Audit Report of CAG on the Functioning of the UIDAI | 08 Apr 2022

For Prelims: CAG, UIDAI, Aadhaar Act 2016

For Mains: Aadhaar and related issue

Why in News?

Recently, the Comptroller and Auditor General (CAG) of India, has pulled up the Unique Identification Authority of India (UIDAI) over a range of issues related to the issuance of Aadhaar cards.

  • The findings are part of the first performance review by the country’s independent auditor of UIDAI, which was carried out over a four-year period between FY2015 and FY2019.

Unique Identification Authority of India

  • Statutory Authority: The UIDAI is a statutory authority established on 12th July 2016 by the Government of India under the jurisdiction of the Ministry of Electronics and Information Technology, following the provisions of the Aadhaar Act 2016.
    • The UIDAI was initially set up by the Government of India in January 2009, as an attached office under the aegis of the Planning Commission.
  • Mandate: The UIDAI is mandated to assign a 12-digit unique identification (UID) number (Aadhaar) to all the residents of India.
    • As of 31st October 2021, UIDAI had issued 131.68 crore Aadhaar numbers.

What are the Issues Highlighted by CAG?

  • No Documents for Proof of Residency:
    • UIDAI has not prescribed any specific proof/document or process for confirming whether an applicant has resided in India for the specified period, and takes confirmation of the residential status through a casual self-declaration from the applicant.
    • Also, there was no system in place to check the affirmations of the applicant.
      • In India, Aadhaar numbers are only issued to individuals who have resided for a period of 182 days or more in the 12 months before the date of application.
  • De-duplication Problem:
    • According to the CAG report, the UIDAI had to cancel more than 4,75,000 Aadhaars (as of November 2019) for “being duplicate”.
    • This data indicates that on average no less than 145 Aadhaars generated in a day during the period of nine years since 2010 were duplicate numbers requiring cancellation.
      • The purpose of the Aadhaar system is that it is unique – that is, no individual can obtain two Aadhaar numbers, and that a specific person’s biometrics cannot be used to obtain Aadhaar numbers for different people.
  • Faulty Enrolment Process:
    • UIDAI appeared to have charged people for biometric updates when poor quality data was fed in during enrolment.
    • UIDAI did not take responsibility for poor quality biometrics and put the onus on the resident and charged fees for it.
  • Matching Aadhaar Numbers to their Actual Documents:
    • All the Aadhaar numbers stored in the UIDAI database were not supported with documents on the demographic information of the resident.
    • It “caused doubts about the correctness and completeness of resident’s data collected and stored by UIDAI prior to 2016”.
  • Children Below the Age of Five:
    • The audit was also critical of UIDAI’s move to issue Aadhaar cards to children and newborns without biometrics under an initiative known as Bal Aadhaar.
    • This needs to be reviewed because anyway after 5 years, a child has to apply for new regular Aadhar. The unique identity is not matched anyway because it is issued on the basis of documents of parents.
    • Apart from being violative of the statutory provisions, the UIDAI has also incurred avoidable expenditure of Rs 310 crore on the issue of Bal Aadhaars till 31st March 2019.
      • In Phase- II of ICT assistance a further sum of Rs 288.11 crore was released up to the year 2020-21 to states/schools primarily for the issuance of Aadhaars to minor children.

What are the Recommendations?

