Aadhaar on Blockchain

By Sodaksh Khullar

Since its inception, Aadhaar has had a bumpy ride. Originally imagined to be a tool for reducing leakages in distribution of subsidies, it has grown to be a lot more. Enacted in 2016 alongside UIDAI, the Aadhaar Act 2016 is meant to make it a primary instrument for verification of identity. Filling the vacuum of a nationwide unique identifier, cases have been made for and against the scheme.

One of biggest benefits of Aadhaar has been in reducing the cost of acquiring & onboarding a customer, be it for a bank account or for a SIM card. Aadhaar has been the tool powering the new wave of Digital India. Previously, Know Your Customer (KYC) verifications were a major barrier while onboarding new customers due to high paperwork and costs. E-KYC through Aadhaar has brought a sustainable model for the new acquisitions, bringing services like bank accounts, digital wallets, mobile connection to those who excluded before.

But it is these data collectors that serve as the vulnerable link in the whole ecosystem. There have been multiple instances where sensitive data & personal details have been found online due to irresponsible handling and not following of best practices.

Being claimed as one card for all, there have been efforts to link all types of identities to Aadhaar, from PAN card to driver’s license. While this creates a fluid mapped ecosystem, it also creates a highly dependent and centralized database which is highly vulnerable to cyberattacks. Unlike other identifications like a Passport or a Pan Card, UIDAI stores all its demographic and biometric data on Central Identities Data Repository (CIDR). While there haven’t been reports of vulnerabilities pertaining to CIRD, a centralised database is always susceptible to cybersecurity attacks, specially one containing information valuable to foreign adversaries.

Another issue with Aadhaar is its mandatory nature being an invasion to privacy. While even the Hon’ble Supreme Court recognises the need for Aadhaar in availing certain government schemes and subsidies (Section 7 of Aadhaar Act), the situation complicates on the question of various other services. The mandatory usage of biometrics and other personal details has created a wave of insecurity among citizens, with growing concerns of being surveilled akin to an Orwellian state.

While there can be many criticisms of Aadhaar, it is necessary that we put forth adequate solutions to the problem at hand as well. Better use of recent technological innovations is bound to solve most problems of society. One such innovation is that of distributed ledgers, also commonly known as Blockchain. Blockchain is a type of unalterable & distributed database that allows multiple stakeholders to create, track, and validate its records. Whereas a central database can lead to a single point of failure, data on these mutually distributed ledgers is cryptographically encrypted and shredded across the network, as a result making it hard for the external forces to permeate through. This is the same technology which forms the basis of the controversial Bitcoin. Meanwhile Bitcoin itself is attracting a lot of unwanted and negative attention, the fundamental technology underlying the network remains secure.

A Blockchain based verification system will ensure security and transparency of the citizen’s data. The cryptographic Hash will allow the encrypted identities to be verified, without leaving the biometric data vulnerable. The Immutability will ensure the credibility of the records. And most importantly, a digital time-stamped trail will allow the citizens to audit the various parties that have been accessing their data ensuring transparency and trust. The power of permitting access to their data lies with the citizen themselves. If a service provider you don’t know has viewed your records, it will be traceable, and you can have them reported. With concerns relating to privacy and data-sharing, this will be a much-required panacea.

There is sufficient evidence to suggest that the promotion and use of latest technology at an institutional level, especially for civic duties and procedural requirements leads to higher efficiency and security. Estonia is one of first countries to put the entire digital identity system on the Blockchain network. In 2007, Estonia was in the middle of a political fight with Moscow over plans to remove a Soviet war memorial from a park in Tallinn. This led to multiple cyber-attacks by the Kremlin through distributed denial of services. What followed was a wake-up call helping Estonians become experts in Cyber-Defence. Now, Estonians conduct all their civic responsibilities online (including voting). Offices and paper forms have become obsolete as state-issued digital identities allow all citizens to carry out any financial or government transaction from their laptops or cellphones. The technology allows Estonia’s engineers to strengthen its encrypted data and lets Estonians verify at any given point that their information has not been tampered with. These and other security measures make their system as close to unbreakable as possible.

Enthusiasm has been shown by the government towards this technology. MP Rajeev Chandrasekhar advocated the use of blockchain in Aadhaar when he said “UIDAI has now got to create a road map to redesign Aadhaar for the future. It can use technology like blockchain to create a much more secure and encrypted database”. Recently, Niti Aayog has announced that they are working on Indiachain, country’s largest blockchain network for public services. Though its implementation in Aadhaar has not been talked about.

In his presentation on ‘Who Owns Personal Data’, Nandan Nilekani raised a very interesting point about data inversion. The founding father of the Aadhaar Scheme wants to give the ownership of the data back to the citizens. His aim is for the people to have a claim over the data, including the revenue which is generated by the digital platforms who access it. While this seems like a far-fetched idea considering the lack of digital infrastructure to support it, a decentralized database for digital identities can help lay the groundwork for such a future.

Keeping all this in mind, we must confront the multiple issues that come along with a technology which is at such a nascent stage. Given the scale of the Aadhaar, it would be difficult to implement a gigantic change in its architecture at such a later stage. Additionally, with the lack of digital literacy around the country, it will be a big challenge to make the system user-friendly for all the stakeholders involved. We must be careful in making sure that Aadhaar does not become a tool for exclusion. Raising awareness among the masses will be of utmost importance.

While the judgement of the Hon’ble Supreme Court on on the questions of privacy and security related to Aadhar, is awaited, one cannot help but stress the need for the Union Government to make use of technological innovations to itself make the implementation more secure. Blockchain seems a viable option to do the same.

Sodaksh currently works as an analyst at ConsenSys, which is the largest blockchain technology firm in the world. This article is a part of The Agenda’s Byzantium Series that focuses on blockchain technology and cryptocurrencies.