1. Questioning the safety of Aadhaar
GS Paper- 2, Right to Privacy, Govt Policies and Interventions, Constitution.
Context:
The Unique Identification Development Authority of India (UIDAI) chose to revoke the announcement two days after releasing an advice instructing individuals not to share photocopies of their Aadhaar Card. It added that the measure was taken to avoid any “misinterpretation” of the (withdrawn) press release, and that users should use “normal caution” when using/sharing their Aadhaar numbers.
What exactly is Aadhaar?
An Aadhaar number is a 12-digit random number provided by the UIDAI (Unique Identification Authority of India) to Indian residents who have completed the Authority’s verification procedure.
The Aadhaar number is a unique identifying number assigned to each person that can be verified online.
Any resident of India, regardless of age or gender, may freely enrol to receive an Aadhaar number.
The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act of 2016 specifies that Aadhaar authentication is required to access subsidies, benefits, and services funded by the Consolidated Fund of India.
In the absence of Aadhaar, the individual must be provided with an alternate and valid form of identification to guarantee that she or he does not get deprived away of authentication.
The Act specifies that secrecy must be preserved and that authenticated information cannot be used for purposes other than those indicated.
Furthermore, no Aadhaar number (or enclosed personal information) obtained from the bearer may be published, displayed, or uploaded publicly. Identity information or authentication records would be required to be supplied only in response to a High Court or Supreme Court order, or by someone of Secretary level or above in the interest of national security
Why is Aadhaar required?
To ensure good governance, effective, transparent, and targeted delivery of subsidies, benefits, and services from the Consolidated Fund of India to Indian residents through the assignment of unique identity numbers.
Aadhaar’s universality assures acceptance and acknowledgment across the country and among all service providers.
As a result, this number may be used to establish the fundamental, universal identification infrastructure upon which registrars and agencies across the country can build their identity-based apps.
It also has the potential to improve public-government confidence by reducing the need for multiple KYC (Know Your Customer) checks by various government entities when providing services.
It also makes it easier for individuals to obtain various services by producing documentation at various authorities whenever they are required.
The UIDAI’s centralised technological infrastructure enables ‘anytime, everywhere, anyway’ authentication. Aadhaar might therefore provide migrants with identity mobility.
By providing unambiguous confirmation of identification, it can assist the poor and underprivileged in accessing different government and private services.
It also assists individuals who do not have identity documents because it is the first kind of identification they may use.
Key Characteristics and Advantages:
One Aadhaar for one person – Because it is linked to an individual’s biometrics, it is protected from duplicates and fakes, ensuring that one Aadhaar number is assigned to only one person.
Portability – Because it is a universal number, it is simple for any agency or service provider across the country to validate a beneficiary’s identification by using the central Unique Identification database.
Inclusion of those who do not have current identity papers – People who do not have existing identification documents are frequently unable to obtain certain advantages that they would otherwise be able to obtain. Since the establishment of the Aadhaar number, many residents have gained access to a variety of advantages.
Authenticated and verified entitlement to beneficiaries – This service ensures that the entitlement is delivered to the intended beneficiary.
Safe direct benefit transfers — The UID-enabled-Bank-Account network provides a secure and low-cost platform for directly remitting payments to residents, avoiding the high expenses involved with benefit distribution today.
Aadhaar Privacy Concerns and Structural Issues:
All numbers obtained by authentication agencies are centrally maintained in the Aadhaar Data Vault. Its goal is to provide a dedicated facility for organisations to access information on a need-to know basis.
According to the latest report of the Comptroller and Auditor General of India (CAG), UIDAI has not identified any encryption technique (as of October 2020) to safeguard the same, nor a means to demonstrate that the companies were following to proper protocols.
It primarily relies on audit reports furnished by the entities themselves. Furthermore, UIDAI’s erratic track record with biometric authentication has hampered its de-duplication efforts, which guarantee that each Aadhaar Number created is unique.
