Government of the Data (Part 2: India’s Aadhaar and the debate on digital IDs)

Government of the Data (Part 2: India’s Aadhaar and the debate on digital IDs)

Phuah Eng Chye (20 June 2020)

The largest and most ambitious digital identity (ID) system is India’s Aadhaar system. Padmaparna Ghosh notes “Aadhaar, which was launched by the Indian government nearly a decade ago, aims to give each of the nation’s 1.3 billion citizens an official, verified identity…Each individual Aadhaar card and its unique identity number is part of an enormous digital system. Every record in the centralised database includes a person’s basic demographic and biometric information, including a photograph, 10 fingerprints and two iris scans. This data is collected and managed by the Unique Identification Authority of India…As of October 2017, India had issued 1.18 billion identity cards…Aadhaar now covers 99% of the adult population”.

Arvind Gupta and Philip Auerswald describes Aadhaar as part of India’s “continuous strides towards a digital-first economy”. “Before Aadhaar, people had to use different IDs, from birth certificates to ration cards…inconsistent and highly fallible”. “Digital India was conceived five years ago as a way to push the country’s digital transformation forward and empower citizens in the process. The base of these efforts has been the government’s emphasis on developing infrastructure to enable affordable internet access for all and for every Indian to possess a digital identity”.

“Unlike a traditional driver’s license or the U.S. Social Security Card, the government sought to utilize Aadhaar as a platform for financial inclusion, the direct transfer of government benefits and low-cost citizen engagement. The Digital Identity project quickly transformed into what is now known as the India Stack, a set of interoperable software layers supporting digital payments, verified paper-less records, business and service transactions and finally, a still-in-progress user consent architecture, all seamlessly linked with Aadhaar”.

Arvind Gupta and Philip Auerswald notes the digital identity system operating on top of the paperless layer provided by India Stack offered extensive benefits. It “enabled the opening of over 350 million verified Jan Dhan (“zero-balance”) accounts…serve as low-cost and hassle-free bank accounts encouraging participation in the formal banking economy…The Indian Government, which had to navigate a maze of offline infrastructure to effectively reach the beneficiaries of government benefits, has been able to leverage the Jan Dhan-Aadhaar-Mobile (JAM) infrastructure to ensure prompt disbursement of funds with zero systemic leakage…the enormous transformational impact of the platform – the technology had allowed for the opening of bank accounts in as few as 55 seconds and a decrease in customer on-boarding costs for telecom companies”. Apart from digital efficiencies, it helped formalised the economy and enlarged the tax base by improving tax and GST compliance.

Since its launch, Aadhaar has received its share of criticism. Padmaparna Ghosh notes “the scheme has exposed a host of issues, from identity theft to the erosion of privacy rights. Poverty is widespread across India, and Aadhaar’s role in giving – or denying – people access to government services has sparked a great deal of controversy. Ideally, one simple system should grant everyone the rights and services that they’re entitled to. But if you’re locked out of that system, you can lose access to everything…need ID to access welfare schemes that subsidise housing, food, and fuel, and ID is a necessity if they want to try to get better-paid work, open a bank account, or buy a house –  the things people need to climb above the poverty line”. He adds there are at “least 87 different schemes linked to it, including education access, pensions, scholarships for minorities, farming subsidies, school meals, and healthcare”.

Padmaparna Ghosh notes new gaps in government services with the neediest – “poor migrants, children, the rural elderly, caste and tribal minorities, the visually impaired, the physically disabled” – falling between the cracks. There were “reports of people without fingers or sight being refused welfare payments because they physically cannot prove their ID with fingerprints or iris scans” and “their addresses are not so much homes as indicators of poverty: addresses like “Under Moolchand Flyover” or “Under IIT Flyover by far the most common problem was getting – and keeping – the physical Aadhaar card”. In particular, foreigners (visitors or residents) and individuals unable to prove their citizenship found it difficult to get access to Aadhar-linked services.

Another concern are its security vulnerabilities. Anjali Ramachandran states “Aadhaar has been plagued by personal information leaks since its launch. The most recent of over a dozen incidents saw more than 200 government websites publicly host private personal data”. Even “Estonia, often referred to as the most digitally-minded state in the world, had security issues with its ID cards that made identity theft easier, and had to block the affected cards as a result. While there have been so many leaks from corporate services that it’s nearly impossible to keep track, government websites in the UK and the U.S. have had private data leaks in recent years as well”.

