How blockchaining Aadhaar can help
If Aadhaar was built on a blockchain platform, most of the concerns could be assuaged as the database would be immensely difficult to hack
The Supreme Court’s landmark judgment, where the Right to Privacy has been termed as a fundamental right under the Indian Constitution, is a very big deal. The fact that the court has accorded privacy such an esteemed place in our Constitution is very significant and has multiple ramifications.
Heated conversations are already taking placing on issues such as the lesbian, gay, bisexual, transgender and queer (LGBTQ) status, the “beef ban”, the data that mobile companies and social networks collect and keep, and Section 66A of the IT Act. However, no other impact area, perhaps, is being discussed as much as what it does to the poster child of the government: Aadhaar, and the Unique Identification Authority of India (UIDAI).
I believe every country needs an identity system, and this is even more true in the case of a large, heterogenous entity of more than a billion people which is India. Having a unique, immutable identity associated with every citizen is vital for governance and security. This is important to pass on benefits and subsidies in sectors such as insurance, education and healthcare. Identity is also vital to ensure that people do not misuse the system with duplication, example of PAN (permanent account number) cards, licences and other such documents. That is why banks, telecom services providers, and everyone else has the concept of KYC (know your customer). For the government to have “one-KYC-to-rule-them-all”, or a National Identity System is critical, and far more efficient than having multiple ones.
In this respect, Aadhaar has been a phenomenal initiative, both in conception and executing. More than a billion Indians have a unique identity now, with both their basic demographics and biometrics recorded in a secure, central database. This has already started yielding major benefits. Aadhaar has made getting passports, mobile services, bank accounts and many other such services much faster. Kotak Bank Ltd and DBS Bank, among others, have started offering near-instant bank accounts, while Jio offers instant data connections.
PAN cards and driving licences are being de-duplicated (eliminating duplication), resulting in massive fraud prevention. The fact that Aadhaar—along with bank accounts (Jan Dhan) and mobile phones—is being opened up as a platform, creating the JAM (Jan Dhan, Aadhaar and Mobile) stack or the India Stack (set of open application programming interfaces, or APIs), is a huge leap forward in its utility. Large and small companies can sit on this stack, and use the identity, connectivity, banking and payment (UPI) infrastructure to create massive products and services, and simplify existing ones considerably.
Nevertheless, there has been a huge amount of scepticism and debate on the safety and security of the Aadhar database. There are fears that Chinese (or any other) hackers will hack into the database. There are even greater fears that any government or authority with malevolent intent will have access to the personal information and location of every Indian citizen and, therefore, the ability to inflict extreme surveillance and targeted damage.
The government claims that the UIDAI database is in a central server with super-tight security, protected by best-in-class cryptography. There are strong laws around what can be accessed and by whom, for example biometric information is always anonymised. Having said that, these concerns, howsoever paranoid, are real. Unfortunately, hackers are always ahead of the game, and have broken into the super-secure systems like the NSA (National Security Agency) in the US, and Britain’s NHS (National Health Service). And what is to prevent a government or a dictator from amending the laws and going after its own citizens, using this targeted information?
That is where blockchain comes in. We have discussed this technology often, and to revise: it is a distributed database shared among a network of computers, all of which must approve a transaction before it can be recorded. So, it is essentially a universal ledger of digital records (or identity)—one that’s shared between various parties. It can only be updated by consensus of a majority of the participants. And, once entered, information can never be erased.
Now, if Aadhaar was built on a blockchain platform (and, to the best of my knowledge, it is not yet), most of the concerns could be assuaged. The database would be immensely difficult to hack: besides getting around the state-of-the-art cryptographic protection, the hackers would need to hack into multiple nodes or servers, rather than just one. The distributed consensus nature of the blockchain would prevent malicious attacks, until 51% of the nodes would be compromised.
Similarly, a properly designed Aadhaar-on-blockchain would potentially allay the ‘surveillance’ fear: think of the blockchain having multiple nodes —the UIDAI, a court, a few ministries, Parliament, or any other such entity. For any data to be compromised or any malevolent attempt to happen, again multiple entities would have to agree to it and authenticate it, rather than one central authority! Again, but its very nature, all records will be immutable and for a record to be changed, the entire blockchain would need to be compromised, which is difficult to do. The system could harness other benefits of blockchains like smart contracts, for example, to execute certain events automatically.
I am sure that there are perhaps large technology challenges to be addressed for this to happen, but these would be surmountable. One could make a large private or permissioned blockchain (when a group of participants are given the express authority to provide the validation of blocks of transactions in the blockchain network), for example, which would be custom built to requirements. While blockchain is an emerging technology, it is almost tailor-made for massive applications like this one, and many countries have embraced this by putting assets and identity on blockchains. Estonia, while a tiny country, in fact, has all assets and identities on a blockchain network, and markets itself as ‘country as a service’!
Aadhaar is a very important and critical initiative. It must not be weakened by the privacy doubts surrounding it, or by the fear of vulnerability to its hacking. We must wrest the initiative that the Supreme Court judgement gives us. Let’s seriously explore blockchain and see what we can retrofit, or perhaps even think of Aadhaar 2.0 on blockchain.
The author is senior vice-president, digital transformation, Mahindra Group.