top of page
Search
Writer's pictureYouth Policy Review
Jul 27, 20204 min read

Aadhaar: A Breach Of Data Security?

The creation of a national identity system in developing countries started in the wake of a lack of identity documents. The gap in the availability of official documents created problems like poverty cycle and societal exclusion limiting access to education, health, banking, and opportunities for personal economic growth. Citizens in these countries have no standard means to verify their identification. The implications of this are tremendous and often unrecognized. Meanwhile, millions of dollars are lost, resources wasted, and opportunities for advancement are disappearing. This phenomenon has been recognized by various policymakers and stakeholders in the international community. Taking the issue into account, the Government of India in 2002, considered undertaking a national identity project. Based on the Review Committee's advocacy set up in 2003, a group of bureaucrats introduced the concept of a "Multipurpose National Identity Card" to serve as a record of citizenship. The potential for a "Multipurpose National Identity Card" led to the development of a national digital identity system or Aadhar to help improve the deliverance of the government and to reduce fraud and corruption.



India's Aadhaar consists of a 12-digit unique identity number (Unique ID) issued to every Indian resident by the U (UIDAI), the agency entrusted with this assignment. The UID links the person's demographic (name, address, date of birth, and gender) and biometric (photograph, two irises, and 10 fingerprint scans) data and stores this information in a centralized directory. A card is issued to the enrollee, and the identification number, along with the authentication (biometric or mobile-linked), forms the core for identification. Over 90 percent of the Indian population is now enlisted in the Aadhaar identification system, making about 1.2 billion people. A significant debate in India lies over how Aadhaar has been based on its affirmation towards inclusion. Proprietary point out that marginalized fraction of our country, who were previously denied from individual legal identity, now have access to a national identity, e.g., tribal populations in remote areas, transgender individuals, poor migrants, and the homeless.



One of the primary reasons why "legal identity for all" enjoys widespread acceptance, while "digital identity" creates debate, is the concern regarding privacy and information security. A paper-based system offers privacy through obscurity. Proceeding to a digitalized system can have permanent repercussions if there is a lack of safeguards or a holistic understanding of the issues involved. Even though there is consensus on the provision of "legal identity," policymakers worldwide, including organizations like the United Nations (whose Sustainable Development Goal 16.9, talks about digital identity), continue to debate upon the issue of “digital identity”, and rightly so. However, without adequate organizational protection and well-established democratic practices, such a system can result in a higher concentration of power in the government's hands, allowing scope for mismanagement and misuse. The Aadhaar in India was implemented without any data protection framework and privacy legislation, and such legislation in our country even today. Moreover, while the central cache of UIDAI has not been breached, the Demographic information gathered for issuing Aadhaar cards, and the Aadhaar number, have been subjected to multiple disclosures and scrutiny by government institutions through fraudulent means. In 2018, a journalist working for The Tribune was able to purchase access to data, for INR 500 (approx. US$7), to a gateway where she could enter any Aadhaar number and obtain the person's demographic details.


Commencement of framework laws and regulations is a necessary, but insufficient. The system, including its administrators, processes, and technology, must prioritize data privacy and sovereignty; enforcement mechanisms must also be as robust. One approach that holistically addresses these issues is the formulation of a 'National Digital Identity Framework' to define clear and valid security and data protection measures. Such a system can articulate the rights of individuals enrolled in a digital-identity framework, allowing for a potent regulator with adequate enforcement powers. The Indian government has drafted a Data Protection Bill, which addresses some of these critical issues. However, a considerable amount of government data, including any data required in the provision of government service, is spared from authorization under the Bill, as long as the data is "strictly necessary" for the usage of that function. The standard and how it should be executed is yet to be decided. The Data Protection Bill and other issues regarding the independence and degree of discretion ceded to relevant authorities under the Bill cast doubt on its ability to curb government misuse of its citizens' information.


Digital identity systems can likely be used as a boon and bane. With adequate safeguards in place, a well-designed system can facilitate civic empowerment and inclusion, unlocking significant economic value. However, issues regarding privacy, user consent, biometrics, and integration are still open to discussions in nations considering the enforcement of these mechanisms. A common link connecting the issues regarding the Aadhaar is that the users of the digital identity program must be kept central to the system's design, and digital identity should empower the masses, not the governments. Aadhar Policy can only generate impact within a broader institutional framework when it will prioritize the users' rights above other considerations.



References-

3. Section 19, The Personal Data Protection Bill, 2018.

McKinsey Global Institute, op. cit.


By-

Nandana Bhattacharjee (bhattacharjeenandana@gmail.com)


63 views0 comments

Recent Posts

See All

Comments

Post: Blog2_Post
bottom of page