The 360 degree database

UIDAI has always maintained that only minimal information is collected about the resident in multiple affidavits in the Supreme Court, and that resident data is never shared without consent.

Personal data is never shared without consent: UIDAI’s Supreme Court Affidavit.
Biometrics is never shared with anyone: UIDAI’s Supreme Court Affidavit
Biometrics are encrypted through PKI and hence can never be accessed: UIDAI’s Affidavit

In this article, we will show how the above claims are inaccurate once State Resident Data Hubs (SRDHs) are taken into consideration. What is an SRDH?

As per a Hindustan Times report in 2014:

The SRDH is a repository of UIDAI data of residents, along with their demographic data and photograph. The biometric details like iris and fingerprints are not stored at the state level and are available with the UIDAI CIDR only. This helps the state government in maintaining a lean database, and ensures privacy of data.

As we will see, this statement is not accurate for at least some states. You may be living in one.

Enrolment software and encryption keys

During Aadhaar enrolment, basic demographic data called Know Your Resident (KYR) along with biometric identifiers is collected. However, many states (eg, Kerala) do collect other data such as Marital Status, Occupation, PAN card number, bank details, etc. (called KYR+) using the same enrolment software. So how do states get this additional data, while UIDAI does not? Would not using a public key encryption using UIDAI’s key make it impossible for states to get a copy of the data?

Answer: The enrolment software uses dual PKI (Public Key Infrastructure) to accomplish the same. Registrars (usually states), provide their public key to UIDAI, out of band which is integrated with the enrolment software. When enrolment is complete, it generates two sets of enrolment packets, one containing KYR and biometrics for UIDAI, and another with KYR and KYR+ for state registrars, as illustrated here (based on UIDAI documentation).

The dual PKI (Public Key Infrastructure) has also been admitted by the UIDAI in RS UQ 545 on 8.08.2013 (Use Search to get the link), as quoted below (Special emphasis added)

As soon as the enrolment process in respect of an individual is completed, the datacaptured by the Enrolment Agency (EA) is encrypted and stored in digitally encrypted format. This data can subsequently be accessed only by using a Private digital key of UIDAI or Registrars (if Registrar has opted for a copy).

At the time of enrolment, the SRDH does not receive the Aadhaar number of the residents, but only the enrolment ID (EID). Once an Aadhaar number (UID) is generated, the pair of (EID, UID) is sent to the states, which enables inorganic seeding of the state’s beneficiary databases, without requiring further user consent.

EID UID XML Files were sent to Registrars from CIDR

Once KYR and KYR+ data of the residents along with the Aadhaar numbers are available in SRDH, they can be shared with private entites for other purposes. The various SRDHs are not covered under the Aadhaar Act and so operate without legal cover (except in some states that have a state law).

For instance, the entire SRDH database of 4.2 crores of the State of Maharashtra was handed over to SAS to perform automated seeding with the voter ID database of 7.0 crores. This work was done in the UID innovation center in Maharashtra, and was also nominated for a best project award.

Remote Aadhaar Seeding Framework (RASF)

Seeding beneficiary databases has always been an issue for various state departments, and there are common patterns that keep recurring. To address these, UIDAI built a web tool to enable seeding and verification, to which beneficiary details (KYR+) were uploaded by various departments (PPT dated 2013 in archive.org)

Description of Remote Aadhaar Seeding Framework

When scheme data — such as religion, minority status and caste — are uploaded to UIDAI for seeding verification, their defence of “minimal information” does not hold ground. It may be argued that this was only operational before the Aadhaar Act came into force, but this is in direct contrast to the submissions of the Attorney General before the Supreme Court in August 2015. (The Act passed Parliament in March 2016.)

Attorney General’s statement in the Supreme Court in August 2015.

