Now, as little details of the totally non-transparent Aadhar are coming out in the press due to the recent scam by Mohammed Ali, we realize how pathetic Aadhar's software has been, and the only place for it seems to be the trash bin. It is a shame that it has come from a high-profile personality such as Nandan Nilekani and thousands of crores of tax payers' money has gone into it.
First of all, a few weeks back, a news item appeared that an entity --- not even a human being --- by the name of coriander with father named biryani was issued an Aadhar number. There is no idea what biometric was used to get the number but the face was that of a mobile phone, not even a human being. The Aadhar software failed to detect the fraud.
And now there is news that Mohammed Ali, an enroller of Aadhar, has created 30,000 Aadhar ids in a span of six months. Given the rate at which he has created the ids, they seem fake. Out of the 30,000, 800 have been created in the physically-disabled category stating that the people did not have hands and were blind as well, thus they did not have any of the biometrics -- neither fingerprints or iris --- needed by UIDAI. The interesting point is what biometrics were used for the rest of the ids namely around 29200 which were in the regular category. And if the ids were fake, what was the much touted de-duplication software of UIDAI doing that it passed all of them? The fraud was detected only because someone noticed that one enroller had created a huge number of ids in a small time. In other words, if Mohammed Ali had created only a couple of thousand ids --- those which a normal enroller enrols --- this fraud would have gone unnoticed. Not just that, there could be many other such Alis who are already around and who have gone unnoticed and probably will never be caught.
UIDAI claims that the project will detect and reduce frauds in schemes such as NREGA. Now UIDAI software itself seems so full of security holes that NREGA and other schemes themselves may be already doing a much better job than UIDAI on fraud detection.
Another fact that has come up is that for enrollers, if the biometric fails twice, the third time whatever is given is accepted by the UIDAI system by default and authentication granted. This, for a security system in this time and age?
And UIDAI claims it has companies such as Ernst and Young as security consultants?
All in all, Aadhar seems to be the mother of all scams where thousand of crores of tax payers' money are spent by fooling a government that is not aware of the issues. Not just Aadhar should be scrapped immediately, but a thorough probe is needed, especially since people had warned of the issues beforehand and no notice was taken. Indeed each and every paisa spent from the tax payers' kitty needs to be recoverd from the perpetuators, backers of this scam called Aadhar, which is more appropriately called Aandhar meaning darkness in Marathi.
Samir Kelekar
Bangalore
Dear Samir, excellent post. Thanks for bringing out yet another major policy failure of UPA Govt. However, I am confused as to details. Mohammed Ali issue is peculiar not only cause of excessive (seemingly dubious) registrations but also cause Mohammed Ali was already fired from the job when majority of these fake registrations were made. His fellow employees "stole" his ID and password to create new entries. Was it the case??
ReplyDeleteHi Nikhil
ReplyDeleteNot too much details are known. It is not clear if other employees of the same organization IL & FS did the fraud, or were it Mohanmmed Ali's men or Mohammed Ali's men who were employees of IL & F S? Because, they must have done these registrations from some enrolling center, and which one was that? I think details will become clearer as time passes.
Dear Samir,
ReplyDeleteI think Mr. Nilekani will be most responsive to such shortcomings and will do all he can to rectify the same. But don't you think that with such scamsters and millions of illegal immigrants from Bangladesh it is even more important for our well being and survival as a nation that a strong National Citizens register and ID proof be available? After all it was the process of Aadhar & the perceived future need for Aadhar that caused the enroller to openly and identifiably commit a fraud. Imagine what will happen and is happenning if we continue without such an ID and Citizens registry. Atleast we have a starting point for detection now.
Well, the need for a citizenship register is one thing, and an ill-conceived Aadhar without any cost-benefit analysis, feasibiily study, or appropriateness of technology, study of privacy implications is another. In between, thousands of crores of tax payers' money are gone, and the needed objective is not achieved.
ReplyDeleteI attended a talk by UID engineers, and was impressed with their mission. They seem easily approachable and open-minded, just as any other software engineers who've worked in tech companies. I would suggest you reach out to them with these specific software/hardware bugs, and they might fix it, or give you their rationale for those decisions. They are all on LinkedIn if you want to contact them. The solution is certainly not to be cynical of everything others do just because it may not meet your expectations of software quality. Just my two cents.
ReplyDeleteHi Vikram
ReplyDeleteMany activists including me personally have been in touch with UIDAI engineers since more than two years back. UIDAI promised open meetings with techies and then went back on the promise. They did take feedback to begin with but when fundamental questions were asked, they just vanished from the scene. So, you are a bit too late. For instance, a demo of faking fingerprints was shown to Karnataka IT secretary Mr. Vidhyasagar and he promised to get the UIDAI techie guys for the next demo. But inspite of several follow-ups, he never kept his promise. And then after a year, a feeble excuse is given saying --- yes faking is possible, but it is unlikely to happen in practice. I could tell you some other similar stories.
Another point Vikram. This is not a system that can be fixed. There are fundamental issues such as privacy issues, issues of freedom, would a whole citizenry like to be tracked using biometric etc. Secondly, biometrics as a sole password is a no-no, because once lost, identity is stolen for good. A centralized system also becomes a target for hackers. All in all, not enough thought has gone into things at the conceptual level itself, as also no feasibility study, cost benefit analysis etc. So, it is not just about contacting techies and asking them to fix bugs. Things are fundamentally wrong here, and this is being pointed out since the last two or three years.
ReplyDelete