What the CAG audit report says about the Aadhaar diet
New Delhi: The Comptroller and Auditor General (CAG) has fired the government body behind the issuance of Aadhaar numbers on a series of issues that have dominated the general debate around India’s unique identification program.
In its first-ever performance audit of the Unique Identification Authority of India (UIDAI), the CAG reported issues with its deduplication process and how flaws in the biometric capture process led to hundreds of thousands of people being pay a fee to update their biometrics. .
The audit report – which reviewed the functioning of UIDAI between 2014-2015 and 2018-2019 – also flags the issuance of Aadhaar numbers to minor children under the age of five based on details provided by their parents, calling it a step that goes against the “basic principle of Aadhaar law”.
Here are the main conclusions of the national auditor:
1) No documents for proof of residence?
In India, Aadhaar numbers are only issued to people who have resided for a period of 182 days or more in the 12 months preceding the date of application. The problem with this, the CAG pointed out, is that the UIDAI only requires “occasional self-declaration” to prove it.
“…UIDAI has not prescribed any specific evidence/documents or process to confirm whether an applicant has resided in India for the specified period, and takes confirmation of residency status through occasional self-declaration by the applicant. There was no system in place to verify the claimant’s assertions. As such, there is no guarantee that all Aadhaar holders in the country are ‘residents’ as defined in Aadhaar law,” the CAG report notes.
“UIDAI may prescribe a procedure and required documents other than self-declaration, to confirm and authenticate the residency status of applicants in accordance with the provisions of Aadhaar Law,” he added.
2) Deduplication issue
The purpose of the Aadhaar system is that it is unique – i.e. no individual can obtain two Aadhaar numbers and the biometrics of a specific person cannot be used to obtain Aadhaar numbers for different people.
This is established by the UIDAI deduplication process. Over the years there have been many questions about the effectiveness of this process.
Although this criticism is not new, the CAG report presents an interesting statistic: the UIDAI had to cancel more than 4.75,000 Aadhaars (as of November 2019) for “being duplicates”. This data indicates that on average no less than 145 Aadhaars generated in a day over the nine-year period since 2010 were duplicate numbers requiring cancellation.
“There have been instances of Aadhaars being issued with the same biometrics to different residents indicating flaws in the deduplication process and Aadhaars being issued on faulty biometrics and documents. Although the UIDAI has taken steps to improve the quality of biometrics and has also introduced iris-based authentication features for Aadhaar registration, the database continues to have faulty Aadhaars that have already been issued,” the audit report noted.
In its response to the CAG, UIDAI noted that the biometric deduplication process guarantees uniqueness with 99.9% accuracy, but “in cases where residents with poor biometrics enroll, their accuracy could be slightly mediocre, which could lead to the generation of several Aadhaars”.
In the report, however, the CAG answers curtly: “No details on the frequency of deployment of the self-cleaning system, the number of duplicates detected through the process, etc., were provided for auditing in July 2020. The fact that residents reported 860 cases of multiple Aadhaars in Bengaluru RO alone in 2018-2019, suggesting that the self-cleaning system used by UIDAI was not effective enough in detecting leaks and sealing them.
3) Paying for a flawed registration process?
The Aadhaar system allows its users to “update” their fingerprint and iris scans for various reasons. Some of these updates are “mandatory” (for example, children between the ages of 5 and 15 at the time of registration must update their biometrics after reaching the age of 15).
But people can also update their biometrics voluntarily. Why would they do this? A few reasons, but it seems the most common is that their biometrics were not entered correctly during the registration process, which resulted in an authentication failure.
While mandatory updates are free for residents, voluntary updates are paid for by residents at rates prescribed by the UIDAI.
In 2018-2019, more than 73% of the total biometric updates of 3.04 crore were “voluntary updates made by residents for faulty biometrics after payment of fees”.
“A huge volume of voluntary updates indicated that the quality of data captured to issue the initial Aadhaar was not good enough to establish identity uniqueness. UIDAI may review the charging of fees for the voluntary updating of resident biometrics as it (UIDAI) was unable to identify the reasons for biometric failures and residents were not responsible for capturing the poor quality of biometrics,” notes the audit report.
In addition to this, the CAG also notes that the UIDAI did not penalize “the managed service provider for failing to meet expected service levels in the performance of biometric solutions”.
4) Match Aadhaar numbers to their actual documents
According to the CAG, all Aadhaar numbers stored in the UIDAI database were not accompanied by documentation of the resident’s demographic information, “raising doubts about the accuracy and completeness of the resident data collected and stored by UIDAI. before 2016”.
“Although with the introduction of online scanning (July 2016), personal information documents were stored in CIDR, the existence of unmatched biometric data from the earlier period indicated deficient data management. UIDAI can take proactive steps to identify and fill missing documents in its database at the earliest, to avoid any legal complications or inconvenience for Aadhaar holders issued before 2016.”
5) Children under five
In India, Aadhaar numbers are issued to minor children under the age of five based on the details provided by their parents.
However, the national auditor believes that this goes against the basic principle of Aadhaar law, which is to confirm the uniqueness of biometric identity (which usually cannot be done at such a young age) .
“In addition to violating the statutory provisions, UIDAI also incurred avoidable expenses of Rs 310 Crore on the Bal Aadhaars issue till March 31, 2019. In Phase II of the ICT Assistance, a An additional sum of Rs 288.11 Crore has been released in the year 2020-21 to States/Schools mainly for issuing Aadhaars to minor children,” the report notes.
“UIDAI must look into the issue of Aadhaar for minor children under the age of five and find other ways to establish their unique identity, especially as the Supreme Court has declared that no benefit will be denied a child for lack of Aadhaar document. UIDAI may explore other ways to capture the uniqueness of biometric identity of minor children under five years old, as uniqueness of identity is the most distinctive feature of Aadhaar established by biometrics of the individual.