May 29, 2023
I’ve written before about India’s approach to digitising public services. I want to talk more about it because – legitimate concerns aside – this is the most ambitious programme of digital democracy anywhere in the world and has rolled out at a speed and scale that is unimaginable to anyone working in UK government.
In 2009, India set out to give every citizen a unique, biometrically-verifiable digital identity which would be used for accessing all public services. Sound far-fetched? Amazingly, this is now a reality.
The foundation of this is Aadhaar, the system that now contains – let this fact sink in for a moment – photographs, fingerprints and iris scans for more than 1.2 billion Indians, including over 99% of the adult population.
It’s not without it’s problems. On the one hand Aadhaar is allowing the government to drive digital inclusion on an unprecedented scale while on the other it risks exposing the biometric data of its entire citizenry through a lack of effective privacy regulation. So what are the lessons?
Incredible opportunity, unintended consequences
Aadhaar is the base layer for the so-called ‘India Stack’ which also includes the Unified Payments Interface (UPI) to enable cashless payments and DigiLocker, where citizens can store documents like driving licences and medical information that can be verified or shared with consent.
The idea is that this stack provides the platform for government, citizens and the private sector to transact with each other in a more frictionless way. This has happened with dramatic effects. Huge cost-savings for ID verification have allowed banks to open hundreds of millions of new accounts over the past decade accelerating financial inclusion and in 2020-21 government made over £60bn worth of benefit payments online.
On the other hand, because you increasingly have to have an Aadhaar card to access both public and private sector services, citizens who are not digitally literate are having to pay brokers to help them get registered. There are reports of these brokers selling identities for as little as 500 rupees (about £5.50). In fact, it became so ubiquitous that by the late 2010’s it was becoming nearly impossible in India to get a cellphone contract or open a bank account without giving your Aadhaar number. In 2019 India’s Supreme Court had to rule that private companies could no longer make it mandatory for users to provide their Aadhaar details.
There’s also a serious conversation about the state effectively owning the digital identity of its citizens. Trust in your institutions is one thing but how would you feel about your children having their irises scanned whether you liked it or not?
Public services innovation is more about politics than technology
One thing that has become very clear to me is that New Delhi’s biggest achievements are not technology-related (although no doubt the technology was very difficult) they are political. And like all political decisions there is a whiff of partisanship attached to them. Although Aardhaar was originally started by the opposition Indian National Congress, India’s public digital infrastructure has become a core part of the BJP’s drive to present India as a world-leader in technology.
Those who’ve worked in the salt mines of digital transformation in government will have observed that it’s often ministerial direction that gets the machinery moving but surprisingly few ‘big ideas’ maintain momentum. In large part this is because any new idea has to land in the sweet spot of a minister’s tenure, usually just when they’ve joined a new department and in the rare instance of then staying in post for more than the typical 18 months.
We’ve been working recently with GDS on cross-government data exchange and on the edges of their Digital Identity and One Login programmes and there’s no question that this shit is hard. India’s public services technology stack is the result of a sustained push, designed to both lift millions of people out of poverty but also to accelerate the country’s position as the newest economic superpower.
Policy and regulation has to go as fast – or faster – than technical innovation if it’s going to keep citizens safe
India is a country of extreme contrasts. It makes total sense that Aadhaar should simultaneously represent both the best and the worst versions of digital identity. On the one hand, imagine having the idea of digital verifying everyone in the most populous country on earth within a decade and actually pulling it off. On the other hand, if you’re going to open this data up to the private sector and without having proper privacy legislation in place, biometric data is the worst possible basis for an identity system. As the lawyer Mishi Choudhary writes “Any compromise of such a database is essentially irreversible for a whole human lifetime. No one can change their genetic data or fingerprints in response to a leak.”
Aadhaar gives dignity to the marginalised. Dignity to the marginalised outweighs privacy – Indian Supreme Court Judge
As part of opening the Aadhaar database up to private companies, the government exposed over 1 billion Indian citizens’ data to innumerable third parties, from small startups to the likes of Google. Tech companies do not have a good track record on respecting or safeguarding their users’ data. Even India’s Supreme Court when making their landmark ruling judges that “Aadhaar gives dignity to the marginalised. Dignity to the marginalised outweighs privacy.”
What happens when government moves faster than Facebook?
There’s a lot of guff talked about government behaving like a startup but here’s an eye-popping stat: it took Facebook about 10 years to get to 1.2bn active users. It only took 9 years for New Delhi to get Aadhaar to the same number. In the mantra of The Valley, the Indian government ‘moved fast and broke things’.
We need to take inspiration from the speed while learning the lessons of what got broken.
Thanks for reading,