The Big Picture: Is Aadhar data prone to misuse?
In the last few weeks several disturbing incidents centred on the Aadhar database have established the scope for widespread data leakage. Responding to these reports in social media, the UIDAI denied that there has been a breach of Aadhar data or creation of parallel databases. The government has said that the personal data of an individual in possession of the UIDAI is fully safe and secure and there is no misuse of Aadhar biometrics leading to identity theft or financial loss.
Any collection or compilation of a large amount of data, individual identity and fingerprints is always vulnerable given the increasing technical capabilities of state and non state actors. However, it has to be seen whether the incidents reported in the media are a part of larger pattern or individual incidence.
If any individual’s data is compromised at present, as per law there is no remedy that the person can go to the court. Only the UIDAI can go to the court. As per Section 43 of the Information Technology Act, the corporate body is responsible for the upkeep and protection of all the sensitive information. In this case, UIDAI or their agencies are responsible and liable for protection of the data. They should be criminally prosecuted if there is a breach of data. But, these provisions are not made in the Aadhar Act. There is no provision for compensation also for the person whose data is compromised. In western countries, there is a provision for penalty for those agencies involved in managing these databases.
Benefits of Aadhar:
- Aadhaar is an important tool of good governance and empowerment of people.
- It has helped more than 4.47 crore people open bank accounts through Aadhaar e-KYC.
- It has enabled the government to do Direct Benefit Transfers under various schemes including LPG subsidy.
- It has helped the exchequer save over Rs 49,000 crore during the last two and half years.
- Aadhaar-based Public Distributions System is benefiting people by ensuring that their food grain entitlement are given only to the deserving beneficiaries and are not sidelined by corrupt elements.
Taking into account the cost benefit analysis in case of Aadhar, unfortunately, India lost out on a big opportunity to pass protection laws for data which is present in UK, US or in countries which maintain such large databases. India has little societal consensus and understanding of privacy. Some activists did raise this matter but it did not work out. People are not aware of the privacy laws that exist in other countries and how it can be compromised. The right to privacy is not only linked to Aadhar. It is a much larger social debate. IT Act does talk about protection of data.
Three problems that arise are:
- These provisions for protection of data are not talked about in the Aadhar Act.
- Aadhar was passed as money bill so it is not giving the corporate entity status UIDAI and its agencies so that they can be held liable and prosecuted.
- Once Aadhar data is compromised, it cannot be changed like bank data such as ATM pin or net banking passwords because biometric details like fingerprints and iris scan cannot be changed.
UIDAI is continuously updating its security parameters and looking at the new threats in cyber space. It has also decided to have registered devices for capturing biometrics data and ensure that such biometrics will be encrypted at the point of capture itself. The Government needs to assure its citizens that right regulatory environment exists in the country which will prevent these kind of data breaches because the moment people give their personal details, they are making themselves vulnerable in the cyber world.