This essay examines the history and implications of India’s Aadhaar biometric identification system. It will explore the privacy concerns of data breaches and surveillance, against the merits of paperless identity and welfare, before finally analysing whether a like model would work in Australia.
Defining biometric identification
Biometric identification is the obtaining and use of human body parts and functionality for access control. The technology is ubiquitous and used in everyday smart devices, for example: fingerprint scanning, facial recognition and voice recognition.
The Australian Government’s Law Reform Commission differentiates biometric identification as ‘one-to-many matching’, or who a person is against a population. This is contrasted to biometric authentication which verifies who an individual is at a ‘one-to-one’ scale (2010).
It is important distinction, as the latter is utilised by private companies whereas the former is predominantly State based.
What is Aadhaar?
According to Rachel B. Jefferson, both automated facial, and manual fingerprint recognition have been used since the 1960s (2010, pp. 125-126). Iris recognition was only patented in 1994, hand geometry used from the late 1970s and voice recognition since 1996 (Jefferson, 2010, pp. 197-198).
As the infographic above shows, efforts to digitise biometric data for state purposes predominantly began in the 1990s (Mayhew, 2018). The history favours Western achievements, however, the Republic of India presents a distinctive case study as a developing nation with the largest biometric database in the world.
Ten years ago, the Indian government began to roll out one of the first large-scale implementations of biometric identification enshrined and enforced in legislation: Aadhaar (UIDAI, 2019).
The Unique Identification Authority of India (or, UIDAI) issued all verifiable residents with a unique 12-digit number and state identity card in exchange for their demographic information and biometric data.
UIDAI data shows 1.2 billion residents currently enrolled in Aadhaar (UIDAI, 2019). They capture resident’s faces, fingerprints and irises to identify residents regardless of time or place.
It was designed to eradicate duplicate identities, centralise authentication procedures and capture demographic data en masse.
Social protection and paper(less) trails
Before Aadhaar, India’s poorest citizens struggled to access social benefits as it was difficult to prove their identity. The development of national identification not only expanded the reach of welfare services, but also prevented identity and benefit fraud (Smyth, 2019, p.107).
The unique personal ID number is only given when a resident enrols and hands over their biometric samples. The two are then linked.
One number means one beneficiary only (Sarangi and Sharma, 2011, p.171) – it cannot be shared and must be matched with a fingerprint or eye scan (Smyth, 2019, p. 114).
Similarly, different services required different forms of identification, when underprivileged residents tended to lack documentation altogether (Sarangi and Sharma, 2011, p. 170).
As signing up to Aadhaar requires no prior identification documents, those previously without proof of identity are not excluded.
A passport, licence or paperwork could be lost, stolen or forged but biometric data requires no need to carry around material identification (Smyth, 2019, p.114).
Vulnerable populations — such as women, minority castes groups, those living in rural areas and the illiterate — could access rations and have an identity source to use for banking, transport and government departments (Bhatia and Bhabha, 2017, p.69).
In practice, there are gaps where people still fall through. Smyth acknowledges that technological error, such as a faulty fingerprint scanner, could mean the difference between a meal and starvation (2019, p. 107).
Nevertheless, biometric identity aides “autonomy, mobility, income generation, status, inclusion and equal treatment” that can “empower millions of people and provide them with the necessary tools to rise above poverty” (Smyth, 2019, p.111).
The sensitive and personal data handed over for Aadhaar is extremely valuable. Sarangi and Sharma question whether the UAIDAI and their affiliates can be trusted with securing such precious information against hackers and criminals (2019, p.11).
Aadhaar security be like – pic.twitter.com/yVcTj72aq9
— Aamna (@_aamnakhan) October 6, 2019
According to Bloomberg, France is planning to roll out their version of Aadhaar (‘Alicem’) in November, however, it took a hacker only an hour to crack into their government’s ‘secure’ messaging app months prior.
There are severe consequences associated with biometric data leaks. Once it is compromised, it is permanently compromised (Doffman, 2019).
