Right now, the entire nation is concerned with the misuse of the Aadhaar. This is the 12-digit unique identification number that the Indian government is compelling all the citizens to obtain. But now, issues concerning security and breach of privacy are being attached to this initiative.
The recent past has witnessed privacy being the key concern in this Aadhaar debate. This Privacy is being now interpreted in different, equally valid, ways by different sets of people. But the differences in interpretations are not always obvious to those who participate in the discussions. For example, the Computer Scientists interpret the word ‘privacy’ in terms of data security perspective, while on the other hand, the lawyers link privacy to the civil liberties.
Now, many reasons are being held for breaching of the privacy, the prime being faults within the Aadhaar itself, as all the personal information of any individual, including Aadhaar number can be obtained in a hassle free way through a simple online search. A recent case of Aadhaar infringement states about the arrest of six employees of telecom service provider Reliance Jio, found guilty for the fraudulent use of fingerprints to activate and sell SIM cards.
Talking of Aadhaar, its design and application are provoking for the occurrence of any crime, and also it makes identity theft easier. The sad part remains that even the legal frameworks seem insufficient to face these risks.
Faulty Design: The design is based on a centralized database called the Central Identities Data Repository that enlists every individual’s demographic and biometric information. The storage of personal information within one centralized database makes it more prone to exploitation, making it an easy prey for hackers, states, and identity thieves. In addition, this centralized database also has the potentiality of being misused by custodians of the database.
Complex Application: The use of the Aadhaar number further increases the risk of identity theft. This number is meant for authentication of an individual’s identity. Also, another feature of this Aadhaar is seeding. This allows the organizations to feed Aadhaar numbers into their own databases, allowing them to uniquely identify beneficiaries or customers.This presence of one unique number for every individual across various public and private databases make the merging of this information easier. The legal framework does not allow this and the safety measures of these parallel databases are minimal. This dual use of Aadhaar as an identifier as well as authenticator increases the risk of identity theft.
Aadhaar supporters have regarded the comparison between social security number and Aadhaar as unfair as neither of them uses biometrics for authentication. But, even the usage of this biometrics can be faulty, as they can be altered in every possible way, without even proper tools or methods. Again, the use of biometrics raises the additional concern that in the event they are compromised, they cannot be re-issued like ordinary passwords or PINs.
Lastly, if the above mentioned both are combined, an identity thief can instantly gain access to multiple services, while simultaneously preventing the individual from obtaining legitimate benefits he/she might be entitled to.
Incomplete legal framework: Apart from the design and application, the Aadhaar Act and its corresponding regulations unveil faulty measures at several stages as follows:
- At the time of enrollment: Aadhaar enrollment is the easiest, allowing any individual to enroll without any document or identity, applying with the help of any introducer. This introducer can guarantee for the identification, provided, he/she has an Aadhaar number itself. This makes it more easy for a person with fraudulent identity to obtain an Aadhaar number.
- Discover Identity Theft: The most dangerous situation occurs now when the individuals are not even aware of the theft being The reason being the rule which states that the Unique Identification Authority of India, which issues Aadhaar, is not compelled to inform the citizens about the breach.
- Legal remedies after the discovery of theft: Now even after the theft has been detected, an individual has no power to initiate the further proceedings. He/she can only lodge a complaint under the authority’s grievance redressal center, which many a time is known to result in large financial losses or economically distresses. However, the provisions of the Aadhaar Act are criminal in nature, leaving individuals without an adequate remedy for compensation.
Lastly, even as a surveillance project, Aadhaar is very poorly designed and this technology needs a proper fixing before its confirmation as a law.