Featured

The Different Ways in Which Aadhaar Infringes on Privacy

A centralised and inter-linked database like Aadhaar will lead to profiling and self-censorship, endangering freedom.

What sets Aadhaar apart from other kinds of ID is that our biometric and demographic data are being stored in a centralised database. Credit: Reuters

What sets Aadhaar apart from other kinds of ID is that our biometric and demographic data are being stored in a centralised database. Credit: Reuters

Privacy has been a key focus in the recent debate on Aadhaar. This is a very welcome development. Privacy is being interpreted in different, equally valid, ways by different sets of people. But the differences in interpretations are not always obvious to those who participate in the discussions. For instance, when computer scientists use the word privacy, they tend to it interpret from a narrow ‘data security’ perspective, whereas the lawyers in the Supreme Court have been highlighting the civil liberties angle to it. This has resulted in groups talking past each other – the solutions that the computer scientists propose, for instance, (like stronger standards for data security, including encryption) are not satisfactory to those who highlight the civil liberties aspects of privacy. Constructive conversation on the issue requires a more elaborate look ate the different dimensions of privacy.

Five privacy concerns

Possibly the narrowest view of privacy is the technical ‘data security’ point of view. The focus there is on what data need to be secure (the Aadhaar number, demographic information or biometrics), whether data stored in the Central Identities Data Repository is secure (such as the encryption standards or the probability of hacking) and what would the consequences of data breaches be (for instance, some people ask what is the harm if an Aadhaar number is publicly displayed). The response of the Unique Identification Authority of India (UIDAI) and others is that data are encrypted using the highest standards, that access is severely restricted, and that, in any case, there have been no security breaches so far.

Experts, however, believe that for centralised databases the question is not whether it can be hacked, but when. For instance, Bruce Schneier told Pranav Dixit, “When this database is hacked – and it will be – it will be because someone breaches the computer security that protects the computers actually using the data.”

A related concern that has been highlighted is that even if data are secure, with Aadhaar-enabled Payments System (AePS), the Aadhaar project has created a vulnerability to identity fraud, even identity theft. The idea behind AePS is, as Prime Minister Narendra Modi put it, ‘Your thumbprint is your bank’. Fingerprint impressions, however, can be easily reproduced. For instance, recently Hindustan Times reported that 200 students in Mumbai replicated their fingerprints on a widely-used resin to fudge biometric attendance. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of banking fraud. In the light of this emerging financial technology infrastructure which rides on Aadhaar and biometrics, the recent ‘Aadhaar leaks’ scandal (whereby Aadhaar numbers of lakhs of people were displayed on government portals) is significant. The emerging AePS architecture opens the door to identity theft. Even in the absence of data breaches, that is an alarming breach of privacy.

A second privacy concern is from the ‘personal integrity’ point of view, the discomfort from information about our lives being available to people or institutions with whom we do not wish to share it. Some believe that this interpretation of privacy is an elitist concern. Veteran journalist Shekhar Gupta tweeted, “Crores of rural and urban poor see Aadhaar as tool of empowerment. They don’t even know elite anti-Aadhaar echo chambers exist & they don’t care”. Such frivolous comments are an attempt to trivialise the debate on privacy.

Everyone – rich or poor, man or woman, rural or urban – sets boundaries regarding what they share with others about their lives. These boundaries may vary by person (in Delhi’s buses and in the metro, for instance, I often blush when I hear young college students openly discussing their love interests). What is seen as a privacy concern varies from person to person (financial matters, food preferences, shopping habits, sexuality, medical history and so on). Further, people may not have the same language as us to articulate their privacy concerns. Some argue that the Hindi word for privacy, nijta is not a colloquially-used term. This is presented as a proof that privacy may not matter to (at least) Hindi-speaking Indians. Can this really be interpreted as a lack of concern with privacy?

In line with such arguments, in the Supreme Court, the attorney general (AG) suggested that Indians do not care about privacy, why else would we find train passengers who share their life histories? Just pause for a minute here. This is a case of a person willingly sharing information about their lives. Perhaps one is more willing to share details with a stranger (whom one isn’t going to encounter again), which one wouldn’t share with people with whom we have more intimate relationships. To counter the AG’s (real or fictional anecdote), here’s another: on a recent shared taxi ride with two friends, the driver received a call and he felt uneasy continuing his conversation, because we were around. He said he would call back. To me that is nothing but an expression of valuing one’s privacy.

Why is Aadhaar different?

A third privacy-related objection to the Aadhaar project is that it gathers biometric information and violates bodily integrity. (This line of argument featured prominently in the PAN-Aadhaar case argued in the Supreme Court by senior advocates Shyam Divan and Arvind Datar in April 2017.) Further, the giving of biometrics is associated with crime. To this, Aadhaar supporters say, visa applications to some countries also require the submission of biometrics. The government responded by saying that the Registration Act collects biometrics. This response is inadequate because it ignores that such usage comes with stringent legal restrictions on usage and ‘purpose limitation’ (for example, see Sections 57, 78 and 91).

What sets Aadhaar apart from other examples (whether it is the Registration Act or the Social Security Number) is that our biometric and demographic data are being stored in a centralised database and a unique number is associated with our biometric and other information. Further, this unique number is being sought to be ‘seeded’ (added as a new data field) with every possible – public and private – database in the country.

Why is that a problem? Today, information about my life is stored in different data silos – train travel, air travel, bank account, mobile phone, employment history, health and so on. The only person who can easily construct a full picture of my life from these disjointed data silos is me. This is because only I have the access to these disconnected data silos.

