Skip to content

1

Linking Aadhaar to bank accounts is a recipe for creating benami[2] bank accounts and scaling benami bank transactions. It threatens to destroy your bank accounts and destroy the country’s banking system. It’s devastating that the integrity of banking processes is being destroyed by dividing, outsourcing and privatising processes integral to core banking so that they become the responsibility of no one.

Linking Aadhaar[1] to bank accounts is a recipe for creating benami[2] bank accounts and scaling benami bank transactions. It threatens to destroy your bank accounts and destroy the country’s banking system. It’s devastating that the integrity of banking processes is being destroyed by dividing, outsourcing and privatising processes integral to core banking so that they become the responsibility of no one.

Destroying the banking system

India’s Department of Revenue (DoR) has done it again.

On June 1, 2017 vide Notification №2/F .No. P.12011/11/2016-ES Cell-DOR it mandates the linking of every bank account with an Aadhaar number before December 31, 2017. While lawyers point out several illegalities, including the scope, of the notification of this subordinate legislation under the Prevention of Money Laundering Act (PMLA), the failure of the DoR to consistently protect national interest is unbelievable.

A few days back a co-panelist on a TV channel defended the DoR arguing that linking Aadhaar to Bank Accounts will weed out money laundering by verifying bank accounts. What my co-panelist did not say is money laundering is facilitated by creating benami accounts. It is also facilitated by benami transactions. Nor did my co-panelist explain how benami accounts happen or how benami transactions are scaled by money-launderers.

This latest notification ensures that the Trojan horse that they instilled into the banking system on January 27, 2011, will destroy the Indian economy along with the Indian banking system. As feared by the Reserve Bank of India before January 2011, Aadhaar is yet the best state sponsored enabling mechanism for money launderers to enable benami bank accounts. Aadhaar can even help the money launderer to take over your bank accounts. Aadhaar is also the enabler to scale benami transactions.

Here are just 5 ways in which linking the Aadhaar to PAN[3] or a bank account will hurt you, destroy India and, for those who care, an explanation of how Aadhaar creates benami bank accounts and scales benamitransactions.

The innocent will lose money, reputation and access to justice, dignity and livelihood

One, the innocent will lose money, reputation and access to justice, dignity and livelihood as their Aadhaar numbers can act as mules for money laundering, their subsidy and other Aadhaar enabled payments can be easily compromised, their access to their own bank accounts be denied, or they can be framed for economic offences. Helpless citizens and businesses may also find themselves at the receiving end of covert human rights violations as even their access to money and existence is disabled by deactivation or blocking of Aadhaar leaving no recourse to survival.

Linking Aadhaar to bank accounts or PAN converts India into the new tax haven for money launderers

Two, linking Aadhaar to bank accounts or PAN converts India into the new tax haven for money launderers as it becomes easy to remotely create benamiaccounts and operate benami transactions while claiming complete legitimacy. This will destroy India’s economy and governance.

Financing crime and terrorism will grow uncontrollably

Three, financing crime and terrorism will grow uncontrollably as it becomes increasingly difficult to discover, report or close down such operations. This will make it impossible to ensure national security as the rule of law is destroyed.

Corruption will increase

Four, corruption will increase as it becomes easier when proceeds will not be traceable to the corrupt. It will be increasingly difficult to restore swarajya and impossible to ensure suraiya.

Banks will not be able to contain non-performing-assets

Five, banks will not be able to contain non-performing-assets, fraud and financial misappropriation as the real users of banking services will be untraceable. The economy will be completely out of control as the black and white economies become indistinguishable.

We are in a policy vacuum as the NITI Aayog and the bureaucracy have failed to recognise the Trojan horse and protect national interest. Unless the RBI de-licenses the payments systems based on Aadhaar (AEPS) immediately and the government stays linking Aadhaar to PAN and bank accounts, our leadership will have failed to protect India from this fast colonisation of India by the private interests driving Aadhaar.

Enabling Benami Bank Accounts

Benami accounts get created when banks fail to identify the real customers who own the accounts. The Panama Papers exposed data of thousands of benami accounts created through a Panamanian law firm, Mossack Fonseca. The Panama Papers exposed one modus operandi of hiding the real owners of the assets in tax havens.

panama papers modus operandi
The use of Aadhaar as KYC for bank accounts is similar to the note from Panama Law Firm Mossack Fonseca saying “they are an honest client”

Prudent bankers recognise the importance of knowing who they bank with. It is no wonder that the RBI had warned, right from before the Trojan horse was instilled in to the RBI in 2011, that the Aadhaar enrolment process does not have due diligence. It pointed out that for Aadhaar enrolment verification is not compulsory, as confirmed by the UIDAI in the Demographic Data Standards and Verification Procedure, and does not require document based verification.

