AUDIT REPORT OF CAG ON THE ‘FUNCTIONING OF UNIQUE IDENTIFICATION AUTHORITY OF INDIA’

THE CONTEXT: In April 2022, the Comptroller and Auditor General (CAG) presented a Performance Audit Report on ‘Functioning of Unique Identification Authority of India’. This Report of the Comptroller and Auditor General of India contains significant observations and recommendations emanating out of the Performance Audit conducted on ‘Functioning of Unique Identification Authority of India’.

This article explains the findings and recommendations by the comptroller and Auditor General of India in its recent report.

KEY POINTS ABOUT THE AUDIT REPORT

  • The Performance Audit included an assessment of the Enrollment and Update Ecosystems as well as the Authentication Ecosystems of the UIDAI for the period from 2014-15 to 2018-19.
  • Audit scrutinized the processes beginning right from the enrollment up to the delivery of Aadhaar number and subsequent use of the authentication services.
  • The systems put in place for maintaining security and confidentiality of data were also subject to audit examination.

About Unique Identification Authority of India

  • The Unique Identification Authority of India (UIDAI) is a statutory authority established under the provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act 2016”) on 12 July 2016 by the Government of India, under the Ministry of Electronics and Information Technology (MeitY).
  • Purpose: UIDAI was created to issue Unique Identification numbers (UID), named “Aadhaar”, to all residents of India.
  • The UID had to be:
  • robust enough to eliminate duplicate and fake identities, and
  • verifiable and authenticable in an easy, cost-effective way.
  • As of 31 October 2021, the Authority has issued 131.68 crore Aadhaar numbers to the residents of India.
  • Under the Aadhaar Act 2016, UIDAI is responsible for Aadhaar enrollment and authentication, including operation and management of all stages of the Aadhaar life cycle, developing the policy, procedure, and system for issuing Aadhaar numbers to individuals, and performing authentication and the security of identity information and authentication records of individuals.

UNDERSTANDING THE KEY FINDINGS OF THE REPORT

NO DOCUMENTS FOR PROOF OF RESIDENCY:

  • The Aadhaar Act stipulates that an individual should reside in India for 182 days or more in the twelve months immediately preceding the date of application for being eligible to obtain an Aadhaar.
  • In September 2019, this condition was relaxed for non-resident Indians holding valid Indian Passport. However, UIDAI has not prescribed any specific proof/ document or process for confirming whether an applicant has resided in India for the specified period and takes confirmation of the residential status through a casual self-declaration from the applicant.
  • There was no system in place to check the affirmations of the applicant. As such, there is no assurance that all the Aadhaar holders in the country are ‘Residents’ as defined in the Aadhaar Act.

DE-DUPLICATION PROBLEM:

  • The uniqueness of the identity of the applicant, established through a de-duplication process, is the most important feature of Aadhaar.
  • It was seen that UIDAI had to cancel more than 4.75 lakh Aadhaars (November 2019) for being duplicates.
  • There were instances of issues of Aadhaars with the same biometric data to different residents indicating flaws in the de-duplication process and issues of Aadhaars on faulty biometrics and documents.
  • Though UIDAI has taken action to improve the quality of the biometrics and has also introduced iris-based authentication features for enrollment for Aadhaar, the database continued to have faulty Aadhaars, which were already issued.

ISSUE OF AADHAAR NUMBERS TO MINOR CHILDREN:

  • Issue of Aadhaar numbers to minor children below the age of five, based on the biometrics of their parents, without confirming the uniqueness of biometric identity goes against the basic tenet of the Aadhaar Act.
  • Apart from being violative of the statutory provisions, the UIDAI has also incurred an avoidable expenditure of ₹310 Crore on the issue of Bal Aadhaars till 31 March 2019.
  • The UIDAI needs to review the issue of Aadhaar to minor children below five years and find alternate ways to establish their unique identity, especially since the Supreme Court has stated that no benefit will be denied to any child for want of an Aadhaar document.

DEFICIENT DATA MANAGEMENT:

  • All Aadhaar numbers were not paired with the documents relating to the personal information of their holders, and even after nearly ten years, the UIDAI could not identify the exact extent of the mismatch.
  • Though with the introduction of online scanning (July 2016), the personal information documents were stored in CIDR, which stands for (Classless Inter-Domain Routing)the existence of unpaired biometric data from an earlier period indicated deficient data management.

NO DATA ARCHIVING POLICY:

  • UIDAI maintains one of the largest biometric databases in the world; but does not have a data archiving policy, which is considered to be a vital storage management best practice.

