1. Why Centre will have to devise a comprehensive Aadhaar Bill and not a money bill to address challenges

Why Centre will have to devise a comprehensive Aadhaar Bill and not a money bill to address challenges

With 1,140,800,331 numbers generated as of April 2017, the “Aadhaar card” is the most ubiquitous identity document in India today.

By: | Updated: May 26, 2017 10:05 AM
trai, aadhar, Aadhaar eKYC, Aadhaar eKYC for internet, Aadhaar eKYC for broadband, ekyc, kyc, aadhar card, Telecom Regulatory Authority of India This government will need to devise a more comprehensive Aadhaar Bill and not a money bill to address these challenges. (Source: IE)

 

Aadhaar card is the most ubiquitous identity document in India today, with 1,140,800,331 numbers generated as of April 2017. Yet, the journey of Aadhaar has been riddled with controversy and debate since conception. On one hand, Aadhaar holds a lot of appeal to all authorities that see it as an efficient enabler of authentication and on the other, there are strident voices against it, pushing for stringent data security and privacy protocols.

In the middle stands our Supreme Court, which is still to give a final hearing on the PILs filed by Aadhaar opponents from 2012. While the Supreme Court’s interim order in 2015 has restrained the government from mandating Aadhaar for any benefits delivery, it referred the issues pertaining to the right to privacy to a Constitution Bench, which is yet to be constituted. Earlier this month, the Supreme Court heard pleas against the government’s latest move to compulsory link Aadhaar to PAN and income-tax returns, but, the judgement on this is still reserved. Finally, the pleas against mandating Aadhaar for 17 subsidies/benefits are also to be heard this month.

Also Watch:

Yet, this is India, and despite the restrictions placed by the Court, insistence on an “Aadhaar card” is fast becoming a de facto rule in many banks, government departments, schools, etc. At the same time, under the Direct Benefits Transfer programme, for which the Aadhaar Act was passed, Aadhaar seeding is yet to become universal—in its two biggest schemes MGNREGS and LPG subsidy (PAHAL) has crossed 80%; less than half the payments are being made through the Aadhaar Payments Bridge. There are clearly many ground level challenges in implementing universal Aadhaar seeding and payments authentication—basic connectivity issues, an inadequate readiness of bank agents and branches for digitisation/mapping, inadequate communication to the beneficiaries, etc.

Meanwhile, concerns on issues such as personal rights, state responsibility, and accountability are growing stronger. At this juncture, it is crucial to have a more open discussion on the wider use of Aadhaar, beyond it being an enabler of government transfers. While Aadhaar has the potential to ensure efficient public service delivery and to lower cost of transactions, a single identifier across databases can at once be a boon or a bane. The entire experience of giving a digital identity for all Indians has thrown up new challenges for us. We need more debate, inside and outside the Parliament, to work out the contours of the road that Digital India should take. The dialogue that avoids extreme positions and is open to all stakeholders can show us the way forward.

The need for such a dialogue is because questions that have been emerging are centred around Aadhaar, but have wider ramifications. For instance, a recent study by The Centre for Internet and Security showed that some government websites, in a bid for greater transparency, had put up information on Aadhaar numbers, bank accounts, etc, not realising that such dissemination was illegal and increased the risk of identity and financial fraud.

Then there are rising concerns about data security. Specifically, for Aadhaar, clear unambiguous responsibilities need to be fixed on those who handle the data, with heavy deterrents and penalties for breach and unauthorised usage. The Aadhaar Act, 2016, fixes the primary custodianship of the identity information with the UIDAI, but is silent on the liability in case of a data breach—in fact, UIDAI is not mandated to report breaches. For misuse by agencies handling the data, the Aadhaar Act sets out a paltry `10,000 fine (`1 lakh for a company), which is considerably lower than the penalty under the Information Technology Act, 2000, which sets a transacting party compensation of up to `5 crore for mishandling ‘sensitive personal data’.

Last but not the least, is the issue of “exclusion” of beneficiaries when authentication can fail due to multiple reasons—connectivity, fingerprints not matching, fraud by agents, etc. Rather than play down such concerns, it is advisable that the government set up strict audit protocols and redressal standards across all states that ensure that beneficiaries’ grievances are heard and addressed expeditiously. Grievance redressal is not limited to Aadhaar-enabled services, yet unless we aim to build up an atmosphere of accountability and transparency at the district/village level, and Aadhaar is a good place to start, vested interests will continue to get away with leakages and excluded voices will remain unheard.

Though most concerns regarding the project had been articulated before its introduction and were fairly well-known, the previous government did not lay out the requisite legislative cover for UIDAI. While the present government continued with the Aadhaar project, it did not take up the gauntlet of full legislation and instead passed the Aadhaar Bill in March 2016, as a money bill for government expenses. The critical problem with Aadhaar is that what was initiated as an authentication tool, has now become an identity proof across the board.

This government will need to devise a more comprehensive Aadhaar Bill and not a money bill to address these challenges. A comprehensive and open discussion on the critical need for modern governance for a comprehensive ID mechanism is essential. With all its warts fixed, Aadhaar is best suited to take on that role. All that it needs is a transparent legal framework to operate under, and this is best achieved through a bill, rather than Supreme Court judgements and case law.

  1. R
    Reader
    Oct 9, 2017 at 5:59 am
    A centralized and inter-linked biometric database like Aadhaar will lead to profiling and self-censorship, endangering freedom. Personal data gathered under the Aadhaar program is prone to misuse and surveillance. Aadhaar project has created a vulnerability to identi-ty fraud, even identi-ty theft. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of impersonation, especially online and banking fraud. Centralized databases can be hacked. Biometrics can be cloned, copied and reused. Thus, BIOMETRICS CAN BE FAKED. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can clone your fingerprints and iris images without your knowledge, and the same can be used for authentication. If the Aadhaar scheme is NOT STOPPED by the Supreme Court, the biometric features of Indians will soon be cloned, misused, and even traded.
    Reply
    1. R
      Reader
      Oct 9, 2017 at 5:58 am
      UK’s Biometric ID Database was dismantled. Why the United Kingdom's biometrics-linked National Identi-ty Card project to create a centralized register of sensitive information about residents similar to Aadhaar was scrapped in 2010?? The reasons were the massive threat posed to the privacy of people, the possibility of a surveillance state, the dangers of maintaining such a huge centralized repository of personal information, and the purposes it could be used for, and the dangers of such a centralized database being hacked. The other reasons were the unreliability of such a large-scale biometric verification processes, and the ethics of using biometric identification.
      Reply
      1. R
        Reader
        Oct 9, 2017 at 5:58 am
        The US Social Security Number (SSN) card has NO BIOMETRIC DETAILS, no photograph, no physical description and no birth date. All it does is confirm that a particular number has been issued to a particular name. Instead, a driving license or state ID card is used as an identification for adults. The US government DOES NOT collect the biometric details of its own citizens for the purpose of issuing Social Security Number. The US collects the fingerprints of only those citizens who are involved in any criminal activity (it has nothing to do with SSN), and the citizens of other countries who come to the US.
        Reply

        Go to Top