Jerri-Lynn Scofield points out “the centralization of so much valuable information is what draws hackers. And the more we centralize, the more precious the prize will be”. Increasing the sophistication of the identification system – such as “replacing Social Security numbers with a system that might include a universal biometric identity system” (based on DNA, retinas, fingerprints) “will only worsen, not address, the hacking problem” since the “the basic problem of securing and safeguarding data have yet to be solved”. In this regard, “merely switching to a biometric system doesn’t address this, because if the database gets hacked, now the hackers have your biometric information too! Whereas currently, they only had access to numeric data… biometrics, once hacked, cannot be changed”.

Once an identity is “compromised, that kicks off considerable potential knock-on effects for the person whose identity has been hacked…The more functions are loaded onto the Aadhar, the more things might need to change in the light of a potential data hack. So, say your Aadhar number is hacked – that means you may need to change your mobile too”. Jerri-Lynn Scofield notes despite several large-scale data breaches, a serious “assessment of cybersecurity defects, or the consequences of centralizing information collection without due care and oversight (whether it’s collected by a company, or a government agency)” is lacking.

Philip Alston notes Aadhaar has been “criticized for collecting biometric information unnecessarily, severe shortcomings in legislative oversight, function creep, facilitating surveillance and other intrusions into privacy, exacerbating cybersecurity issues and creating barriers to accessing a range of social rights”. It has faced legal challenges. In 2018, the Supreme Court of India “upheld the constitutionality of Aadhar, albeit with some caveats. The court appeared to view the use of biometric identification technology in the context of providing welfare benefits as being legitimate, proportional and even inevitable. In a welfare state, Aadhaar’s aim of ensuring that benefits reach the intended beneficiary was naturally a legitimate State aim. In balancing the rights to social security and privacy, the Court held that registering biometric data represented a minimal inroad into privacy rights and went so far as to characterize Aadhaar as a vital tool for ensuring good governance in a social welfare state. However, the Supreme Court’s ruling has apparently not put an end to the controversy surrounding the scheme”.

There is opposition to digital IDs around the world. In the US, Jim Bovard highlights the REAL ID Act enacted after the 9/11 attacks “was fiercely opposed by both conservatives and liberals. Twenty-five states passed resolutions objecting to the law or signalling that they would not comply”. In this context, “most Americans do not possess passports, so federally-approved state driver’s licenses are becoming de facto internal passports. Almost a hundred million Americans do not have REAL ID-compliant identification”. He argues “national ID cards will do far more to control than to protect Americans. The REAL ID Act could enable the feds to demand far more information in the future”.

Part of the opposition to digital IDs revolves around the broader consequences of datafication. Philip Alston explains that “invariably, improved welfare provision, along with enhanced security, is one of the principal goals invoked to justify the deep societal transformations and vast expenditure” to establish not only digital ID but also “linked centralized systems providing a wide array of government services and goods ranging from food and education to health care and special services”. “The result is the emergence of the digital welfare state…In these countries, systems of social protection and assistance are increasingly driven by digital data and technologies that are used to automate, predict, identify, surveil, detect, target and punish…Commentators have predicted a future in which government agencies could effectively make law by robot, and it is clear that new forms of governance are emerging which rely significantly on the processing of vast quantities of digital data from all available sources, use predictive analytics to foresee risk, automate decision – making and remove discretion from human decision makers. In such a world, citizens become ever more visible to their Governments, but not the other way around”.

Philip Alston cautions “few studies have adequately captured the full array of threats represented by the emergence of the digital welfare state”. While “the digital welfare state is presented as an altruistic and noble enterprise designed to ensure that citizens benefit from new technologies, experience more efficient governance and enjoy higher levels of wellbeing. Often, however, the digitization of welfare systems has been accompanied by deep reductions in the overall welfare budget, a narrowing of the beneficiary pool, the elimination of some services, the introduction of demanding and intrusive forms of conditionality, the pursuit of behavioural modification goals, the imposition of stronger sanctions regimes and a complete reversal of the traditional notion that the State should be accountable to the individual.”

Philip Alston suggests ultimately, “the threat of a digital dystopia is especially significant in relation to the emerging digital welfare state”. “Such a future would be one in which unrestricted data-matching is used to expose and punish the slightest irregularities in the record of welfare beneficiaries (while assiduously avoiding such measures in relation to the well-off); evermore refined surveillance options enable around-the-clock monitoring of beneficiaries; conditions are imposed on recipients that undermine individual autonomy and choice in relation to sexual and reproductive choices and choices in relation to food, alcohol, drugs and much else; and highly punitive sanctions are able to be imposed on those who step out of line”.