The RBI also highlighted that such use of Aadhaar as third party identification is against Prevention of Money Laundering Act, the Financial Action Task Force (FATF) and the paper issued on Customer Due Diligence (CDD) for banks by the Basel Committee on Banking Supervision and circulated to scheduled commercial banks by the RBI on November 29, 2004.

The RBI also observed that a fixed time document like the Aadhaar cannot be a Proof of Address. It further cautioned using Business Correspondents (BC), to open bank accounts or undertake banking transactions, as the vulnerability of the system has not been tested and co-mingling funds of different banks in the hands of BC’s was a major operational risk to the banks. While resisting the use of Aadhaar, the RBI also highlighted the Government’s concern about the perceived misuse of such accounts for terrorist financing.

Under pressure from the UIDAI and the Department of Revenue, Ministry of Finance, the RBI, through its circular dated January 27, 2011, allowed bank accounts to be opened exclusively on the basis of Aadhaar number. However the RBI required such accounts to be put to restrictions and be subjected to conditions and limitations prescribed for small accounts.

Not happy with the restrictions, the UIDAI pressed the RBI to lift the restrictions placed on accounts opened with Aadhaar numbers under the PMLA. On September 28, 2011, again through the Department of Revenue, the UIDAI succeeded in getting the RBI to backtrack and suspend the restrictions of the PMLA on bank accounts opened solely through Aadhaar. The UIDAI also succeeded in causing the RBI further to accept eKYC or remotely using information associated with an Aadhaar number as KYC. According to the UIDAI eKYC brings scale to the ease of onboarding customers.

To put the problem in perspective, Aadhaar enrolment was completely outsourced to private parties by the UIDAI with the sole aim of building the worlds largest biometric database. Mr. Nilekani’s UIDAI repeatedly emphasised that they merely provided a framework to issue a number and store the (unverified and unaudited) data.

RTI says Aadhaar has never been verified or audited
UIDAI admits that the Aadhaar (UID) database has never been verified or audited

No one from the UIDAI or even the government even sign the Aadhaar card that is mailed back to the enrolee. The very same organisations that were declared by the UIDAI as holding databases full of ghosts and duplicates were asked to serve as “Registrars” to the enrolment process. They were even given flexibility in the collection, retention and use of the data (including biometric) that they collected.

Without a verification and audit Aadhaar enables duplicates and ghosts
Without a verification and audit Aadhaar enables duplicates and ghosts

No one in the Aadhaar enrolment process was required to identify anyone. At best they had to merely verify documents that were submitted for enrolment. Needless to say anyone in possession of your documents could enrol with minor changes in any demographic information or with different biometrics. Field stories of enrolments are replete with descriptions of biometric jugaad including using combination of persons, use of biometric masks, biometric modifications, and other ingenious methods to maximise registrations.

According to the IT Minister Ravi Shankar Prasad, 34,000 operators who tried to make fake Aadhaar Cards have been blacklisted. Even if each operator worked for a year before being blacklisted, at about 100 cards a day amounts to over a billion cards. That is more than 95 percent of the database. The Aadhaar enrolment has been unlike that of any other identity document, easily scaling the creation of duplicate and ghost identities.

Excrept of IT Minister Ravi Shanker Prasad’s reply in Rajya Sabha on April 10, 2017
Excrept of IT Minister Ravi Shanker Prasad’s reply in Rajya Sabha on April 10, 2017

While there is widespread belief that biometric authentication at time of opening a bank account prevents benami, it ignores the field realities of mobile phone SIM cards being issued on Aadhaar photocopies and used to open bank accounts, of having remotely “downloadable” accounts, and also plain simple use of photocopies of Aadhaar or parallel Aadhaar databases to open bank accounts. With Aadhaar, banks do not have any trace of the real customer. The real customer is simply masked by a benami owner using an Aadhaar number.
Even your Aadhaar can be used, without your knowledge, by a perpetrator to open multiple accounts in order to use it to collect bribes, park black money, or siphon your subsidies. In the eyes of law enforcement, if these accounts are discovered, you will be the criminal.

benami money laundering aadhaar bank account
Is Aadhaar the new Panama?