DBT seeding viewer

The seeding viewer was the next tool built to help states seed beneficiary databases. It allows private seeding agencies access to not just KYR data, but also KYR+ data, and is accessible from a white-listed IP address. (Source)

It is evident from the user manual of the seeding viewer tool that it allows viewing a user’s data by just knowing their Aadhaar number or enrolment number, without the presence or consent of the user (including KYR+ data).

DSDV tool screenshots from Aadhaar seeding document (page 20)

UIDAI further provided a list of empanelled agencies which are trained and certified for operating the seeding viewer. A certain “Shree Krishna Khandsari Sugar Mills” is among the agencies that could access KYR+ data without user consent. The empanelment was valid till 13 November 2016, for several months after the Aadhaar Act was passed.

Biometric data sharing

Contrary to UIDAI’s claims, the enrolment software by design can share biometrics with state registrars. This was done because the NPR project (National Population Register) was enrolling citizens concurrently to provide them with a biometric smart card (Source)

In initial phase of NPR scheme, it was decided to collect biometric details from UIDAI store (which they have collected during Aadhar Card Registration) whenever required..…..In an official statement, Centre has made it clear that National Population Registration scheme must not expect any sort of biometric data help from UIDAI. They won’t be able to share details now.

However as per LS UQ 180 on 21.07.2017, these two databases would be merged together to form the master database:

(b): The Government has decided to update the National Population Register (NPR) and seed the Aadhaar number in NPR database at an estimated cost of Rs. 951.35 crore. The field work would be completed by March 2016. This updated NPR database along with Aadhaar Number would become the mother database and can be used by various government departments for selection of beneficiaries under their respective schemes.

The Registrar Strategy Document (link), registrar handbook (2010, v1.0) and registrar handbook (2012, v3.0), point to the scheme through which biometric data of residents is shared with registrars:

State registrars are allowed access to biometric data of residents
Registrars use their own encryption keys and hence can decrypt data
Biometric data need and decryption are part of the preparation phase. Illustration from UIDAI’s documents

Since the NPR project allowed issuance of biometric smart cards, the data security guidelines for registrars published by UIDAI explicitly made provisions for the same.

Explicit permission for fingerprint retention and storage

Biometric data sharing with registrars was not restricted to the case of NPR project alone. Any state can actually get access to resident biometrics, if they want to, when they sign the MoU(Memorandum of Understanding). While the NPR states, got access to biometrics, as a matter of course, UIDAI so far has not admitted, which registrars were given access to biometrics, for how long, and how many enrolment records it has been applied to.

SRDH and biometrics

The NPR project allowed states to collect biometrics in the following states via the Registrar General of India (RGI) as per The Hindu Business Line in January 2014, for the purpose of issuing Multi-Purpose biometric National Identity Cards (MPNIC).

The States and Union Territories, where RGI is enrolling residents and collecting their biometrics details under NPR, are Arunachal Pradesh, Assam, Bihar, Chhattisgarh, Jammu & Kashmir, Meghalaya, Mizoram, Odisha, Tamil Nadu, Uttar Pradesh, Uttarakhand and West Bengal, Andaman and Nicobar Islands, Dadar and Nagar Haveli and Lakshadweep.
RGI is also enrolling residents in Udupi, Gadag, Uttara Kannada, Haveri, Davangere, Bangalore rural, Chikkabalapur and Kodagu districts of Karnataka.

The Aadhaar enrolment software, by way of allowing a resident’s biometrics to be shared with NPR state registrars, also allowed SRDHs to access the resident biometrics and build state databases of biometrics if they chose to.

Tamil Nadu

Tamil Nadu is an RGI/NPR state with access to the biometrics collected during enrolment. The following state government order indicates that TN’s SRDH does indeed house biometrics.

Tamil Nadu SRDH provides biometric downloads (G.O Link from Archive.org)

The architecture diagram of the Tamil Nadu SRDH shows how KYR+ and biometrics were made available to the SRDH.