Hackers can use linkage attacks to trace an individual’s actions and details (Beliakov et al., 2016, p.888) across multiple biometric systems. Victims of this tracking cannot change or forge their biometric signature to mitigate ramifications of a leak (Jain et al., 2003, p.37).
In other words, one’s privacy is compromised if a connection is made between their biometric information, and the multiple services that use it (Beliakov et al., 2016, p.888). They can then be identified, cross-matched, profiled and tracked (Mitrokotsa, and Pagnin, 2017).
The issue does not lie with security of the biometric samples itself, but rather the consequential invasion of privacy from the extracted data, as the individual becomes distinguishable and party to commercial or political targeting.
Autonomy versus State Power
In India, the resident gives up their face and fingerprints to be a part of the system. However, once the data is volunteered, it is paradoxically no longer theirs.
Advocates against Aadhaar (as seen in the PBS interview below) oppose giving the State sole and centralised access to their fellow citizens’ personal data.
Their point of view raises questions around the original purpose of biometric samples, and the opportunity for divergent usage such as surveillance and corruption.
In light of China’s vast facial recognition technology implemented in public spaces, widespread international use of similar technology is highly plausible. The Megvii system can limit access to geographic locations, restrict mobile payments or even identify peaceful protestors.
Identification is “used to determine whether or not a person is ‘known’” (Jefferson, 2010, p. 123). Biometric identification removes any possibility of remaining unknown as your data can never be taken back.
Such use of biometric identification not only polices citizens but changes the way humans are conceptualised in the eyes of the State. While given up consensually, donators cannot be sure how their data is used afterwards.
An Australian Aadhaar?
Australia already uses biometric information for biosecurity and border protection, and cross-references fingerprints and faces with passport information (Emami et al., 2016, p. 1).
In the direction of conforming to an Aadhaar-like system, the Australian Government is currently trialling digital driving licences, however, this process does not require the handing over, or scanning of faces or fingerprints to prove oneself – a valid licence alone is enough.
Without hefty investment, our infrastructure may be unreliable and vulnerable to attack, as was the case when hacktivists shut down the 2016 eCensus website right before deadline.
Similarly, Australia’s vulnerable populations could be at risk. Since the 1930s, Australia’s Indigenous population has been fingerprinted for record purposes (Wilson, 2007, p. 214).
Reviews into Australia’s cashless welfare cards show disproportionate targeting of Indigenous groups. Based on precedence, the introduction of an Aadhaar system in Australia might disadvantage minority populations.
The use of biometric identification by national governments has increased significantly in the last decade. It is now not a question of if, but when Australia will adopt an Aadhaar equivalent.
Digital identities rooted in biometric samples can assist in mass population management and welfare distribution. It can also make access to services and identification simpler, easier and more efficient.
However, malicious use by incompetent or corrupted officials could have dire consequences. Therefore, governments must enforce accountability, legislation and protections around storage, security, identifiers, usage and transparency (Smyth, 2019, p. 107) prior to implementation.
Agence France-Presse. (2019, September 4). Smile-to-pay: Chinese shoppers turn to facial payment technology. The Guardian. https://www.theguardian.com/world/2019/sep/04/smile-to-pay-chinese-shoppers-turn-to-facial-payment-technology
Australian Law Reform Commission. (2010, August 16). Biometric Systems. Australian Government. https://www.alrc.gov.au/publication/for-your-information-australian-privacy-law-and-practice-alrc-report-108/9-overview-impact-of-developing-technology-on-privacy/biometric-systems/
BBC Technology. (2019, August 26). Facial recognition specialist Megvii plans share sale. BBC. https://www.bbc.com/news/technology-49473583
Beliakov, G., Mehmood, A., Natgunanathan, I., Xiang,Y. & Yearwood, J. Protection of Privacy in Biometric Data. IEEE Access. https://doi.org/10.1109/ACCESS.2016.2535120
Bhatia, A. & Bhabha, J. (2017). India’s Aadhaar scheme and the promise of inclusive social protection. Oxford Development Studies, 45(1). https://doi.org/10.1080/13600818.2016.1263726
Davey, M. (2017, January 10). Cashless Welfare Card Treats Aboriginal People Third Class Citizens. The Guardian. https://www.theguardian.com/australia-news/2017/jan/10/cashless-welfare-card-treats-aboriginal-people-third-class-citizens
Doffman, Z. (2019, August 14). New Data Breach Has Exposed Millions Of Fingerprint And Facial Recognition Records: Report. Forbes. https://www.forbes.com/sites/zakdoffman/2019/08/14/new-data-breach-has-exposed-millions-of-fingerprint-and-facial-recognition-records-report/#26e01a7046c6
Emami, C., Brown, R., & Smith, R. (2016). Use and acceptance of biometric technologies among victims of identity crime and misuse in Australia. Trends and Issues in Crime and Criminal Justice. 511(1).