If the Aadhaar number is ‘seeded’ into every database, it integrates these data silos. Aadhaar becomes the bridge across the hitherto disconnected data silos with information about my life. I lose control over who can reconstruct a profile of my life. People in government (who I have not authorised) will be able to ‘profile’ me, by pulling in information from various databases using that single identifier. Just the possibility of such profiling is likely to lead to self-censorship and, as Jean Drèze recently noted, is likely to stifle dissent.

When this concern is raised, the government has attempted to obfuscate the issue. For instance, the CEO of UIDAI, Ajay Bhushan Pandey, tried to assure us that “No one can build Aadhaar users’ profile”. However, he misinterprets profiling. What he is actually talking about is ‘identity fraud’, rather than profiling in the civil liberties sense mentioned above. Similarly in an interview to Vir Sanghvi, Nandan Nilekani chose to interpret surveillance in the limited sense of ‘physical tracking’ through GPS and other such technologies. However, the civil liberties interpretation of surveillance is wider as it incorporates keeping an eye on all the activities of a person (shopping, recreation, travel, communications).

Those questioning Aadhaar are concerned about the creation of an ‘eco-system’ and a centralised database, where we don’t have control of our own data and where a single identifier – the Aadhaar number – links all databases and becomes a tool for profiling and surveillance. This is the fourth and most significant aspect of ‘privacy’ in the Aadhaar debate. It is this that the lawyers in the Supreme Court in the Aadhaar-PAN linkage case argued. As senior advocate Divan warned the Supreme Court, the Aadhaar project is ‘an electronic leash’ to keep people under control.

Credit: Shome Basu

Credit: Shome Basu

Aadhaar and the ‘personal data economy’

There is a fifth dimension of privacy that Aadhaar endangers. Among the supporters of Aadhaar are entrepreneurs and technocrats who want to use technology to “do good”. They view this is a great opportunity for data mining, machine learning through big data techniques. The idea is that when you have an Aadhaar eco-system (or you can see people’s lives in different spheres), you can learn useful things: some suggest that it may “enable macro level analysis from high frequency micro level data, econometric analysis, epidemiological studies, automatic discovery of latent topics and finding both predictive and causal relationships across multiple domains of the economy”, whereas others believe it will allow data mining for the “improvement in credit rating infrastructure”. This is what Nilekani means when he says, “India will be data rich before being economically rich”. Such views are evident in the writings of other philanthropist groups such as the Omidyar Network and the Bill and Melinda Gates Foundation.

The objection is to the creation of a ‘personal data economy’, which will monetise information about people’s personal life ahead of creating adequate digital and legal literacy and safeguards around these issues.

Usual, inadequate responses

Often, the attempt is to dodge these questions. To the extent that these concerns have been addressed, the responses have been inadequate. A brief summary of the responses and why they are not sufficient follows.

First, “you are already being surveilled”. It is true that we are profiled (the smartphone does that) and our data is already being monetised (Google and Facebook are the best examples). Indeed, smartphones, CCTVs, Google and Facebook do violate our privacy in some or all of the ways listed above. There are four reasons why this is not a satisfactory response. One, none of them is all-encompassing in the same way the Aadhaar project. Two, there is a genuine element of consent with many of these – for instance, Facebook maybe a great surveillance tool, but it can only know about my banking transactions or travel if I share that information there. Three, there are technologies such as encryption, virtual private network and so on to protect ourselves (partially at least) from such surveillance. Four, to say that because we are already being surveilled, we should not be questioning the Aadhaar project is akin to saying that since we have been robbed in the past, we should sleep with our doors and windows open.

Second, “I have nothing to hide”. This is the second response when the realisation that the Aadhaar project is creating an all-seeing surveillance infrastructure sinks in. That it is only those who are doing something wrong who would be worried about the linking of their Aadhaar number to various databases. This is a specious argument. The best response to this is from Glenn Greenwald in his TedTalk: he invited those who feel they have nothing to hide to share their password with him. More recently, All India Bakchod (a group of Indian humorists) said that if they were about to die, the only thing they would want to ensure was that their smartphone is locked. As one of them said, he would not want anyone to know why he had a meme on his phone which said “Aren’t you the guy who can’t get it up?”

Three, “the law will take care of this”. However, one, the law is either silent or weak on several of these aspects. The safeguards (say against data breaches) in the Aadhaar Act are weak. Further, the implementation of the law is even worse – publishing UID numbers is punishable by up to three years in jail. Yet, after the ‘Aadhaar leaks’ scandal in which several state departments and central ministries were found to be violating the Act, the UIDAI has not filed a single FIR against anyone. Meanwhile, one department implicated in the ‘Aadhaar leaks’ scandal, Jharkhand’s social welfare department, issued a press note denying the data leak. To make matters worse, if data is ‘leaked’, only the UIDAI – not the affected person – is authorised to file an FIR under the Aadhaar Act. In a nutshell, the Aadhaar Act is weak, its implementation worse.

The packaging of the Aadhaar project as a welfare-enhancing project was the sugar-coating on what is essentially turning into a surveillance and data-mining tool. A centralised database creates entrepreneurial data analytics possibilities which clash in a fundamental way with civil liberties. Centralised and inter-linked databases lead to profiling and self-censorship, which endangers our freedom. This clash lies at the heart of the Aadhaar debate.

Reetika Khera teaches economics at IIT Delhi.