Skip to main content

Aadhaar - Key Issues and Analysis

The Bill aims to issue unique identification numbers to residents of India and to provide for a reliable method of identifying individuals. The UIDAI Strategy Overview states that identification will facilitate access to benefits and services, especially for vulnerable groups such as homeless persons, migrant labour etc. Issuance of biometric based identities is expected to reduce problems of identity frauds and ghost beneficiaries.

However, any database that stores personal information carries the risk of its misuse by various agencies (both public and private), which may affect an individual's privacy. The UK National Identity Card scheme was scrapped in 2011. Some of the main reasons cited for scrapping the scheme were the cost of implementing the scheme and the infringement of civil liberties. The Real ID Act passed by the US in 2005 has also been opposed by many states on grounds of privacy and threat to data security.

We discuss below the safeguards that are built into this Bill to protect Aadhaar holders against invasion of their privacy.

Enrollment - Voluntary or Mandatory
The Bill does not make it mandatory for an individual to obtain an Aadhaar number. However, it does not prevent any service provider from prescribing Aadhaar as a mandatory requirement for availing services. This differs from the US where government agencies cannot deny benefits to individuals who do nto possess or refuse to disclose their Social Security Number, unless specifically required by law.

However, it must be noted that the success of Aadhaar in weeding out 'ghost' beneficiaries (in programmes such as the public distribution system) depends on mandatory enrollment. If enrollment is not mandatory, both authentication system (identity card based and Aadhaar based) must coexist. In such a scenario, 'ghost' beneficiaries and people with multiple cards will choose to opt out of the Aadhaar system.

Safeguards for maintaining confidentiality and privacy of information
Information collected may be misused if safeguards to maintain privacy are inadequate. Though the Supreme Court has included privacy as part of the Right to Life, India does not have a specific law governing issues related to privacy. The government has formed a committee to draft a suitable law.

We examine whether the Bill has sufficient safeguards if information is 
a. shared with agencies engaged in delivery of public benefits and services;
b. disclosed to intelligence or law enforcement agencies; and
c. used to identify behaviour patterns through data mining.

Sharing Information with agencies engaged in delivery of public benefits and services
The Bill allows NIAI to share the information of an Aadhaar number holder, based on his written consent, with agencies engaged in the delivery of public benefits and public services. However, it does not specify whether consent should be taken only once or at each instance a person avails of a new service. A one-time consent may be prone to misuse and this may affect an individual's privacy.

Disclosure of information to intelligence or law enforcement agencies
The Bill requires the NAIA to disclose information (including indentity information of individuals) in the interest of national security. This will be on the direction of an authorised officer of the rank of Joint Secretary or above in the central government.

In 1996, the Supreme Court held that the state may tap telephones "only at the occurance of any public emergency or in the interest of public safety" if
a. it is authorised by the Home Secretary of th central or state government; and
b. it is for a maximum period of six months.
Each order of telephone tapping must also be investigated by a separate Review Committee within a period of two months from the date of issuance.

The safeguards for protection of privacy in this Bill differ from those set out for phone tapping. 
First, the Bill permits sharing in the interest of "national security" rather than for public emergency or public safety. 
Second, the order can be issued by an officer of the rank of Joint Secretary. 
Third, there is no limit for the time period for which the authentication data may be collected. 
Fourth, there is no mechanism for review.

Potential to profile individuals
The Bill does not specifically prohibit intelligence agencies from using the UID as a link (key) while running computer programmes across various datasets (such as telephone records, air travel records etc.) in order to recognise patterns of behaviour. Such techniques for pattern recognition can be used for various purposes such as detecting potential illegal activities. However, these can also lead to harassment fo innocent individuals who get identified incorrectly as potential threats. As a safeguard against misuse, the US had introduced (but not passed) a legislation that required each agency that was engaged in data mining to submit an annual report to Congress on all such activities.

Compensation for loss or unauthorised disclosure of information
The Bill requires all persons with access to Aadhaar related information to keep in secure and confidential. It prescribes penalties for unauthorised access or intentional disclosure of information. However, it does not penalise any negligence that leads to loss of information. Also, it does not have a specific provision to compensate an individual in case his personal information is misused. This differs from the Information Technology Act, 2000, which states that a company handling "sensitive personal data" is liable to pay compensation upto Rs. 5 crore if it is "negligent in implementing and maintaining reasonalble security practices and procedures" with respect to such data.

