Deprecated (16384): The ArrayAccess methods will be removed in 4.0.0.Use getParam(), getData() and getQuery() instead. - /home/brlfuser/public_html/src/Controller/ArtileDetailController.php, line: 73
 You can disable deprecation warnings by setting `Error.errorLevel` to `E_ALL & ~E_USER_DEPRECATED` in your config/app.php. [CORE/src/Core/functions.php, line 311]
Deprecated (16384): The ArrayAccess methods will be removed in 4.0.0.Use getParam(), getData() and getQuery() instead. - /home/brlfuser/public_html/src/Controller/ArtileDetailController.php, line: 74
 You can disable deprecation warnings by setting `Error.errorLevel` to `E_ALL & ~E_USER_DEPRECATED` in your config/app.php. [CORE/src/Core/functions.php, line 311]
Warning (512): Unable to emit headers. Headers sent in file=/home/brlfuser/public_html/vendor/cakephp/cakephp/src/Error/Debugger.php line=853 [CORE/src/Http/ResponseEmitter.php, line 48]
Warning (2): Cannot modify header information - headers already sent by (output started at /home/brlfuser/public_html/vendor/cakephp/cakephp/src/Error/Debugger.php:853) [CORE/src/Http/ResponseEmitter.php, line 148]
Warning (2): Cannot modify header information - headers already sent by (output started at /home/brlfuser/public_html/vendor/cakephp/cakephp/src/Error/Debugger.php:853) [CORE/src/Http/ResponseEmitter.php, line 181]
Notice (8): Undefined variable: urlPrefix [APP/Template/Layout/printlayout.ctp, line 8]latest-news-updates/all-that-data-that-aadhaar-captures-jean-dreze-4682717.html"/> LATEST NEWS UPDATES | All that data that Aadhaar captures -Jean Dreze | Im4change.org
Resource centre on India's rural distress
 
 

All that data that Aadhaar captures -Jean Dreze
-The Hindu

The very foundation of Aadhaar must be reconsidered in the light of the privacy judgment

Predictably enough, the recent Supreme Court order affirming that privacy is a fundamental right sent Aadhaar’s public-relations machine into damage control mode. After denying the right to privacy for years, the government promptly changed gear and welcomed the judgment. Ajay Bhushan Pandey, CEO of the Unique Identification Authority of India (UIDAI), suddenly asserted, “The Aadhaar Act is based on the premise that privacy is a fundamental right.” He also clarified that the judgment would not affect Aadhaar as the required safeguards were already in place.

Types of information

The fact of the matter is that Aadhaar, in its current form, is a major threat to the fundamental right to privacy. The nature of this threat, however, is poorly understood.

There is a common perception that the main privacy concern with Aadhaar is the confidentiality of the Central Identities Data Repository (CIDR). This is misleading for two reasons. One is that the CIDR is not supposed to be inaccessible. On the contrary, the Aadhaar Act 2016 puts in place a framework for sharing most of the CIDR information. The second reason is that the biggest danger, in any case, lies elsewhere.

To understand this, it helps to distinguish between three different types of private information: biometric information, identity information and personal information. The first two are formally defined in the Aadhaar Act, and protected to some extent. Aadhaar’s biggest threat to privacy, however, relates to the third type of information.

In the Aadhaar Act, biometric information essentially refers to photograph, fingerprints and iris scan, though it may also extend to “other biological attributes of an individual” specified by the UIDAI. The term “core biometric information” basically means biometric information minus photograph, but it can be modified once again at the discretion of the UIDAI.

Identity information has a wider scope. It includes biometric information but also a person’s Aadhaar number as well as the demographic characteristics that are collected at the time of Aadhaar enrolment, such as name, address, date of birth, phone number, and so on.

The term “personal information” (not used in the Act) can be understood in a broader sense, which includes not only identity information but also other information about a person, for instance where she travels, whom she talks to on the phone, how much she earns, what she buys, her Internet browsing history, and so on.

Coming back to privacy, one obvious concern is the confidentiality of whatever personal information an individual may not wish to be public or accessible to others. The Aadhaar Act puts in place some safeguards in this respect, but they are restricted to biometric and identity information.

Sharing identity details

The strongest safeguards in the Act relate to core biometric information. That part of the CIDR, where identity information is stored, is supposed to be inaccessible except for the purpose of biometric authentication. There is a view that, in practice, the biometric database is likely to be hacked sooner or later. Be that as it may, the UIDAI can at least be credited with trying to keep it safe, as it is bound to do under the Act.

That does not apply, however, to identity information as a whole. Far from protecting your identity information, the Aadhaar Act puts in place a framework to share it with “requesting entities”. The core of this framework lies in Section 8 of the Act, which deals with authentication. Section 8 underwent a radical change when the draft of the Act was revised. In the initial scheme of things, authentication involved nothing more than a Yes/No response to a query as to whether a person’s Aadhaar number matches her fingerprints (or possibly, other biometric or demographic attributes). In the final version of the Act, however, authentication also involves a possible sharing of identity information with the requesting entity. For instance, when you go through Aadhaar-based biometric authentication to buy a SIM card from a telecom company, the company typically gains access to your demographic characteristics from the CIDR. Even biometric information other than core biometric information (which means, as of now, photographs) can be shared with a requesting entity.

Please click here to read more.