These concerns are not limited to government control but extend also to the private sector. Philip Alston argues “big technology companies operate in an almost human rights-free zone, and that this is especially problematic when the private sector is taking a leading role in designing, constructing and even operating significant parts of the digital welfare state”.

João Carlos Magalhães and Nick Couldry agree “a datafied welfare system will consolidate Big Tech companies as institutions essential to the basic functioning of the state and society…the emergence of a new social order centered on…data colonialism…Where five centuries ago historic colonialism seized land, the land’s resources, and the bodies to work them, today’s land grab is targeted at human life itself, and the value that can be extracted from it in the form of data. Since such data extraction only works through the continuous tracking of myriad aspects of daily life, human beings’ fundamental right to live free from surveillance becomes the collateral damage of corporate advancement. What sort of welfare will this leave us with?”

They argue “this novel kind of corporate power, with its unprecedented global capability of producing new forms of social knowledge for social control…that the data resources of Big Tech companies become essential to the state’s continuing authority and the orderliness of social life. They will be not only social media platforms, search engines, and computer makers, but – alongside governments – the very sustainers of our welfare…As data colonialism unfolds, the result will be a new, much more complex sort of welfare, that can only give by simultaneously eroding fundamental freedoms”.

Nicole Immorlica, Matthew O. Jackson and Eric Glen Weyl observes that “prior to the emergence of modern centralized authorities, such as nation states and corporations, such pre-formal identity was the only form that existed and intersections were sufficiently large that coherent communities shared large fractions of each individual’s identity. We can label this regime communal identity. This tightness of circles of intimacy, however, made identity very local, implying that anyone from far away would have difficulty distinguishing or trusting community members. To permit longer-distance relationships, mobility, taxation and other features of modern society, states and corporations had to find ways to mark unique identity without the ability to record the richness and complexity of highly redundant social identity within communities. As such they created abstract simplifications of identity, such as given name-surname pairs, fingerprints, places of birth, identification numbers, etc., that were as simple as possible while achieving unique identification. To achieve this simplicity, such systems are far less redundant and have a far simpler structure than pre-formal identity. We can call this regime centralized identity. Such identity systems gave citizens a basis for transitioning out of small, closed, heavily intersecting communities into large, open, and more urban environments with much thinner intersections – where the fraction of an individual’s identity known to any other given individual, conditional on that individual knowing anything, is smaller. This process made pre-formal identity gradually far more intersectional in the sense we describe above, eroding the communal regime. As such, in formal settings individuals came to rely increasingly on centralized identity to navigate these thinner social relations”.

“Yet such identity systems have several interrelated flaws. First, they are highly insecure, because their simplicity and lack of redundancy meant that crucial data such as an ID number constantly had to be given out and yet was also sufficient to impersonate an individual. Furthermore, because all data is stored in a single repository managed by the state or a corporation, such a repository becomes a natural locus for external hacking or internal corruption. Second, they are highly thin in that they reduce an individual to a small dimensional object (in system or out, criminal or not, a credit score, etc.) as the central database has little use for more information than this. This limits the functionality of the system to a relatively small range of cases or degrades performance, often in highly unequal ways (e.g. convicted individuals find it hard to re-enter society as this is the only information about themselves they can reliably convey). Third, they are artificial, in the sense that the central information stored for verification usually bears little relation to the social or personal conception of identity of the relevant individual and her communities. Thus all such information is added on top of the information the individual would naturally store about herself and thus incurs a cost in security, data generation and storage costs or, usually, both”. Hence, identity verification through credentials such as a passport “have significant capacity limitations (e.g., a passport cannot be used to verify present occupation as often requested by border agents) and security vulnerabilities (e.g., hacking a single database or stealing a single token are often sufficient to compromise much of an individual’s identity)”.