Conflict of Interest
The Bill states that no court shall take cognizance of any offence punishable under the Act, except on a complaint made by the NIAI. Such a provision is usually included to ensure that the regulatory body vets all complaints before a criminal charge is filed.

However, unlike regulators such as the Securities and Exchange Board of India or the Reserve Bank of India, the NIAI also has a role in implementation and its members and exmployees have duties related to data security. This could result in a conflict of interest situation if the offence is committed by an employee of the NIAI.

Discretionary powers under delegated legislation
Regulation of demographic and biometric information to be recorded
Demographic Information: The Bill empowers the NIAI to specify demographic information that may be recorded. The only restriction imposed on NIAI is that it shall not record information pertaining to race, religion, caste, language, income or health of the individual. Keeping this definition in the Regulations provides the NIAI with the power to collect additional personal information, without prior approval from Parliament.

It may be noted that the enrollment form currently being used contains fields for capturing information such as the National Population Register (NPR) receipt number, mobile number, bank account number etc. Though these fields are labelled "optional", it is unclear why this additional information is being recorded.
Biometric information: The definition of biometric information will be specified in the Regulations. Currently, the UIDAI is capturing 10 fingerprints, iris scan and photograph as biometric information of each resident. However, the Bill does not prevent it from collecting other biometric information such as DNA.

Storage of authentication information
The NIAI is required to maintain details of every request for authentication and response provided. The Bill does not specify the maximum duration for which authentication data may be stored by the NIAI. This has been left to Regulations. Authentication data provides insights into usage patterns of an Aadhaar number holder. Data that has been recorded over a long duration of time may be misused for activities such as profiling an individual's behaviour.

Different dates for notification of different clauses
Some clauses of the Bill provide the NIAI with the power to collect and maintain data. Some other clauses provide safeguards against misuse. The Bill contains a blanket provision that allows the central government to notify different clauses on different dates. There is no requirement that the safeguard clauses should come into force by the time the provisions enabling collection of data are notified.

Courtesy: PRS India

Comments

Popular posts from this blog

Aadhaar : Key Features

The National Identification Authority of India (NIAI) will issue identification number (called "Aadhaar" number) to residents of India and any other category of people that may be specified. The NIAI shall have a chairperson and two part-time members. Aadhaar Numbers Every resident of India (regardless of citizenship) shall be entitled to obtain an Aadhaar number after furnishing demographic and biometric information. Demographic information shall include items such as name, age, gender and address. Biometric information shall include some biological attributes of the individual. Collection of information pertaining to race, religion, caste, language, income or health is specifically prohibited. The Aadhaar number shall be issued after the information provided by the person is verified. It shall serve as proof of identity, subject to authentication. However, it should not be construed as proof of citizenship or domicile. The Aadhaar number holder may be required t

First Amendment Act, 1951

Empowered the state to make special provision for advancement of socially and economically backward classes Provided for the saving of laws providing for acquisition of the State, etc. Added ninth schedule to protect the land reform and other laws included in it and judicial review Added three more ground of restrictions on freedom of speech and expression viz., public order, friendly relations with foreign states and incitement to an offence. Also made the restriction reasonable and justiciable in nature Provided that state trading and nationalization of any trade or business by state is not to be invalid on the ground of violation of the right to trade or business

The legacy of Srinivasa Ramanujan

His work has had a fundamental role in the development of 20th century mathematics and his final writings are serving as an inspiration for the mathematics of this century On a height he stood that looked towards greater heights. Our early approaches to the Infinite Are sunrise splendours on a marvellous verge While lingers yet unseen the glorious sun. What now we see is a shadow of what must come. Sri Aurobindo, Savitri, 1.4 The story of Srinivasa Ramanujan is a 20th century “rags to mathematical riches” story. In his short life, Ramanujan had a wealth of ideas that have transformed and reshaped 20th century mathematics. These ideas continue to shape mathematics of the 21st century. This article seeks to give a panoramic view of his essential contributions. Born on December 22, 1887 in the town of Erode in Tamil Nadu, Ramanujan was largely self-taught and emerged from extreme poverty to become one of the most influential mathematicians of the 20th c