NEWS
17/01/2019 1:54 PM IST | Updated 17/01/2019 2:22 PM IST

How Many Modis Does It Take To Teach A Villager To Use A Phone?

Rampant fraud has scuttled the PMGDISHA rural digital literacy scheme.

HuffPost India
PMGDISHA exam in progress at a government school at village Jamsher Khas in Jalandhar district of Punjab. 

 JALANDHAR, Punjab — The Pradhan Mantri Gramin Digital Saksharta Abhiyan (PMGDISHA) to make 6 crore rural Indians “digitally literate” is following the path of Prime Minister Narendra Modi’s most ambitious policies — grand announcement followed by quiet, unpublicised failure.

Under the scheme, private operators called Village Level Entrepreneurs, or VLEs, are meant to impart basic computer skills — how to send an email, how to transfer money online, how to use a smartphone — to 6 crore rural Indians by March 2019. The union government pays the operators Rs 300 for every  person who successfully passes a 25 minute test.

With the March 31 2019 deadline two months away , 99.25 lakh people — approximately one sixth of the intended target —  have been certified under the scheme at a cost of Rs 241.35 crore, according to figures provided to HuffPost india by the government. But what’s worse, evidence on the ground suggests the poorly designed scheme has been hit by widespread fraud.

In rural Punjab, HuffPost India found, operators have gamed the PMGDISHA scheme’s elaborate verification features with ease—implying many of the scheme’s “beneficiaries” remain digital-illiterates, while the VLEs make a quick buck. There is no way to estimate just how bad the fraud is because the government refuses to acknowledge that the scheme has failed.

The scheme’s failure also reveals how easily Aadhaar-based biometric authentication — marketed as the panacea to all leakages in every government scheme from food rations to booking an ambulance — can be subverted.

In short, the PMGDISHA has turned into precisely the sort of leaky, rent-seeking, scheme that Aadhaar-authentication was supposed to prevent. For instance, a 2017 survey by the Council for Social Development (CSD), a New Delhi-based independent research organisation, found a  quarter of the beneficiaries of the scheme, meant exclusively for rural India, were actually found to live in cities — suggesting the scheme is not reaching its intended targets. 

Anjali Bhardwaj of the Satark Nagrik Sangathan, a citizen group working on transparency and accountability, said she was unaware of the specifics of the PMGDISHA scheme but had observed similar forms of Aadhaar-related fraud in the distribution of food rations.

“Evidence on the ground suggests that Aadhaar is enabling a new form of  corruption,” Bhardwaj said. “Aadhaar can, at best, tackle only identity fraud, where an individual colludes with the system to be included multiple times in the list of beneficiaries.”

In the public distribution system, she said, most fraud occurred when unscrupulous dealers cheated on the quality and quantity of food grains supplied to the poor.

(In)Security features

The PMGDISHA scheme has elaborate security measures to prevent private operators from either training “ghost beneficiaries” — i.e. fake names and address who may not exist in real life —  or training the same people again and again.

To enrol a prospective candidate, the operator must log into the PMGDISHA portal, enter the candidate’s Aadhaar number and verify their identity either using biometrics, or a password sent to their registered phone or email id.

The candidate must then create an email id, and send an email to the scheme’s official email address  goahead@pmdisha.in. This verifies that the candidate has an email account and has learnt how to send an email.

The candidate must then make five digital transactions of Re 1 each to an account run by the CSC e-Governance Services India, the government body overseeing the project on behalf of the Ministry of Electronics and Information Technology (Meity), to qualify for the digital literacy test.

For the examination, a student sits before a computer with an internet connection, while an invigilator — often seated hundreds of kilometres away — monitors the process  via webcam.

Yet, in practice, the process is riddled with loopholes.

Loopholes

In August 2018, Anita Rani, a middle-aged woman armed with laptop, and a biometric reader, arrived at the government school at village Jamsher Khas in Jalandhar district to enrol them for a “free computer course”.

“A woman came to our school and registered us for some computer training programme,” said Nisha, a class 11 student who uses just one name. “She captured our Aadhaar details and  biometrics.”

The course was the PMGDISHA digital literacy certification programme, Rani was a village level entrepreneur — the private operator implementing the scheme — from a neighbouring village.

Nisha said the students next saw Anita Rani four months later in December 2018, when she arrived to administer the certification “exam”, HuffPost India was present in the school at the time.

Neither the students, nor Principal Ashok Basra, were prepared for her visit: What was the syllabus for this certification exam? When would they be provided training? How would the students give an exam they hadn’t prepared for?

Rani brushed away these concerns.

“Why to waste time when the same syllabus was already covered by the computer teacher in school?” Rani said.

What about the five digital transactions?

