Case Study: Aadhaar — India's Digital Identity Experiment

"Aadhaar is the world's largest experiment in digital identity. Its outcomes will determine whether biometric identity systems are a tool of inclusion or a mechanism of control." — Reetika Khera, Dissent on Aadhaar (2019)

Overview

In 2009, the Government of India launched what would become the world's largest biometric identification program: Aadhaar (Hindi for "foundation"). The goal was ambitious — to assign a unique 12-digit identification number, linked to fingerprints and iris scans, to every resident of India. By 2024, over 1.38 billion Aadhaar numbers had been issued, covering virtually the entire population.

Aadhaar was designed to solve a problem that governance scholars call the "identity gap." Hundreds of millions of Indians — particularly the rural poor, women, migrant workers, and people in scheduled castes and scheduled tribes — lacked formal identification documents. Without ID, they could not open bank accounts, receive government subsidies, file taxes, or prove their identity for countless official purposes. The identity gap was not merely an inconvenience; it was a structural barrier to economic participation and social inclusion.

But Aadhaar did not merely fill the identity gap. It became the foundation for India's entire digital public infrastructure — connecting to bank accounts (through Jan Dhan), mobile phones (through the India Stack), payment systems (through UPI), and government services (through DigiLocker). In the process, it created the world's most comprehensive biometric database and raised fundamental questions about surveillance, consent, exclusion, and the governance of identity itself.

Skills Applied: - Analyzing large-scale digital identity systems through a data governance lens - Evaluating the trade-offs between inclusion and surveillance - Assessing the governance implications of biometric data at scale - Connecting a specific national system to global data governance debates

The System's Architecture

Biometric Foundation

Aadhaar collects three types of biometric data from each enrollee:

• Ten fingerprints — all ten fingers, both hands
• Two iris scans — both eyes
• A facial photograph

This biometric data is linked to a 12-digit unique identification number and stored in the Central Identities Data Repository (CIDR), maintained by the Unique Identification Authority of India (UIDAI).

Authentication

Aadhaar enables identity authentication through multiple methods:

• Biometric authentication — the user provides a fingerprint or iris scan, which is matched against the CIDR database
• Demographic authentication — the user provides name, date of birth, gender, and address, which are matched against the database
• OTP authentication — a one-time password sent to the registered mobile number

Each authentication event generates a record: who authenticated, when, where, and for what purpose. These records are retained by the UIDAI and, in aggregated form, provide a comprehensive log of a person's interactions with services across the economy.

The India Stack

Aadhaar is the base layer of India's "India Stack" — a set of interoperable digital public infrastructure layers:

• Identity layer (Aadhaar) — biometric identity for authentication
• Payments layer (UPI) — instant mobile payments between bank accounts
• Data layer (DigiLocker) — secure storage and sharing of official documents
• Consent layer (Account Aggregator) — framework for financial data sharing with user consent

The India Stack model has been studied and, in some cases, partially replicated by other countries — including several in Africa and Southeast Asia — as a model for digital public infrastructure.

The Benefits: Inclusion and Efficiency

Financial Inclusion

Before Aadhaar, an estimated 40% of Indian adults did not have a bank account. The combination of Aadhaar (providing identity verification), Jan Dhan Yojana (a government program to open no-frills bank accounts), and UPI (enabling instant digital payments) dramatically expanded financial access. By 2023, India had over 500 million Jan Dhan bank accounts, and UPI processed over 10 billion transactions per month.

For people who had been excluded from the formal financial system — women in rural areas, migrant workers, individuals without traditional ID documents — Aadhaar-linked banking provided access to savings, credit, insurance, and government transfers.

Subsidy Delivery

India's government spends billions of dollars annually on subsidies — for food, fuel, fertilizer, and other essential goods. Before Aadhaar, subsidy delivery was plagued by "leakage" — funds diverted through ghost beneficiaries (fictitious recipients), duplicate entries, and intermediary corruption. The government estimated leakage rates of 30-40% in some programs.

Aadhaar-based direct benefit transfer (DBT) aimed to reduce leakage by linking subsidies to verified biometric identities and depositing funds directly into beneficiaries' bank accounts, bypassing intermediaries. The government has claimed significant savings from reduced fraud — though independent verification of these claims has been contested.

Service Delivery

Aadhaar simplified interactions with government services: tax filing, passport applications, mobile SIM registration, and dozens of other processes that previously required multiple paper documents and in-person visits. For a bureaucracy long characterized by inefficiency and gatekeeping, digital verification represented a meaningful reduction in barriers.

The Risks: Surveillance, Exclusion, and Consent

The Surveillance Infrastructure

Aadhaar's authentication system generates detailed logs of when and where individuals interact with services. Over time, these logs can construct comprehensive profiles of individuals' movements, financial transactions, government service usage, and daily patterns.

Civil society organizations have raised several specific surveillance concerns:

Function creep. Aadhaar was originally designed for government subsidy delivery. Its use has expanded to mobile phone registration, tax filing, banking, school enrollment, and even private-sector services. Each expansion extends the surveillance footprint. The lack of a clear legal limitation on Aadhaar's scope created conditions for continuous expansion.

Government access. The DPDP Act's exemptions for government agencies mean that the government can access Aadhaar-linked data without the consent and data minimization requirements that apply to private entities. In a country with a complex political landscape and a history of state surveillance of dissidents, journalists, and minority communities, this asymmetry is significant.

