A chink in the armour
Before Aadhaar is fully deployed, the government must put data privacy laws and penalties in place. Pratik Kanjilal writes.india Updated: Mar 06, 2011 12:57 IST
The Aadhaar universal ID has been rolled out to general applause and will soon change our lives across the board. The project should accomplish its mission, which is to improve the delivery of rural welfare. It may liberate the poor and marginalised from the cash economy and give them access to formal finance and banking. And if the ID is made mandatory for big transactions, it may reduce money laundering and shrink the black economy. And yet, a crucial chapter is missing from this bestselling success story. The law protecting Aadhaar data from illegal access is yet to be written.
Remember 1991, when Manmohan Singh and P.V. Narasimha Rao topped the bestseller lists by opening up the economy? That success story had suffered because Singh neglected to write a crucial chapter on safeguards. Liberalisation without adequate controls and oversight spawned the Harshad Mehta scam, which wiped out the stock market, destroyed nascent public confidence in investing and damaged the reputation of leading banks and institutions, including the Prime Minister’s Office.
Two decades later, we are repeating history by rolling out the Aadhaar story to gushing reviews, but with a chapter missing again. It was supposed to lay down the law on privacy and data security. In India, electoral rolls have been used to target riots. We have seen profiling by religion, region, class and community — ask the Muslims, the Nagas, the very poor and the ‘criminal tribes’. The government is blasé about even the lowest form of data crime, mobile spam. However, it temporarily banned bulk SMSes before the Ayodhya judgement, so it’s not helpless in this matter. It’s just not very helpful. It’s increasingly disrespectful of the citizen’s privacy and, invoking the spectre of terrorism, wants to read our lives like an open book. In this atmosphere, implementing Aadhaar without privacy safeguards is as risky as liberalising the economy without market controls.
Nandan Nilekani, chairman of the Unique Identification Authority of India, has said that the agency only gathers identity data, which is already available with separate government agencies, adds biometrics and uses it to authenticate identity.
But that is a half-truth. Aadhaar already has a financial profile thanks to its welfare and banking functions. Besides, it will connect the dots between the data stockpiles of various government agencies. It will assemble fragmented data about individuals into comprehensive information and, through connections with the National Population Register and the National Intelligence Grid, it will allow government to generate the profile of anyone residing in India, right down to their travel patterns and spending habits.
Terrorists and thugs will get their just deserts, but should the rest of us be data-mined? Especially when we know that our data will be leaked or sold eventually, like our phone numbers are sold to spammers? Many countries have seen misuse of national identity data despite having legal safeguards like the European Directive on Data Protection or the US Federal Privacy Statute. And the Aadhaar system’s data safeguards are merely technical and procedural, not legal. Before it is fully deployed, we should enact umbrella legislation specifying penalties for illegal or arbitrary data access, whether by government, private parties or individuals. Until then, Aadhaar will remain a success story with a tragic flaw.
Pratik Kanjilal is publisher of The Little Magazine
The views expressed by the author are personal