The Indian legal community is currently on tenterhooks awaiting judgment from the Supreme Court about the compatibility of the Aadhaar system with the right to privacy, which is apparently due tomorrow. The case is made all the more interesting by the absence of an explicit right to privacy in the Indian Constitution. In this post, I will give readers a background look at what Aadhaar is, and the challenges it poses.
Aadhaar is a 12 digit unique identification code assigned to all those residing in India (including non-citizens), consisting of basic details like name and gender along with a person’s biometric information. It functions much like a social security number, and its purpose was to make the distribution of public welfare services more efficient. It is for this reason that despite Supreme Court orders, various government departments have since made Aadhaar mandatory for welfare schemes, filing tax returns, opening bank accounts, booking tickets, mobile services and many other aspects of life. This allows the government to have almost unlimited information about people’s lives.
The fear of misuse of data also stems from the fact that more than 8,500,000 Aadhaar numbers have been reportedly duplicated, faked or misused. Further, a number of government websites had open access to an elaborate list of Aadhaar subscribers along with their details. With such sensitive data easily available on the Internet, every Aadhaar beneficiary risks their personal details being circulated in spite of repeated assurances by the government that the data is secure. In addition, some Aadhaar data, like phone numbers and addresses, are already being given to and misused by giant corporate entities.
The potential threat to privacy with the coming in of Aadhaar has been understood since the inception of the project. It was in 2010, at the beginning of the project, that the UIDAI chief, Nandan Nilekani, wrote to the Prime Minister requesting him to put in place laws regulating the data due to be collected and protecting privacy rights linked to it. Despite the warning, no security measures were taken.
Critics see the Aadhaar program as a means of carrying out mass surveillance. Every state requires limited and selective surveillance for national security. However, linking Aadhaar to so many routine everyday activities would allow the government to have digitalized data about every Aadhaar holder’s life readily available. There is no balance drawn between privacy and national security.
Critics of Aadhaar object to the collection of biometric information as a violation of privacy rights for two primary reasons. Firstly, in order to get an Aadhaar number, a person has to give the State their biometric data. Since many social welfare schemes are accessible only with an Aadhaar number, people are in effect compelled to give their biometric information. Secondly, a biometric scan can be used to identify even those who do not consent to being identified, including the dead and the unconscious. The very act of collecting biometric information and using the data without consent infringes upon the bodily integrity of those in question.
Even if it were to be believed that the data is absolutely secure by encryption, the constant transfer of this data from one server to another makes it highly vulnerable. With new government departments making Aadhaar mandatory for welfare schemes, the data keeps getting transferred from one government department to the other, thereby creating a pathway for hackers to access this ‘highly classified and secure’ data. In the past year, many Indian government websites like that of the National Green Tribunal and the Electricity Commission have been hacked by rival countries and enemy groups. In times like these, any availability of Aadhaar data on government websites makes it highly prone to identity theft and financial loss.
Releasing someone’s personal information into the public domain and to companies is a clear interference with their privacy and hurts the dignity of the individual in question. In a democracy, it is the duty of the government to ensure free, secure and dignified life for all its residents. On top of that, living with constant fear of being watched by the State at every step disturbs the balance between national security and privacy. The highly insecure and unencrypted data can be used by the State to identify any of the subscribers, including those who chose to anonymously criticise the government. Unnecessary intervention by State at every stage could cause serious harm to the democratic health of the world’s largest democracy. It is out of the fear of mass surveillance and human rights violations that other democratic countries like UK, France and Australia have abandoned the idea of similar such projects. We await the judgment of the Supreme Court with interest.
Editor’s note: This is the first of three blogs on the Aadhaar right to privacy litigation, considering the context in which the Supreme Court must give judgment. Once the judgment is out, of course, the OxHRH Blog will also feature analysis of it.