Rani had made the transactions herself on behalf of the students a day before the exam.

And the email ids? Some students already had email ids, the rest were generated by Rani herself. 

Rani connected her computer to the internet, and loaded the online exam module for the PMGDISHA. As HuffPost India looked on, the students lined up, sat before Rani’s laptop. While an “online” invigilator monitored the student via the laptop’s webcam, a young man who had accompanied Rani sat just outside the webcam’s frame and ticked off answers of some ‘difficult’ questions as they popped up on the screen.

Exam over, Rani packed up her laptop and left. The results, she said, would be available soon.

 

Rachna Khaira
The PMGDISHA scheme claims to have elaborate security features, including an online invigilator, but the private operators tasked with implementing the scheme have found a way to subvert each one of them.

Digital touts

Prime Minister Modi’s well-intended, but poorly designed, Digital India campaign — coupled with India’s raging unemployment crisis — has created a thriving industry of digital touts by empanelling VLEs, in essence poorly-paid private contractors, to serve as points of contact between the citizen and the state.

The resulting widespread fraud is a key reason why the Unique Identification Authority of India, the agency overseeing Aadhaar, abruptly reversed its policy of allowing VLEs to enrol people to the Aadhaar database in October 2017.

Each new “Digital India” announcement is followed by a wave of YouTube videos detailing just how to subvert it using software commonly available online. The PMGDISHA scheme is no different — where, as the case detailed above illustrates, operators simply need people to sign up once, and every single step can be subverted there after.

Fake email ids can be generated in bulk using online tools like Emkie.

“The usual way to verify an email is to send a link to the given email, which must be clicked,” said Anand Venkatanarayanan, and independent cybersecurity expert. “It is very surprising that the program used a method of verification of email where the candidate sends an email to a given email address, since faking “FROM” addresses are trivial and any one can do it.” 

The five digital transactions can also be gamed as trainers have discovered that the system accepts the reference numbers for any digital transaction not just fund transfers. 

“All we need to do is to use any of our Aadhaar-linked bank accounts and keep on checking the balance,” said a private trainer on condition of anonymity. “The transaction ids hence generated will be then written in the profile of the person.”

Rishikesh Patankar, Head of Education Operations for CSC e-Governance India, the agency overseeing the project, said a technical team traces the validity of email addresses and digital transaction ids on a “routine basis”.

“If the transaction IDs do not match with the records, the payment to the respective training partner/centre is put on hold and an enquiry conducted,” Patankar said. “An affidavit has been submitted by each of the Training partner and centre declaring that if they are found to be indulged/ involved in malpractices, their payment would be forfeited and recovery is to be made on SBI lending rates.”

Yet Patankar admitted that the transactions can be made either from the candidate’s account, a relative’s account, or from the trainer’s account — suggesting that government had no way fo actually verifying if trainers were simply conducting the transactions on behalf of the people they were training.

While the online exam can either be gamed in the manner observed in the government school at Jamsher Khas — by simply placing a person beside the candidate, just out of view of the webcam — more sophisticated operators have simply installed a dual screen on their computers, which allows them to seamlessly answer the questions on behalf of the candidate.

“While one screen faces the candidate, the other faces the VLE or his resource person,” said Gurpyar Singh, an operator in Karampura. “The candidate sits idle on the front chair,  it is the resource person who give exam on his behalf on the screen installed on the opposite side.”

The scam is now so widespread, operators said, that those with access to large numbers of potential candidates — like school principals — have started demanding a share of the Rs 300 paid by the government for every successful candidate. 

“Sometimes, even school principals also  demand a share to provide us access to their infrastructure and students,” said a private operator speaking on the condition of anonymity.  

Modiji knows best

While the officials in charge of the scheme insist their checks and balances are foolproof, MEITY had initially capped the maximum number of trainings per  private operator to 250 students — a tacit admission that the scheme was being widely misused. 

However, to boost the numbers’ it has recently increased the cap to 600 students per VLE.

“The entire scheme is run by private operators. There is no monitoring by district officials,” said Dr. N.S. Kang, the sarpanch of Khassan, a village in Kapurthala district.

Under the scheme, Dr. Kang said, each district was supposed to come up with a target number of people to be trained — yet no such rule was followed, leaving operators to harvest as many “digital illiterates” as they could find.  

“This looks like a custom designed scam masquerading as a scheme to generate certain outcomes using public money, for which the ministry must be held accountable,” said Venkatanarayanan, the cybersecurity expert.

Perhaps the greatest indictment of the scheme is even those who have received a digital literacy certificate are unsure of what to do with it.

“If Pradhan Mantri Ji is issuing a certificate, he sure is going to add some purpose to it,” said Sunita, a certified ‘Digital Literate’ citizen from Jalandhar.