Blogs

Mera Aadhar Meri Pehchaan – Privacy and Security Concerns

Aadhar
Image Credits – Pawel Olek

In 2018, India was one of the world’s fastest-growing economies, trailing only Ghana and Ethiopia. Despite this enormous economic potential, a large section of India’s 1.1 billion people live in poverty or near to it; a situation that is only anticipated to worsen as the country’s population grows — the UN estimates that India will exceed China in population by 2024. As a result, the majority of India’s impoverished rely on government handouts to get by on a daily basis. The Public Distribution System (PDS) of India, which accounts for 1% of the country’s GDP, delivers food to the needy through Fair Price Shops and other government programs. However, the entire system was under a lot of strain, and the process of getting and providing these subsidies was filled with fraud, underground markets, and a lot of red tapes.

Aadhar was designed in 2009 to address a variety of these logistical challenges. It was created as a tool to standardize the data gathering process and make money from government initiatives more accessible to the country’s residents, particularly the impoverished. Aadhar is a 12-digit unique-identity number supplied to all Indian residents and acquiring the  Aadhar Card requires the collecting of citizens’ fingerprints, retina scans, and face pictures. With over 1.2 billion enrollments, it is one of the world’s largest biometric databases, representing roughly 89 percent of India’s population.

While Aadhaar has the potential to digitize much of India’s cumbersome bureaucracy, it is not without flaws:

  • its overarching influence and numerous data leaks pose a massive threat to the privacy of Indian citizens,
  • its use as a replacement for official Photo-ID has introduced new vulnerabilities into the system; and
  • the use of the data for AI software development is on shaky ethical ground. All these flaws worsen one another, and the Aadhaar system has the potential to become a state-controlled surveillance tool.

Background of Aadhar

Aadhar was initially proposed in 2009 by the United Progressive Alliance (UPA), which was in power at the time. The Aadhaar system was overseen by the Unique Identification Authority of India (UIDAI), which was established as an arm of the Planning Commission of  India (an important government-funded policy think tank). The project was led by Nandan Nilekani, the co-founder of Infosys, one of India’s leading IT corporations, and was created to make government programs in India less bureaucratic. 

Prior to the establishment and implementation of Aadhaar, the underprivileged had a difficult time accessing government services. It required people to submit a lot of tedious paperwork, provide many proofs of domicile and identification, and take time off work to satisfy these requirements. Since then, Aadhaar has largely supplanted most other forms of identification,  and it is frequently the sole document necessary to participate in government programs.

Driving licenses, school scholarships, cooking gas subsidies, passports, pensions, and provident fund accounts are now all connected to the Aadhaar card. The Aadhaar card is also being evaluated for use in Indian Railway System services, particularly the online reservation procedure. In June 2016, the Developmental Cooperative Bank opened its first Aadhaar based ATM, with the goal of using the biometric fingerprint as an added security element for consumers accessing their funds.

Major Concerns with Aadhar

Aadhar Card
Image Credits – Mariami Sachaleli

The significance of Aadhaar cannot be overstated: it includes the data of billions of individuals, and the security of this data and the system is a major political issue. The fact that Aadhaar has been beset by a slew of internal and legal issues, as well as massive breaches and flaws in the system’s overall security, further complicates the situation.

Internet Problems and Leaks 

One of the most common complaints of Aadhaar has been the multiple severe security flaws that have been found across the system’s operations, making it vulnerable to data breaches. UIDAI has been forced to take down a slew of bogus websites that have cropped up, posing as official sites and scamming users for personal information. Around 200 official government websites made personal Aadhaar data public in 2018,  exacerbating the situation to the point where thousands of government databases containing secret information could be accessed simply by Googling it. Because  Aadhaar data was being accessed by unauthorized government staff, the Indian government was forced to restrict roughly 5,000 officials.

The Tribune also alleged that its reporters were able to locate an anonymous  WhatsApp group selling Aadhaar card information for a little Rs 500 ($7.2 US). After making the purchase, the journalists were given the Login ID and Username to a portal where they could readily view all the information associated with that person’s Aadhaar number. Before the system’s vulnerability was rectified, the Tribune believed that over 100,000 persons had unlawfully accessed sensitive Aadhaar data. A governmental website in Jharkhand mistakenly exposed the personal information of  1.6 million pension recipients, including their residences and bank account numbers. According to the Centre for Internet and Society, around 130 million Aadhaar numbers and other personal data were mistakenly made public.

Although it has been argued that this was not a true leak, but rather a government blunder, the incident highlights a larger trend of the Indian government being extremely careless with its citizens’ data and apathetic to the consequences of their actions, the majority of which are borne by ordinary citizens. 

Vulnerability of Aadhar as a substitute for Photo-ID 

Aadhaar is now India’s most popular picture identity document, thanks to the government’s strong campaign to link it to all essential services — a designation that has resulted in a slew of additional issues. Aadhaar was not designed to replace other means of identification; rather, it was designed to be used for biometric authentication, in which a person’s fingerprint or iris scan is compared to their  Aadhaar number in a central database.18 Because it lacks any standard security measures seen in other photo IDs, such as a microchip, hologram, or official stamp, it is more vulnerable to being reproduced or falsified when used only as a photo ID. 

When RS Sharma, the head of India’s telecom regulator and the first Director-General of the UIDAI, published his Aadhaar number to the public as a test of his faith in the system, the system’s security flaws were on plain show. People were able to access his personal information by using his Aadhaar number, and one person even created a  fake Aadhar card that was approved as authentic by Amazon and Facebook ad services and was used to launch services in Sharma’s name. The situation is worsened by the fact that most commercial and governmental organizations now need photocopies of Aadhaar cards as legitimate identification credentials, which are subsequently kept on unsecured networks, increasing the risk of misuse.

