India's Aadhaar: The World's Largest Biometric ID System Explained

In the sprawling, diverse tapestry of modern India, a digital revolution has been quietly, and at times controversially, reshaping the very notion of identity. At its heart lies a 12-digit number, at once innocuous and profoundly powerful: Aadhaar. More than just a card, Aadhaar represents the most ambitious biometric identification system ever undertaken, a digital bedrock for a nation of over 1.4 billion people. It is a story of immense ambition, technological prowess, staggering scale, and fierce debate—a project that aims to give every resident a unique, verifiable identity, transforming service delivery while raising fundamental questions about privacy, security, and the relationship between the citizen and the state in the 21st century.

Launched in 2009, Aadhaar, which translates to "foundation" or "base" in Hindi, has grown to encompass over 99.9% of India's adult population. [2, 5] Hailed by some, including former World Bank Chief Economist Paul Romer, as "the most sophisticated ID programme in the world," it has become an indispensable part of daily life for most Indians. [2] It serves as a gateway to essential government welfare schemes, a tool for financial inclusion, and the foundational layer of a revolutionary digital public infrastructure known as the "India Stack." [3, 5]

Yet, its journey has been anything but smooth. From its inception, Aadhaar has been embroiled in legal battles that climbed all the way to the Supreme Court of India, challenging its very constitutionality. It has been criticized as a tool of potential mass surveillance, plagued by reports of data breaches, and blamed for the exclusion of the most vulnerable from life-sustaining benefits. This article delves into the multifaceted world of Aadhaar, exploring its history, the technology that powers it, its transformative applications, the monumental legal struggles it has endured, and the fierce controversies that continue to shape its legacy.

The Genesis of a Digital Foundation: A Brief History

The seeds of a national identification project were sown in the aftermath of the 1999 Kargil War. A review committee recommended a multi-purpose national identity card for citizens in border areas to enhance security. [2] This idea evolved over the next decade, culminating in the establishment of the Unique Identification Authority of India (UIDAI) on January 28, 2009, as an attached office of the then Planning Commission. [2, 18]

The project gained significant momentum with the appointment of Nandan Nilekani, a co-founder of the IT giant Infosys, as its first chairman in June 2009. [2] Nilekani's vision was to create a unique identity for every resident, not just for security, but as a powerful tool for inclusive growth. The goal was to eliminate "ghost" and duplicate beneficiaries from welfare rolls, thereby curbing fraud and ensuring that subsidies reached their intended recipients directly. [7, 8] In April 2010, the brand name "Aadhaar" and its now-familiar logo were launched. [2]

The initial years were marked by rapid enrollment but also by a lack of legislative backing. The first Aadhaar number was issued on September 29, 2010, to a resident of Nandurbar, Maharashtra. [18] However, as the program expanded, concerns over privacy and the mandatory use of Aadhaar began to mount, leading to legal challenges.

A pivotal moment arrived in March 2016 with the passage of the Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and services) Act. [2] The Act gave UIDAI statutory authority and provided a legal framework for the project, defining its powers and responsibilities. [13, 15] However, the manner of its passage—as a "money bill," which bypassed the full legislative scrutiny of the upper house of Parliament—became a major point of contention in subsequent court battles. [11]

By the time the Supreme Court delivered its landmark judgment in 2018, Aadhaar had already become deeply embedded in the fabric of Indian society, a testament to its scale and the government's persistent push for its integration.

The Anatomy of an Identity: How Aadhaar Works

At its core, Aadhaar is a system designed to establish uniqueness. It achieves this by collecting and linking two types of information for every resident, irrespective of age or gender: demographic data and biometric data. [3] The entire process is voluntary and free of cost for the first-time enrollment. [3]

Data Collection: The Building Blocks of Identity

The enrollment process is designed to be as simple as possible, requiring minimal information. An individual needs to visit an authorized Aadhaar Seva Kendra (enrollment center) with valid proof of identity and address documents. [7, 11]

Demographic Information collected includes:

Name, Gender, and Date of Birth/Age: These are the basic identifiers. [3]
Address: A residential address is required. [3]
Mobile Number and Email ID: These are optional but crucial for receiving updates and for One-Time Password (OTP) based authentication. [3]

Biometric Information is what makes Aadhaar truly unique. The system captures:

A Facial Photograph: A standard digital picture. [3]
All Ten Fingerprints: Scans of all ten fingers are taken. [3]
Two Iris Scans: A scan of the iris of both eyes. [3]

For children under the age of five, no biometric data is collected. They are issued a "Baal Aadhaar" (Child Aadhaar) which is linked to one of their parents' Aadhaar numbers. They are required to update their biometrics at age 5 and again at age 15. [7]

The De-Duplication Engine: Ensuring Uniqueness

Once the enrollment packet, containing both demographic and encrypted biometric data, is created, it is uploaded to UIDAI's central database, the Central Identities Data Repository (CIDR). [12, 13] This is where the critical process of de-duplication takes place to ensure that no individual receives more than one Aadhaar number. [15]

The process unfolds in two key stages:

Demographic De-duplication: The system first checks for duplicates based on demographic data to filter out obvious, non-fraudulent re-enrollments, such as when a person re-enrolls thinking their first attempt was lost. [13]
Biometric De-duplication: This is the core of the uniqueness check. The submitted biometrics (fingerprints and iris scans) are compared against the entire existing database by a sophisticated Automated Biometric Identification System (ABIS). [13] To ensure the highest accuracy, UIDAI employs technology from multiple vendors. [13, 16] If the system finds a match, the new enrollment is rejected, preventing the issuance of a duplicate Aadhaar. [15]

Only after an individual's biometric data is confirmed to be unique in the CIDR is a 12-digit random number generated and issued as their Aadhaar. [13] This number itself contains no intelligence; it does not profile individuals based on caste, religion, or geography. [3] It is simply a unique, verifiable digital key linked to a person's identity.

The Aadhaar Ecosystem: More Than a Card

The physical Aadhaar card, or its downloadable electronic version (e-Aadhaar) and more durable PVC version, is merely the representation of the underlying digital identity. [13, 17] The true power of Aadhaar lies in its authentication capabilities. UIDAI has built a massive, scalable architecture capable of handling hundreds of millions of authentication requests daily. [15, 19]

Authentication can be performed through several modes:

Demographic Authentication: Verifying identity by matching the Aadhaar number with demographic details like name and date of birth. [21]
OTP-Based Authentication: A One-Time Password sent to the resident's registered mobile number is used for verification. This is a common method for online transactions. [21]
Biometric Authentication: This is the most robust method, involving a live scan of a fingerprint or iris, which is then sent to the CIDR for a real-time "Yes/No" match against the stored data. [21, 22] No personal information is returned, only a confirmation of identity. [22]
Multi-factor Authentication: A combination of two or more of the above methods can be used for higher security transactions. [21]

This authentication ecosystem allows governments, banks, and other service providers to verify a person's identity instantly, anywhere, and anytime, forming the basis for a paradigm shift in service delivery. [19]

The Legal Gauntlet: Aadhaar in the Supreme Court

Aadhaar's journey has been marked by a relentless series of legal challenges that culminated in one of the longest hearings in the history of the Indian Supreme Court. [6] The core of the debate revolved around a fundamental conflict: the state's goal of efficient, leak-proof governance versus the individual's fundamental Right to Privacy.

The Early Challenges and the Rise of Privacy

The first legal challenge was filed in 2012 by retired High Court judge K.S. Puttaswamy, arguing that the project, then without any legislative backing, violated privacy. [4, 6] In response, the government argued that the Indian Constitution did not explicitly grant a fundamental right to privacy. [4] This led to a series of interim orders from the Supreme Court, starting in 2013, which stated that Aadhaar was voluntary and no person should suffer for not having one. [4, 8]

The legal battle took a historic turn in August 2017. A nine-judge Constitution Bench of the Supreme Court, in what is now known as the Puttaswamy I case, delivered a unanimous and landmark verdict, affirming the Right to Privacy as a fundamental right, intrinsic to the Right to Life and Personal Liberty under Article 21 of the Constitution. [8, 16] This judgment did not rule on Aadhaar itself but set the constitutional stage for the final showdown. It established the "triple test" for any law that infringes on privacy: it must be backed by law, serve a legitimate state interest, and be proportional. [1]

