Aadhar made it easier than before. It is really a quality of life improvement.
The main issue is government requiring IDs even when it is not usually needed in other countries. Mostly in the name of security. This is the root cause. Aadhar is just the symptom.
However Aadhar does enable deeper breaches into privacy due to its unified nature and the way it is validated through government owned infrastructure. There is full tracking possible on all the services that the residents used.
If Aadhar was a self sovereign ID, then having a single ID is definitely a good thing. It keeps privacy intact while usable where needed.
Post Aadhaar, even though all of those IDs are still legal and acceptable under law, the govt has added so much friction on the non Aadhaar path that in practice those IDs are unusable.
In reality different IDs were accepted at different departments and there was no consensus. It was really a pain. If someone took ration card as valid, others wanted another ID. In some states it was even worse.
It is true that the government has indirectly made Aadhar mandatory, contrary to the spirit of supreme court order.
If Aadhaar makes it easier for people living near poverty to get say bank accounts, it'd trump the reservations I have. That's what made UPI possible - just about everyone today has UPI, even people begging for money sometimes have a QR code handy (at least here in Bangalore).
I agree that there are undeniable benefits from Aadhar. However, the issue is that the narrative from the govt has been that it's an either or situation. Either you have the convenience of Aadhaar, or you have privacy. This is unequivocally false. The solution isn't even technical. There are two simple, easily doable fixes which will deliver most of the benefits without significantly eroding privacy.
1. Ensure that legally valid ids other than Aadhaar are not treated as second class by any govt department. If a non Aadhaar id is refused, the reason must be given in writing. The problem is govt babus like the ease of Aadhaar and hence refuse to do the tiny bit of extra work needed on the non Aadhaar path.
2. Amend the Aadhaar act to ban the use of Aadhaar for anything except identity verification. If any personal data linked to Aadhaar is saved by a platform, then they are liable for leak of the data in the event of a breach.
Just doing these will enable the use of Aadhaar for it's original intent which was verifiable identity. The privacy degradation comes from using Aadhaar as a primary key for arbitrary storage of personal data, not from the existence of Aadhaar itself.
My point was that India should switch to a single card/id for everything, and get rid of everything else including the PAN card. Eventually make Aadhaar digital, and chip based so that it can hold your DL as well. It is it bad for privacy, Yes. But what a country should spend on protecting or preserving privacy is a function of where it is on the socioeconomic ladder. If a single ID helps 80% of Indians (a billion people) navigate the labyrinth of our bureaucracy, I'm ok with it, _today_.
Besides, simpler rules go a long way in reducing the power of govt departments (which we can agree on). It reduces cognitive overload for citizens, as well as for govt workers. Factor in where the rest of India stands in terms of education etc, the value of simple rules cannot be overstated.
As someone who values privacy, there are still ways to do it. You just have to invest a lot more energy and time into it though.
Post Aadhaar, even though all of those IDs are still legal and acceptable under law, the govt has added so much friction on the non Aadhaar path that in practice those IDs are unusable.
Aadhar is "identity", it is not a "card" of any kind though Indians have inherent love for collecting various cards for fun. I have my driving license, PAN, aapar, kisan and state government health insurance cards, labor department id card. I have few more in some drawer.
Once a person gets aadhar, it acts pretty much same as OAuth. You go to a hotel to get a room, Hotel by law is required to verify that your name and face match. You give your aadhar card to them which they scan on their computer and verify that your name matches your face. Because they are a hotel they have right to only verify that.
This is much more privacy preserving than what supreme court did. Because of Supreme Court, hotels no long bother to implement this and instead demand your passport and other identification, scan it and leave it in their system forever. They also are known to sell this data to other from time to time.
The technical idea behind was aadhar was similar to UPI. Government runs the core infra with basic APIs but private companies build apps on top of it. For example, say GPay builds aadhar interface where when you walk into a hotel to reserve a room, Gpay automatically generates a new aadhar number with permissions only to show your name, photo and age. Hotel system verifies that and stores a receipt. If in future government is investigating who stayed in which room, law enforcement can convert these receipts to identification.
This was a better model which would have unlocked a lot of potential. The government failed to argue the case correctly and supreme court acted more like an activist court.
I do think both Government and Supreme Court failed to show the correct user journey here.
In comparison, a Voter ID and PAN are both hologram protected and forgeries are easily detected.
W3C verifiable credentials do not require a singular identity source, they work perfectly fine with multiple issuers.
However for getting a new mobile connection the flow is similar to what op has mentioned. It seems one can get a mobile connection by not opting for face recognition, but the process is cumbersome. Similarly for property registrations fingerprints (atleast in some of the states) of the concerned parties is matched against the ones that are associated with their Aadhar.
Isn't this the problem vs the Supreme court judgement? Why does the hotel need to save this data forever?
A simple fix will be to make companies liable for leaks of personal data. That alone will incentivize then to delete personal data as fast as humanly possible.