To compound the problem, UIDAI has no liability for benami bank accounts opened with Aadhaar. After the introduction of the Aadhaar to open bank accounts, the accounts and deposits have doubled in 5 years. No one knows who really controls these accounts.

Growth of bank accounts and deposits in India
Growth of bank accounts and deposits in India

Enabling Benami transactions

Even when it had no mandate to develop banking platforms, in 2009, the UIDAI signed an MoU with the National Payments Corporation of India (NPCI), a non government company, to develop an Aadhaar Enabled Payment System (AEPS). In this MoU the UIDAI has no responsibility for your banking transactions and the NPCI has no obligation to the RBI. The payment system uses the Aadhaar linked to a bank account as a financial address to do electronic money transfers from one Aadhaar number to another.

Company data for NPCI
Company data for NPCI

Unless an Aadhaar is linked to the account, the AEPS cannot access the bank account. Linking a PAN to the Aadhaar will have the same effect as linking the Aadhaar to a bank account as the PAN is already linked to the bank account. Such accounts become Aadhaar enabled. Aadhaar enabled bank accounts are ready to be used by the AEPS for Aadhaar to Aadhaar money transfers.

Linking an Aadhaar to a bank account is done through a process called as “seeding” an Aadhaar number to a bank account. After receiving the Aadhaar number from the customer, the bank uploads such numbers’ into a “NPCI mapper” or a repository of Aadhaar numbers and Institution Identification Number (IIN) numbers used for the purpose of routing transactions to the destination banks. The IIN is a unique 6-digit number issued by NPCI to the participating bank. If you or anyone else seed your Aadhaar with another bank account, the NPCI mapper is overwritten with the new banks’ IIN. Money transferred to an Aadhaar number, using the Aadhaar Enabled Payment System, gets transferred to the bank account linked to the Aadhaar number at the branch recognised by the IIN.

A money launderer can transfer money to an account linked to an alternate IIN and then re-seed the NPCI’s mapper with the original IIN for the Aadhaar number, completely wiping out any trace of money to the alternate IIN. Like transactions of bearer shares in Panama, such money transfers becomes no different from a hawala[4] transaction between real parties who remain anonymous or benami[5].

Your Aadhaar number can be used to facilitate such benami money transfers. If these money transfers linked to your Aadhaar number are detected by investigation officers or tax authorities, you, not the real operator will be held on suspicion of economic offences.

The NPCI’s idea of Aadhaar to Aadhaar banking itself is flawed. It is surprising if the RBI has licensed this payment system under the Payment and Settlements Act.

All money is ultimately stored in bank accounts and not in the name of a person. Nowhere in the world does one transfer money to a person, you transfer it to a persons account. Money transfers to and from a bank account makes every money transfer traceable from source to destination making money laundering difficult, if not impossible.

Hawala schemes make money transfers untraceable by eliminating the bank accounts. Money transfers that, like the hawala, are based on the premise that you do not share an account number, with someone transferring money to you, are inherently flawed in auditability as they wipe out the money trail.

The idea of a mapper, as used by NPCI’s AEPS, does not allow for instructions from sender but relies on periodic update of IIN in the NPCI’s table mapping Aadhaar numbers from banks. As multiple banks have to upload the Aadhaar numbers seeded with accounts held by them, this cannot guarantee desired results.

Perhaps the worst aspect of the mapper is that it slices the business process and outsources parts. This destroys the responsibility of the payment system from any single party as was in the case of NEFT or RTGS. Neither the NPCI, the UIDAI or the banks are responsible in such money transfers. They merely provide “look-up” services. In this system, a single compromised or rogue bank branch, or the perpetuator’s ability to exploit a good one, is enough to siphon off subsidy, park black money or take bribes.

Such money transfers would be difficult, if not impossible, to trace without a whistleblower. A few cases have been reported that suggest the large scale play of this scenario already. For example more than 40,000 erroneous transfers were reported through AEPS in DBT transfers meant as part of drought relief for farmers in Karnataka. The government allegedly blamed the banks for failure to seed the correct Aadhaar numbers with the beneficiaries.

Governments across India had been using the RBI’s own payment system, the NEFT or RTGS, to undertake electronic money transfers. This is also evidenced by the fact that Aadhaar Leaks has exposed that bank details are already present in every record of the leaked data. There is absolutely no reason to switch public payments from NEFT to AEPS, run by a non-government company.

The replacement of a time tested standard of electronic money transfers under government regulation by a non-standard payment system run by a non-government company raises several serious questions of national and public interest, propriety and possible conflicts of interest.

