After the passage of the Finance Bill with 40-odd amendments, the issue that has grabbed our attention is how linking Permanent Account Number (PAN) with Aadhaar is going to deal a blow to the ‘idea of India’. That the linking will lead to an invasion of our private domain on a scale never experienced before.
One commentator has gone to the extent of saying the threat of omnipresent Aadhaar will affect the privacy of a citizen, and it would enable the government to “turn off and on” its power to grant citizenship. It was never Aadhaar’s mandate to be a citizenship card. The Supreme Court, incidentally, ruled on Monday that Aadhaar could not be made mandatory for availing government welfare schemes.
We should be alarmed by the several surreptitious amendments passed along with the Finance Bill. The one giving unlimited powers to Income Tax officers is certainly one of them. It allows taxmen to search, raid, and confiscate property at will. All that the taxmen needs is the “reason to believe”, with no rational explanation required to be given to anyone.
What is more, the amended provision can be applied retrospectively — from 1962 onwards, for the purpose of assessment, and 1975 onwards, for confiscation of property. The amended provision has the potential to turn the clock back to an era when the amount of tax collected used to be very paltry, but tax officials took the opportunity to fleece.
No Transaction Possible Without Consent
But why is linking Aadhaar to PAN viewed as a retrograde step? Aadhaar, since its inception, has followed a minimalist approach where it collects very little data. One is required to furnish only seven pieces of data: name, age, gender, address of communication, photograph, fingerprints and iris scan.
Biometric details such as fingerprints and iris are required to establish uniqueness of identity. Isn’t that the mandate of the Unique Identification Authority of India (UIDAI)? How else can it establish a database of unique identities? Biometric-based authentication entails participation of the individual concerned in the process. Nothing can happen without his/her consent. If no transaction can take place without his/her consent, it empowers him/her and not take away any right.
Consider a different scenario. All of us are required to provide proof of identity in a physical form to avail different services. Can we ensure that such papers, once submitted, will not be misused? We keep hearing reports of how someone procured a mobile SIM card with fake identity proof or someone checking in at a hotel using someone else’s identity proof.
None of these will be possible with Aadhaar. Every transaction using Aadhaar as proof must be authenticated by the user. The user gets an instant message when an authentication takes place. Isn’t that empowering and not invasion of privacy?
No Data Aggregation at UIDAI
The UIDAI does not allow search or data download and no information can be shared just by giving the Aadhaar number. Data aggregation – which is liable to be misused – will not be possible as the UIDAI does not keep anything except the logs of authentication. The UIDAI does not know what the authentication was used for. The data submitted is in encrypted form, and the probability of breaking through to access such information is very low. Aren’t these features meant to protect the privacy of data?
There are many domains – issuance of driving licence and passport, for instance – which take biometrics, but do not do anything with them later. In other words, the biometrics are never used to de-duplicate and hence, theoretically, it is possible to get multiple driving licences. It is sheer national waste. There is also no privacy of biometrics in these domains.
They just lie in some place. On the other hand, the enrolment process of Aadhaar ensures that the biometrics are encrypted immediately after submission. Hence, they can never be stolen and used as they are not available in a non-encrypted form at any time. The data is encrypted with a 2044-bit encryption, which is one of the highest encryption standards and is almost impossible to break.
Data Tracking Possible Even Without Aadhaar
If data aggregation is not possible with the UIADAI, how will linking it to the PAN database expose us to constant government glare? In any case, PAN is linked to bank accounts and all banking transactions can therefore be tracked.
Data on any cash deposited above Rs 50,000 is collated, and data on all high-value transactions are tracked and there is digital trail of all transactions made through debit and credit cards. Tracking is done even without linking any of these to Aadhaar. How will additional linking suddenly make us vulnerable? On the contrary, since Aadhaar establishes uniqueness of identity, it secures us from someone else using our identity to indulge in fraudulent activities.
Incidentally, Nandan Nilekani, the then chairman of UIDAI, had written to the Prime Minister way back in 2010, suggesting the need for a data protection and privacy law. The law has been in the making since then. It is unfair to blame Aadhaar for lack of legislation.
My only concern, however, is that Aadhaar was conceived with a view to streamline the welfare delivery system. Let it remain that alone. Using Aadhaar for anything and everything may take us to an unchartered territory beyond everyone’s control.