Chip-Monks  ⁄  Specials

Aadhaar: Privacy Woes Mixed With Allure Of Convenience

02 May, 2017
Aadhaar Privacy Woes Mixed With Allure Of Convenience

If you’re an Indian, you’d know what Aadhaar is, and if you don’t, then welcome back from your protracted visit to Estonia.

In your absence, the Government spent caboodles of money creating India’s version of a Social Security number; well almost. While the name means “fundamental” or “foundation”, the import of the enrolment is basically to provide a unique identification number for each citizen.

It doesn’t really entitle you to much by way of government aid or medical benefits etc., but it does facilitate a number of important activities in current day India. First and foremost, the Aadhaar card has your unique identification number (yes your Passport, Voter ID, PAN all are unique, but this particular identification has more). It is the first government identification methodology that has your biometric and demographic information.

Biometric information includes your photograph, fingerprint, retina scan and identification marks, while the demographic information includes your residence address, date of birth and even your permanent phone number, to name a few.

The problem is, during it’s infancy itself, the Aadhaar protocol ran into several benefactors, and even more naysayers. The outcome? Contradictions and general insignificance.

Well, the current government is starting to change that.

What seems evident from the current government’s change in stance is that Aadhaar might just become India’s universally accepted identification document across all Government (and government-controlled sectors).

Is that a good thing? Well, read on.

They want to leverage the gargantuan database of over 1.14 billion people who have enrolled with Aadhaar, for various purposes, the implied intents of which are causing some amount of anxiety in the citizenry.

The changing stance is in contravention to earlier (and oft-repeated) assurances and public statements by the government that Aadhaar would not be made mandatory for essential services. Yet, moves like mandating the PAN card to be linked to the Aadhaar for filing tax returns, the re-verification of all phone numbers using Aadhaar by February 2018 as the prerogative of the telecom ministry, and the verification of university degrees using the Aadhaar by the UGC, come in direct contradiction of the Supreme Court’s order of 2015, suggesting that Aadhaar cannot be forced on people.

Feathers were ruffled when a honey trap was spotted.

There were changes to the the National Identification Authority of India Bill (2010) when the Aadhaar Act was introduced in 2016.

The seemingly innocuous changes actually have dubious ramifications.
Initially if you supplied your Aadhaar card as verification document for purchasing a service or an asset, the vendor whose was supplying such service or asset simply received a “Verification Passed” or “Verification Failed” intimation. This binary response carried no additional information towards the citizen or her demographics.

As per the revised Act, such vendors/suppliers can get access to much more information about the customer. In fact, the Unique Identity Authority of India (UIDAI) will share almost all of the customer’s information (thankfully, except your core biometric information, which translates to them not sharing your fingerprint and iris scan records).

Here are some pertinent extracts from the Acts in question. Note the differences in their coinage.

NIDAI 2010:The Authority shall respond to an authentication query with a positive or negative response or with any other appropriate response ~ excluding any demographic information and biometric information ~ .”

Aadhaar Act 2016:The Authority shall respond to an authentication query with a positive, negative or any other appropriate response sharing such identity information* excluding any core biometric information.

So, now, the repository of your information isn’t safe nor private – as the Unique Identity Authority of India is now mandated to share it’s data with various agencies and vendors who can simply request for the additional information, under unspecified and unverified causes.

Am I sensationalising the issue? No!

Once Aadhaar becomes an all-purpose, mandatory identification tool, your life will be very visible to the state. True, there are other ways to get the same information, but not as much as what UIDAI will be able to provide, simply and innocently. True, most of us don’t have a reason to fear such disclosure – but it’s not a matter of fear, its a matter of potential misuse which can’t be traced back to the originator of malicious acts, since your data would be available to innumerable agencies, vendors and unknown opportunists.

However, do not be disheartened – there are some silver linings of this change too.

Aadhaar is now being used by financial institutions as a means for you to pay online (via your registered biometrics), even at simple kirana shops.
You can now geographically transverse the country and your Aadhaar card will get you through most verification instances.
This is also convenient for parents with children who do not have a driving license yet – I can imagine the relief of parents of small children far from their abode of stored documents (like birth certificates) who now have the convenience of the Aadhaar card as a commonly recognised government-issued ID!

There’s more on the anvil.

In the coming months, according to the Civil Aviation Ministry’s report, it intends to make Aadhaar or the Passport mandatory as identity proof for flying domestically.
The reasons for doing so have been to cited as an attempt to cover security concerns across the spectrums – from national security to organized crime.

A primary insinuation has been suggested as the beginning of the creation of a no-fly list out of data received from these ID verifications and segregating offenders into four levels of offences ranked in terms of seriousness pertaining to criminal conduct up to instances of misbehavior with airline staff or fellow passengers.

Guruprasad Mohapatra (Chairman, Airports Authority Of India) reportedly said that a concept note on using Aadhaar to identify flyers has to be prepared. “It was felt a joint system be developed that can be replicated by all airports. Wipro has been asked to develop a concept note in this regard after consulting all stakeholders, including the JV airport operators. We are seeing what all airport processes can be made e-enabled“, he said.
He also added that the system would make security checks and airport screening hassle free and without any issues.

So why this article, and why are we concerned?

What seems worrying is that the Government is beginning to lay the tracks to be able to monitor your activities through data received while you are transacting, entering a location or boarding an airplane – thus making our privacy an important issue.

That is one topic, that the Government is clearly not interested in talking about. Nor about the security of that data.

Once Aadhaar becomes an all-purpose identification tool, your life will be completely transparent to the State, and we aren’t used to that. The antics of the United States’ NSA shows the level of intrusion such governmental access can enable. India has an even lower level of scruples when it comes to unscrupulous behaviour.

However, don’t be disheartened, there is another brighter side of this too. A Surveillance State can not only combat terrorism, crime, corruption but can also create databases of people who are habitual offenders and deny them access of services which have been assisting these individuals till now.

As long as the Government does not use it to crush democratic norms, attack civil rights of ordinary people or (especially) target political rivals to their own advantage, the Surveillance State might not be as much of a hassle as we are expecting it to be. Fingers crossed.