The Aadhaar Act and the "Money Bill" Controversy

While the court cases were ongoing, the government moved to provide legal sanctity to Aadhaar. In March 2016, it introduced the Aadhaar Bill in Parliament. Critically, it was introduced as a "Money Bill." [10] Under the Constitution, a Money Bill deals with matters of taxation or government expenditure from the Consolidated Fund of India. [11] Such a bill requires only the approval of the Lok Sabha (the lower house), where the government had a majority, effectively bypassing the Rajya Sabha (the upper house), where it lacked the numbers and faced significant opposition. [11, 15]

Opponents argued this was a "constitutional fraud," as the Aadhaar Act contained numerous provisions, particularly regarding data sharing and identity verification, that went far beyond the scope of a Money Bill. [11, 15] The government's defense centered on Section 7 of the Act, which makes Aadhaar a conduit for receiving subsidies and benefits paid from the Consolidated Fund of India, thus justifying its classification. [1]

The Landmark 2018 Judgment: Upholding and Limiting Aadhaar

After a marathon 38-day hearing, a five-judge bench delivered its final verdict on September 26, 2018, in the Puttaswamy II case. In a 4:1 majority judgment, the Supreme Court upheld the constitutional validity of the Aadhaar Act but with significant limitations. [2, 3]

What the Court Upheld:

Constitutional Validity: The Court found that Aadhaar served a legitimate state interest in ensuring that welfare benefits reach the deserving and passed the "proportionality" test. It was deemed a "document of empowerment." [1, 2]
Money Bill Status: The majority controversially upheld the Speaker's decision to classify the Aadhaar Act as a Money Bill, accepting the government's argument regarding Section 7. [1] Justice D.Y. Chandrachud, in a powerful dissenting opinion, argued this was a "fraud on the constitution" designed to bypass the Rajya Sabha. [15]
Mandatory for Welfare and PAN/ITR: The Court ruled that Aadhaar is mandatory for availing benefits of government welfare schemes and subsidies. [2, 17] It also upheld Section 139AA of the Income Tax Act, making it mandatory to link Aadhaar with a Permanent Account Number (PAN) and for filing income tax returns. [17]
No Surveillance State: The majority concluded that the architecture of Aadhaar, which collects minimal data and provides a "Yes/No" authentication response, did not create a surveillance state. [1]

What the Court Struck Down:

Section 57: This was a major victory for privacy advocates. The Court struck down Section 57 of the Aadhaar Act, which had allowed private corporations (like banks, telecom companies, and digital wallets) to demand Aadhaar for verification. [2, 17] This ended the mandatory linking of Aadhaar to bank accounts and mobile SIM cards. [3, 17]
Mandatory for Services: The Court ruled that Aadhaar is not mandatory for school admissions or for national examinations. [17]
Data Retention: The Court ordered the data retention period for authentication transactions to be reduced from five years to six months. [1]
National Security Exception: The Court read down Section 33(2), which allowed disclosure of data for national security reasons, ruling that such a decision must be taken by an officer of the rank of Joint Secretary or higher and must be subject to judicial review. [1]
Right to Complain: The Court noted that Section 47, which allowed only UIDAI to file criminal complaints for violations, needed amendment to allow individuals to file complaints as well. [1]

The verdict was a complex balancing act. It affirmed Aadhaar's role in India's welfare architecture while clipping its wings to prevent its overreach into the private lives of citizens and commercial exploitation of their data.

The India Stack: Aadhaar as a Foundation for Digital Transformation

While Aadhaar is often perceived as just an ID card, its true significance lies in its role as the foundational layer of the India Stack. This is a set of open Application Programming Interfaces (APIs) and digital public goods that aim to create a unified digital infrastructure for the entire country. [9] The vision is to enable a "presence-less, paperless, and cashless" service delivery system. [4]

The India Stack is conceived as a series of interconnected layers, each providing a specific capability:

The Presence-less Layer (Identity): This is Aadhaar itself. It provides a universal, biometrically verifiable digital identity that allows anyone to prove who they are, from anywhere, without needing to be physically present. [9]
The Paperless Layer (Documents & Consent): Built on top of the identity layer, this allows for the seamless and paper-free exchange and verification of documents. Its key components include:

e-KYC (Electronic Know Your Customer): Using Aadhaar authentication, individuals can instantly verify their identity and address for services like opening a bank account or getting a new SIM card, drastically cutting down on paperwork and time. [5, 7]

e-Sign: This facility allows any Aadhaar holder to digitally sign a document using OTP verification. [18] This electronic signature is legally valid, transforming how contracts and agreements are executed. [5, 18]