Preventing disaster

If the government and the Supreme Court implement the wisdom of 7 orders of the Supreme Court of India on the use of Aadhaar, they can yet save the country from disaster resulting from the colonisation of India by the new East India Companies or the private interests driving Aadhaar.

In its first order of September 23, 2011 the Supreme Court had indicated that “no person should suffer for not getting the Aadhaar card inspite of the fact that some authority had issued a circular making it mandatory and when any person applies to get the Aadhaar Card voluntarily”.

On August 11, 2015, the 3 member bench restricted the use of Aadhaar and indicated that it may not be used for any other purpose.

On October 15, 2015, a 5 member bench led by the Chief Justice had emphasised that “the Aadhaar card Scheme is purely voluntary and it cannot be made mandatory till the matter is finally decided by this Court”. It had restricted the voluntary use of Aadhaar to public distribution system (PDS) Scheme, the liquefied petroleum gas (LPG) distribution scheme, the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS), National Social Assistance Programme (Old Age Pensions, Widow Pensions, Disability Pensions), Prime Minister’s Jan Dhan Yojana (PMJDY) and Employees’ Provident Fund Organisation (EPFO).

In the meantime, following Mahatma Gandhi’s footsteps and refusing to link Aadhaar to anything may be the only option left for you.

On 10 January 1908 Mahatma Gandhi was arrested for the first time in South Africa for refusing to carry an obligatory identity document card commonly known as the ‘pass’.

[1] Aadhaar is a 12 digit random number assigned by India’s Unique Identification Authority of India to unaudited and unverified demographic and biometric information submitted by private enrollers.
[2] Accounts and transactions undertaken using a ghost or a duplicate identity are called benami.
[3] Permanent Account Number or PAN is a number used to track financial transactions and file income tax returns in India.
[4] Hawala is an alternative or parallel remittance system that works outside formal banking systems.
[5] This was first highlighted in September 2014 in http://www.moneylife.in/article/how-aadhaar-linkage-can-destroy-banks/38736.html

 

Originally published here.

2

On August 24th 2017, WikiLeaks published secret documents from the ExpressLane project of the CIA pertaining to the cyber operations the OTS (Office of Technical Services), a branch within the CIA conducts against liaison services. The OTS provides a biometric collection system to liaison services around the world with the expectation for sharing of the biometric takes collected on the systems. Additionally, the CIA has developed ExpressLane - a covert information collection tool to secretly exfiltrate data collections from these systems without the knowledge of the vendors as well.

ExpressLane installs and runs covertly behind a benign splash screen indicating a software upgrade and is used when OTS agents perform on site upgrades on the biometric system. The installation raises no suspicions other than the minor notices which don't appear to be out of the ordinary for a software installation.

The core components of the OTS system are based on products from Cross Match, a US company specializing in biometric software for law enforcement and the Intelligence Community. The company hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan. This company also provides biometrics collection systems for UIDAI's Aadhaar in India.

The response to these revelations in India has been astonishingly muted. A foreign government having access to confidential and highly accurate information on citizens of India amounts to an attack on India's sovereignty. The existence of Aadhaar itself now becomes a government sanctioned weapon against the country and citizens. The Aadhaar must be destroyed.

The few reports in media restrain themselves to very conservative reporting of the actual leaks without committing themselves to stating the implications for the country. This too is concerning, because it indicates an inadequate comprehension of how tech works in the media and renders the media toothless when it comes to providing public oversight on the highly insecure progression of the Digital India project.

On its part, the UIDAI has issued its standard voodoo denials. No explanations, no data, no alarm, no need for any investigations, nothing. Assurances that "all is well, don't worry" is all the UIDAI appears to have on any of the mounting concerns about the Aadhaar being illegally imposed on the citizens of India with blatant disregard to repeated orders of the Supreme Court. And of course, flat out lies - the hallmark of anything supported by the Modi government. Here are some claims debunked.

Aadhaar system has stringent security features to prevent any unauthorised transmission of data.

And here we thought UIDAI filed a case against Abhinav Srivastava, co-founder ofQarth Technologies Pvt. Ltd, who released an entire app that made unauthorized use of Aadhaar data e-kyc, then let him go, because he didn't have bad intentions. And oh, they complained about unauthorized access and then also claimed that no data was breached. We get it. There was no breach. He was using an authorized api without being authorized. No breach. Just reading news on the UIDAI is enough to give anyone who understands tech security high blood pressure.