Since TN was a NPR state, it has access to citizen’s biometric database (From Archive.is)

Odisha

Odisha (formerly Orissa), an RGI/NPR State, contains a SRDH that houses residents’ demographic details, but not their biometrics. From their website:

SRDH is a repository of UIDAI data of residents, along with their demographic data and photograph. The biometric details like iris and fingerprints are not stored at the state level and are available with the UIDAI CIDR only. This helps the state government in maintaining a lean database, and ensures privacy of data.

360 degree databases

Another recurring theme with SRDHs is the need for a “single source of truth” or a “360 degree view” of residents. (Emphasis added in the following quotes.)

This is a partial list based on available information. See the forthcoming Part 2 for more.

1. Odisha SRDH

Odisha State Resident Data Hub (OSRDH) is database of residents of state of Odisha. It has a comprehensive portal for managing demographic (Name, Gender, Age, Photograph and Address) information for facilitating “Unique ID” based identity authentication. It will act as single source of truth for information on residents and will be integrated with departmental applications.

2. Tamil Nadu SRDH

During the Governor’s Address 2013 and Budget Speech, 2013–14, it has been announced that the State will create the State Residents Data Hub (SRDH) as a unified data repository with biometry enabled citizens’ data derived from the National Population Registry to service all departments.

3. Delhi eGovernance

State Resident Data Hub (SRDH) is database of residents of state of Delhi. It has Name, Gender, Age, Photograph and Address. It will act as single source of truth for information on residents and will be integrated with departmental applications.

4. Madhya Pradesh SRDH

The key objectives of setting up the SRDH in Madhya Pradesh are as follows:
Establish a Clean, Authenticated and de-duplication data repository for all the Residents of the State of Madhya Pradesh
Enable efficient service delivery through integration with Aadhaar Authentication
Support State Government Departments in effective planning of welfare and development Schemes
Establish the frameworks for effective monitoring of schemes
Enable the transformation of service delivery through integrated service delivery
View 360-degree profile of a resident
MP SRDH now further extends the utility of the demographic data of state residents by linking the “Aadhaar No.” to the collaterals (multiple unique identities) of a beneficiary in multiple Government Welfare Schemes.
SRDH adheres to the principle of “Single Source of Truth”, as it maintains demographic and biometric information of Madhya Pradesh state residents provided by Unique Identity Authority of India (UIDAI) at one place.

5. Haryana SRDB

Slide #3
Slide #4

Haryana SRDB (2016) is interesting because it explicitly says:

  1. All data is interlinked.
  2. Fully navigable GIS map from country → state → locality → dwelling unit of residents.

However, in the Shanti Sinha vs Union of India case in July 2017, the government filed a rejoinder which explicitly denied that 360 degree databases can be built, because the Aadhaar Act prohibits it.

Supreme Court Affidavit by Union of India in July 2017

6. Andhra Pradesh SRDH

Haryana’s SRDB is based on the SRDH model of Andhra Pradesh, which was the first state to introduce 360 degree databases as part of its e-Pragati program. (Link)

360 Degree View of Citizens
The entire range of data that is available as part of e-Pragati
How Aadhaar seeding helps creation of “Golden Records” through interlinking of databases.

Functional and technical requirements of 360 degree databases

e-Pragati’s functional and technical requirements are available publicly (archived copy). These requirements can be considered as an add-on to the standard SRDH guidelines (source and archive), which are (emphasis added):

  • Login
  • User Management
  • Insertion of EID UID file
  • Insertion of a record manually
  • Modification of records
  • Resident Self Service of insert/modify KYR manually
  • De-activate records
  • Authenticate existing records with the CIDR
  • Simple search
  • Advanced search
  • Seeding utility
  • UIDAI Vault — Upload
  • Registration of an external database
  • SRDH Query Builder
  • Authenticate remote requests
  • API for reading SRDH
  • Standardised Reports

The search functionality is interesting because of the claim by Ram Sewak Sharma in The Hindu in July 2017 that “no data download is permitted, search is not allowed”.