* DigiLocker: A secure, government-provided digital wallet where citizens can store and share official documents like driving licenses, vehicle registrations, and educational certificates. [5, 19] These documents are fetched directly from the issuing authorities and are considered equivalent to physical originals. [19]

The Cashless Layer (Payments): This layer facilitates real-time, low-cost digital payments. The flagship component is the Unified Payments Interface (UPI), a system that allows instant money transfers between bank accounts using a mobile device. [5, 9] While UPI is an independent system run by the National Payments Corporation of India (NPCI), its explosive growth was fueled by the millions of new bank accounts opened via Aadhaar e-KYC under the Jan Dhan Yojana program. [3, 7] Another component is the Aadhaar Enabled Payment System (AePS), which allows basic banking transactions at micro-ATMs using only Aadhaar authentication. [4]
The Consent Layer (Data Control): This is the newest and most sophisticated layer, designed to give individuals control over their personal data. It is governed by the Data Empowerment and Protection Architecture (DEPA) framework. [10, 15] DEPA introduces "Consent Managers," such as Account Aggregators (AAs) in the financial sector, which act as intermediaries. [10, 15] Through them, a user can grant, manage, and revoke consent for their data (e.g., bank statements, tax records) to be shared with a third party (e.g., a lender) for a specific purpose and a limited time. This aims to democratize data, allowing individuals and small businesses to leverage their own digital footprints to access credit and other services, transforming India from a "data-rich" to a "data-empowered" society. [10, 13]

Together, these layers of the India Stack create a powerful, open, and interoperable ecosystem that has spurred innovation in fintech, e-commerce, and governance, becoming a model that many other countries are now looking to emulate.

The Two Sides of the Coin: Successes and Failures in Welfare Delivery

The primary justification for Aadhaar has always been its potential to reform India's vast and notoriously leaky welfare system. The government has consistently championed it as a tool that plugs leakages, eliminates corruption, and ensures that benefits reach the intended recipients. While there is evidence to support some of these claims, a growing body of work from academics, activists, and journalists paints a more complex and often troubling picture of exclusion and hardship.

The Narrative of Success: Savings and Financial Inclusion

The government has credited Aadhaar-linked Direct Benefit Transfer (DBT) with generating massive fiscal savings.

LPG Subsidy (PAHAL Scheme): One of the most cited successes is the PAHAL (Pratyaksh Hanstantrit Labh) scheme for LPG cylinders. By seeding Aadhaar numbers with consumer accounts, the government claimed it eliminated a vast number of "ghost" and duplicate connections. Reports from 2014-2015 claimed savings of around ₹12,700 - ₹15,000 crore. [29, 45] The Petroleum Ministry has estimated total savings to be over ₹50,000 crore by curbing diversion and improving targeting. [22]
Financial Inclusion (Jan Dhan Yojana): Aadhaar and its e-KYC functionality were the cornerstones of the Pradhan Mantri Jan Dhan Yojana (PMJDY), a massive financial inclusion drive launched in 2014. [15, 21] This "JAM Trinity" (Jan Dhan-Aadhaar-Mobile) is credited with the opening of over 550 million bank accounts, bringing a huge portion of the unbanked population into the formal financial system. [15, 41] These accounts became the direct channels for DBT, which, as of March 2023, was estimated to have saved the government approximately ₹3.48 lakh crore in leakages across various schemes. [15]
MGNREGA: In the Mahatma Gandhi National Rural Employment Guarantee Act (MGNREGA), the government has argued that Aadhaar-based payments curb corruption by removing middlemen and ensure wages are transferred directly and transparently to workers' accounts. [42, 46]

The Counter-Narrative: Exclusion and Hardship

While the macro-level savings figures are impressive, a starkly different story emerges from the ground, particularly from the work of development economists like Jean Drèze and Reetika Khera. Their research, along with numerous other studies and reports, highlights how the rigid implementation of a technology-first solution has led to the exclusion of the most vulnerable.