Legal Problems and Privacy Issues with Aadhar

Due to political polarization and criticism from minority parties, the Aadhaar project persisted without meaningful legislative support and was delayed in its complete implementation. The first legal snafu occurred in 2012 when oil corporations urged the UPA government to make it necessary for gas subsidy recipients to link their bank accounts to Aadhaar. The dispute was taken to India’s Supreme Court, which in 2013  overturned the obligatory requirement and concluded that the absence of an Aadhaar card was not a reason to deny someone service.

The UPA government was deposed in 2014, and the Modi-led National Democratic Alliance (NDA) took its place. Under the NDA, the Aadhaar system got fresh energy, and a Bill titled Aadhaar (Targeted  Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 was ultimately enacted in the Lok Sabha (India’s lower house) in March 2016. The NDA began aggressively pushing for mandatory Aadhaar linkage to services such as crop insurance, IT returns, getting a new SIM, vehicle registrations, and even death certificates shortly after the bill was passed.

The main issue between the NDA and critics of the Aadhaar system was one of privacy. Aadhaar has a slew of security flaws, and the system has been exposed to both internal and external data breaches on several occasions. The NDA had contended that the right to privacy was not a basic right, but that argument was debunked by the Supreme Court’s August 2017 ruling in the K.S. Puttaswamy Case, which established the right to privacy as a fundamental right under the Indian Constitution.

The most recent development occurred in 2018 when the Supreme Court confirmed the Aadhaar project’s constitutional legality. The Supreme Court allowed mandatory Aadhaar linkage for filing tax returns and accessing social services, but it eliminated the need for bank accounts and SIM cards. Section 57 of the  Aadhaar Act, which permitted businesses and people to request Aadhaar in exchange for goods and services, was also knocked down. In addition, the Court requested that the Central Government establish a solid data protection law as quickly as feasible. Although the private sector’s restricted influence and the need to establish a robust data protection statute are important in ensuring the right to privacy, the overall judgment did not go far enough in restricting government exploitation of the program and the data obtained under it.

Impact on Artificial Intelligence Research

India is investing heavily in Artificial Intelligence (AI) research as its economy grows, and the country is emerging as a leader in the area. According to Sc imago, India generated a total of 12,135 peer-reviewed AI research documents between 2013  and 2017, following only China and the United States. AI is critical to the country’s and economy’s development, and it would have a significant impact on healthcare,  financial services, monsoon forecasting, retail, and education. According to research published by the National Institution for Transforming India (NITI Aayog) —the same think group that came up with the idea for Aadhaar—the government might add $1 trillion to its economy by incorporating AI.

The amount and kind of data supplied into the machine learning process determine the strength of an AI system or research.  The Aadhaar system, which has the biometric data of over a billion individuals, has the potential to transform the speed and expansion of AI research in India. The government has practically required the connecting of Aadhaar to other personal information as well, thus the data pool of Aadhaar isn’t only restricted to the system itself. Aadhaar is currently the standard form of identification, and it is required for many public services, such as establishing a bank account and acquiring a new SIM card. As a result, India’s government has access to practically all of its citizens’ data. 

They may monitor suspicious persons’ behavior using their Aadhaar number, which connects them to other services they utilize. The government is quite likely to push for  AI algorithms that would monitor citizens’ behaviors and habits to automatically label some people as hazardous or suspicious. While this may aid in the fight against crime and terrorism, it also has the potential to convert India into a surveillance state. Punjab police officers are already catching criminals with the Punjab Artificial Intelligence System (PAIS), an artificial intelligence-assisted face-recognition technology.

By integrating this AI into Aadhaar data, they intend to greatly improve its accuracy and strength. The Crime and Criminal Tracking Network & Systems  (CCTNS), a government-funded initiative, is also building a biometric database of offenders across the country, which it hopes to combine with the Aadhaar database to better detect criminals. The Union Cabinet is considering creating a national DNA  database, which would further infringe on citizens’ rights and be ripe for misuse.

Concluding the Discussion

Aadhar is a prime example of a well-intentioned government program that has gone horribly wrong. It began as a creative idea to eliminate bureaucracy and fraud, but it is now endangering the privacy of all its users and restricting Indian citizens’ fundamental rights. 

ID cards have an enormous influence on a person’s mobility, capacity to work, access to essential services, and identity as a complete citizen. The government is ignoring the ramifications for the most vulnerable—those who are unable to join the program—by using all its powers to force Aadhar linking. Furthermore, due to a slew of security flaws,  billions of people’s biometric data are exposed to both external and internal misuse. Aadhar has also given the government unwarranted powers to monitor and restrict individuals’  fundamental rights. The link between Aadhar and state-controlled machine learning programs, as well as the possibility for Aadhar to contribute to such programs, would jeopardize democratic ideals. The Modi-led NDA is utilizing Aadhar, yet another ingenious tactic, to increase the government’s powers, even if it means compromising constitutionally granted fundamental liberties.


Editor’s Note
This article discusses one of the most debated issues of ‘Aadhar’ card and the security and privacy concerns associated with it. The author has firstly explained the meaning and essential features of Aadhar along with its historical background. Further, the author has also enlisted the flaws of Aadhar and the major concerns surrounding Aadhar in terms of security and privacy issues. Lastly, the author has concluded by saying that the scheme of Aadhar may have been enacted with good intentions, but its implementation has gone wrong in a lot of ways, consequently creating a threat to the Indian citizens’ fundamental rights provided under the Indian Constitution, particularly the right to privacy.


Disclaimer – The views expressed in the articles, reviews, comments, and all other such contributions are solely of the author(s) and not of the Publisher or the Editorial Board of KnowLaw.

Leave a Reply

Your email address will not be published. Required fields are marked *