UIDAI CEO Ajay Bhushan Pandey on Aadhaar, the revolution it has brought about, privacy issues and linkage, and how UIDAI is always open to suggestions to improve the Unique ID
Last Published: Wed, Jan 31 2018. 03 48 AM IST
Ajay Bhushan Pandey, chief executive officer of Unique Identification Authority of India, the Aadhaar issuing body. Photo: Pradeep Gaur/Mint
Today, Aadhaar is the most trusted ID and widely held unique identification system in India which has the facility of authentication online and offline anytime, anywhere. Aadhaar has empowered 1.19 billion Indians with a credible identity.
Nowadays, the fact is that Aadhaar inspires more confidence and trust between person-to-person and person-to-system than any other identity document in India. Almost every sixth person in the world holds an Aadhaar card.
Aadhaar—the 12 digit unique identification number—has tremendous potential to bring revolutionary transformation as it empowers people in myriad ways so that a sense of enhanced security and trust prevails in the life of people at large.
And all this is possible because of Aadhaar, its technology, its platform, its authentication infrastructure and its use as the verifiable identity. Aadhaar has enabled one-sixth population on this planet to prove irrepudiably that s/he is the one whom s/he claims to be and has brought in digital revolution in the life of every Indian.
True to its transformational potentials of cleansing the system of fakes, ghost and duplicates, Aadhaar has turned into a game changer in favour of poor. It has not only been able to create secure and safe environs where people can trust a person with his verifiable ID but has also been an instrument to curb black money, money-laundering, check on benami dealing and banking frauds, improved tax compliance, enhanced transparency in the system, hassle-free deliveries of service, ease of life and business, etc.
However, Aadhaar is often under attack from various quarters mainly on the misconceived grounds of surveillance or Orwellian design that may significantly alter the relationship between the state and the citizen, ill perceived data “breach” or leakages, so-called exclusions and denials, privacy invasion, etc. Let me dispel with due respect to the critics, some of the misperceptions.
At the onset, it is pertinent to know Social Security Number (SSN) story as to how one of the developed democracies United States of America introduced unique identification numbers to cleanse their system through an enactment in 1935 for a limited purpose of providing social security benefits during the Great Depression. Later, in 1942, it expanded the scope through an executive order which mandated all federal agencies to exclusively use SSN in their programs. In 1962, SSN was adopted as official Tax Identification Number (TIN) for income tax purposes. Further in 1976, Social Security Act was further amended to say that any State may, in the administration of any tax, general public assistance, driver’s license, or motor vehicle registration law utilize SSN for the purpose of establishing the identification of individuals and may require any individual to furnish SSN.
The mandatory use of SSN by the state did not go unchallenged in US courts which eventually held mandatory use of SSN to be constitutional. It was held by the Federal Court in Doyle vs. Wilson Case that “mandatory disclosure of one’s social security number does not so threaten the sanctity of individual privacy as to require constitutional protection.” In other cases, courts held that “requiring an SSN on a driver’s license application is not unconstitutional, nor is a requirement that welfare recipients furnish their SSNs” and “preventing fraud in federal welfare programs is an important goal, and the SSN requirement is a reasonable means of promoting that goal”.
In United Kingdom, too, almost every important service requires National Insurance Number (NIN). It is required from those who want to work, open bank accounts, pay taxes, want to receive child benefits, and even those who want to vote.
Arguing that neither SSN nor NIN is based on biometrics, critics object to collection of biometrics and the system of central number which can potentially link all the databases. They must understand, one, that the collection of biometrics by the state per se for a legitimate purpose is an established and incontestable practice sanctioned by law in India. One is statutorily required to give biometrics, if one wants a driver licence, sell or buy properties, or obtain a passport.
Two, that creating a system of central number in a central database by the state and widespread mandatory usage of such number and its linking in most citizen databases, be it SSN in the US or NIN in the UK that potentially enables the state to trace every person, has neither rendered their citizens vulnerable nor have made these countries surveillance states. Obviously, there are safeguards which prevent such things happening there.
Similarly in India, Aadhaar seeks to cleanse and upgrade systems to provide transparent and accountable governance with ease of business and life and accords the highest significance to the privacy of people.
No doubt, Aadhaar has enhanced government’s ability to directly connect, reach, and serve people which unfortunately are projected as increase in the state’s power and Aadhaar being perceived as an instrument of state surveillance. But Aadhaar Act and Regulations have strong safeguards which will prevent it from being used as an “electronic leash” or an “instrument of state surveillance”.
Please remember that Aadhaar is based on three core principles of minimal information, optimal ignorance and federated database, and therefore in its whole lifecycle, an Aadhaar database contains only that much information that you give to it at the time of enrolment or updation. It has your name, address, gender, date of birth/age and photograph and core biometrics (10 fingerprints and 2 iris scans). It also has your mobile and email, if you give. Also, the core biometrics is highly encrypted at the time of enrolment/updation and is never kept unencrypted and is never shared.
When people use Aadhaar for accessing various services, their information remains in silos of federated databases so that each agency remains optimally ignorant. The Unique Identification Authority of India’s (UIDAI) recent measures on Virtual ID, UID Token, and Limited E-KYC will further strengthen privacy.
Aadhaar does not collect or receive any information from any services provider or linking exercise be it your bank account or SIM or mutual fund or debit/credit card or shares or PAN, or your personal profile like your family, caste, religion, education, occupation, financial or property details, health records, etc.
And so far as UIDAI is concerned, it responds to such verification requests by replying either “Yes” or “No”. In few cases if required and the reply is “Yes”, UIDAI sends only your basic KYC details (name, address, photo, etc.) available with it. Thus, Aadhaar empowers people and not the state. Allegations of India becoming a surveillance or “Orwellian” state, with people’s right to dissent stifled are hence totally unfounded.
Furthermore, Aadhaar is legally backed by Aadhaar Act, 2016 which has strict provisions for privacy protection, data security and sharing, and also, stringent penalties for violation including three years imprisonment.
The Act covers the basic tenets of privacy protection measures relating to informed consent, collection limitation, and use and purpose limitation and sharing restrictions. More so, UIDAI—the Aadhaar issuing body—has zero tolerance policy against any violation of Aadhaar Act 2016.
UIDAI remains open to constructive suggestions and will continue to continuously review and strengthen its system for the empowerment of people.
Dr Ajay Bhushan Pandey is the chief executive officer of the Unique Identification Authority of India.
First Published: Wed, Jan 31 2018. 02 23 AM IST