LACK OF MONITORING SYSTEM:

  • UIDAI had not effectively monitored funds released to States as Grants-in-Aid towards ICT assistance for creating infrastructure.

ISSUES IN THE GRIEVANCE REDRESSAL SYSTEM:

  • The process of capturing grievances/complaints have not been streamlined and does not display a clear picture for analysis.
  • The complaints lodged at the RO (Registered Organizations) level did not get the attention of UIDAI HQ, compromising the effectiveness of the grievance redressal mechanism, besides the delays in the settlement of grievances.

INEFFECTIVE DELIVERY SYSTEM:

  • UIDAI’s arrangements with the Department of Posts were not adequate to guarantee delivery of Aadhaar letters to the right addressee, as seen from the large number of Aadhaar letters being returned as undelivered.

RECOMMENDATIONS BY COMPTROLLER AND AUDITOR GENERAL OF INDIA

PRESCRIBE A PROCEDURE FOR SELF-DECLARATION:

  • UIDAI may prescribe a procedure and required documentation other than self-declaration in order to confirm and authenticate the residence status of applicants, in line with the provisions of the Aadhaar Act.

TIGHTEN THE Service Level Agreements (SLA) PARAMETERS OF BIOMETRIC SERVICE PROVIDERS (BSPS):

  • UIDAI may tighten the Service Level Agreements (SLA) parameters of Biometric Service Providers (BSPs), devise foolproof mechanisms for capturing unique biometric data, and improve upon their monitoring systems to proactively identify and take action to minimize multiple/ duplicate Aadhaar numbers generated.
  • UIDAI may also review a regular updation of technology.
  • UIDAI also needs to strengthen the Automated Biometric Identification System so that generation of multiple/duplicate Aadhaars can be curbed at the initial stage itself.

EXPLORE ALTERNATE WAYS TO CAPTURE THE UNIQUENESS OF BIOMETRIC IDENTITY FOR MINORS:

  • UIDAI may explore alternate ways to capture the uniqueness of biometric identity for minor children below five years since uniqueness of identity is the most distinctive feature of Aadhaar established through biometrics of the individual.

REVIEW CHARGING OF FEES FOR VOLUNTARY UPDATES:

  • UIDAI may review the charging of fees for the voluntary update of residents’ biometrics since they (UIDAI) were not in a position to identify reasons for biometric failures and residents were not at fault for the capture of poor quality of biometrics.

FRAME A SUITABLE DATA ARCHIVAL POLICY:

  • UIDAI may frame a suitable data archival policy to mitigate the risk of vulnerability to data protection and reduce the saturation of valuable data space due to redundant and unwanted data by continuously weeding out unwanted data.

LEVYING PENALTIES:

  • UIDAI may levy penalties on Biometric Service Providers for deficiencies in their performance in respect of biometric de-duplication and biometric authentication. Agreements in this regard should be modified if required.

OTHERS:

  • Reducing dependence on other agencies for support.
  • Improvement in the financial management of grants.
  • Introducing a single centralized system for grievance redressal.

 THE WAY FORWARD

  • UIDAI should immediately take steps as per the recommendation suggested in the CAG report.
  • The Public Account Committee should also examine the functioning of the UIDAI in the highlight of the CAG report. Public Account Committee can provide further recommendations for improvement of its working.
  • UIDAI should adhere to the principles of the RTI and put the information suo-moto in the public domain. This will generate an element of accountability and improvement for the agency.
  • As the Aadhaar ecosystem is being used for multiple purposes. The agencies should scale up and streamline their infrastructural capacity to meet the increasing requirements.

THE CONCLUSION: Aadhaar is a revolutionary tool that promises to transform our country’s governance, and UIDAI has a significant role in it provided that the emerging issues need to be taken care of and confidence is built among citizens. Although UIDAI is playing its crucial role the recent report of CAG and the issues highlighted need to be addressed for an effective delivery system and gaining the trust of citizens.

Questions for Mains:

  1. Discuss the issues highlighted in the Performance Audit Report of CAG ‘Functioning of Unique Identification Authority of India’. Suggest effective measures to resolve these issues.
  2. Aadhaar is a revolutionary tool that promises to transform our country’s governance and UIDAI has a significant role in it provided the problems in its functioning are addressed. Explain.

ADD TO YOUR KNOWLEDGE

CIDR– CIDR stands for Classless Inter-Domain Routing. It is an IP address assigning method that improves the efficiency of address distribution. It is also known as super netting replaces the older system based on classes A, B, and C networks. By using a single CIDR IP address many unique IP addresses can be designated.