The project has remained under a cloud ever since the Unique Identification Authority of India (UIDAI) was set up in 2009. The Manmohan Singh government had roped in no less than a co-founder of Infosys, Nandan Nilekani, to lead the project. Even after running a budget of 9,000 crore in seven years and collecting biometric and other details of about 120 crore citizens of a total of 125 crore, the project remains embroiled in controversies mainly on the security concerns relating to sensitive personal data of individuals available with the government.
Those who have been challenging the very need for collecting personal data of individuals claim that with the government having access to such data, there is possibility of it being misused or abused at some stage. Critics argue that the Aadhar programme can lead to a police state. They claim that Aadhar was nothing but “electronic mapping”
of citizens who would be forced to live under the government’s constant gaze.
The argument of the government is that private companies or even other government agencies already have access to personal data. For instance, a combination of data from Facebook, email, Instagram, Twitter and other such social networking sites can easily lead to all information about a person’s likings and dislikes, his friends and foes, his eating habits, his medical history, his travel plans and his contact information. Hackers can also get access to bank details and passwords.
On the other hand, those opposed to government collecting such data say that the availability of entire information about an individual, including biometric details, could easily fall into wrong hands. Besides their objection to making these details compulsory, they think there are chances of security breach.
The latest exposure of security breach in the system by a leading English daily, The Tribune, who carried an investigation through a sting operation, has driven the point home. Yet it was not the only breach reported since the scheme was launched. Although it’s been nearly a month since the breach was reported, the UIDAI has not come out with its investigation report. Shockingly, it had sought to register an FIR against the messenger, or the reporter, although it withdrew after protests from media organisations across the country.
The Tribune story had exposed how it took just 500, paid through Paytm, to breach the security of the system. The agent created a ‘gateway’ for the correspondent and gave her a password and login ID. All she needed was to enter the Aadhar number of any individual to get instant particulars of the individual given to the UIDAI. The information included names, addresses, PAN numbers, postal addresses, email IDs and phone numbers, etc.
Reacting to the investigation, UIDIA simply denied any security breach and maintained that even leakage of information without access to biometric data would not be of any use to anyone. However, what it did not divulge is that even the non-biometric information could be marketed or abused by vested interests.
Under mounting pressure from media organisations and others, the UIDAI has decided not to pursue the case against the reporter but questions remain over the breach of security and the apprehensions associated with possible leakage of personal information.
Ironically, the ruling BJP had at one stage strongly opposed the Aadhar scheme on security aspects and is now its strongest supporter. The BJP had protested so strongly against the UPA’s scheme that it had successfully blocked passing of the Bill in Parliament. Its leaders had raised red flags over possible security breaches. Even Prime Minister Narendra Modi, then the chief minister of Gujarat, had expressed apprehensions over the possibility of security breach. The government claims that these concerns have now been addressed.
A section of Congress, which had mooted the initial project, is now also expressing apprehensions. Former Union Home Minister P Chidambaram, who had opposed his government’s decision to go for the scheme, still maintains his stand and has said that gathering such data could lead to misuse of data.
Although the US has a Social Security Number (SSN) and the UK has National Insurance Number (NIN), neither of the two take biometrics of individuals. Giving its verdict on a petition challenging SSN, a US Court said : “Requiring an SSN on a driver’s application is not unconstitutional, nor is the requirement that welfare recipients furnish their SSNs” making it clear that it can’t be made mandatory. In India too critics say collection of biometrics was not required.
The issue is now being heard by the Supreme Court following a string of petitions challenging the constitutionality of the Aadhar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act of 2016. These petitioners have questioned the security aspect as well as denial of facilities to a section of marginalised population on the ground that they don’t have an Aadhar number.
One of the major objections of a section of the petitioners is to the government directive to make Aadhar mandatory. They say that such an action is arbitrary and against the fundamental rights of privacy that all citizens enjoy. They point out that due to it being made compulsory to link Aadhar with your bank accounts, insurance policies and subsidies, the government has left them with no option but to apply for Aadhar card.
It is pointed out that the government has thus denied access to one’s own money in banks as it has threatened to freeze all accounts which are not linked to the scheme. West Bengal Chief Minister Mamta Banerjee is among those who have stressed they would not link their bank accounts with Aadhar. Compulsory linking of Aadhar number with almost everything, including mobile connections, railway and flight reservations, credit and debit cards, passports, etc. have made life difficult for those who have not enrolled themselves with the UIDAI.
A five-judge Constitution bench of Chief Justice Dipak Misra and Justices A.K. Sikri, A.M. Khanwilkar, D.Y. Chandrachud and Ashok Bhushan, which is now hearing the petitions, has observed that the right of privacy of citizens sharing Aadhar details and national interest have to be balanced. One of the judges, Justice Chandrachud observed: “We live in times of terrorism, money laundering. One needs to balance out the right to privacy”.
Senior counsel Shyam Divan argued that Aadhaar programme has the potential to lead to police raj. When Justice Chandrachud pointed that even private operators like Google tap the same type of information, Divan replied that Google is not a State. “Here, government tracks you in real time and it becomes a police state and our Constitution doesn’t allow this,” he said.
That’s the moot point. Whatever verdict Supreme Court declares would be keenly watched but the government must give firm assurances to citizens that the data would remain secure and won’t be misused to spy on individuals. Strict measures must be put in place and provision for harsh penalties must be made for breach of security — whether by hackers or by government itself.