This week marks the one year anniversary of the judgement of the Supreme Court of India on the legality of Aadhaar—India’s national digital identity programme. The judgement limited the scope of Aadhaar to use only by the government for disbursement of benefits and subsidies, which are charged to the Consolidated Fund of India. The Supreme Court established that the programme must not be linked to other identity mechanisms, and abrogated the use of Aadhaar based authentication by private entities, except in few cases.
Justice Chandrachud, in his dissenting opinion, went even further and even called the passage of the Aadhaar bill in the Parliament of India as a fraud on the constitution. He held that the Aadhaar programme must be nullified in its entirety. He took note of the privacy issues, surveillance potentialities and exclusionary harms of the programme, among other things - to opine that the Aadhaar programme did not protect the rights of the citizens, was fraught with too many issues, did more harm than good, and was irreparable.
Interestingly, across multiple oceans, the Supreme Court of Jamaica held that the National Identification and Registration Act - the enabling act for an Aadhaar-like identity programme in Jamaica was unconstitutional and held it to be null and void. They relied on the dissenting opinion of Justice Chandrachud in the Indian case of Aadhaar.
The Jamaican example is not an anomaly. As I write today, the Kenyan High Court is evaluating and litigating the constitutionality of their very own national digital identity programme - Huduma Namba. The similarities of proposed or recently implemented digital identity programmes play themselves out across geographies, from Malaysia and the Philippines, to Kenya, Jamaica and Venezuela. World over, there is a proliferation of centralised and ubiquitous digital identity programmes backed by governments, and international agencies. The world is clearly not learning from the Indian experience; some still insist on trying to pitch Aadhaar as a shining example of the benefits of national digital identity.
Why is Digital Identity considered a panacea?
Digital Identity, for all its perceived complexity, essentially leverages technology for the purposes of identification and authentication of individuals. It does the same job as your conventional identity, except that it uses an encrypted chip, sms, biometrics or some other digital means for authentication. The promised benefit of digital identity was of scale and efficiency in identification and authentication. Since one would be able to authenticate more accurately, and without the need of subjective human opinion - agency costs in traditional identity ecosystems, especially in the case of delivery of benefits and services, would be reduced. Governments, international development agencies and multilateral agencies could not have been happier.
However, like it happens with most technology solutions, the champions of digital identity took the technology to its extreme without accounting for its downside. The benefit of digital identity is also its curse. The scalability of digital identity also scales its issues exponentially. If a badly designed and implemented digital identity programme is not able to enroll, identify or authenticate a certain kind of user input—the exclusion of those individuals gets baked into the system. If there is a data leak or breach in the system, the data of a whole population is made vulnerable. The centralisation of authentication also ends up creating a centralised repository of information—which can be misused by the entities of the state or private actors with access to the database. The use of biometrics for authentication purposes, while appealing due to its ease, also means that once biometric information is compromised, the system becomes irreparable.
Systems must be designed to be robust, with the harms minimised. The current trend of digital identity programmes not only ignores these issues, but also take away agency from the users by not providing them any rights or remedies. The result: propagation of fragile systems without any recourse to users.
To extend the problem even further, having ignored the potential harms of the system and not providing the users of the system enough recourse, governments decided to deploy the technology to solve all possible problems - banking, mobile phone usage, tax filings, death registrations - to name a few. As they say, to the person with a hammer, everything looks like a nail.
Through this dispensation, the proponents of digital identity ended up advocating for mammoth digital identity systems, with access to most aspects of a users life, which are fragile to a multitude of issues and don’t provide its users adequate rights and recourse. Vulnerable populations, such as the poor, end up suffering the most from the inadequacies of a digital identity system. Even multilateral agencies working with marginalised populations such as refugees are ignorant of these gaps.
Socrates to the rescue
The current dispensation must go back to basics, introspect and indulge in some first principles thinking. Irrespective of one’s stance on digital identity, I think everyone would agree that the intent of any technology must be serve its users. So, as a first step, governments, international development agencies and all other stakeholders would do well to deploy a user centric lens in evaluating digital identity programmes. The logical next step would be to heed Socrates’ advice and ask the “Why” question. Each digital identity proposal must be questioned and evaluated to check if they benefits the users, empower their rights and are robust enough to eliminate the risks to users.
It is disheartening to see that governments are not yet learning from these questions, their past mistakes and the deliberations of various courts of law such as the judgement on Aadhaar. The Indian Home Minister recently proposed the development of a “multi-purpose” identity card for Indians. While the contours of the proposal are unclear, they do betray an ignorance of the core issues related to digital identity programmes. With the trend of proposals for centralised national digital identity programmes, there is another, more heartening trend, of experts, technologists and activists raising their voice to ask this question - Why ID?