Nicole Immorlica, Matthew O. Jackson and Eric Glen Weyl notes big data platforms sought “to overcome thinness by storing enormous amounts of detailed information about each individual. we might call this panoptic identity. However, such solutions have greatly exacerbated the other two problems, as they require extremely artificial compromises to intimacy through the global sharing of data with platforms that would not otherwise store it, creating exceptional potential security risks”. Another approach is the self-sovereign identity, “in which identity claims are owned by and stored local to a citizen. Properly engineered, this has the potential to partly enhance security against centralized attacks; however it still suffers from having much of a person’s identity stored in a single place and so if an individual is hacked and loses access to their wallet, they can be compromised. In addition, these frameworks typically suffer from far more extreme thinness and artificiality…it is not clear what self-sovereignty even means. Furthermore, identity claims can only be verified by other citizens, requiring the storage of attestations by other citizens to specific facts that create additional, artificial burdens”.

Nicole Immorlica, Matthew O. Jackson and Eric Glen Weyl suggest exploring “a different paradigm for identity verification that relies on formalizing pervasive features of preformal human identity; where a person’s identity is embodied in what is known about them by others…feasible with minimum burdens on users, allowing systems that are simultaneously much more secure, capable and, in the relevant senses, private. The crucial aspects of identity…are its redundancy, sociality, and intersectionality”.

“By redundancy, we mean that every individual’s uniqueness is over-determined by countless features from the locations she has traversed, the relationships she has established, the things she has done, the knowledge she has accumulated, her fingerprints, etc… By sociality, we mean that most if not all of these data are, naturally in the course of social life or by their very nature, shared with and known by others… By intersectionality…the individual may be seen as (in large part, at least) the intersection of the social groups with whom the constituents of her identity are shared”.

Nicole Immorlica, Matthew O. Jackson and Eric Glen Weyl explain if these features of pre-formal identity “can be formalized and accessed efficiently, they are a powerful foundation for many identity applications. Redundancy is valuable because it implies an individual can show her uniqueness using a small subset of the data that constitute her identity and thus may often avoid revealing too much about herself. Sociality is valuable because it implies that, to build trust in a claim about some of a person’s data, it is usually sufficient for that individual to use preexisting social sharing of data, thereby largely avoiding compromises of privacy or security. Intersectionality is valuable because it ensures that individuals can, for different applications, rely on a range of different social connections and thus avoid making any other individual or group a central chokepoint for verifying her identity, avoiding the security failings of centralized identity systems and allowing for a degree of incompleteness of any social connection’s view of an individual that can substitute for pseudonymity“.

Christopher Allen argues “modern society has muddled this concept of identity. Today, nations and corporations conflate driver’s licenses, social security cards, and other state-issued credentials with identity; this is problematic because it suggests a person can lose his very identity if a state revokes his credentials or even if he just crosses state borders…Identity in the digital world is even trickier. It suffers from the same problem of centralized control, but it’s simultaneously very balkanized: identities are piecemeal, differing from one Internet domain to another. As the digital world becomes increasingly important to the physical world, it also presents a new opportunity; it offers the possibility of redefining modern concepts of identity. It might allow us to place identity back under our control – once more reuniting identity with the ineffable “I”.”

Within this context, Christopher Allen sees “the models for online identity have advanced through four broad stages since the advent of the Internet”. Phase one was Centralized Identity with administrative control exercised by a single authority or hierarchy. “In the Internet’s early days, centralized authorities became the issuers and authenticators of digital identity. Organizations like IANA (1988) determined the validity of IP addresses and ICANN (1998) arbitrated domain names. Then, beginning in 1995, certificate authorities (CAs) stepped up to help Internet commerce sites prove they were who they said they were. As the Internet grew, as power accumulated across hierarchies, a further problem was revealed: identities were increasingly balkanized. They multiplied as web sites did, forcing users to juggle dozens of identities on dozens of different sites — while having control over none of them”.

Phase two was Federated Identity with administrative control by multiple, federated authorities. “Microsoft’s Passport (1999) initiative was one of the first. It imagined federated identity, which allowed users to utilize the same identity on multiple sites. However, it put Microsoft at the center of the federation, which made it almost as centralized as traditional authorities. In response Sun Microsoft organized the Liberty Alliance (2001). They resisted the idea of centralized authority, instead creating a true federation, but the result was instead an oligarchy: the power of centralized authority was now divided among several powerful entities. Federation improved on the problem of balkanization: users could wander from site to site under the system. However, each individual site remained an authority”.

Phase three was User-Centric Identity with individual or administrative control across multiple authorities without requiring a federation. The user-centric identity communities “intended to give users complete control of their digital identities. Unfortunately, powerful institutions co-opted their efforts and kept them from fully realizing their goals…final ownership of user-centric identities today remain with the entities that register them. Unfortunately, Facebook Connect veers even further from the original user-centric ideal of user control. To start with, there’s no choice of provider; it’s Facebook. Worse, Facebook has a history of arbitrarily closing accounts, as was seen in their recent real-name controversy”.

