Imagine youre walking down the street and you point the camera on your phone at a crowd of people in front of you. An app superimposes on each persons face a partially-redacted name, date of birth, address, whether shes undergone police verification, and, of course, an obscured Aadhaar number.
OnGrid, a company that bills itself as a trust platform and offers to deliver verifications and background checks, used that very imagery in an advertisement last month. Its website notes that As per Government regulations, it is mandatory to take consent of the individual while using OnGrid, but that is a legal requirement, not a technical one.
Since every instance of use of Aadhaar for authentication or for financial transactions leaves behind logs in the Unique Identification Authority of Indias (UIDAI) databases, the government can potentially have very detailed information about everything from the your medical purchases to your use of video-chatting software. The space for digital identities as divorced from legal identities gets removed. Clearly, Aadhaar has immense potential for profiling and surveillance. Our only defence: law that is weak at best and non-existent at worst.
The Aadhaar Act and Rules dont limit the information that can be gathered from you by the enrolling agency; it doesnt limit how Aadhaar can be used by third parties (a process called seeding) if they havent gathered their data from UIDAI; it doesnt require your consent before third parties use your Aadhaar number to collate records about you
The Aadhaar Act and Rules dont limit the information that can be gathered from you by the enrolling agency; it doesnt limit how Aadhaar can be used by third parties (a process called seeding) if they havent gathered their data from UIDAI; it doesnt require your consent before third parties use your Aadhaar number to collate records about you (eg, a drug manufacturer buying data from various pharmacies, and creating profiles using Aadhaar).
It even allows your biometrics to be shared if it is in the interest of national security. The law offers provisions for UIDAI to file cases (eg, for multiple enrollments), but it doesnt allow citizens to file a case against private parties or the government for misuse of Aadhaar or identity fraud, or data breach.
It is also clear that the government opposes any privacy-related improvements to the law. After debating the Aadhaar Bill in March 2016, the Rajya Sabha passed an amendment by MP Jairam Ramesh that allowed people to opt out of Aadhaar, and withdraw their consent to UIDAI storing their data, if they had other means of proving their identity (thus allowing Aadhaar to remain an enabler).
Over 1 billion Indians enrol for Aadhaar:?How the govt plans to sign up the rest
But that amendment, as with all amendments passed in the Rajya Sabha, was rejected by the Lok Sabha, allowing the government to make Aadhaar mandatory, and depriving citizens of consent. While the Aadhaar Act requires a persons consent before collecting or using Aadhaar-provided details, it doesnt allow for the revocation of that consent.
In other countries, data security laws require that a person be notified if her data has been breached. In response to an RTI application asking whether UIDAI systems had ever been breached, the Authority responded that the information could not be disclosed for reasons of national security.
The citizen must be transparent to the state, while the state will become more opaque to the citizen.
How did Aadhaar become the behemoth it is today, with it being mandatory for hundreds of government programmes, and even software like Skype enabling support for it?
The first detailed look one had at the UID project was through an internal UIDAI document marked Confidential that was leaked through WikiLeaks in November 2009. That 41-page dossier is markedly different from the 170-page Technology and Architecture document that UIDAI has on its website now, but also similar in some ways.
In neither of those is the need for Aadhaar properly established. Only in November 2012 after scholars like Reethika Khera pointed out UIDAIs fundamental misunderstanding of leakages in the welfare delivery system was the first cost-benefit analysis commissioned, by when UIDAI had already spent ?28 billion. That same month, Justice KS Puttaswamy, a retired High Court judge, filed a PIL in the Supreme Court challenging Aadhaars constitutionality, wherein the government has argued privacy isnt a fundamental right.
The Article First Appeared In HINDUSTAN TIMES
Be Part of Quality Journalism
Quality journalism takes a lot of time, money and hard work to produce and despite all the hardships we still do it. Our reporters and editors are working overtime in Kashmir and beyond to cover what you care about, break big stories, and expose injustices that can change lives. Today more people are reading Kashmir Observer than ever, but only a handful are paying while advertising revenues are falling fast.