Concerns over data security and privacy in the programme must be addressed.
The former chairman of the Unique Identification Authority of India (UIDAI), Nandan Nilekani, wrote in these columns about ‘Why Supreme Court judgment on Aadhaar calls for an appeal’ (September 15). The need for a national identification card/ platform was first mooted in the Atal Bihari Vajpayee government, and Aadhaar was the UPA’s attempt at realising that vision. Aadhaar has been sold as a transformational scheme, but there are legitimate questions regarding design, data integrity, privacy and security. As one of the petitioners impleading in the Supreme Court matter referred to by Nilekani, and as one who understands the transformational potential of technology, I believe it is necessary to analyse the case presented in his article. Nilekani’s “first ground for appeal” against the interim order issued in August by the apex court is the freedom of individual choice. He states that one, enrolment in Aadhaar is voluntary, and that two, individuals granting permission for the UIDAI to share their information in a secure way with another system for their own convenience and benefit “hardly qualifies as a violation of their right to privacy”. This argument is grossly inaccurate. Let us test the claim that Aadhaar is a “voluntary” scheme. Back in September 2013, the apex court had ordered that no citizen should be denied government benefits for not having the Aadhaar card, that is, it could not be made mandatory. However, in blatant disregard for this order, the government single-handedly forced Aadhaar on citizens by making them require it to access essential public services. In October 2013, soon after the SC order, the UPA linked employee provident fund benefits to Aadhaar, only withdrawn after a backlash. Similarly the governments of Karnataka in 2013, Andhra Pradesh in 2014, and Puducherry in 2015 asked all ration card holders to produce their Aadhaar numbers to avail the PDS. The assertion that Aadhaar is “voluntary” is, therefore, typical doublespeak. As Jean Dreze has written, it is voluntary only in principle, and is actually turning coercive by incentivising or “fast tracking” the requests of users who provide Aadhaar numbers. The second claim — that enrolment in the scheme “hardly qualifies as a violation of their right to privacy” is disingenuous, as is a related assertion made in a later section, that the Aadhaar system, being a “federated structure”, “ensures privacy by design”. The Central Identities Data Repository, which is under the UIDAI, is a centralised database — that is, all demographic and biometric data is stored as one database. This is not a federated structure, and in the absence of a data protection legislation, is a ticking time bomb. The ramifications of central databases on the privacy of citizens are potent. The UIDAI has enlisted the services of several private subcontractors, including those that aren’t Indian or subject to Indian law for data collation, which exacerbates the threat to privacy. In a post-Edward Snowden world, and in the absence of adequate legal and technical safeguards to prevent leakage of data to unauthorised hands, there is no reason for Indian citizens to place their faith in the good intentions of vendors with no particular affiliation to our Constitution. Nilekani also argues about the freedom of the executive to frame policy. This argument has often been used by the executive, most often to duck scrutiny. It was a defence used in the infamous 2G and coal block allocation cases. And for a single, centralised body with a mandate as all-encompassing as Aadhaar, funded by taxpayer money, to exist for almost six years now without any legislative scrutiny and sanction is unacceptable. What is even more unacceptable is that the legitimate concerns and reports of errors and fake entries are not addressed at all. India needs to set up robust infrastructure to directly deliver welfare benefits to the poor. For better or for worse, we are stuck with the Aadhaar platform. This must be used to its full potential. This, however, does not mean questions about privacy and data integrity must not be answered. The government should bring a bill in Parliament and start a long overdue debate.
* The writer is an independent Rajya Sabha MP and a technology entrepreneur.