Phase four is Self-Sovereign Identity with individual control across any number of authorities. “User-centric designs turned centralized identities into interoperable federated identities with centralized control, while also respecting some level of user consent about how to share an identity (and with whom). It was an important step toward true user control of identity…To take the next step…Rather than just advocating that users be at the center of the identity process, self-sovereign identity requires that users be the rulers of their own identity”.

Christopher Allen believes Self-Sovereign Identity offers “a vision for how we can enhance the ability of digital identity to enable trust while preserving individual privacy”. Self-Sovereign Identity should aim to provide true user control of their digital identity.

“Identity authentication must occur through independent algorithms that are censorship-resistant and force-resilient and that are run in a decentralized manner”. While consensus on definitions and rules has not yet been reached, he suggests the key principles include user consent, interoperability and portability of a user’s identity across multiple locations, transparency of systems and algorithms, and protection of user rights.

Overall, Philip Alston cautions that “as humankind moves, perhaps inexorably, towards the digital welfare future, it needs to alter course significantly and rapidly to avoid stumbling, zombie-like, into a digital welfare dystopia”. In this context, “the era of digital governance is upon us”. But how should the challenges posed by digital IDs and transparency be handled? Philip Alston argues that “to date, astonishingly little attention has been paid to the ways in which new technologies might transform the welfare state for the better. Instead of obsessing about fraud, cost savings, sanctions and market-driven definitions of efficiency, the starting point should be how existing or even expanded welfare budgets could be transformed through technology to ensure a higher standard of living for the vulnerable and disadvantaged and to devise new ways of caring for those who have been left behind and more effective techniques for addressing the needs of those who are struggling to enter or re-enter the labour market. That would be the real digital welfare state revolution”.

To put matters in perspective, digital IDs elevates transparency in society. But we shouldn’t allow our fears of a dystopia to dominate our view of the future. We should remember the elevation of transparency neither threatens freedom or privacy, it actually sheds light on problems that already exist. It is when this information is suppressed and not acted upon that results in the threat to democracy. Ignorance should not be mistaken for bliss. The way to move forward in the information society is to correct the imbalance of purpose. That is to move beyond the use of digital ID for administrative, security or commercial goals and to explore visions of how digital ID systems could be used democratically to provide public goods and address societal problems.


Arvind Gupta, Philip Auerswald (6 May 2019) “The ups and downs of India’s digital transformation”. HBR.

Christopher Allen (25 April 2016) “The path to self-sovereign identities”. Life With Alacrity.

João Carlos Magalhães, Nick Couldry (April 2020) “Tech giants are using this crisis to colonize the welfare system”. Jacobin Magazine.

Jerri-Lynn Scofield (4 October 2017) “Biometric ID fairy: A misguided response to the Equifax mess that will only enrich cybersecurity grifters and strengthen the surveillance state”.

Jim Bovard (24 January 2020) “How Washington is ramming REALID down our throats”. The American Conservative.

Nicole Immorlica, Matthew O. Jackson, Eric Glen Weyl (20 April 2019) “Verifying identity as a social intersection”. SSRN.

Padmaparna Ghosh (24 February 2018) “Aadhaar: In the world’s biggest biometric ID experiment, many have fallen through the gaps”.

Padmaparna Ghosh (27 February 2018) “As we build the digital ID systems of the future, where does privacy fit in?” How we get to next.

Philip Alston (11 October 2019) “Report of the Special Rapporteur on extreme poverty and human rights”. United Nations.

Phuah Eng Chye (21 December 2019) “The debate on regulating surveillance”.

Phuah Eng Chye (4 January 2020) “The economics and regulation of privacy”.

Phuah Eng Chye (18 January 2020) “Big data and the future for privacy”.

Phuah Eng Chye (15 February 2020) “The costs of privacy regulation”.

Phuah Eng Chye (29 February 2020) “The journey from privacy to transparency (and back again)”.

Phuah Eng Chye (14 March 2020) “Features of transparency”.

Phuah Eng Chye (28 March 2020) “The transparency paradigm”.

Phuah Eng Chye (11 April 2020) “Anonymity, opacity and zones”.

Phuah Eng Chye (6 June 2020) “Government of the data (Part 1: From census to digital IDs)”.