IRCTC’s Aadhaar play can violate SC order and derail National Security

The Indian Railway Catering and Tourism Corporation (IRCTC) has announced that it plans to make Aadhaar card mandatory for its user registration process for e-ticketing. But looks like the announcement by IRCTC has yet again opened a Pandora’s box.

Your online railway bookings are going to become a wee bit more difficult if they aren’t already so. That is, if the IRCTC makes Aadhaar card compulsory during the registration process for e-ticketing. The move, according to a recent announcement by IRCTC, will ensure that users registering on the IRCTC website are properly identified of their identity and address through the Aadhaar card number verification.

Read: What is Aadhaar good for?

So in case, you already have an Aadhaar card, then you need not worry. For those who don't have it yet or are reluctant to apply for it, are in for a tough time.

According to Sandip Dutta, public relations officer at IRCTC, the plan, although still in the preliminary state, is to make Aadhaar compulsory which will prevent touts from further exploiting the e-ticketing platform.

IRCTC which already has around three crore registered users, adds 15,000 new registrations every day. Just to give you the scale of an IRCTC website, a 15-minute tatkal window has about 1,000,000 people trying to log on to the IRCTC website. This means a new user won't be able to book a railway ticket on the IRCTC site until he owns an Aadhaar card.

Also Read: Indian CISO don’t trust UID with their data

"This is a complete overkill and will only result in harassment of an ordinary citizen," says Sunil Abraham, executive director at The Centre for Internet & Society. "Aadhaar, he says, should be used to prevent politicians and bureaucrats from engaging in big-ticket fraud or whole-sale corruption. It should be used to make the state more accountable to citizens and not the other way around. It is unfortunate that techno-utopians are using biometric technology to fight retail corruption or small-ticket fraud.

If IRCTC makes Aadhaar mandatory for user registrations, they will be in direct violation of the Supreme Court's interim order of September 23, 2013 where it has ordered that no person should suffer for not getting the Aadhaar card in spite of the authority making it mandatory, since government says it is voluntary.

On March 24, 2014 again, the Supreme Court reiterated its earlier order of 2013 and directed all government authorities and departments to modify their forms/circulars, etc., so as to not compulsorily require an Aadhaar number. In the same order the Supreme Court also restrained the UIDAI from transferring any biometric data to any agency without the consent of the person in writing as an interim measure.

According to cyber law expert and Supreme Court Lawyer, Pavan Duggal, till the time Aadhaar has been brought to a legislative sanctity, no government agency must make it compulsory and if they do so, they will be in gross violation of the order and will be held for contempt of court. "The National Identification Authority of India Bill that intends to give statutory backing to UIDAI (introduced in Rajya Sabha in 2010) is yet to be passed by the Parliament. Aadhaar is also non-compliant with the Information Technology Act 2000," says Duggal. Aadhaar, he says, is the unwanted child that hasn't proven legitimacy yet.

The illegitimacy, which continues to prevail due to several anomalies in the UIDAI’s Aadhaar allotment process. In March this year, about 20 million people enrolled in Delhi for an Aadhaar identification number, according to Census. However, the UIDAI generated about 17.7 million unique numbers in Delhi, about a million more than the city population.

In another incident, Aadhaar numbers were assigned to adult residents in 13 of the country's 36 states, and union territories surpassed their respective population as per 2011 census figures. However, the UIDAI blames that ‘gaps’ in census evaluation may have resulted in inaccuracy of the population data.

There have also been bizarre instances in the past where some Aadhaar cards displayed pictures of an empty chair, a tree, and a dog instead of the actual applicant.

So how does it aid unscrupulous elements in misusing the flaws of the Aadhaar card system?

To start with, Aadhaar captures biometrics of a user, which is neither permanent nor immovable, says Dr. Anupam Saraph, innovator, professor and an advisor in governance, informatics and strategic planning.

"Biometrics change during the life of a person, sometimes even within a year, or without warning. Biometrics can be easily stolen, replicated or misused as has been demonstrated by instances of fingerprints and iris scans of high profile targets being hacked. The enrollment agencies that have captured the biometric have the entire demographic and biometric database in their possession and as such it can be misused or stolen. Once the biometric fails or is stolen, all the functions that have crept to link access to the biometric are denied with little or no recourse to the victim," says Saraph.

“Another benign scenario may be large scale fake bookings to make tickets pricier, the malignant scenario will be entire trains used to transfer armies of anti-nationals and terrorists. Therefore, the Railway Minister must rise to cancel any such plans," says Saraph, and the Home Minister and Defence Minister must immediately scrap the linkage of Aadhaar to any database, require that the entire UID is destroyed as was done in the UK. “This kind of compromise requires the initiation of a time-bound judicial probe by a retired CAG and Supreme Court Judge supported by the CBI to investigate the exposure of the country to serious threats to national security due to UID,” he says.

And therefore, the bigger question isn't whether Aadhaar should be made compulsory or not, but whether it is a foolproof method to validate someone's identity. If it isn’t, then why is IRCTC playing the Aadhaar card?

Copyright © 2015 IDG Communications, Inc.

7 secrets of successful remote IT teams