UIDAI proposal for SIM cards impacts privacy
It plans to use live pic along latitude, longitude, ID card.
Hyderabad: In a grave infringement of privacy, the Unique Identification Authority of India (UIDAI) and Department of Telecommunications (DoT) have announced a proposed process wherein live photographs along with location and time stamp will be captured for the purpose of issuing SIM cards.
On Friday, a joint statement said, “In fact, the DoT and UIDAI are in a process to bring out a completely hassle-free and digital procedure for issuing new SIM cards through a mobile app, which will be fully compliant of the Supreme Court judgement in the Aadhaar Case.”
“In the proposed process, a live photograph of the person with latitude, longitude, and time stamp will be captured. The photo of his/her ID such as Aadhaar card, voter ID, etc will be captured. The SIM card agent will be authenticated through OTP and a SIM card will be issued,” the statement read.
Taking the photo ID such as Aadhaar card for offline verification is against the Aadhar Act itself. The UIDAI had previously informed the apex court that it was not possible to track the Aadhar holder by location. Experts have said if this proposal is implemented, it will become a form of mass surveillance.
Ranjit Raj of Swecha FSMI said, “The proposal is another form of surveillance by UIDAI. If Aadhar data is leaked, users’ home locations or enrolment locations data will make them more vulnerable. We already know that the Andhra Pradesh government leaked-list of students who were availing minority scholarship and their GPS locations might help rioters to easily find and attack them. If Aadhar- linked data of pregnant women is leaked, then companies can find locations and use that data to sell their products.”
Furthermore, if in future, telecom companies decide to issue SIM cards at home, as part of customer choices, this adds to the mass surveillance by private companies.
Anivar Aravind, an internet researcher said, “The proposed solution mentions Aadhar in violation of the Supreme Court verdict again. Why is UIDAI still a part of mobile KYC even after the apex court clearly banned it? The solution has already been proposed by the court. Telecos have to delete the Aadhar data with them. Any new solution is after this point.”
However, another expert pointed out that it was too early to speak about the proposal as no circular had been issued and one could not speculate based on press statements and tweets of UIDAI.
Srinivas Kodali, an independent security researcher, said, “It is also hypothetical at this stage, there is no circular or order from UIDAI. If the UIDAI wants to build such proposals, people will go to court and get it turned down. We don’t know the specifics of it, until the architecture is made public and an official circular is issued.”
“We should simply assume that UIDAI is figuring out how to get out of the Supreme Court judgment. It may be they have accidentally included that. They could have just said UIDAI doesn’t collect the data but telecom companies are allowed to collect,” Kodali said. The UIDAI and DOT included the aforesaid proposal in the statement issued on Friday dismissing rumours that if a mobile number is Aadhaar KYC-compliant then it will be disconnected without fresh verification. It said, “The SC in its judgment in the Aadhaar case has nowhere directed that the mobile number which has been issued through Aadhaar KYC has to be disconnected.”