20180206-aadhar-2-0-leveraging-blockchain.JPG

The Vivekananda International Foundation (VIF) organized an interaction the topic being "Aadhar 2.0: Leveraging Blockchain" on 23rd January, 2018. Presentation on the topic was given by Sh. Vinayak Dalmia, Co-founder, Amber Health, and Smt. Shikha Mehra, Senior Research Associate, Jindal Global Law School and Member, Digital Asset and Blockchain Foundation of India.

The speakers emphasised on the centrality which Aadhar has acquired in our policy discourse and governance. The humongous task of providing a unique identity to more than one billion population is a phenomenal achievement in itself. According to Nandan Nilekani, the Government aims to save around 9 billion dollars by reducing the leakages that have plagued the system for long. While the data collected has proved to be a goldmine for the Government in increasing the efficiency of welfare expenditure and targeting of beneficiaries, it is also a vulnerability when dependency on Aadhar is increasing as it turns into a single point of contact. The current structure of a centralised Aadhar database seems to have a higher probability of data breach. In the era of cyber warfare, protection of Aadhar database is very critical, not only from foreign state and non-state actors, but also from rogue elements within the state. Accordingly, the Unique Identification Authority of India (UIDAI) has announced institution of virtual Identity and face detection recently in a bid to improve the security of the database.

The speakers explained certain structural flaws that have been identified in the Aadhar value chain, including, but not limited to, the following:-

a. The outsourcing of enrolment to private agencies, many of which, in spite of going through training, may not be able to secure the data at the point of data entry in the system.
b. The list of manufacturing companies licensed by the Government to source hardware from had names of companies and subsidiaries which have been associated in such critical operations in many other countries.
c. Raising possibility or incentive for conflict of interests.
d. The data management and security is centralised in the Aadhar structure which would also mean that it is exposed to single entry failure. The decryption key is also not with any 3rd independent agency, but with the same actors who manage the database.
e. Allied applications, including Government applications which use Aadhar as an element to authenticate users, like payment gateways or Unified Payment Interface (UPI) is primarily on android platform, where insertion of malware in any of the application may result in breach of Aadhar data of those particular users.
f. There are some states and government agencies which are in the process or have already created a parallel database with biometrics and other private information on the lines of Aadhar, for example, the Bhamashah Card in Rajasthan, Smart Cards for fishermen in Kerala, etc. These parallel databases are also being linked to Aadhar. The security of those parallel databases may not be as robust as Aadhar, and after linkage, it may spill over to Aadhar database also.

A possible solution to these problem can come from leveraging the ‘blockchain’ technology for Aadhar. Through blockchain, we can manage the system while substantially minimizing the risk of the data theft that the centralized database seems to be posing. Originated from ‘Bitcoin’ protocol and devised by Satoshi Nakamoto, blockchain will decentralise the current database at multiple locations and each user will have a copy of the same data with all the entries visible like in a distributed ledger. The success ingredient of this algorithm is a procedure by which entities can achieve consensus over authenticity. This was designed to improve transparency, and will also enhance security in case of Aadhar. The algorithm has proved to be robust and safe from hacking till now. The distributed ledger, in totality, is still one of the most secure systems we have, and any attempt by an individual or a group of individual to alter the ledger would be rejected by the system. The blockchain will alter the current structure into something where there are no master nodes, not even the Government ones; it will be a networked architecture with peer-to-peer connectivity.

The proposed structure, according to the speakers, would have numerous benefits. The network integrity will increase, authentication would become immutable, power will be distributed, there will be incentive to add value and overall privacy will be protected in a better manner. Instead of government control of the citizen data, the citizen will be responsible and will act like a ‘self-sovereign entity’. The way we control our physical world can also be replicated in the digital world. Only the amount of information needed for a particular process to work will be displayed to the respective entity. The Government can create certified public authority to help the process. The new ecosystem therefore would have a unique decentralised identifier where a Direct Inward Dialing (DID) object would be linked to the identifier. The blockchain would only have DIDs which can identify credentials on a need to know basis. Individuals would be able to only view the ledger but can’t corrupt it by altering any entry. Government agencies may have the authority to modify the ledger on the specific mandate, and each modification would be visible to the entire ecosystem.

In the larger context of blockchain and Aadhar, the speakers put two question the Government needs to decide on a policy basis. First, can we secure the existing Aadhar database with the help of blockchain, adding an extra iron-fence in its security architecture? And second, in long term, can we create a model where the identity is with the individual and the individual is treated as a ‘self-sovereign entity’? The current centralised database can be shredded into small pieces of information using blockchain and stored independently, substantially reducing the amount of information at risk from cyber threats. An analogy can be made to break a complete picture into number of pixels and storing all pixels at different location.

Debate is ongoing within India and across the world to leverage blockchain for identity management. In India, the Chhattisgarh Government has come up with proven concept for the same. Many governments of other nations are also looking into providing digital identity to their citizens. The UN is contemplating its use to issue digital cards for refugees and their children. However, like all technologies, blockchain is not the destination but an important milestone in the ongoing march of technology. The speakers identified certain developments, which if and when happen, can affect the robustness of the blockchain technology. These include advent of quantum computing, hash graph etc. In India, specific challenges of digital literacy also loom large.

The presentation was followed by an illuminating discussion. The sector specific use of blockchain to create elegant niche was also thought of, for example, for passport services, for supply chain management etc. Land records digitized with blockchain technology in combination with geospatial technology can be a boon for governance in general, and property litigation in particular. An idea was mooted whether this technology can be utilized for preparation of national population register. The food for thought after the discussion was to determine with relevant stakeholders, as to what will be the resource requirements, time and capital, to convert the existing Aadhar database from centralized database to decentralized ledger using blockchain technology, and how to optimize it.