Having grabbed our eyeballs, our fingerprints, Aadhaar now wants to use our face grabs for recognition - an announcement made at the beginning of the week when the Supreme Court is hearing the Aadhaar privacy issue. Does one smell an attempt to deflect the arguments about the weakness of UIDAI's security system by pushing new technology and arguing that if you can give your face to Apple (along with a thousand dollars), then why not to us?
Last week, if an effort to show that they were concerned about the security systems after a reporter from
The Tribune was able to buy data for Rs 500, UIDAI announced a huge cut back in the number of people who could access the system. But having had an open door policy for the last few years, this sudden shutdown seemed more of a publicity stunt to contain the damage before the Supreme Court's review than a real assurance that our personal data has not and cannot fallen into the hands of thousands people who could misuse it. In fact, what UIDAI is doing is a bit like TRAI tried to do when they said you could send a DND message to your service provider and you would not receive soliciting calls or SMSes! Tell us another.
To put the Aadhaar issue into perspective, we need to understand why the government is so keen - and why so many people are not - on access to the Aadhaar card. Even within the government, there are different reasons for wanting the Aadhaar linkage. The Income Tax department, having made an almighty mess of PAN cards by issuing them to anyone who applied from any address on any name, found itself drowned in PAN numbers that went nowhere and identified nobody - but allowed the nobodies to open bank accounts in fake names with these PAN cards. And so when demonetization came, and a deluge of banned notes arrived into accounts that linked to no one, the tax department sought refuge from with Aadhaar as a way to catch the "black marketeers". So they imposed the condition that PAN cards must link to Aadhaar and refused to accept tax returns without this.
And the Income Tax department wanted banks to do their work and get each bank account verified against the Aadhaar card for the user. Using a government notification as a tool, a barrage of e-mails and SMSes began threatening customers with dire consequences if they did not immediately rush to the bank and present their Aadhaar cards. Soon, other financial institutions including insurance companies, mutual funds and depositories joined in to coerce the poor consumer to share his privacy with thousands of people who had access to the Aadhaar system.
Similarly, the security services which have lived in absolute fear of people getting mobile phones against fake IDs, also had notifications issued demanding the man on the street rush to the nearest service providers' office and offer an Aadhaar card. Poor people, afraid of losing their one modern gadget and only means of communication, succumbed under this torrent of pressure without giving much thought to what they were losing. After all, we have always been a socialist
mai-baap nation which stood patiently in queue for ration cards, voter ID cards, driving licenses, passports, Aadhaar cards and even the forgotten (except in Assam) NPR. For each of these, we had to give mounds of self-certified documents to prove we were who we said we were. Maybe this was the equality that democracy was to bring to us - standing in queues surrounded by people of other castes, faiths and economic standing.
And thirdly, there were those agencies at the centre and in the states that wanted to use the Aadhaar card as a means of providing Direct Benefit Transfer (DBT) as is done for the LPG subsidy. This perhaps is the noblest cause - it was to save the drain on the exchequer through misuse and corruption and yet see that monies flowed to the most needy. And it is this that the government
claims has saved 30,000 crores of LPG subsidy (although this has been challenged in recent studies).
Like everything else, we have managed to make Aadhaar the antidote to all our ills and inefficiencies. It has become the counter to the failure and corruption that exists in our system and the bureaucrats' answer to everything: "We have checked their Aadhaar card so don't blame us". The apocryphal story is that you need an Aadhaar card to enter Corbett Park and if you don't have one, don't worry, there is a booth that will make you one, stick your photo in place of somebody else's and all you need to do is leave a credit card with them until you return.
So what's the big deal with the Aadhaar card? Why are the liberals so upset about the privacy issue? Or is it another anti-national trip that they are on, unworried about the security of the nation, the black marketeers and the cause of helping the real poor?
This is a fact: information that can be accessed on the net can be broken into. The biggest IT companies in the world have been hacked. So security of personal information is an issue.
So what's the information at stake? Aadhaar took your name, address, photo, fingerprints and eye scans (biometric data) into the UIDAI system making it the largest bank of verifiable data on any individual. To be able to hack that in today's world is like opening a gold mine, or more digitally, a crypto-currency bank.
But why should the Aadhaar system be so easily hacked? Partly because of the number of people that were given secondary access (if we were to believe UIDAI), thousands of centres appointed by them and state governments who could access people's data and make corrections; for this, they could download your Aadhaar card. For UIDAI to pretend that nothing "untoward" happened was silly. Why did they shut down all these accesses the day after the
Tribune story? According to various reports, more than a 1,000 operators have been black listed, 5,000 officials barred from access, 49,000 data entry licensors cancelled, some major corporates face FIRs for illegally storing Aadhaar data, and most shocking of all, the UP police found a
gang that had accessed and was faking Aadhaar cards in Kanpur. Finally, more than 210 government websites have accidentally displayed Aadhaar information on their websites.
The UIDAI defence is that they have the highest level of security and none of their core data has been breached in seven years of existence. Since UIDAI does not allow any third party or independent verification of what it is saying, there are huge doubts about whether this is true and the above breaches, as well as those reported by French and Australian security experts, seem to support the doubters. Given the steps that UIDAI has taken in the last week or so since the
Tribune access also tends to support the theory all is not safe at the UIDAI digital vaults. Frankly, the issue is whether to trust various levels of government and their appointees with so much data. As
Ronald Abraham has written:
Depending on the breadth of data sets seeded with Aadhaar, they can be merged to uncover a person's "food habits, language, health, hobbies, sexual preferences, friendships, ways of dress, and political affiliation".And then all this can be used to favour or disfavour particular groups.
Part of the problem with the Aadhaar issue, as with many other issues these days, is that the government does not want to hear, take into account or discuss anyone's else's view. So the Aadhaar bill was passed as a money bill (without approval of the opposition-controlled Rajya Sabha) and everything subsequently has been pushed through saying there is no worry and all is well.
With less than half of PAN cards and bank accounts as yet seeded with Aadhaar numbers, there seems to be enough cause for people to be able to exercise their right to whether they want to hand every Anil Kumar the keys to their Aadhaar data or not on the principal that this is private information and it is upto the individual and not the government to decide what to share and with whom. Hopefully, the Supreme Court hearing will encourage the government to find a less intrusive way to verify bank accounts and mobiles.
(Ishwari Bajpai is Senior Advisor at NDTV.)Disclaimer: The opinions expressed within this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of NDTV and NDTV does not assume any responsibility or liability for the same.