Opinion

Aadhaar and the asymmetry of fears

Over the last few years, a certain kind of urban activism has emerged in India, with urban elites becoming a kind of moral chowkidar for society. This form of urban activism has a standard template, usually beginning with someone taking a self-righteous position and garnering enough support among urban elites.

One such darling project of theirs is Aadhaar.

Aadhaar is a centralised public programme that helps entities verify the identity of an individual. Over the years, Aadhaar has managed to polarise societal views into two distinct groups. The proponents of this system do it for recognition from the leader, and to defend him. The opponents of this system—usually urban activists—paint this as an evil, undemocratic and unconstitutional tool, and champion the cause of the poor.

Earlier this week, the Supreme Court of India shed some light over the Aadhaar issue. Urban activists had to win the battle of Aadhaar on a crucial front: they had to convince the Supreme Court that the structural and functional part of Aadhaar (enrolment, security, authentication failure rates, etc.) was so messed up that it warrants the scrapping of the entire system.

It’s not surprising that the courts did not vote against Aadhaar on the basis of structural and functional inefficiencies. Public programmes have inherent defects since they lack expertise and are centralised in nature. With time, the programme evolves and gets better—provided it gets the necessary investments and expertise. Given the scale of Aadhaar, it will take some time to reach a satisfactory performance level. Issues with enrollment systems can be detected and rectified. Issues found to be criminal in nature can be addressed through extensive legal mechanisms.

When it comes to other variables such as the number of attacks and authentication failure rate, they tend to exhibit a scaling relationship with adoption.

Data breach and security incidents tend to increase with an increase in adoption. As the Aadhaar adoption increased from 250 million in 2013 to 1.2 billion in 2018, we witnessed more negative events related to Aadhaar security. With every data breach and cyber-attack, the Aadhaar system will become more robust. That’s how large-scale cyber systems work. That is precisely the reason why we get regular updates for operating systems and antiviruses.

A report on cyber-attacks claims the number of cyber incidences in 2017 doubled to about 159,700—which is an underestimate. Of those attacks, 93 per cent were avoidable, thus giving users a chance to improve their security. Attacks will only increase in future and this isn’t a phenomenon exclusive to Aadhaar. The best way ahead, therefore, is to look for solutions to improve the robustness and resiliency of the Aadhaar system—to allow the system to withstand an attack, and then bounce back to normal.

The same scaling laws are also applicable to authentication failure rates. When one uses an Aadhaar card/number, the system authenticates the identity of the person, but sometimes fails to authenticate. The authentication error rate (failure rate) is computed as the number of failed authentications multiplied by 100 and divided by the number of transactions.

On March 27, UIDAI CEO Ajay Bhushan Pandey presented to the Supreme Court the technological framework for Aadhaar. The presentation showed a decline in acceptance rate from 96.4 per cent in 2013 to 88 per cent in 2018 for government services. That constitutes a failure rate of 12 per cent. But if one considers the acceptance rate per million transactions, the picture will be different. The problem is the unavailability of data owing to government lethargy and inefficiency.

It is important to note that the Aadhaar system may be riddled with high failure rates but the worst failure rate numbers will actually become a benchmark to be lowered in the future. A high failure rate in a system does not warrant its complete removal.

The solution is to observe the long-term variations in failure rates per million and constantly try to achieve lower rates of failure. Pandey told the Supreme Court that 100 per cent successful authentication is not possible. I think that’s the truest statement he’s ever made.

Urban activists tend to promote the idea that even one authentication failure is a matter of life and death for a poor person. But this view is reductionist and should be avoided while analysing the performance of a national-level programme. It’s highly possible Aadhaar will not achieve the failure rates of the aviation industry or any other industry since it’s not profit-motivated or enterprise-driven, but that should not attract manufactured hatred.

Human-made systems usually have scaling effects with respect to the population (or adoption). Two urban scaling laws for different variables are important here, as studied by Luis Bettencourt. “Increasing returns” is when the population size doubles, some entities like private R&D, GDP and patents will more than double. “Economies of scale” is where with every doubling of the population size, some variables will less than double. When systems scale in size, variables of interest exhibit a tendency to scale.

Until such relations are investigated for the performance of Aadhaar, one must exercise caution interpreting spurious numbers. Till we get the complete data, stories of denial of service due to authentication failure should belong in the realm of journalism and not activism. Journalism is important to highlight the deficiencies of the Aadhaar system, which can be rectified in due time. Activism starts by declaring Aadhaar as an evil and hence any following analysis will be biased. But it’s the duty of the government to address issues raised by journalists, rather than retaliating in a defensive manner.

Finally, there’s the criticism of Aadhaar being used to predict human behaviour and activities. This is nonsense. An article by Huffington Post showed how a Twitter user used the authentication history of the UIDAI CEO to learn more about his life. The authentication history was used to arrive at an estimate of the number of bank accounts he has, the name of the telephone service provider, and his location details—but we still don’t know anything about him!

Using Aadhaar authentication, one can at best get the location of the person, including the date and time. This is not prediction—it’s data. Prediction is the ability to pinpoint what the person has done in a particular location and what a person will do next. Using the Aadhaar authentication history alone, it would be very difficult to predict human activities.

There are far better approaches to predict human activities using SMSes and call records, as shown in this 2010 study which used cell phone tower records to achieve a 93 per cent potential predictability in human mobility.

Activists are convinced Aadhaar is unconstitutional and does not help reduce corruption. The five-judge bench declared Aadhaar to be constitutional. On Twitter, some have started taking a dig at the verdict saying that it penalised the poor more than the middle class, such as this. This reaction is not surprising. The champions of the poor are unable to understand that these terms are illusory to the poor and marginalised.

I am always intrigued by the asymmetry of fears—the inequality of fears that arise due to perception rather than rationality. In the case of Aadhaar, the variables of interest, in the long run, will reach an acceptable level of performance. With each attack, the Aadhaar system will improve.

The perception of Aadhaar as an evil is the byproduct of urban activism. Aadhaar is simply an identity verification system with technical flaws. With continuous improvement, it will help reduce the leakages in the public distribution system and increase the efficiency of government services. Aadhaar is not a battle.