'Citizens’ groups are up in arms over the recently introduced National Identification Authority of India Bill.'
Manjula Sen finds out why.
Person or number?: A unique identity number will be
provide to each Indian citizen by the UIDAI.
The National Identification Authority of India Bill (NIAI), 2010, was introduced in the Rajya Sabha early this month, nearly two years after the Unique Identification Authority of India (UIDAI) was set up in February 2009. The UIDAI intends to provide a unique number to each resident in the country, a number which will “primarily be used as a basis for efficient delivery of welfare services.” Towards this end, a biometrics-based database of every Indian citizen would be maintained by the government.
The UIDAI was established by an executive order of the Union government, with its chairman Nandan Nilekani handpicked for the Cabinet minister-ranked job by Prime Minister Manmohan Singh. The pilot project called Aadhaar rolled out in September this year. The NIAI Bill is essentially aimed at making the UIDAI a legally sanctioned body and setting out its powers and functions.
Though the law is obviously necessary, several legal experts and citizens’ groups say that the bill leaves a lot to be desired. One major point of concern is that the bill does not offer enough safeguards against breach of privacy, profiling and “function creep”, the process where data collected for one function may end up being used for another purpose. In fact, the draft bill had called for checks against profiling, but this has been ignored entirely in is current version.
Again the bill does not clearly specify whom the ID number will be applicable to. It says the number would be given to “individuals residing in India and certain other classes of individuals.” Critics say that the term “certain other classes” is too vague and ambiguous to be acceptable.
In a detailed critique, the Centre for Internet and Society (CIS), a Bengaluru-based research and advocacy group, says that the term is a broad generalisation that lends itself to potential misuse. Narrowing the term to “individuals residing in India” would be much better, it argues.
CIS also points out that the bill seems to do more with the regulatory authority of the UIDAI rather than with measures to protect the rights and interests of citizens. “Lots of important details have been left to be defined by the UIDAI. This is dangerous because it affords it far too much discretionary powers. The bill only protects the interests of the UIDAI. It does not protect the rights of citizens and residents,” stresses Sunil Abraham, executive director, CIS.
Again, the proposed law does not contain adequate measures to redress transactional and system errors or fraud. Possible fraud scenarios include the misrepresentation of information, multiple registrations by the same resident, registration for non-existent residents, and so on.
Others point out that the loose language and intermixing of terms in the bill pose the threat that data will be collected and used for purposes other than those stated. The devil is in the detail, says Pratiksha Mehta, legal counsel for a consumer retailer. “The language of the bill is very generic, leaving scope for loopholes in the way data is accumulated and shared,” she says.
Another cause for concern is that the bill holds only the UIDAI accountable for violations. Rather, say critics, it needs to hold enrolling agencies (those that collect data), registrars, and other service providers entrusted with the job of collecting information accountable. Furthermore, the bill does not specify how enrolling agencies will be appointed. Nor is there any provision to penalise data collectors for misusing or sharing data. “There is zero data protection provision in the bill,” says Abraham.
Of course, the bill has its supporters too. They point out that it is actually an improvement on its draft version in some aspects. For instance, it now expressly prohibits the dissemination of any information that is stored in the Central Identities Data Repository (a centralised data base of a whole population). It also raises the level of authorisation for “disclosure of information in the case of a national emergency” from a single minister to a joint secretary equivalent in the central government specifically authorised to do so by an order of the Union government.
But the worries over the bill refuse to go away. Another major complication in the NIAI Bill is to do with biometrics. Enlisting for a UID number is meant to be voluntary. However, under the Citizenship Act, it is an offence not to provide biometrics information. “This is the legal loophole that the UID project is using to convert its so called ‘voluntary’ scheme into a mandatory surveillance project,” Abraham contends.
Again, while it does not explicitly bar denial of essential services in the absence of a UID, service and product providers such as insurance agencies, banks, telecom operators, the tax department and medical agencies could end up making UID a condition for availing of their services. And the law does not state explicitly that these agencies cannot do so.
“The winter session of Parliament is over and the UIDAI must urgently work in the direction of making Aadhaar/UIDAI constitutional,” fumes Praveen Dalal, who heads an information and communication technology law firm.
Dalal, who has written to various government agencies as well as to UID project head Nandan Nilekani, believes that Aadhaar or the UIDAI in its present form is “unconstitutional” primarily because neither the Aadhaar project nor the UIDAI is governed by any legal framework. “And their legal framework must be ‘constitutionally valid’, that is, it must pass the tests of Part III (Fundamental Rights) and other Parts of the Constitution of India.”
There was no response from Nilekani to an email questionnaire by this paper at the time of going to print.
In an online signature campaign against the bill addressed to the President and several public and government agencies, petitioners claim further anomalies: Personal and household data are being collected through the Census 2010 with a view to establishing a National Population Register (NPR). It is proposed to make this information available to the UIDAI. This is in contravention of Section 15 of the Census Act, which categori-cally states that information given for the Census is ‘not open to inspection nor admissible in evidence’.”