According to Shankkar Aiyar in Aadhaar: A Biometric History of India’s 12-Digit Revolution (Chapter 4, “Push for the Pull”, pp 98–99), the SRDHs were Mr Sharma’s innovation.

The compromise was that a program would be written — the code for it would be organised by the states — to allow states to simultaneously record the data in a separate file. Managing the files and finding storage was the states’ responsibility. The expanded version was christened KYR Plus or Know Your Resident Plus. Andhra Pradesh was among the first states to seek this change. Other states too found the plus format alluring. The enrolling agencies collected these new fields which related to ration and BPL card details, size of family, ownership of assets, PAN card, etc.
UIDAI had made it clear that this data would not be part of the Aadhaar records or hosted on their servers. This created a complication. The states didn’t have space to digitally store the data. This was resolved by a Sharma-led innovation: a state resident data hub, akin to digital locker services. The management and responsibility for the storage hub rested with the states.

In the SRDH adoption guidelines document (which Mr Sharma is no doubt aware of), both simple and advanced search have been precisely defined.

Simple search

This will be a simple search which will enable a user to search SRDH records. The search can be based on any of the KYR data elements such as UID number, EID number, name, address, DOB, Mobile number, email address, relative name, relative EID/UID etc. The UID number will be the default search criteria. The result would be a record or a set of records matching the search criteria. Search will restrict user to start with a minimum of 3 characters. The result would be a standard single record view or a standard multiple record view matching the search criteria.

Advanced search

This will enable a user to search SRDH records based on multiple KYR fields using the AND logic or to search for records that have been inserted/deleted/modified between two different dates or a combination of both. Search will restrict user to start with a minimum of 3 characters for each free-text search criteria. The result would be a standard single record view or a standard multiple record view matching the search criteria.

UIDAI signs Memorandums of Understanding (MoUs) with various states and also provides technical and partial financial support to build SRDH as documented in the Adoption Strategy. While this allows periodic synchronization of KYR data from UIDAI, states are free to sign MoUs with other registrars to enrich their databases.

Third Party MoUs to enrich datasets in SRDH

We learn from this document that the functional requirements for an SRDH include features such as “registration with an external database” and the “query builder”, which allows running structured queries against any remote database using a ‘where’ clause (ie, data retrieval by specified criteria), provided they are seeded with Aadhaar numbers.

Registration with an external database

This is an admin functionality to enable the SRDH query builder. This allows the SRDH administrator to register a remote database with the SRDH system and make it available for the query builder functionality. Note that the external database must already have been seeded (should have UID numbers)

Query builder

The SRDH query builder will be used to formulate database queries and run them against remote departmental databases for any given ‘Where’ condition.

Conclusion

It is now possible to understand the full import of the Aadhaar Act and the utter uselessness of it for protecting resident privacy. While the Central Identities Data Repository (CIDR) contains minimal information and is reasonably protected, the State Resident Data Hubs (SRDHs) contain maximum information about residents, with no restrictions on usage and questionable legal protection.

UIDAI not only part-funded the SRDH projects, but also provided full spectrum help — from drafting requirements to sharing source code and deployment models — which enabled states like Andhra Pradesh and Haryana to build add-on capabilities such as GIS mapping of households, linked with all activities from birth to death.

In effect, Aadhaar is a master class in how to build a 360 degree database (multiple SRDHs) without building a 360 degree database (CIDR), while propagating the myth that biometrics are the only sensitive personal information of residents that need protection.

Considering the amount of private and personal data that the SRDHs hold, fingerprints and IRIS scans — which are public identifiers — are not as big a privacy threat as the Aadhaar-enabled SRDHs are.

Given they are blatant violations of the Aadhaar Act, how do they continue to exist? Perhaps because the Act contains these escape clauses:

(This is a two part series. In Part 2, we will look at states which have enacted their own State Aadhaar acts, and their SRDH implementations.)