Aadhaar card is the most ubiquitous identity document in India today, with 1,140,800,331 numbers generated as of April 2017. Yet, the journey of Aadhaar has been riddled with controversy and debate since conception. On one hand, Aadhaar holds a lot of appeal to all authorities that see it as an efficient enabler of authentication and on the other, there are strident voices against it, pushing for stringent data security and privacy protocols.
In the middle stands our Supreme Court, which is still to give a final hearing on the PILs filed by Aadhaar opponents from 2012. While the Supreme Court’s interim order in 2015 has restrained the government from mandating Aadhaar for any benefits delivery, it referred the issues pertaining to the right to privacy to a Constitution Bench, which is yet to be constituted. Earlier this month, the Supreme Court heard pleas against the government’s latest move to compulsory link Aadhaar to PAN and income-tax returns, but, the judgement on this is still reserved. Finally, the pleas against mandating Aadhaar for 17 subsidies/benefits are also to be heard this month.
Yet, this is India, and despite the restrictions placed by the Court, insistence on an “Aadhaar card” is fast becoming a de facto rule in many banks, government departments, schools, etc. At the same time, under the Direct Benefits Transfer programme, for which the Aadhaar Act was passed, Aadhaar seeding is yet to become universal—in its two biggest schemes MGNREGS and LPG subsidy (PAHAL) has crossed 80%; less than half the payments are being made through the Aadhaar Payments Bridge. There are clearly many ground level challenges in implementing universal Aadhaar seeding and payments authentication—basic connectivity issues, an inadequate readiness of bank agents and branches for digitisation/mapping, inadequate communication to the beneficiaries, etc.
Meanwhile, concerns on issues such as personal rights, state responsibility, and accountability are growing stronger. At this juncture, it is crucial to have a more open discussion on the wider use of Aadhaar, beyond it being an enabler of government transfers. While Aadhaar has the potential to ensure efficient public service delivery and to lower cost of transactions, a single identifier across databases can at once be a boon or a bane. The entire experience of giving a digital identity for all Indians has thrown up new challenges for us. We need more debate, inside and outside the Parliament, to work out the contours of the road that Digital India should take. The dialogue that avoids extreme positions and is open to all stakeholders can show us the way forward.
The need for such a dialogue is because questions that have been emerging are centred around Aadhaar, but have wider ramifications. For instance, a recent study by The Centre for Internet and Security showed that some government websites, in a bid for greater transparency, had put up information on Aadhaar numbers, bank accounts, etc, not realising that such dissemination was illegal and increased the risk of identity and financial fraud.
Then there are rising concerns about data security. Specifically, for Aadhaar, clear unambiguous responsibilities need to be fixed on those who handle the data, with heavy deterrents and penalties for breach and unauthorised usage. The Aadhaar Act, 2016, fixes the primary custodianship of the identity information with the UIDAI, but is silent on the liability in case of a data breach—in fact, UIDAI is not mandated to report breaches. For misuse by agencies handling the data, the Aadhaar Act sets out a paltry `10,000 fine (`1 lakh for a company), which is considerably lower than the penalty under the Information Technology Act, 2000, which sets a transacting party compensation of up to `5 crore for mishandling ‘sensitive personal data’.
Last but not the least, is the issue of “exclusion” of beneficiaries when authentication can fail due to multiple reasons—connectivity, fingerprints not matching, fraud by agents, etc. Rather than play down such concerns, it is advisable that the government set up strict audit protocols and redressal standards across all states that ensure that beneficiaries’ grievances are heard and addressed expeditiously. Grievance redressal is not limited to Aadhaar-enabled services, yet unless we aim to build up an atmosphere of accountability and transparency at the district/village level, and Aadhaar is a good place to start, vested interests will continue to get away with leakages and excluded voices will remain unheard.
Though most concerns regarding the project had been articulated before its introduction and were fairly well-known, the previous government did not lay out the requisite legislative cover for UIDAI. While the present government continued with the Aadhaar project, it did not take up the gauntlet of full legislation and instead passed the Aadhaar Bill in March 2016, as a money bill for government expenses. The critical problem with Aadhaar is that what was initiated as an authentication tool, has now become an identity proof across the board.
This government will need to devise a more comprehensive Aadhaar Bill and not a money bill to address these challenges. A comprehensive and open discussion on the critical need for modern governance for a comprehensive ID mechanism is essential. With all its warts fixed, Aadhaar is best suited to take on that role. All that it needs is a transparent legal framework to operate under, and this is best achieved through a bill, rather than Supreme Court judgements and case law.