitions.wikibase.wiki/w/index.php?title=Aadhaar_Number&oldid=4341"