Fouquet, H. (2019, October 3). France Set to Roll Out Nationwide Facial Recognition ID Program. Bloomberg. https://www.bloomberg.com/news/articles/2019-10-03/french-liberte-tested-by-nationwide-facial-recognition-id-plan
Griffith, Chris. (2016, August 10). Census 2016: Online attack was inevitable, say IT experts. The Australian. https://www.theaustralian.com.au/nation/politics/census-2016-online-hacking-was-inevitable-say-it-experts/news-story/fc5cb8630c0a7dda93601c2fb0da2cb3
Jain, A., Pankanti, S., & Prabhakar, S. Biometric Recognition: Security and Privacy Concerns. The IEEE Computer Society. https://doi.org/1540-7993/03/
Jefferson, R. (2010). Biometrics: Privacy, Progress and Government. Nova Science Publishers, Incorporated.
Khan, A. [@aamnakhan]. (2019, October 7). Aadhaar security be like –. [Tweet with image thumbnail attached]. Twitter. https://twitter.com/_aamnakhan/status/1180851398809767936
MacKenzie, M. (2018, October 6). Fingerprint Scanner. [Image]. Flickr. https://flic.kr/p/2aDXaQY
Mayhew, S. (2018, February). History of Biometrics. Biometric Update. https://www.biometricupdate.com/201802/history-of-biometrics-2
Mitrokotsa, A. & Pagnin, E. (2017, January 1). Privacy-Preserving Biometric Authentication: Challenges and Directions. Security and Communication Networks. 2017(1). http://dx.doi.org.ezproxy1.library.usyd.edu.au/10.1155/2017/7129505
PBS NewsHour. (2017, July 29). India’s national ID program raises privacy concerns [Video]. YouTube. https://www.youtube.com/watch?v=BDg2CFlvQd0
Sarangi, S. & Sharma, P. (2019). Big Data A Beginner’s Introduction. Routledge India. https://doi-org.ezproxy1.library.usyd.edu.au/10.4324/9780429330797
Service NSW. (2019). Digital Driver Licence. NSW Government. https://www.service.nsw.gov.au/campaign/digital-driver-licence
Sharma, V. (2011). AADHAAR – A Unique Identification Number: Opportunities and Challenges Ahead. Research Cell: An International Journal of Engineering Sciences 4(11).
Simonite, T. (2019, September 9). Behind the Rise of China’s Facial-Recognition Giants. WIRED. https://www.wired.com/story/behind-rise-chinas-facial-recognition-giants/
Smyth, S. (2019). Biometrics, Surveillance and the Law Societies of Restricted Access, Discipline and Control. Routledge. https://doi-org.ezproxy1.library.usyd.edu.au/10.4324/9780429022326
Unique Identification Authority of India. (2019). Enrolment Dashboard. Indian Government. Retrieved 10 October 2019. https://uidai.gov.in/aadhaar_dashboard/india.php
Wilson, D. (2007, September 1). Australian Biometrics and Global Surveillance. International Criminal Justice Review 17(3). https://doi.org/10.1177/1057567707306650