Aadhaar: India’s information war over ID cards

Supreme Court rules government must extend deadline linking cards to personal data as debate over privacy rages on.

A villager goes through the process of eye scanning for UID database system at an enrolment centre at Merta district in Rajasthan
Activists say the need for a biometric ID to access basic government services will disproportionately hit the poor [Mansi Thapliyal/Reuters]

New Delhi, India – India must extend the deadline linking a national ID card to banking, phone accounts and government services to the end of March 2018, the Supreme Court has ruled.

Friday’s developments renewed attention on the ambitious national identity card project, “Aadhaar”, which the government touts as the largest biometric ID card programme in the world.

The validity of the government’s orders – whether or not citizens can be forced to enrol, for instance – will be debated in the top court from January 17.

A massive breach of privacy in India?

The launch of Aadhaar combined with several high-profile leaks of citizens’ data have raised privacy concerns.

In August, the Supreme Court declared that privacy is a fundamental right, a move interpreted as a setback to the government’s plans.

The mandatory use of national identity cards and connecting them to accounts and mobile phones is being challenged at the top court.

The government says the project will lead to a “social revolution”.

“Within reach of the country is what might be called the 1 billion-1 billion-1 billion vision,” said Arun Jaitley, India’s finance minister, in August. “That is 1 billion unique Aadhaar numbers linked to 1 billion bank accounts and 1 billion mobile phones. Once that is done, all of India can become part of the financial and digital mainstream.”

Critics have warned that the public’s privacy is at risk, claiming Aadhaar cards would link a large amount of data, without clear safeguards for access or use by government or private companies.

They say that Aadhaar would allow authorities to create a full profile of a person’s spending habits, phone records, banking records, rail bookings, property ownership and a trove of other information.

‘You would cease to exist’

Karuna Nundy, a Supreme Court lawyer, said India’s poor, often denied access to social welfare schemes unless they can furnish an Aadhaar ID, are particularly vulnerable.

“People have starved to death because they were denied food entitlements for lack of Aadhaar,” she told Al Jazeera. “The Bhopal gas victims, who I represent in the Supreme Court, are being denied compensation without it. On the flip side you have easy identity theft and [the] government handing over citizens’ data to companies, and without consent.”

In Jharkhand’s Simdega district, an 11-year-old girl died of starvation in October, months after her family’s ration card was cancelled because they did not possess an Aadhaar number.

The biggest privacy risk is your entire identity being stolen and you ceasing to exist if your Aadhaar number is deactivated for any reason ... You basically become a nobody

by Srinivas Kodali, security researcher

“In November, 50-year-old Shakina Ashfaq died in Uttar Pradesh province, with her family alleging it was because the paralysed woman was unable to appear in person at a government ration shop to authenticate her Aadhaar card,” Nundy said.

It would be nearly impossible for poor, illiterate citizens to reconstruct their identities. Some may not even know if their identities were stolen in the first place, she added.

Srinivas Kodali, an independent security researcher based in Hyderabad, cited problems in the implementation and design of the project.

“The biggest privacy risk is your entire identity being stolen and you ceasing to exist if your Aadhaar number is deactivated for any reason,” he said. “You would cease to exist for any government department or private service provider. You basically become a nobody.”

In February, Kodali reported on an Aadhaar data leak from a government website, which saw the release of Aadhaar ID numbers for more than 500,000 people.

He complained to the Unique Identification Authority of India (UIDAI), the government department responsible for administering the Aadhaar programme, but did not receive a response.

“All I received were legal notices [addressed to the portal Centre for Internet and Society which published my report highlighting this breach],” he said.

Speak for me, a website launched this week, is asking citizens to register their complaints about being forced to link Aadhaar with phone, banking and other services. The platform allows Indians to write to legislators to argue on their behalf in parliament.

Government denials as leaks continue

By the time of publishing, UIDAI had not responded to Al Jazeera’s request for comment.

In November, UDAI’s chief executive Ajay Bhushan Pandey claimed that the cards would be invaluable in fighting bank fraud, which he said had resulted in a $3bn loss over one year.

“If every bank account was verified with Aadhaar then this would not have been possible,” he told a conference, according to reports.

UIDAI has admitted, however, that 210 government websites have mistakenly published several citizens’ personal data, including their ID numbers, names and addresses.

Aadhaar is a very safe and secure system ... Your biometric data is never shared with anybody else.

by Arvind Gupta, former head of PM Modi's IT team

In May, the Bengaluru-based Centre for Internet and Society said a central government ministry and a state government may have inadvertently exposed up to 135 million Aadhaar numbers.

“The privacy infringement that a law proposes to make must be proportionate to the purpose it seeks to achieve,” said a lawyer associated with the Aadhaar case, speaking on the condition of anonymity.

“Aadhaar, by design, does not have a specific purpose. For any purpose, whether it’s privacy versus security, privacy versus convenience, there are different trade-offs. But with a general-purpose database like Aadhaar, you cannot make those trade-offs. Therefore you can’t even test if a certain state action is proportionate.”

Members of the ruling Bharatiya Janata Party (BJP) say these fears are unfounded.

“Aadhaar is a very safe and secure system,” said Arvind Gupta, the former head of Prime Minister Narendra Modi’s Information Technology team.

“It has a double contract architecture for privacy by ensuring that the right people access the data that you would otherwise give on paper; you can now do it electronically. Your biometric data is never shared with anybody else.

“Of course people have to make it more safe, more secure. That is an ongoing process.”

Deadly violence against activists

The controversy comes amid deadly violence against those seeking to use India’s landmark Right to Information (RTI) Act, passed in 2005.

At least 65 RTI activists have been killed since the act was enforced in 2005, according to the Commonwealth Human Rights Initiative (CHRI).

At least 159 assaults and 179 cases of harassment and threats have also been registered in the same period by the organisation.

Those targeted included activists trying to expose sour government deals, from illegal sand mining and alleged tampering of electronic voting machines to corruption in local government.

Now, the government appears to be delaying laws that would strengthen the RTI Act and empower whistleblowers, activists have said.

“If you look at the Modi government’s record, it has been terrible,” said Nikhil Dey, an activist.

“The Lokpal [Corruption Ombudsman] Bill and the Whistleblowers Protection Act, which I call the RTI 2.0, aims at moving from transparency to accountability. It’s been three years of this government and the ombudsman has not yet been appointed.

“The Whistleblowers Protection Act is not being effected and the government is trying to put in terribly damaging amendments to this act. In a sense, the government is trying to stop the forward movement in this journey, even legislatively.”

The launch of Aadhaar combined with several high-profile leaks of citizens' data have raised privacy concerns [Mansi Thapliyal/Reuters]
The launch of Aadhaar combined with several high-profile leaks of citizens’ data have raised privacy concerns [Mansi Thapliyal/Reuters]

One proposed amendment, he said, would see information requests made by people who die before the request is fulfilled being cancelled, with the information never released.

“This, actually, would encourage people to be killed [by those seeking to suppress information],” said Dey.

Another proposed amendment allows applications to be withdrawn while still in process.

“That again opens doors to blackmail and threats,” he said.

The government’s refusal to release information about policies while seeking greater information from their citizens is worrying, critics say.

So far, the government has refused for example, to share details of decisions regarding India’s major demonetisation decision imposed last year. Queries around appointments to independent watchdogs such as the national auditor, comptroller, and the election commission have also been shot down.

Source: Al Jazeera