Centralized vulnerability. The CIDR is a single point of failure. A breach of the central database would expose the biometric data of over 1.3 billion people — data that, unlike passwords, cannot be changed. Reports of data breaches and unauthorized access to Aadhaar databases have surfaced repeatedly, though the UIDAI has disputed many of these reports.

Exclusion Errors

The most immediate and devastating harm documented by researchers is exclusion error — legitimate beneficiaries being denied services because Aadhaar-based authentication fails.

Authentication failure can occur for multiple reasons:

• Biometric failure. Manual laborers, elderly people, and individuals with worn fingerprints may fail biometric authentication. Studies have documented failure rates of 5-10% in some populations — rates that, applied to programs serving hundreds of millions, mean tens of millions of people denied access.
• Connectivity failure. Biometric authentication requires a network connection to the CIDR database. In rural areas with unreliable connectivity, authentication attempts may fail even when biometric data is valid.
• Data errors. Misspelled names, incorrect dates of birth, and other data errors in the Aadhaar database can cause demographic authentication failures.

The human cost of exclusion errors is documented and severe. Researchers have linked Aadhaar-related authentication failures to:

• Denial of food rations under the Public Distribution System
• Denial of employment payments under the National Rural Employment Guarantee Act
• Denial of pension payments to elderly beneficiaries
• In extreme cases, deaths attributed to starvation when food rations were denied due to Aadhaar failures

Reetika Khera and Jean Dreze, leading researchers on India's welfare programs, documented multiple cases of people dying after being denied food rations because of Aadhaar authentication failures — calling into question whether the system's efficiency gains justify its human costs.

The Consent Problem

Aadhaar enrollment was technically voluntary but functionally mandatory. The government linked Aadhaar to so many essential services — bank accounts, tax returns, mobile phones, government rations — that opting out meant exclusion from the formal economy. The Supreme Court's Puttaswamy decision (2018) limited mandatory Aadhaar linkage to government subsidy delivery and tax filing, but in practice, Aadhaar's integration into the economy is so deep that meaningful voluntary choice is limited.

The consent fiction here is particularly stark: 1.3 billion people "consented" to the collection and centralized storage of their biometric data, but the conditions of that consent — functional necessity, limited understanding of surveillance implications, and no meaningful alternative — fall far short of informed, voluntary consent.

The Legal Framework

The Puttaswamy Decision

In 2017, the Supreme Court of India ruled in Justice K.S. Puttaswamy v. Union of India that privacy is a fundamental right under the Indian Constitution. The nine-judge bench was unanimous. The decision established the constitutional foundation for challenging Aadhaar's most expansive uses and for requiring comprehensive data protection legislation.

In the 2018 Aadhaar-specific ruling, the Court upheld the system's constitutionality but imposed restrictions: Aadhaar could not be made mandatory for bank accounts, mobile SIM registration, or school enrollment. It could be required for government subsidies and tax filing.

The Digital Personal Data Protection Act (2023)

The DPDP Act, enacted in response to the Puttaswamy directive, provides a framework for data protection — but its government exemptions significantly limit its application to Aadhaar-related government data practices. Civil society organizations have argued that the Act fails to provide meaningful constraints on the government's use of Aadhaar data.

Lessons for Global Data Governance

Aadhaar offers several lessons that extend beyond India:

Digital identity is power. Whoever controls the identity infrastructure controls access to the economy, government services, and civic participation. Identity systems are not neutral technical tools; they are governance infrastructure with profound implications for inclusion, exclusion, and surveillance.

Inclusion and surveillance are not mutually exclusive. Aadhaar demonstrates that a system can simultaneously include millions of previously excluded people in the formal economy and create a surveillance infrastructure of unprecedented scale. Governance must address both dimensions — it is not sufficient to point to inclusion benefits as justification for surveillance risks.

Biometric data governance requires special attention. Unlike passwords, biometric data cannot be changed if compromised. The consequences of a biometric database breach are permanent. This argues for the highest possible security standards, strict purpose limitation, and governance architectures that minimize centralization.

Design choices made early become structural constraints later. Aadhaar's original design — centralized biometric database, broad authentication logging — created structural features that are now extremely difficult to modify. The governance challenges that India faces today were foreseeable at the design stage, when they could have been addressed at much lower cost.

Discussion Questions

1. Is Aadhaar's trade-off — financial inclusion for hundreds of millions in exchange for biometric surveillance of 1.3 billion — justified? What framework would you use to evaluate this trade-off?

2. How does Aadhaar illustrate the "ethical debt" concept from the VitraMed thread? What governance decisions were deferred during Aadhaar's design and rollout, and what is the cost of that deferral?

3. If you were advising another country considering an Aadhaar-like system, what governance safeguards would you require before implementation? Be specific.

4. The DPDP Act exempts government agencies from many data protection provisions. Is this exemption defensible in the context of Aadhaar? Under what conditions would government exemptions from data protection be acceptable?

5. Eli, reflecting on Aadhaar, observed: "It's the same pattern as Detroit. The system was built for 'their benefit' but designed without their participation, and the people who pay the price when it fails are the ones who had no say in building it." Is this parallel valid?

Further Investigation

• Read selections from Reetika Khera (ed.), Dissent on Aadhaar: Big Data Meets Big Brother (Orient Blackswan, 2019).
• Research the India Stack model and its adoption by other countries. What adaptations have been made?
• Compare Aadhaar with Estonia's digital identity system (e-Residency). What governance features differ, and what explains the differences?