Karen Leigh & Surabhi Agarwal
The government has moved to create a legal basis for its ambitious project to provide all residents with numeric identity cards and guarantee the safety of demographic and biometric data being collected for it.
The draft National Identification Authority of India Act, 2010, was put up for public debate on Tuesday, and is likely to be introduced when Parliament convenes for its monsoon session.
The Act provides for the creation of the National Identity Authority of India to oversee the implementation of the Aadhaar project, but its jurisdiction will not extend to Jammu and Kashmir.
“This Bill will give the authority a legislative framework to function,” said R.S. Sharma, director general of the Unique Identification Authority ofIndia (UIDAI), the nodal agency currently overseeing Aadhaar.
Sharma said the Bill contains provisions that will make sure that sensitive data is protected and there are no hacking attempts. It lays down that “the authority shall ensure the security and confidentiality of identity information of individuals”.
UIDAI is collecting fingerprints and eye scans of all residents, along with other information, for Aadhaar.
The Bill “will also make sure that data related to a citizen’s caste or religion is not collected or chronicled”, Sharma added.
The Bill lays down that impersonation using Aadhaar data can lead to a three-year jail term and a fine of Rs10,000. Unauthorized collection or dissemination of identity information will also invite a three-year jail term, or a Rs1 lakh fine, or both.
The heftiest penalty of Rs1 crore along with three years’ imprisonment has been specified for unauthorized access to the central database, which will contain all individual details collected for Aadhaar.
Although the Bill lays down that no information stored in the database shall be revealed by UIDAI officials, it allows disclosure of personal information in a case of national security. Information can be disclosed on the direction of an officer of joint secretary level or above in the Union government, with the approval of the minister in charge.
But civil rights activists say the safety measures in the Bill are not enough.
“It doesn’t have any of the safeguards and provisions necessary to protect the rights of citizens. It’s only protecting the interests of the UIDAI,” said Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society and a critic of the Aadhaar project.
“They have criminalized an imaginary crime—if the technology were infallible, which is what they claim biometrics is, then you can’t create ghost identities. They’re saying that ghost identities will still be there; that the technology is, in fact, not foolproof.”
Rahul Matthan, founding partner of law firm Trilegal, said the Bill will give a legal basis to UIDAI for collecting data and allotting identities.
“Provisions in the Act on data protection are limited as it can’t be a substitute for an over-arching data protection legislation in the country, which will deal with all kinds of citizen data,” he said.
The Union government is mulling over a separate privacy Bill to safeguard individual data privacy, as reported by Mint on 21 June. The move is aimed at deflecting worries over the safety of the immense amount of data it proposes to collect about its citizens for various programmes, including Aadhaar.
karen.l@livemint.com
The draft National Identification Authority of India Act, 2010, was put up for public debate on Tuesday, and is likely to be introduced when Parliament convenes for its monsoon session.
The Act provides for the creation of the National Identity Authority of India to oversee the implementation of the Aadhaar project, but its jurisdiction will not extend to Jammu and Kashmir.
“This Bill will give the authority a legislative framework to function,” said R.S. Sharma, director general of the Unique Identification Authority ofIndia (UIDAI), the nodal agency currently overseeing Aadhaar.
Sharma said the Bill contains provisions that will make sure that sensitive data is protected and there are no hacking attempts. It lays down that “the authority shall ensure the security and confidentiality of identity information of individuals”.
UIDAI is collecting fingerprints and eye scans of all residents, along with other information, for Aadhaar.
The Bill “will also make sure that data related to a citizen’s caste or religion is not collected or chronicled”, Sharma added.
The Bill lays down that impersonation using Aadhaar data can lead to a three-year jail term and a fine of Rs10,000. Unauthorized collection or dissemination of identity information will also invite a three-year jail term, or a Rs1 lakh fine, or both.
The heftiest penalty of Rs1 crore along with three years’ imprisonment has been specified for unauthorized access to the central database, which will contain all individual details collected for Aadhaar.
Although the Bill lays down that no information stored in the database shall be revealed by UIDAI officials, it allows disclosure of personal information in a case of national security. Information can be disclosed on the direction of an officer of joint secretary level or above in the Union government, with the approval of the minister in charge.
But civil rights activists say the safety measures in the Bill are not enough.
“It doesn’t have any of the safeguards and provisions necessary to protect the rights of citizens. It’s only protecting the interests of the UIDAI,” said Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society and a critic of the Aadhaar project.
“They have criminalized an imaginary crime—if the technology were infallible, which is what they claim biometrics is, then you can’t create ghost identities. They’re saying that ghost identities will still be there; that the technology is, in fact, not foolproof.”
Rahul Matthan, founding partner of law firm Trilegal, said the Bill will give a legal basis to UIDAI for collecting data and allotting identities.
“Provisions in the Act on data protection are limited as it can’t be a substitute for an over-arching data protection legislation in the country, which will deal with all kinds of citizen data,” he said.
The Union government is mulling over a separate privacy Bill to safeguard individual data privacy, as reported by Mint on 21 June. The move is aimed at deflecting worries over the safety of the immense amount of data it proposes to collect about its citizens for various programmes, including Aadhaar.
karen.l@livemint.com