No, Aadhaar most certainly doesn't have stringent security features to prevent unauthorized transmission of data. Aadhaar devices were not even encrypted till well after UIDAI started claiming 90% enrolment across the country (another dubious claim, for another day).

“Some vested interests are trying to spread misinformation that since ‘Cross Match’ is one of many devices which are being used in biometric devices by various registrars and agencies in Aadhaar ecosystem, the biometrics being captured for Aadhaar are allegedly unauthorisedly accessed by others.”

This is complete bullshit. The vast majority of people objecting to Aadhaar have nothing to gain from its failure (other than national and personal security). In contrast, the vast majority of people defending Aadhaar without any data, independent audit, robust explanations of technology and worse are invariably employed by UIDAI or its affiliates or have founded them (or, in a recent trend, are anonymous handles - I wonder who, other than Sharad Sharma could be behind those). Where is the misinformation in CIA being a spy agency, or it being known to engage in illegal and digital spying or it being known to subvert democratic governments in countries? Where is the "misinformation" in a leak of secret documents on a site that so far has never been questioned on the authenticity of leaked information it publishes?

Aadhaar biometric capture system has been “developed within our own country and it has adequate and robust security features to prevent any possibility of any such unauthorised capture and transmission of data regardless of any biometric device that may be used”.

This statement can be true, only if the UIDAI spokesman is a US national, because even the UIDAI website offers driver downloads for Cross Match and L-1 devices. The same Cross Match and L-1 that have apparently got biometric capture systems from the OTS branch of CIA on the understanding of data sharing. And the Express Lane is the data theft on top of that.

“In addition, there are many other rigorous security features and processes within UIDAI ensuring that no biometric data of any individual is unauthorized accessed by anyone in any manner whatsoever,”

This is a breathtaking lie, because the CONTRACT UIDAI had with L-1 Identity Solutions Operating Co Pvt Ltd, Morpho and Accenture Services Pvt Ltd, says that the company was given Aadhaar data access "as part of its job". This contract has also been reported and objected to in the past and on this blog as well in 10 big problems with the Aadhaar UID card project.

Golden rule in C-Sec is: If physical access is compromised, everything is gone. Wikileaks talks about physical access. It is about installing a backdoor on the source where biometric is acquired at the device driver level. Encryption argument is useless in that case. But encryption != Security.

(update: UIDAI has made some vodoo argument about how access is secured on UIDAI premises and what not. It is nonsense. Aadhaar data is collected out in the real world where the espionage would be happening. Whether UIDAI pickles the data or freezes in some on premises further access to foreign companies it makes no difference to that)

How much Aadhaar data and how much access do foreign BSPs have?

And this information is from an RTI filed by Col. Thomas, that the BSP (Biometric Service Provider) "may have access to personal data of the purchaser (UID), and/or a third party or any resident of India..." Further, Clause 3, which deals with privacy, says that the BSP could "collect, use, transfer, store and process the data".

Excerpt from UIDAI contract with Biometric Service providers
Excerpt from UIDAI contract with Biometric Service providers

In other words, the UIDAI has been deliberately undermining Indian security using Indian funds and flat out lying about its activities. The entire organization must be dismantled and its leaders investigated.

Under the Aadhaar system, all Indian citizens are being allotted a unique twelve-digit identity number by the State upon obtaining biometric data including fingerprint and iris scans and upon submission and verification of certain demographic data including the name, date of birth and residential address.

The new identity is different from all previous identity documents issued by the State. While a driving license or a passport were identity ‘documents’ that once issued were in the possession and under the control of the citizen as “original documents”, the Aadhaar number and associated demographic and biometric data is a data entry in a digital database in the possession and under the control of the State and any other entities who might gain access to this database whether with legal authority or otherwise.

Further the nature of the information that the State uses to identify a person under the Aadhaar system is entirely different from that used under earlier systems of identification. Until now the State relied upon photo-identity cards to determine someone’s identity. Under the Aadhaar system, the markers for identity determination include fingerprints and iris scans. For the first time, biological data not visible to the human eye and inaccessible to and non-decipherable by a lay person or a non-expert, is being obtained from citizens and is being stored digitally in a central repository for all 1.3 billion Indians with the ostensible purpose of identifying them.

Yes, the citizen is issued an Aadhar card with a number on it, but that card and the photograph on it and the face of the person presenting that card are no longer sufficient for the State to accept that the person is who he or she says they are. The biometric data must match. If the biometric data match fails, then the State will refuse to accept the identity of that person.

