Threats galore for centralised data
A recent expose on the shortcomings of Aadhaar system ecosystem has triggered a debate on the safety of people's privacy.
Even as a Constitution bench of the Supreme Court is slated to hear the Aadhaar challenge on and from January 17, we have the scary report of a deputy director of the Unique Identification Authority of India (UIDAI) registering an FIR against The Tribune newspaper and its reporter for the report that said: ‘It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI, including name, address, postal code, photo, phone number and email.’
To add colour to this picture, Edward Snowden, the US fugitive who is under the protective custody of Russia after leaking classified information from the NSA, has waded into this controversy with this Tweet: ‘The journalists exposing the #Aadhaar breach deserve an award, not an investigation. If the government were truly concerned for justice, they would be reforming the policies that destroyed the privacy of a billion Indians. Want to arrest those responsible? They are called @ UIDAI.’
Liberals have gone to town that Aadhaar is the Big Brother of Orwellian 1984 fame. They say that when it was launched in 2009 it was meant to clean up the corroded public distribution system and ensure that genuine beneficiaries were the recipients. But the current government has spread its tentacles to make it mandatory and insist on linkages with PAN cards, bank accounts, insurance policies, mobile phones and even school admissions and it was an endless extension.
The availability of numbers and demographic data in centralised databases and disbursed ones as well, is a sure target for hackers, and in a data-leaky India, citizens run huge risks on several fronts.
While the government’s claim of saving Rs 57,029 crore is challenged as illusory and stated that net net, after costs, there would be no savings at all, the scarier allegation is that the creation of State Resident Data Hubs can enable governments to profile residents and can potentially become tools for discrimination.
What is the common man to make of this? Is Aadhaar good, bad or ugly? Has it come to stay? Or does it run the risk of being derailed midway by a court ruling? All these critical questions are awaiting answers.
There are huge legal implications regarding the privacy of the data. Because the data is now available in a long trail linking a person’s every habit, the government has total access to his entire record, including health, sexual preference, etc. The consequences of government agencies having access to all information on a person are not measurable, particularly when it comes to mala fide action. The protection would, however, come under Data Protection laws that will have to come into force so that the individual does not suffer. The scary part is not the legislation but the follow-up by courts and law enforcing authorities. How effective would that be once a person’s digital footprint has been exposed?
The current laws are not adequate to deal with such situations, which will not come under the existing provisions dealing with the Information Act and cybercrimes. The lawyer community would stress that it is important to put in the safeguards first, before insisting that Aadhaar be compulsorily provided for 150 services. Ideally, a person would feel obliged to present his data if he is deriving a benefit from the government. Can Aadhaar stop just there? Of course, the important thing is no one must have access to the entire digital data unless it is on a need-to-know basis.
Even so, while the naysayers can see ghosts in the imponderables, Aadhaar is not wanting in support. “It is a big deal that India has built a system that now has over a billion people with unique authentic IDs. People do not fully appreciate its power. It is going to be a great asset for India. I really have a soft spot for Modi for not throwing out something that wasn’t his idea. It was my friend Nandan Nilekani’s idea. But he kept it and pursued it,” said Thomas Friedman, who is a three-time Pulitzer Prize winner. And then the godfather of the platform Nandan Nilekani says, “Instead of having a larger conversation on data protection laws, Aadhaar was being demonised. India needs a modern data protection and privacy law, because today there are many, many sources of digital data. I use it all the time as a photo ID. The thing is that it’s also about convenience, right? See privacy and convenience go hand in hand. All of us give up a bit of privacy for convenience. When we use a smart phone, we’re giving up privacy for convenience. When we use an email account, we’re giving up privacy for convenience, and so on.”
With such cleavage of opinion, almost unbridgeable, what is the common man, who is directly impacted, to make of it? But to those trained in law, it would be no sacrilege or blasphemy or even contempt of court to express the opinion that the chances are of the Supreme Court upholding the Aadhaar legislation and even the mandatory implementation and yet directing the government to expedite the receipt of the report of the Expert Committee led by Justice B N Srikrishna on Data Protection Law and legislate on it. In short, the order may be to redress the faultines that the digital platform may be infected with before implementation.
The reason is quite simple. As on date, cyberworld is in our homes and lives 24 x7 and 365 days a year. We live, breathe, order, eat, function, even exercise and medicate ourselves on it. If so, mere access to the mobile and internet have meant that our demographic profile is well and truly out in the open already and as Facebook and Twitter/WhatsApp maniacs, there is nothing new to leak. So India needs Aadhaar. But it needs a comprehensive and sound data protection legislation too. The trick lies in balancing the two rather than trashing the Aadhaar platform as if it was a Big Brother in the making.