1. Home
  2. Digerati may say privacy is dead. Is it? (Technology)

Digerati may say privacy is dead. Is it? (Technology)

The central government had recently warned citizens not to share photocopies of their Aadhaar cards with any organisation as they could be misused or misinterpreted, though it also withdrew the same immediately. What are the underlying issues?

 

Like all other nations, we too have an ‘Aadhar’ card created by the Unique Identification Authority of India (UIDAI). It collects our biometric data using a 12-digit number, unique to every user. That, in the process, we created the largest DB in the world is also unique. It seemingly has adequate features for protecting and safeguarding the identity and privacy of the Aadhaar holder.

 

In a verdict of the Hon. SC in 2018, whereas services like Income Tax Returns, Pan Card and government related subsidies such as LPG and MNGREGA are to be compulsorily linked with Aadhar, utilities/services like mobile phones, bank accounts, schools, colleges, entrance exams and various education schemes do not require Aadhar linking. Does this lead to creation of the digital profile of a person with the data aggregated? Can such data be misused? Important questions to answer.

 

Actually, our Aadhar Card does many things for us. It acts as address proof and validates credentials. We could open a bank account under the Pradhan Mantri Jhan Dhan Yojana availing benefits like free zero balance saving account, RuPay Card, accident insurance and more. We could get LPG Subsidy directly accredited in the bank account by just linking the Aadhaar Number to the 17-digit LPG consumer identification under the PAHAL Scheme. We could be spared of all those verification documents to open a bank account and have our monthly pension and provident fund deposited in our accounts. We could even obtain a Passport and Voter ID with minimum of fuss in less than ten days. Linking Voter ID’s to Aadhaar Cards could possibly eliminate the bogus voters and eliminate multiple voter ID’s.

 

The larger question however, is if everything is good about Aadhar? Nor exactly. For one, compromising privacy of the individuals is a possibility. Obviously, there is an attempt to centralise power within the government, which may generate ill will and deficit of trust between it and the citizens. In these days of everything digital, security breaches could lead to data falling in unwanted hands. Aadhaar based identification may be used in lieu of ATM, Debit or Credit Cards but may be susceptible to forging of transactions. With still literacy being what it is in the country, ‘Aadhar’ based offerings could prove tricky.

 

Aadhar uses Biometrics and we feel biometrics are incredibly accurate. We believe our fingerprints, retina, or hand print are unique. That is true. However, what is not true is their stored representation which is only an approximation of the real. The concern is that the approximation is used as a measure of authentication. Whereas in a detailed picture of the fingerprints, iris, retina, face, etc. several features exist, what is used for measurement are only defining characteristics or ‘points’ of that biometric identity.

 

Even the reader/scanning devices and software that record our biometric attributes can only approximate the details. The tiny ‘micro-changes’, are never captured. However, in some instances, cuts, abrasions and wear patterns are captured which will never match later. On the other hand, if the scanner were to capture every minute detail, most authentications would fail. The same applies to the face, iris, retina or any other biometric attribute resulting in several false positives and false negatives. Research also points out that biometric attributes change almost every minute, so they can never successfully be authenticated in several cases. Besides Biometrics is not even secret information in that we possibly have already left our finger prints and facial images all over the place.

 

One important privacy concern with Aadhaar is the Identity theft. Privacy protection in digital databases is an important subject and ‘Aadhaar’ is vulnerable to illegal harvesting of biometrics and identity frauds. Data could even leak either from the central Aadhaar repository or from a point-of-sale or an enrolment device.

 

Sometimes, false positives or false negatives could identify people wrongly or the data could be used to identify people illegally, without consent, by correlating identities across domains using the global Aadhaar IDs. This may even happen through one or more authentication-requesting-agencies’ databases. This may allow individuals to be tracked or put under surveillance without legal sanction. The KYC that we all undergo at some point or the other can be used for a totally different purpose for the Aadhaar does not record the purpose of authentication.

 

There seems to be a lack of protection against insider threats and lack of virtual identities which were retrofitted in a limited way that raise some serious privacy concerns. Even the absence of a clear data usage policy and regulatory oversight adds to the problem. In order to address the privacy concerns, we need a robust consent and purpose limitation framework and a regulatory access control architecture. The national identity system must be respectful of fundamental rights.

 

The Supreme Court’s order that prohibits Aadhaar metadata to be stored for more than six months or striking down part of section 57, which allowed private corporations to verify Aadhaar data is most welcome. That the Government passed the Data Protection Bill in December 2018 based on the judgement passed by the SC will help maintain some Right to Privacy.

 

There are some best practices to follow like using a masked Aadhaar which displays only the last 4 digits of the Aadhaar number that could be downloaded from UIDAI’s official website. We must also avoid using a public computer at an internet cafe or kiosk to download e-Aadhaar. If it is still done for some reason, at least it we must delete all the downloaded copies of e-Aadhaar permanently from that computer.

 

We often stay at hotels when we travel outside or may book tickets at film halls. Do you know that they are not permitted to collect or keep copies of Aadhaar cards and is an offence under the Aadhaar Act 2016? In fact, no private entity can demand to see an Aadhaar card or seek a photocopy of the same, unless they have a valid User License from the UIDAI. Remember what Dana Milbank, an American author and columnist for The Washington Post said. ‘It is hard to violate somebody’s privacy if the person is completely anonymous’.

(Visited 1 times, 1 visits today)