Also, the Aadhaar based identity is ultimately a number in a digital database. That number can be deactivated or even deleted. The database is outside the possession and control of the citizen. If his Aadhaar number in the database ceases to exist, the citizen has no proof of his identity as a citizen. The citizen ceases to exist for the State.

The Aadhaar related debates have focused on the right to privacy and on the apprehension of surveillance by the State and on issues of the security of Aadhaar databases. But there are more deep-seated concerns about the Aadhaar biometric identification system that I discuss here and which are important to understand how great a threat the Aadhaar biometric identification system poses to the privacy, liberty and security of Indian citizens.

There are several scenarios in which this digital biometric identification database can fail, be modified, be stolen, be leaked, be misused or be manipulated by State or non-State interests to the detriment of citizens and their rights. I discuss how the centralized and digital nature of this database as well as its use of biometric markers of identity which by their very nature are not accessible to or verifiable by ordinary individuals, creates many such scenarios where citizens can lose control over their identity and their very person-hood and be left with no recourse in extremely harmful situations. The greatest threat posed by the Aadhaar system is that citizens will lose control over their identity, they will be unable to establish their identity under certain circumstances, and they will also be exposed to an exponentially higher risk of identity theft.

The digital Aadhaar biometric identification system it is argued not only violates the right to privacy, but it creates significant risks that threaten the very right to identity and person-hood of Indian citizens and thus the right to citizenship itself. The Aadhaar system fundamentally alters the social contract underlying the Constitution of India by enabling a potentially malevolent State to deny the very identity of “inconvenient” citizens. A cost-benefit analysis of the Aadhaar system, even accepting its stated advantages, cannot justify such immense risks to citizens.

This post was originally published here by Seema Sapra.

6

The ongoing denial of UIDAI and the government of Aadhaar vulnerabilities remains a concern. Many people don't understand how Aadhaar could be a problem. There are many and documented ways where the integrity of Aadhaar data is already rendered questionable, but here are some ways that anyone could pull off with some effort.

For the purposes of this post - you are a scammer. A criminal.

Step 0: Acquire a few photocopies of Aadhaar

This is the starting point. Your Aadhaar number is supposed to be known only to yourself, but the reckless linking of Aadhaar with everything has ensured that photocopies of Aadhaar are, in reality, being handed out to anyone from international couriers to schools. If you're inclined to be a criminal, there is probably no shortage of sources of Aadhaar numbers. No, it doesn't matter even if people have written the purpose and signed on them. You could probably randomly collect a few photocopies of Aadhaar from people by making it "mandatory" - like your driver or maid must give you a copy of their Aadhaar to get their salary, or for police verification, etc. Help old people in the neighbourhood to book railway tickets and ask for Aadhaar number - you don't need it, but gullible people don't question. Just invent an excuse - it doesn't have to be true - you are a scammer, after all. If one person refuses, ask another. Not many refuse. You'll soon hit pay dirt. Govt has taught people to hand around their Aadhaar for anything and everything. And just like that, the allegedly secret number is yours.

Now, depending on what kind of a criminal you wish to be....

You're a terrorist, or stalker or need to share fake news on WhatsApp.... you need a phone number.

Give that photocopy to any telecom operator and get a SIM card - this one is easy. Frankly, it will work with any ID. Not just Aadhaar. But Aadhaar is better, because then you attach it to the new phone number and sort of build that identity proper to be the foundation of other scam documents to be a full and proper ghost.

Say you have black money you need to park, etc. Things that need you to actually be a person.

Go to the UIDAI website. Download the form for updating Aadhaar details by post. Photocopy some ID, change the name and address to match that of your target Aadhaar you want to take over and attach to form. Fill the form, but in the place of the phone number, put the new number you got in the previous scam. Just in case someone is alert at UIDAI, save it on a couple of phones with that name and install true caller. Feel free to add a fake email also. So someone checking the number sees right name in true caller as well as telecom operator's records. Post the form. That Aadhaar card will now be updated to work with your OTP. Enjoy. You can get an Udyog Aadhaar and qualify for a business loan, you can validate it for passport, etc. There is no way for the person to easily realize that the phone number was switched, so it will be a while before they realize what has happened. Even if a duplicate Aadhaar card gets posted to them, it will have no changed information (phone isn't on the card - or even biometrics - they could have an empty document and not know it). By then, unless they do biometric PDS, you could use an OTP to switch the biometrics for you too and properly make it yours.