According to the CAG’s report, in addition to the issue of multiple Aadhaar being issued to the same residence, there have been instances of the same biometric data being assigned to several individuals.
As of November 2019, over 4.75 lakh duplicate Aadhaar numbers had been revoked, according to the UIDAI’s Tech Centre. For remedial measures, the regulator depends on Automated Biometric Identification Systems.
The CAG determined that it was “ineffective” non finding and fixing leaks. Biometric authentications might be concerning, especially for handicapped and older persons whose iris and fingerprints are deteriorating.
The lack of an effective technology may act as a compelling reason for fraudsters to exploit their ‘databases.’
Identity correlation across domains- Using Aadhaar IDs that are valid across domains, it may be able to follow an individual’s activity across numerous domains of service. This would result in identifying without permission.
Absence of a clear data usage policy– The absence of a clear data usage policy and legal framework exacerbates the issue. Third-party agencies do not educate Aadhaar users about the purpose and constraints of their data usage.
Other difficulties include a lack of security against insider threats, a lack of virtual identities, and insufficient privacy measures, which may jeopardise individuals’ civil freedoms.
Is it feasible to steal identity with Aadhaar?
According to National Payment Corporation of India (NCPI) data, financial fraud totalled 6.48 crore in FY 2021-22, with 8,739 transactions involving 2,391 distinct individuals.
Since the commencement of the UID project, institutions and organisations have placed a higher emphasis on linking their databases to Aadhaar numbers, including bank accounts, in light of the mandatory connection for direct benefit transfer programmes.
The NPCI’s Aadhaar Payments Bridge (APB) and Aadhaar Enabled Payment System (AEPS) enable direct benefit transfer (DBT) and enables individuals to make payments using their Aadhaar numbers. This necessitates linking bank accounts to Aadhaar.
In answer to an RTI, the UIDAI revealed that over 200 national and state government websites openly showed information about certain Aadhaar beneficiaries, such as their names and residences. Both were made feasible due to a lack of strong encryption.
The UIDAI claims that simply having the bank account number is insufficient to withdraw money from the bank, and that an individual’s fingerprint, iris data, or OTP to a registered cell phone number is necessary.
According to CIS, brokers are known to acquire tens of thousands of Aadhaar papers from cell stores and other locations where the identifying document is circulated. Furthermore, service provider personnel have been detected stealing biometric information obtained only for Aadhaar authentication.
The Supreme Court Decision:
- In 2011, the Central Government launched the Aadhaar Card, a new identity card.
- The government gradually made the Aadhaar Card obligatory for a variety of benefit initiatives. Subsidized food through the Public Distribution System and the Mid-Day Meal Scheme, as well as guaranteed wage labour under the Mahatma Gandhi National Rural Employment Guarantee Scheme, are examples.
- However, Justice K.S. Puttaswamy, a retired Karnataka HC judge, challenged the Aadhaar system in the Supreme Court. He alleged that Aadhaar violated constitutionally given basic rights.
- His grounds for concern were the lack of proper privacy safeguards on Aadhaar usage and the violation of persons’ fundamental rights to benefit from government aid programmes if they do not present their Aadhaar ID, as well as the limitation of this right.
- On September 26, 2018, the Supreme Court ruled that the Aadhaar Act was constitutionally lawful.
- It decided that the Act strengthens marginalised segments of society by improving access to basic rights such as State subsidies.
- According to the Court, the Act does not contradict the basic rights granted by Articles 14, 15, 19, and 21.
- While the Act was found to be valid, specific provisions of the Act were found to be unconstitutional. It overturned most of its applications on privacy grounds and limited its reach to solely welfare and income tax payments.
Conclusion:
- Data sovereignty is important to us and it will not be compromised. The legislation on data protection is a “work in progress” and the government would bring in a comprehensive law after further consultations with the stakeholders.
- India in future will become the centre of data refinery and the government is taking due precautions in constructing the data protection law because the world is looking at India to take the lead on the issue.