Exclusion from the Public Distribution System (PDS): A large-scale Randomized Control Trial (RCT) in Jharkhand between 2016 and 2018 found that while Aadhaar-Based Biometric Authentication (ABBA) did reduce some leakage, it came at the cost of excluding genuine beneficiaries and increasing their transaction costs (e.g., multiple trips to the ration shop). [12, 18] The study found that for those who hadn't linked Aadhaar at the start, benefits were reduced by 10%. [18] Heart-wrenching stories, such as the reported starvation death of 11-year-old Santoshi Kumari in Jharkhand after her family's ration card was allegedly canceled for not being linked to Aadhaar, have become symbols of this exclusionary effect. [17]
Biometric Failures: A significant and persistent problem is the failure of biometric authentication. UIDAI itself admitted to a biometric failure rate of 6% for fingerprints and 8.54% for iris scans at the national level in 2018. [14] The problem is especially acute for the elderly, whose fingerprints fade with age, and for manual laborers, whose fingerprints are worn down by physical work. [44] In hot and humid climates, scanner reliability can also be an issue. [39] This leads to situations where legitimate beneficiaries are repeatedly denied their food rations or pensions because the machine cannot recognize them. [30, 44]
Connectivity and Seeding Errors: The system's heavy reliance on internet connectivity is a major hurdle in rural and remote areas. [28] Furthermore, errors in "seeding" (linking Aadhaar with the correct scheme database) and mapping it to the correct bank account have led to chaos. Wages for MGNREGA workers have been diverted to wrong accounts, sometimes without their knowledge, as was seen in the infamous case where payments were redirected to Airtel Payments Bank accounts opened using Aadhaar e-KYC. [10, 36] A 2024 report by LibTech highlighted that nearly 3.9 million MGNREGA payment accounts had been deleted due to issues with Aadhaar linking. [23]
Lack of Accountability and Grievance Redressal: While UIDAI has established a multi-channel grievance redressal mechanism, including a toll-free number (1947), an email address ([email protected]), and an online portal, its effectiveness on the ground is often questioned. [2, 4] For a marginalized individual facing authentication failure at a local ration shop, navigating these centralized systems can be a daunting task. The system often lacks clear accountability, leaving beneficiaries to run from pillar to post. [44]

Critics argue that the government's focus on savings from eliminating "identity fraud" (ghost beneficiaries) overlooks the more prevalent "quantity fraud" (dealers giving less than the entitled amount), which Aadhaar does little to solve. [12] They contend that the system, in its quest for technological purity, has created new forms of digital red tape and has ended up punishing the very people it was meant to empower. [28, 47]

The Spectre of Surveillance and Security Lapses

Beyond welfare exclusion, the most potent and enduring criticism of Aadhaar revolves around privacy and security. The creation of a centralized database containing the biometric and demographic information of over a billion people has been described by critics as the foundation for a potential surveillance state.

A 360-Degree Profile

The fear is not just about the data held by UIDAI, which is officially limited to basic identity information. The real concern stems from the process of "seeding" the Aadhaar number across numerous public and private databases. When Aadhaar is linked to bank accounts, mobile phones, tax records, travel bookings, and dozens of other services, it acts as a common thread that can be used to connect these once-disparate datasets.

Privacy advocates argue that this allows for the creation of a "360-degree profile" of an individual, tracking their financial transactions, location, communication patterns, and social interactions. Even if the Supreme Court has restricted mandatory linking for private services, the widespread voluntary (and sometimes coerced) use of Aadhaar continues to fuel this data aggregation. Economist Jean Drèze has called it a "quantum jump in the surveillance powers of the State," enabling a move towards "foolproof, total and permanent surveillance." [28]

A History of Data Breaches and Vulnerabilities

These fears have been compounded by a series of reported data leaks and security vulnerabilities that have cast serious doubts on UIDAI's claims of a secure and robust system.

The Tribune Investigation (2018): In a shocking exposé, a journalist from The Tribune newspaper was able to "purchase" access to the entire Aadhaar database for just ₹500 (approximately $7). The investigation revealed that anonymous sellers on WhatsApp were providing a gateway that allowed access to details like names, addresses, photos, phone numbers, and email IDs of any of the billion-plus Aadhaar holders. While UIDAI insisted that biometric data was not compromised, the incident exposed alarming vulnerabilities in the system's access controls.
State-Run Utility Leak (2017): Security researchers discovered that a website owned by a state-run utility company had publicly exposed the Aadhaar numbers and bank details of millions of pension beneficiaries.
Publicly Accessible Government Portals: On multiple occasions, various central and state government websites have been found to have inadvertently published lists of beneficiaries that included sensitive personal data along with their Aadhaar numbers, making them easily discoverable through a simple Google search.

