While Aadhaar promises to be a boon for delivery of government support, the concerns around privacy and data protection leave much to be desired
Sahil Makkar | New Delhi
April 5, 2016 Last Updated at 11:52 IST
The government is celebrating the completion of one billion Aadhaar enrollments. And while they grudgingly accept that the Congress initiated this path breaking identity programme, the BJP has been quick to take credit for implementing it rightly since they came to power in 2014.
As a reporter, covering this issue since its inception in 2009, I feel both pride and concern. Pride because Aadhaar has the potential of curbing perennial corruption if implemented in the right spirit and concern because I see how the technology framework has been built overriding the concerns of security and intelligence agencies as well as privacy advocates. These concerns are genuine and cannot be brushed aside.
A brief history of how we reached the one billion mark
In 2009, the UIDAI was created through a cabinet decision and it was asked to collect biometric details of 200 million Indian residents. Later its mandate was increased to 600 million. At the same time, the National Population Register (NPR), a wing under the Ministry of Home Affairs, was tasked to collect the biometrics of the rest of the residents and give it to UIDAI for de-duplication.
The NPR was supposed to use the de-duplicated data for creation of a citizenship register and issue a citizenship card according to the 2003 Citizenship Act.
The problem begins here
Both the NPR and the UIDAI started collected biometrics through their respective vendors (the NPR through PSUs and UIDAI mainly through private agencies) and hence their processes were poles apart from each other.
The NPR and the UIDAI accused each other of faulty data collection processes.
As a journalist having covered both the UIDAI and the NPR, it was evident that the UIDAI was in a hurry to complete the enrollment targets and had glossed over the security issues raised by the NPR. It was also observed that some private enrollment agencies were feeding wrong data to the system to make a quick buck. There were reports of Aadhaar being allotted to Lord Hanuman and Coriander leaves.
Moreover, it was also observed that it would be difficult to identify and prosecute those officers who fed the wrong information in the UIDAI system. On the contrary, the NPR system entailed the mechanism whereby the government officers could be held liable for letting wrong people get into the system. Though the NPR system was not foolproof either, it was still better than its counterpart.
Now through these two agencies, we have collected data for nearly one billion residents but no one can say for sure what percentage of these one billion residents are illegal migrants from Bangladesh, Afghanistan, Pakistan and Nepal, given the fact that they look similar to Indians and speak our languages. State subsidies are meant for Indian citizens, so despite having one billion enrollments and spending thousands of crores, the entire exercise seems futile.
The criticism that could be valid is misuse of biometric data by government agencies. Imagine a situation where you have gone to a rally to mark your protest against some social evils or government policies. You are among a large crowd of anonymous protesters.
You are anonymous in the crowd, except some high-resolution cameras could capture your movements. This capture by the camera per se is still not worrisome as the camera doesn’t know your name and address to be given to authorities. But what if this camera is capturing biometrics from a distance? Can these biometrics be matched with the database by the security establishment in real time? If yes, You are busted!
You could dismiss this as a fantasy but the German Defence Minister won’t. A hacker used hi-tech cameras to capture her biometrics data and showed how vulnerable the biometric based technologies are.
The idea is not to scare residents but to point out that such a thing cannot be discounted in the near future. Will a government that does not tolerate dissent not end up using such a system? Does the law provide enough safeguards against such misuse?
What could resolve this predicament are strong privacy and data protection laws on lines with the prevailing laws in the European Union.
Here is what Aadhaar could mean in the future:
1) The government would have the biometric details of every resident. It would be able to identify and deliver subsidies.
2) It could potentially profile protesters or agitators in the future that would increase their chances of being targeted.
3) It could mean more business for telecom companies whose systems will be used for SMS based authentication processes.
4) It could mean more business opportunities for companies providing biometric devices.
5) Potential savings of thousands of crores through plugging of leakages and weeding out of ghost beneficiaries.
