Security leaks trouble India’s ambitious ID scheme

India’s biometric identification system, which contains personal data of over a billion Indians, is in the eye of a storm – amid growing concerns over privacy, security and legality.

When the personal details of India’s cricketing icon Mahendra Singh Dhoni went public on social media a couple of months ago, the leak raised the issue of privacy of individuals and security of data collected by the Indian government for the Aadhaar database – which contains the biometric data of over a billion Indians.

The ambitious project is being managed by the Unique Identity Authority of India, which enrolls residents, stores and manages their biometric data, and issues the 12-digit Aadhaar numbers.

The project was introduced roughly a decade ago by the then Congress party-led government in the hope that it would help ensure targeted delivery of government subsidies, benefits and services.

Expanding usage

And the current BJP-led government under Prime Minister Narendra Modi has been seeking to vastly expand its usage, despite instances of security weaknesses resulting in the leak of personal data of children and cases of private entities illegally storing biometrics data.

The Modi administration’s push also violates a Supreme Court ruling issued in October 2015, stating that the Universal Identification Document, commonly known as Aadhaar, cannot be made mandatory for any government scheme. The government says more than 90 percent of residents now have an Aadhaar number.

It argues that linking social welfare schemes to Aadhaar will eliminate bogus beneficiaries and ensure transparent and efficient payouts. It has set a June 30 deadline for workers to enroll or show proof they have applied.

Activists, however, are increasingly worried.

The Centre for Internet and Society , an NGO, recently claimed that personal details and Aadhaar numbers of around 130-135 million Indians could have been leaked from four government portals due to a lack of IT security practices. It also added that about 100 million bank account numbers of pensioners and rural workers could have been leaked from the portals.

“It is a clear invasion of privacy. It is nothing but an attempt by technocrats to turn everyone into a customer for their financial technology-related products,” Usha Ramanathan, an independent legal researcher and campaigner against Aadhaar, told DW.

“The government has been in a haste to enforce Aadhaar and link it to both welfare and non-welfare schemes in the country. But, it is a serious concern when personal information of an individual is not kept protected and gets leaked out in the public field,” Gopal Krishna of the Citizens Forum for Civil Liberties told DW.

Aadhaar, which collects among other information, citizens’ iris scans and fingerprints and stores them in a centralized database for an extended time with only loose guidelines and no pre-existing laws to ensure the privacy of that data, is now linked to no less than 38 government schemes, including the government’s latest directive.

Now, the government says it needs to link the identity number to income tax returns to improve compliance and prevent fraud.

“If the government misled the public to no end on this subject, can we trust it not to misuse the formidable powers of Aadhaar?” said Jean Drèze, a development economist and visiting professor at the Department of Economics, Ranchi University. “Soon it will be virtually impossible to live in India without Aadhaar. And if you cannot live without Aadhaar, in what sense is it voluntary? As a columnist aptly put it, Aadhaar must be ‘the biggest bait-and-switch in history,'” Drèze told DW.

Read more…