The Aadhaar project, covering close to 1.2 billion residents, has often impressed many researchers and policy makers across the world. For instance, a Moroccan delegation visited India last year to study the implementation of linking (most) services with Aadhaar. The Philippines government also expressed interest in introducing an Aadhaar-like tool to target corruption in the country.
In an event hosted by Global Development Network and Pathways for Prosperity, I had the opportunity to speak on a panel entitled: ‘Including the Poor in the Digital Age’. Professor Stefan Dercon was chairing the panel and he prompted us to reflect on lessons from Aadhaar for an international audience.
Following is a brief summary of what I shared:
A universal identify platform where each person is uniquely identified is indeed an attractive option. In an ideal world, the universality and reliability of such a platform can reduce transaction costs related to establishing one’s identity or knowing someone else’s identity.
However, in my opinion, this is contingent on three premises – a) having high quality and reliable identity data as part of the platform, b) promoting wide usability, where anyone who wishes to establish their identity using this platform can do so, and c) increasing accessibility so that everyone who needs to establish someone else’s identity can easily do so. Implementation of these systems must be critically analysed to see which features of such an identity system should be continued and which ones must be dropped.
Against this backdrop, we need to consider the following important lessons that emerge from India’s experience:
While on one hand, the universality of an identity system is what makes the platform stronger, on the other, structuring the system to be voluntary on three fronts — voluntary at the time of enrolment (having the option to opt in as well as opt out); voluntary in use, where the individual defines how to use it; and voluntary in practice (not just in law ) — is important.
2. Use of Biometrics
In areas where different forms of verification may be limited by state capacity, biometrics can be useful in establishing uniqueness of an individual. However, there exists mounting evidence against the use of biometrics for authenticating an individual repeatedly. Biometrics can be misused and easily stolen, they are not sufficiently reliable as made evident by the various reports on authentication failure, and biometric authentication requires a robust infrastructure such as good network connectivity and strong backend servers.
3. Robust data protection law and Independent Regulator
To complement the system’s features, it is also vital to have robust data privacy laws and a data privacy commission that helps enforce that law. The commission must be completely independent of the identity platform. At present, the Unique Identification Authority of India is the data controller as well as the regulator with respect to Aadhaar. While there is no industry that works without agencies engaging in self-regulation, there’s also no industry that works well without an independent regulator overseeing that function well.