Clearly, with the entire UID project fraught with controversial issues related to citizens’ rights, the NIAI Bill and its provisions too will be hotly debated before they can come into being as law.
The UIDAI was established by an executive order of the Union government, with its chairman Nandan Nilekani handpicked for the Cabinet minister-ranked job by Prime Minister Manmohan Singh. The pilot project called Aadhaar rolled out in September this year. The NIAI Bill is essentially aimed at making the UIDAI a legally sanctioned body and setting out its powers and functions.
Though the law is obviously necessary, several legal experts and citizens’ groups say that the bill leaves a lot to be desired. One major point of concern is that the bill does not offer enough safeguards against breach of privacy, profiling and “function creep”, the process where data collected for one function may end up being used for another purpose. In fact, the draft bill had called for checks against profiling, but this has been ignored entirely in is current version.
Again the bill does not clearly specify whom the ID number will be applicable to. It says the number would be given to “individuals residing in India and certain other classes of individuals.” Critics say that the term “certain other classes” is too vague and ambiguous to be acceptable.
In a detailed critique, the Centre for Internet and Society (CIS), a Bengaluru-based research and advocacy group, says that the term is a broad generalisation that lends itself to potential misuse. Narrowing the term to “individuals residing in India” would be much better, it argues.
CIS also points out that the bill seems to do more with the regulatory authority of the UIDAI rather than with measures to protect the rights and interests of citizens. “Lots of important details have been left to be defined by the UIDAI. This is dangerous because it affords it far too much discretionary powers. The bill only protects the interests of the UIDAI. It does not protect the rights of citizens and residents,” stresses Sunil Abraham, executive director, CIS.
Again, the proposed law does not contain adequate measures to redress transactional and system errors or fraud. Possible fraud scenarios include the misrepresentation of information, multiple registrations by the same resident, registration for non-existent residents, and so on.
Others point out that the loose language and intermixing of terms in the bill pose the threat that data will be collected and used for purposes other than those stated. The devil is in the detail, says Pratiksha Mehta, legal counsel for a consumer retailer. “The language of the bill is very generic, leaving scope for loopholes in the way data is accumulated and shared,” she says.
Another cause for concern is that the bill holds only the UIDAI accountable for violations. Rather, say critics, it needs to hold enrolling agencies (those that collect data), registrars, and other service providers entrusted with the job of collecting information accountable. Furthermore, the bill does not specify how enrolling agencies will be appointed. Nor is there any provision to penalise data collectors for misusing or sharing data. “There is zero data protection provision in the bill,” says Abraham.
Of course, the bill has its supporters too. They point out that it is actually an improvement on its draft version in some aspects. For instance, it now expressly prohibits the dissemination of any information that is stored in the Central Identities Data Repository (a centralised data base of a whole population). It also raises the level of authorisation for “disclosure of information in the case of a national emergency” from a single minister to a joint secretary equivalent in the central government specifically authorised to do so by an order of the Union government.
But the worries over the bill refuse to go away. Another major complication in the NIAI Bill is to do with biometrics. Enlisting for a UID number is meant to be voluntary. However, under the Citizenship Act, it is an offence not to provide biometrics information. “This is the legal loophole that the UID project is using to convert its so called ‘voluntary’ scheme into a mandatory surveillance project,” Abraham contends.
Again, while it does not explicitly bar denial of essential services in the absence of a UID, service and product providers such as insurance agencies, banks, telecom operators, the tax department and medical agencies could end up making UID a condition for availing of their services. And the law does not state explicitly that these agencies cannot do so.
“The winter session of Parliament is over and the UIDAI must urgently work in the direction of making Aadhaar/UIDAI constitutional,” fumes Praveen Dalal, who heads an information and communication technology law firm.
Dalal, who has written to various government agencies as well as to UID project head Nandan Nilekani, believes that Aadhaar or the UIDAI in its present form is “unconstitutional” primarily because neither the Aadhaar project nor the UIDAI is governed by any legal framework. “And their legal framework must be ‘constitutionally valid’, that is, it must pass the tests of Part III (Fundamental Rights) and other Parts of the Constitution of India.”
There was no response from Nilekani to an email questionnaire by this paper at the time of going to print.
In an online signature campaign against the bill addressed to the President and several public and government agencies, petitioners claim further anomalies: Personal and household data are being collected through the Census 2010 with a view to establishing a National Population Register (NPR). It is proposed to make this information available to the UIDAI. This is in contravention of Section 15 of the Census Act, which categori-cally states that information given for the Census is ‘not open to inspection nor admissible in evidence’.”
Clearly, with the entire UID project fraught with controversial issues related to citizens’ rights, the NIAI Bill and its provisions too will be hotly debated before they can come into being as law.
