Deprecated (16384): The ArrayAccess methods will be removed in 4.0.0.Use getParam(), getData() and getQuery() instead. - /home/brlfuser/public_html/src/Controller/ArtileDetailController.php, line: 73
 You can disable deprecation warnings by setting `Error.errorLevel` to `E_ALL & ~E_USER_DEPRECATED` in your config/app.php. [CORE/src/Core/functions.php, line 311]
Deprecated (16384): The ArrayAccess methods will be removed in 4.0.0.Use getParam(), getData() and getQuery() instead. - /home/brlfuser/public_html/src/Controller/ArtileDetailController.php, line: 74
 You can disable deprecation warnings by setting `Error.errorLevel` to `E_ALL & ~E_USER_DEPRECATED` in your config/app.php. [CORE/src/Core/functions.php, line 311]
Warning (512): Unable to emit headers. Headers sent in file=/home/brlfuser/public_html/vendor/cakephp/cakephp/src/Error/Debugger.php line=853 [CORE/src/Http/ResponseEmitter.php, line 48]
Warning (2): Cannot modify header information - headers already sent by (output started at /home/brlfuser/public_html/vendor/cakephp/cakephp/src/Error/Debugger.php:853) [CORE/src/Http/ResponseEmitter.php, line 148]
Warning (2): Cannot modify header information - headers already sent by (output started at /home/brlfuser/public_html/vendor/cakephp/cakephp/src/Error/Debugger.php:853) [CORE/src/Http/ResponseEmitter.php, line 181]
Notice (8): Undefined variable: urlPrefix [APP/Template/Layout/printlayout.ctp, line 8]latest-news-updates/know-your-aadhaar-jean-dreze-4684556.html"/> LATEST NEWS UPDATES | Know your Aadhaar -Jean Dreze | Im4change.org
Resource centre on India's rural distress
 
 

Know your Aadhaar -Jean Dreze
-The Indian Express

Bill Gates’s claim that it raises no privacy concerns is misleading. Crucial issues that have to do with confidentiality of data and state surveillance are at stake.

According to Bill Gates, privacy is not a concern with Aadhaar (‘Aadhaar doesn’t pose any privacy issue, says Bill Gates’, IE, May 3). This widely-quoted statement would have been more convincing if Gates had shown a clear understanding of the Aadhaar project. Instead, he revealed his innocence of it in the same discussion, for instance by stating that Aadhaar is “just a bio ID verification scheme”.

To be fair, what Gates actually said is that Aadhaar “in itself” does not pose any privacy issue. He added that Aadhaar applications would need to be scrutinised one by one for possible privacy threats. But anyone who has read the Aadhaar Act would understand that Aadhaar and its applications cannot be neatly separated in this way.

Even more confused is a recent submission to the Supreme Court by senior advocate Rakesh Dwivedi on behalf of the Unique Identification Authority of India (UIDAI). In this submission, dated April 12, Dwivedi repeatedly creates the impression that identity information collected by the UIDAI is confidential. This is very misleading.

Under the Aadhaar Act, “identity information” consists of Aadhaar number, biometric information and demographic information. “Biometric information”, as of now, consists of fingerprints, iris scan and photograph, but its scope can be expanded at the UIDAI’s discretion. “Demographic information” refers to demographic details (name, date of birth, address, etc) collected at the time of Aadhaar enrolment. The term “personal information”, not used or defined in the Aadhaar Act, can be understood in more general terms as any information of a private nature.

Aadhaar raises at least four privacy concerns, explained below in a tentative ascending order of seriousness.

Confidentiality of core biometrics: The core biometrics (as of now, biometrics minus photograph) are supposed to be safely stored in the Central Identities Data Repository (CIDR) and not shared with anyone. Some IT experts, however, believe that it is only a matter of time until the CIDR is hacked. That would be a serious breach: If your biometrics are stolen, you would be vulnerable to identity fraud for life. Further, fingerprints are easy to clone or steal outside the CIDR (as Nandan Nilekani himself put it to a Financial Times reporter, “I can steal your fingerprint off your glass”). That, too, presents a threat of identity fraud, given the numerous uses of biometrics in the proposed Aadhaar eco-system.

Confidentiality of Aadhaar numbers: Aadhaar numbers are not supposed to be “displayed or posted publicly” (Aadhaar Act, Section 29(4)). However, this has happened many times, and keeps happening. When Aadhaar numbers are displayed along with other sensitive information such as bank account numbers, it makes the victims vulnerable to various types of fraud.

Sharing of demographic information: In the draft of the Aadhaar Act (known as “NIDAI Bill 2010”), demographic information was supposed to be confidential — authentication only consisted of a “yes/no” response to a query whether a person’s biometrics matched the Aadhaar number being submitted. The Aadhaar Act, however, now allows demographic information to be shared with the entity — say, a bank or telecom company — that requests authentication (Section 8). Further, there is very little protection against this information being shared or misused by the requesting entity, except for a weak “consent” clause whereby demographic information is supposed to be used only for the purpose to which the person has consented at the time of authentication. This is just a cosmetic safeguard. In effect, demographic information is up for grabs. The wide dissemination of demographic information will facilitate large-scale mining of all sorts of personal information by private businesses. It is well known that private businesses already thrive on this type of information for numerous purposes, from targeted advertisement and credit rating to manipulating elections (the recent Cambridge Analytica and Facebook affairs are just the tip of that mountain). Aadhaar is likely to take the mining of personal information — not just demographic information — to new levels. As someone put it in an insightful tweet, “data is the new oil and Aadhaar is the drill”.

Please click here to read more.