June 1, 2022

Trust in Aadhar deteriorates

India’s long-running experiment with digital identity is still controversial. On May 27, the Unique Identification Authority of India (UIDAI) issued a notification asking people to not share photocopies of their Aadhaar card as it could be “misused”. Yes, 13 years after Aadhaar was created and the central government linked everything to it, UIDAI – a  statutory body responsible for planning and implementing India’s national identity scheme – woke up to caution the public against it being misused. Faced with backlash and widespread criticism, the Ministry of Electronics and Information Technology (MEITY) retracted the press release and issued a clarification. The Ministry advised Aadhaar card holders “only to exercise normal prudence in using and sharing their UIDAI Aadhaar numbers” – whatever that means.

The UIDAI advisory was issued in “the context of an attempt to misuse a photoshopped Aadhaar card.” Cases of identity theft are on the rise in India, and fake Aadhaar are being used across a wide range of scams and rackets – carrying out land transfers, procuring passports, getting loans, casting votes, obtaining other IDs, siphoning off ration grains. Instead of sharing photocopies of Aadhaar, the UIDAI suggested the use of ‘masked Aadhaar’ which only displays the last four digits of the unique 12-digit number. It even laid out the steps to get it done through the official website. The UIDAI also directed the public to avoid using computers in internet cafes or kiosks to download e-Aadhaar and to ensure that copies of e-Aadhaar are “permanently deleted” from public computers where they were downloaded. These are important security practices that citizens need to be aware of in the context of using a sensitive document or ID and it is a good thing that the UIDAI is taking its job seriously. So what explains the backlash against the notification and the subsequent retraction by MEITY?

For starters, despite a Supreme Court ruling limiting its use on privacy grounds, Aadhaar has been scaled by linking it with all kinds of services and platforms. Apart from being a preferred Know your Customer (KYC) document for various banking and telecom services, Aadhaar is mandatory for passport applications or renewal, pension retrieval, access to social welfare schemes and provident fund (EPF) withdrawal, among other services. So UIDAI’s important clarification that only those organizations that have obtained a ‘User License’ from the agency can ask for copies of Aadhaar to establish the identity of a person is too little and too late. UIDAI has also insisted that Aadhaar security is unimpeachable and has openly promoted sharing of Aadhaar numbers. It has been hostile towards researchers pointing out security and privacy issues in the Aadhaar ecosystem, sending organizations legal notices and slapping cases on journalists. Ex-UIDAI chief RS Sharma even shared his Aadhaar number on Twitter and dared people to “Show me one concrete example where you can do any harm to me!” While UIDAI has come a long way from denying security flaws to cautioning people against Aadhaar misuse, it is hard to take the advisory seriously given its lackadaisical attitude to Aadhaar’s security so far.

Most importantly, Aadhaar is a key component of India’s vision of building a digital economy, the bedrock of India Stack. According to information in the UIDAI website, as on 31 October 2021, the authority has issued 131.68 crore Aadhaar numbers. The government wants Indian citizens and the world to view Aadhaar as a trustworthy identity. As the retraction by MEITY suggests in the pursuit of its ambitions the Indian government is willing to ignore the issues created by the introduction of Aadhaar in the digital ecosystem. Ironically, in trying to preserve its Aadhaar’s reputation, UIDAI’s has suffered.

CBDCs and Gatekeeping

A bill to potentially limit the use of China’s Central Bank Digital Currency (e-CNY) in the US was introduced in Congress on 25th May. The “Defending Americans from Authoritarian Digital Currencies Act” proposes the prohibition of e-CNY for digital payments in the US on the grounds that it will be operated by People’s Republic of China, and therefore will be a threat to US citizens’ privacy and the country’s national security. The implicit threats highlighted in the bill does not guarantee that it will pass, however, it does raise significant questions on CBDCs. One of the key features of CBDC is the scalability of digital currency and availability of use in the international markets supporting instantaneous transactions. Consider the example of WeChat, a messaging and payment app, – If it supports payments in e-CNY in the US, the user will have an option of transacting in Chinese currency instantaneously through a different payments network. They will avoid the current network of bank transactions which is time consuming, and the transactions are not exactly private but tracked and recorded. The point here is not to dismiss the concerns of security and privacy, nor is it to promote e-CNY. As more countries launch their own CBDCs, their effectiveness, at least in the international market, will depend on whether the gatekeepers and the intermediaries to the platform, such as app stores, allow it to be operated in specific countries.

US Supreme Court puts Texas Law Regulating Social Media Content on Hold

The U.S. Supreme Court has blocked the implementation of a Texas law that would prohibit social media platforms from banning a user, moderating their content, or altering algorithms that affect the visibility of messages to other users because of that user’s “viewpoint.” The law is yet another example of how rightwing conservatives have abandoned the U.S. Constitution and limited government to wage culture war. In essence, this law would have allowed any Texas user – or Texas’s Attorney General – to sue the big platforms if they felt their viewpoint had been discriminated against by Twitter’s, YouTube’s or Facebook’s content policies. A victorious plaintiff is entitled to an injunction requiring the platform to comply with the state law, as well as attorney’s fees. Courts may also hold the social media platform in contempt. As of yet, the Supremes have not declared the law unconstitutional – although it plainly violates the well-established precedent that “freedom of speech prohibits the government from telling people what they must say” – they have only stayed the implementation of the law until the Supreme Court makes a final ruling on the case. The vote was only 5-4.