Rent a flat using that Aadhaar, register the lease, open bank account. Put some money there to evade taxes. Whatever. Oh, get another PAN if it is a lot of money. No one would believe Aadhaar can create a ghost. After all, govt has guaranteed it removes ghosts.

You are an illegal immigrant living in some slum. You'd like PDS, but you don't qualify.

Fikar not. Aadhaar makes it easy. Keep an eye out for someone who dies in your area. Say you know people in the rationing office and can get the name of the dead person removed from their card for them. Take the card, update the dead person's name with your Aadhaar. Aadhaar overwrites the person's data on the ration card - name, age, sex, everything. Voila. You are now on their card. I suppose you should now remove your name from it and apply for a separate card, "because you've moved out to your own place". Oh, don't forget to return the ration card of those nice people, with the dead person's name nicely removed and all. Oh, congratulations! You are also a citizen, if you weren't, before.

*****

There are endless ways, really, because the reckless imposition of Aadhaar has resulted in it being accepted for far more than what Aadhaar data is capable of actually verifying. Money transfers via Aadhaar? No problem. The government has gone to great lengths to enable it during demonetisation. Need more gas cylinders than your subsidy gives you to use in your restaurant? Sure, just scramble the address a bit, so computer doesn't recognize as identical.

This is a threat to individual safety as well as national safety. Both physical and financial.

And I haven't even mentioned leaked databases (there you go - thousands of aadhaar numbers and addresses) or privacy issues (govt says we don't have a right to privacy, apparently) or denial of basic necessities to poor and desperate people (we don't care about them anyway). I haven't even talked of countless mobile SIM service people who could simply duplicate your SIM - and the Aadhaar number to verify is attached to the phone number! I suppose soon scammers will be paying bribes to get jobs in mobile operator service centers.

Are you still a fan of Aadhaar?

 

Disclaimer: This post is for educational purposes and does not endorse anyone actually indulging in criminal activities. I have not done any of the above. I would like those still insisting that Aadhaar is safe to explain how they would prevent any of this.

 

3

While people question govts in a democracy, in India the govt questions anyone questioning unaccountable govt actions. And supporters think that while India was a democracy under UPA, under Modi it has become some kind of Hindu Empire and questioning the king means "off with their heads" sort of thing. For some reason, Ritesh Dwivedy confused private individuals, not elected to public positions nor employed by public funds, as those accountable to him for their personal views and actions. And then sulked and asked again when no one thought him important enough to consider seriously. Entertaining as it is, he clearly seems to be disoriented as to who his rights as a citizen entitle him to answers from, so trying to help him find his way in the muddle this alleged democracy is becoming.

Clarifying some problems he appears to be facing. All quotes from one or the other article linked above unless explicitly mentioned.

Aadhaar is a unique indigenous innovation that empowers every Indian by providing them with a secure and verifiable identity.

This statement is completely unsubstantiated and likely at the root of all the confusion. He has been informed a lot of glorious things about Aadhaar. They are not necessarily true. Verification is an important skill in today's times when the government routinely lies to people in order to get them to believe, like Ritesh Dwivedy, whatever they wish people to believe.

Aadhaar is going to be the backbone of India becoming a developed country, and is receiving global acclaim from entities like Bill Gates, The Economist, the World Bank, Raoul Pal, and others.

These guys? Why wouldn't foreign power cartels appreciate the tool that hands them power over India on a platter? Big data is big power and leaky big data is big control without accountability for opportunists. Who needs terrorists when you have hackers and crucial data of the entire country is in a form the government has little ability to secure? Is this government supposed to serve their interests or those of citizens? Of course the other two pillars of this servitude by this government are demonetisation and promotion of cashless transactions in a country they forgot to get fully on the internet first. That is how dumb this government is. If such a database were empowerment, why is it being forced on third world countries?

One whiff of WannaCry and RBI has all ATMs shut down. On the other hand, it is the country with all these people praising us (without US doing it themselves) created the ransomware originally. To get a better perspective, they have actually done an attack on a nuclear facility in Iran with Stuxnet. Our idea of security is "don't enter random numbers for Aadhaar or we will consider it hacking" - a freaking bank did a replay attack on the Aadhaar database while "testing" their setup and neither are replay attacks prevented after that, nor the known "violators" refused access to Aadhaar - we are fucking out of our league on competence. It is like praising a 5 year old for writing all his secrets in his "private" diary in its hiding place behind the park bench. Except the 5 year old is writing down the security codes for getting into their home. Oh wait Indian homes don't have security alarms and such. Oops sorry.