  • Prescribe a Procedure for Self Declaration:
    • UIDAI may prescribe a procedure and required documentation other than self-declaration, in order to confirm and authenticate the residence status of applicants, in line with the provisions of the Aadhaar Act.
  • Tighten the SLA parameters of Biometric Service Providers (BSPs):
    • UIDAI may tighten the Service Level Agreement (SLA) parameters of Biometric Service Providers (BSPs), devise foolproof mechanisms for capturing unique biometric data and improve upon their monitoring systems to proactively identify and take action to minimize, multiple/ duplicate Aadhaar numbers generated.
  • Explore Alternate Ways to Capture Uniqueness of Biometric Identity for Minor:
    • UIDAI may explore alternate ways to capture uniqueness of biometric identity for minor children below five years since uniqueness of identity is the most distinctive feature of Aadhaar established through biometrics of the individual.
  • Proactive Steps to Identify and Fill the Missing Documents:
    • UIDAI may take proactive steps to identify and fill the missing documents in their database at the earliest, in order to avoid any legal complications or inconvenience to holders of Aadhaar issued prior to 2016.
  • Review Charging of Fees for Voluntary Update:
    • UIDAI may review charging of fees for voluntary update of residents’ biometrics, since they (UIDAI) were not in a position to identify reasons for biometric failures and residents were not at fault for capture of poor quality of biometrics.
  • Conduct thorough Verification of the Documents:
    • UIDAI may conduct thorough verification of the documents, infrastructure, and technological support claimed to be available, before on-boarding the entities (Requesting Entities and Authentication Service Agencies) in the Aadhaar ecosystem.
  • Frame a Suitable Data Archival Policy:
    • UIDAI may frame a suitable data archival policy to mitigate the risk of vulnerability to data protection and reduce saturation of valuable data space due to redundant and unwanted data, by continuous weeding out of unwanted data.

UPSC Civil Services Examination, Previous Year Questions (PYQs)

Q. Consider the following statements: (2018)

  1. Aadhaar card can be used as a proof of citizenship or domicile.
  2. Once issued, Aadhaar number cannot be deactivated or omitted by the Issuing Authority.

Which of the statements given above is/are correct?

(a) 1 only
(b) 2 only
(c) Both 1 and 2
(d) Neither 1 nor 2

Ans: (d)

  • The Aadhaar platform helps service providers authenticate identity of residents electronically, in a safe and quick manner, making service delivery more cost effective and efficient. According to the GoI and UIDAI, Aadhaar is not proof of citizenship.
  • However, UIDAI has also published a set of contingencies when the Aadhaar issued by it is liable for rejection. An Aadhaar with mixed or anomalous biometric information or multiple names in a single name (like Urf or Alias) can be deactivated. Aadhaar can also get deactivated upon non-usage of the same for three consecutive years.

Q. Consider the following statements: (2020)

  1. Aadhaar metadata cannot be stored for more than three months.
  2. State cannot enter into any contract with private corporations for sharing of Aadhaar data.
  3. Aadhaar is mandatory for obtaining insurance products.
  4. Aadhaar is mandatory for getting benefits funded out of the Consolidated Fund of India.

Which of the statements given above is/are correct?

(a) 1 and 4 only
(b) 2 and 4 only
(c) 3 only
(d) 1, 2 and 3 only

Ans: (b)

  • As per a Supreme Court ruling of September, 2018, Aadhaar metadata cannot be stored for more than six months.
  • The Supreme Court has struck down Section 2(d) of the Aadhaar Act which allowed storage of such data for a period of five years, to refrain government authorities from storing metadata of transactions.
  • SC has also struck down Aadhaar Regulation 26(c) which allowed Unique Identification Authority of India (UIDAI) to store metadata relating to Aadhaar based authentications or authentication history for private firms. Accordingly, Insurance Regulatory and Development Authority of India (IRDAI) has directed insurance companies not to mandatorily ask for the Aadhaar details for know-you-customer (KYC) requirements or carry out authentication using e-KYC from UIDAI.
  • Further, the Amendment made to Section 7 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 has been upheld. It stipulates a condition that the State government can mandate use of Aadhaar authentication for beneficiaries for receipt of a subsidy, benefit or service for which the expenditure is incurred from the Consolidated Fund of India.

Q. The identity platform ‘Aadhaar’ provides open “Application Programming Interfaces (APIs)”. What does it imply? (2018)

  1. It can be integrated into any electronic device.
  2. Online authentication using iris is possible.

Which of the statements given above is/are correct?

(a) 1 only
(b) 2 only
(c) Both 1 and 2
(d) Neither 1 nor 2

Ans: (c)

  • API is the acronym for Application Programming Interface, which is a software intermediary that allows two applications to communicate with each other.
  • Open API allows for building Aadhaar enabled applications. Such applications can integrate the app or website with Aadhaar and use authentication services.
  • APIs support multi-mode authentication (Iris, fingerprint, OTP and biometric).

Source: IE