While UIDAI has often downplayed these incidents, attributing them to third-party misuse rather than a breach of the core CIDR, critics argue that in a federated ecosystem, a vulnerability anywhere is a threat everywhere. A 2023 report from global credit rating agency Moody's highlighted these risks, stating that such centralized systems heighten the risk of data breaches and that the "reliability of biometric technologies... is questionable." [39]

Security Safeguards: Are They Enough?

In response to the mounting criticism and the Supreme Court's directives, UIDAI has introduced several security features aimed at giving users more control over their data and privacy.

Virtual ID (VID): This is a temporary, 16-digit random number that can be generated by an Aadhaar holder and used for authentication purposes instead of their actual Aadhaar number. The VID is mapped to the Aadhaar number in the backend but expires after a set time, preventing service providers from storing the permanent Aadhaar number.
Masked Aadhaar: This is a downloadable version of the e-Aadhaar where the first eight digits of the Aadhaar number are blacked out, showing only the last four digits. This can be used as a proof of identity without revealing the full number.
Biometric Locking/Unlocking: Users have the facility to "lock" their biometrics via the UIDAI website or app. When locked, biometric authentication will fail. The user must unlock their biometrics before any such authentication attempt, preventing potential misuse of their fingerprint or iris data without their active consent.
Aadhaar 2.0: UIDAI is working on "Aadhaar 2.0," a vision for the next decade that focuses on strengthening trust, adopting new technologies, and exploring international outreach. [This includes initiatives for face authentication with liveness detection to counter spoofing attempts and improving the de-duplication process.

Despite these measures, skeptics remain concerned. They argue that features like VID and Biometric Locking place the onus of security on the user, many of whom may lack the digital literacy to use them effectively. The fundamental debate continues: can a system of this magnitude, which centralizes the identity of a nation, ever be truly secure from state surveillance or malicious attacks?

Conclusion: A Foundation of Empowerment or a Double-Edged Sword?

Aadhaar is a project of breathtaking scale and complexity, a technological marvel that has fundamentally altered the landscape of identity and governance in India. It stands as a powerful symbol of the country's digital ambitions, a foundation upon which innovative solutions for financial inclusion and service delivery have been built. The government's narrative, backed by significant data on savings in welfare schemes like the LPG subsidy and the massive expansion of banking through Jan Dhan Yojana, presents Aadhaar as a transformative tool of empowerment and efficiency. [15, 22]

However, this narrative of success is shadowed by a persistent and deeply troubling counter-narrative. The voices of academics, the stories from the ground, and the data on exclusion paint a picture of a system that, in its pursuit of technological neatness, has often failed the most vulnerable. [11, 12, 44] The rigidities of biometric authentication, the challenges of connectivity, and the bureaucratic maze of error correction have, in many documented cases, turned a tool of inclusion into a barrier to essential, life-sustaining services. [10, 17] The denial of rations to the elderly, the stoppage of pensions, and the hurdles faced by manual laborers are not just "teething troubles" but systemic flaws that raise profound questions about the human cost of a digitally-driven welfare state. [34, 40]

Looming over it all are the specters of mass surveillance and data security. The very architecture that makes Aadhaar a powerful tool for integration—its ability to be the single, verifiable thread connecting myriad aspects of a person's life—is also what makes it a potential instrument for unprecedented monitoring. [28, 39] While the Supreme Court has attempted to draw a line in the sand, protecting citizens from mandatory private-sector use, the ever-expanding digital footprint of Aadhaar continues to fuel the debate on the delicate balance between security, convenience, and the fundamental right to privacy.

India's Aadhaar is, therefore, a grand, ongoing experiment. It is a double-edged sword that has simultaneously streamlined processes and created new forms of digital exclusion. It has curbed certain types of corruption while raising the risk of a centralized surveillance architecture. As the system evolves with "Aadhaar 2.0" and becomes a model for other nations, its true legacy will be defined not by the elegance of its technology, but by its ability to answer the most fundamental question posed by the Supreme Court: can it be truly responsive to its deficiencies and accountable to every single one of the billion-plus people it aims to identify? [30] The answer will determine whether Aadhaar is ultimately remembered as a foundation of empowerment or a cautionary tale of good intentions gone awry in the digital age.