Think of it like this. If Aadhaar is this easy to misuse, it will be misused and it is being misused and so far people have just got away with it while those who exposed flaws got arrested.

How many more years do you want India to remain a ‘developing’ nation?

Forever. I hope India never stops developing. How many years do you want India to be a banana republic wannabe pleasing foreign powers at the cost of citizens?

Why are you silent on all the benefits we are seeing as a result of Aadhaar?

For the same reason I'd be silent if my 5 year old came home happily telling me about her new best friend. A grown man acting in a shady manner, whom she thinks is absolutely fantastic. There are problems that are visible to one with experience on the subject. Just because all my daughter knows about the nice man in the park is that he gives candy doesn't mean it is a good thing.

Waise, why are you silent on the countless problemswe are seeing as a result of Aadhaar?

Why are you misleading the Indian public about Aadhaar through fear-mongering and sensationalism?

Why are you misleading the Indian public about Aadhaar through false assurances and "bagon mein bahar hai"?

Why are you willing to give biometrics to foreign govts and corporations, but not to your own govt?

Because our government is proved to be incompetent with data security. There isn't a single other biometric database that can be queried for identity by any Tom, Dick and Harry - because it is an idiot idea to begin with, with too high error rates to be efficient at what it claims to do and too poor security to protect citizens from the risks such a database presents. Nor is anyone in this circus apparently interested or aware that citizens have rights in a democracy and you can't just say "Idea, let me make the whole country do whatever I wish AND foot the economic and security costs of my whims without question". BJP was right on Aadhaar when UPA was in power. Today BJP has sold the country out a hundred times more than UPA even planned (though no guarantees, it is the same creeps even now. Only the sarkari gullibles have changed) Incidentally, I haven't given my biometrics to foreign governments and corporations, and most Indians have not.  Also foreign governments and companies have limited use of my biometrics, unlike the Aadhaar, which is being forcibly attached to absolutely every important transaction a person can do from hospitalizations to bank accounts, property to crop insurance. Misuse or denial has the power to literally finish the ability of a person to access own funds, communicate, live in own home or even survive if medical needs. No foreign government has been stupid enough to enslave own or other citizens this badly. Yet.

Tell you what, you do some homework and hardwork and expose some of that data you are comparing Aadhaar to, then we will have some grounds for an actual comparison, yes? Good part is, those guys won't even arrest you, you'll actually earn bug bounties. So not even risky like fighting Aadhaar under a totalitarian state.

Why are you opposed to using technology to benefit the nation?

Next you will say any and all technology is benefit only. Like the govt spamming me daily is benefit to the country, etc. Technology isn't inherently good or bad. I am opposed to insecure technology being used to generate big data for power cartels at the cost of citizens. Benefiting the government and benefiting the nation are not necessarily the same thing. Just like dissent is a right and opposing the government is not anti-national. A government is a temporary entity that changes every five years. My nationality doesn't change every five years. Get your civics right and a lot of these government peddling issues will get sorted.

Why speak half-truths and ignore the lakhs of people who are getting benefits for the first time because of Aadhaar?

Next you will say babies are being conceived because of Aadhaar only. In a country this size, people are constantly becoming eligible for something or the other. It isn't because of Aadhaar. Aadhaar makes you eligible for zero benefits. It is simply the dog in the manger inserted by the government that PREVENTS otherwise eligible people from getting benefits because the government chooses to deprive them unless they surrender their privacy for it. Think about it. It is actually an imposed indignity. I will forcibly take your fingerprints if you want the pension you spent your entire career working towards. This is helplessness. Not benefit.

Cleaning up the PDS system - for example - requires cleaning up the PDS system. It doesn't take fingerprints to know whether someone is eligible for PDS. But authentication issues sure have deprived loads of people whom you are ignoring while pointing fingers in an increasingly crazed manner.

And this is me talking because you irritated enough people that they pesterd me to reply, but the information is from the government. Most people who got Aadhaar already had documents to provide proof of address and identity for it.

 

And so on. Not bothering to read or reply further. Because personal attacks are not arguments and this is plenty to entertain those who wanted to see you get a reply. Just because you make an assumption doesn't mean it is true. Nor are you relevant enough to the larger picture to take seriously.

Return with data, technical arguments, fact based information that isn't just "But why don't you ignore all the ghastly stuff and just meditate on all the pretty?" or consider this post the answer for anything you write on the subject till eternity.