ADVERTISEMENTREMOVE AD

Leave Aadhaar Alone and Focus on a Strong Privacy Law, Shall We?

Lashing out at Aadhar is a futile effort as the issue is that of a standard privacy law for India.

Mayank Mishra
Updated
Opinion
5 min read
story-hero-img
i
Aa
Aa
Small
Aa
Medium
Aa
Large
Hindi Female

A recent visit to an RTO (regional transport office) in Ghaziabad was nothing short of a nightmare. Files would not move without the help of touts. While ordinary residents like me had to wait for hours in a queue for their turn to give biometric details like fingerprints and photographs, a side counter was always available for some VIPs or influential touts. After endless paperwork, followed by two rounds of the office and shelling out a few thousand rupees, I did manage to get the licence. But the whole experience was traumatic, to say the least.

However, getting myself enrolled for unique identification number called Aadhaar was a different experience altogether. One visit, minimal paperwork, few minutes at the counter was all that it took to get the entire thing done. The executive overseeing the operation was polite and cooperative making me suspicious whether I had reached the right centre or not. The suspicion stayed till I checked my enrollment details at the Unique Identification Authority of India (UIDAI) website.

Lashing out at Aadhar is a futile effort as the issue is that of a standard privacy law for India.
(Photo: iStock/Altered by The Quint)

Similar work and two contrasting experiences! I was made to furnish the same set of documents at both the places. While we never crib about the safety of documents and biometric details given to RTO because it is managed by government officials, there is such a hue and cry about infringement of privacy with regard to details given for Aadhaar through private agencies.

ADVERTISEMENTREMOVE AD
Snapshot

Safeguarding Our Privacy

  • Biometric-based authentication ensures that any transaction cannot happen without an individual’s consent thus, empowering him in a way.
  • Data aggregation is not possible as the UIDAI does not keep anything except the logs of authentication.
  • Data submitted is in encrypted form and the probability of breaking through to access data is very low.
  • There might be privacy-related issues for which we need a standard privacy law.
  • UIDAI must be credited for achieving a rare milestone, that of enrolling one billion people in record time.
0
Lashing out at Aadhar is a futile effort as the issue is that of a standard privacy law for India.
(Photo Courtesy: Aadhar Card Kendra)
ADVERTISEMENTREMOVE AD

Backed by Legislation

Now that a much-needed legislation has been cleared by the government to give legal sanctity to the UIDAI, the same set of concerns are bound rise again: why yet another identity card? Does Aadhaar violate privacy? Why involve private players in an exercise as important as this one? Etc.

Let us look at the privacy issue. One is required to furnish seven details while enrolling for Aadhaar: name, age, gender, address of communication, photograph, fingerprints and iris. The biometric details like fingerprints and iris are required to establish uniqueness of identity. Isn’t that a mandate of the Unique Identification Authority? How else can it establish a database of unique identities?

Biometric-based authentication entails participation of the concerned individual in the process. Nothing can happen without his/her consent. If no transaction can take place without his consent, it empowers him and not take away any right.
Lashing out at Aadhar is a futile effort as the issue is that of a standard privacy law for India.
(Photo: iStock/ Altered by The Quint)

Consider a different scenario. All of us are required to provide proof of identity in physical form to avail different services. Can we ensure that such papers once submitted will not be misused? We keep hearing reports of how someone got hold of a mobile sim card with fake identity proof or someone checking in at a hotel using someone else’s identity proof.

None of that is possible with Aadhaar. Every transaction using Aaadhar as proof has to be authenticated by the user. The user gets an instant message when an authentication takes place. Isn’t that empowering?

ADVERTISEMENTREMOVE AD
Lashing out at Aadhar is a futile effort as the issue is that of a standard privacy law for India.
(Photo: iStock/ Altered by The Quint)
ADVERTISEMENTREMOVE AD

Data Sharing Not Allowed

Whatever little I know about the UIDAI, it does not allow search or data download and no information can be shared just by giving the Aadhaar number. Data aggregation –which may be misconstrued – is not possible as the UIDAI does not keep anything except the logs of authentication. It does not know what the authentication was used for. Data submitted is in encrypted form and the probability of breaking through to access data is very low. Aren’t these features meant to protect the privacy of data?

There are many domains – like making of driving licence and passport – which take biometrics but do not do anything with it later. In other words, the biometrics are never used to de-duplicate and hence, theoretically, it is possible to get multiple driving licences. It is a sheer national waste.

There is also no privacy of biometrics in these domains. They are just lying in some places. On the other hand, the enrolment process of Aadhaar ensures that the biometrics are encrypted immediately after submission. Hence, they can never be stolen and used as they are not available in a non-encrypted form, at any time. The data is encrypted with a 2044-bits encryption, which is one of the highest encryption standards and is almost impossible to break.

ADVERTISEMENTREMOVE AD
Lashing out at Aadhar is a futile effort as the issue is that of a standard privacy law for India.
(Photo: iStock/ Altered by The Quint)
ADVERTISEMENTREMOVE AD

Standard Privacy Law

This is not to suggest that we should lower our guard on privacy issues. We must be ready to protect our privacy at any cost. For that to happen, we need to have a standard privacy law (there is none at the moment) that should be applicable to all organisations – government or private – that have anything to do with storage of data of individuals.

Why single out Aadhaar? Just because it adopted the best practices from the government and private sector? If it had remained an ideal-typical government organisation, the UIDAI would not have achieved the kind of things it has in its uncertain existence of nearly seven years. The UIDAI is close to achieving a rare milestone of enrolling one billion people in record time and at a fraction of the cost. 

At a time when we are talking about ‘minimum government’ in our lives, let us welcome many more organisations like the UIDAI which can be controlled by the government but is imbued with the energy of the private sector. Otherwise, we will continue to go through the horrors of RTOs.

(The writer is Consulting Editor, Business Standard, and contributes regularly to The Quint on politics and contemporary issues)

Also read: Aadhar Scheme Collects Biometric Data of 99 Crore Indians

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

Read Latest News and Breaking News at The Quint, browse for more from opinion

Topics:  Aadhar card   UIDAI 

Published: 
Speaking truth to power requires allies like you.
Become a Member
3 months
12 months
12 months
Check Member Benefits
Read More
ADVERTISEMENTREMOVE AD
Stay Updated
ADVERTISEMENTREMOVE AD
More News