The new Aadhaar Bill does not address many issues raised by the standing committee that reviewed the original bill, including data-collection irregularities, and privacy and security issues.
In December 2010, the UPA government introduced the National Identification Authority of India (NIDAI) Bill in parliament. The Bill was meant to provide legislative backing to the Unique Identification Authority of India (UIDAI), a central government agency mandated to assign a 12-digit unique identification (UID) number, or Aadhaar, to all Indian residents. The Bill was referred to a standing committee on finance, headed by BJP leader Yashwant Sinha, which took evidence from the Ministry of Planning and on the UIDAI from the government, and also sought the view of the National Human Rights Commission, the Indian Banks Association and researchers, such as Dr Reetika Khera and Dr. Usha Ramanathan. The committee subsequently deemed the Bill unacceptable and suggested a re-consideration of the scheme as well as the draft legislation.
The Aadhaar programme has been plagued by issues of privacy and security, and has led to a public interest litigation being filed by retired justice of the Karnataka High Court K.S. Puttaswamy in the Supreme Court. Although the BJP had criticised the legislation and the project when it was in opposition, it has, since coming to power, decided to use the Aadhar as the identification technology for its welfare schemes, including Digital India and Jan Dhan Yojna. But the government is restricted by a October 2015 Supreme Court order prohibiting it from making the Aadhaar mandatory for availing services. A big question the government has had to answer is the lack of a legislative mandate for a project of this size. To prevent any further delays, the government withdrew the NIDAI and Finance Minister Arun Jaitley introduced The Aadhaar (Target Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 on March 3. The new Bill appears to be a rehash of the old draft and none of the suggestions made by the standing committee have been taken into account.
The Sinha-led committee had taken great exception to the continued collection of data and issuance of Aadhaar numbers, while the NIDAI Bill was pending in parliament. The report pointed that the implementation of the provisions of the Bill and continuing to incur expenditure from the exchequer was a circumvention of the prerogative powers of the parliament. However, the project has continued without abeyance since its inception in 2009. The new Aadhaar Bill ignores many of issues identified by the committee, some of which I have listed below.
One of the primary arguments made by proponents of Aadhaar has been that it would be useful in providing services to the marginalised sections of society who currently do not have identification cards and are thus not able to receive state sponsored services and subsidies. The committee’s report pointed out that the project would be unable to achieve this as no statistical data on these sections of society were being used by the UIDAI to provide coverage to them. The introducer systems that was supposed to provide Aadhaar numbers to those without any form of identification has been used to enroll only 0.03% of the total number of people registered. Further, the Biometrics Standards Committee of the UIDAI has itself acknowledged the issues caused due to a high number of manual labourers in India, which would lead to sub-optimal fingerprint scans. A report by 4G Identity Solutions estimates that while in any population approximately 5% of the people have unreadable fingerprints, in India it could lead to a failure to enroll up to 15% of the population. Thus, the project could actually end up excluding more people.
The report also pointed to a lack of cost-benefit analysis being done before embarking on the scheme. It also made a reference to the report by the London School of Economics on the UK Identity Project that was shelved due to the huge costs involved in the project; the complexity of the exercise and unavailability of reliable, safe and tested technology; the risks to safety and security of registrants; security measures at a scale that would have resulted in substantially higher implementation and operational costs; and the extreme dangers to the rights of registrants and public interest. The standing committee insisted that these global experiences remained relevant to the UID project and needed to be considered. However, the new Aadhaar Bill has not addressed these issues.
The committee also came down heavily on the irregularities in data collection by the UIDAI. It raised doubts about the ability of the registrars to effectively verify the registrants and a lack of any security audit mechanisms that could identify issues in enrollment. Pointing to news reports on irregularities in the process being followed by the registrars appointed by the UIDAI, the committee deemed the memorandums of understanding signed between the UIDAI and the Registrars as toothless. The involvement of private parties has been under question already with a many doubts being raised over the lack of appropriate safeguards in the contracts with these contractors.
Perhaps the most significant observation made by the committee was that any scheme that facilitated the creation of a massive database of the personal information of the country’s citizens and its linkage with other databases should be preceded by a comprehensive data protection law. The committee acknowledged that in the absence of a privacy law that governs the collection, use and storage of personal data, the UID project would lead to data abuse, and the surveillance and profiling of individuals. The current data protection framework in Section 43A under the Information Technology Act, 2000 are woefully inadequate and far too limited in their scope. While there are some protection mechanisms built into Chapter VI of the new Aadhaar Bill, these are nowhere as comprehensive as the ones articulated in the Privacy Bill, which is still in draft stage. Additionally, these protections are also subject to broad exceptions that could significantly dilute their efficacy.
Amber Sinha is a policy researcher at the Centre for Internet and Society.