Privacy after Aadhaar

If this bill with far-reaching implications for rights, accountability and the powers of the state is a money bill, then practically any legislation can be converted into a money bill.

Written by Pratap Bhanu Mehta | Updated: March 26, 2016 2:25 pm
Aadhaar coverage, 100 per cent aadhaar coverage, pune school, school, pune news Photo for representational purpose.

Aadhaar is a potentially useful instrument for delivering benefits and reducing fraud. But even its staunchest defenders should worry about the crude instrumentalism that has surrounded the passage of the Aadhaar bill. This instrumentalism has run roughshod over two values: Constitutional propriety and privacy. There should be great disquiet at the fact that the bill was treated as a money bill. This was a subversion of the spirit of Article 110, the provision that deals with money bills. If this bill with far-reaching implications for rights, accountability and the powers of the state is a money bill, then practically any legislation can be converted into a money bill.

Article 110(3) does say that the speaker is the final authority on what constitutes a money bill. But it was always assumed that the speaker would make this determination in light of the definition of money bills laid down in the article. To arbitrarily declare something a money bill is to subvert the spirit of the Constitution. This bill will set a horrendous precedent for ways of bypassing the Rajya Sabha. The solution to legislative logjam cannot be subversion of the representative scheme bequeathed to us. Many politicians are privately salivating at the prospect of rendering the Rajya Sabha powerless. The Aadhaar bill has been born in this constitutional perfidy.

Share This Article
Share
Related Article

The second value is privacy, a key concern. In an age of technology, this is a tricky issue, with complicated risks and tradeoffs. It is precisely for this reason that this should not have been a money bill. A short oped is not a place to settle institutional issues but the responses of the defenders of Aadhaar to the privacy question have not been reassuring. They argue that this bill is an improvement on the UPA’s bill. That is true. But it is hardly reassuring to be told that a hole through which you might fall has gotten marginally smaller if there is a high probability that you can still fall through it. The question is whether the bill demonstrates a good-faith attempt to address as many privacy concerns as it reasonably can.

On that score, the bill is an exercise in bad faith. The first reason is architectural. The national security exceptions in the bill are too broad. It negates all protections the bill seemingly provides. But, more importantly, let us say you do want a national security exception. Should the determination of this be left entirely to the bureaucracy and executive when they themselves will not be under any system of accountability? Admittedly, even our current safeguards are very weak. But as the risks of surveillance grow, we need to strengthen them rather than rely on specious arguments about the past. But as PRS Legislative Research pointed out, the term “national security” is much wider than public emergency or public safety, the traditional grounds on which the state got tapping authority. But the most important point is that there is no effective independent, credible mechanism for holding accountable those who will be making determinations on this exception. Essentially, a small group of bureaucrats can render your privacy irrelevant. Privacy may not be absolute, as the finance minister says, but that is no reason to make bureaucratic power nearly absolute, as this bill does.

Second, the real issue with Aadhaar is not only going to be the privacy of the information with the UIDAI itself. If lots of different agencies link their information to Aadhaar numbers, what will be the protocols governing the sharing of that information? What will be the norms governing data mining? Will we have agency-specific protocols on what information can be shared with whom and under what conditions? Aadhaar will give the ability to link different databases biometrically. As Partha Mukhopadhyay had argued, “To protect privacy, each such database will need additional locks. Linking databases should need consent from multiple key-holders subject to legislative oversight and judicial redress.” This is, in principle, a problem that could be addressed. But it is why Aadhaar required embedding in the context of a comprehensive privacy legislation, not a perfunctory exercise as is carried out in this bill. This bill has no meaningful protection against abuse.

But the broader ideological mystification around privacy should be resisted. This government, like the previous one, is consistently mendacious on the right to privacy, outright denying it on some occasions. Then there is the canard of the “private sector”. Since we freely give in to Google and Facebook, what is wrong in giving in to the state? There are two responses. This argument may actually be a case for regulating big private companies more, rather than lowering protection standards in the state. But, most importantly, it elides an important distinction: The state can use coercive power in a way in which private entities cannot. Private entities are not inconsequential in the exercise of power, but that power operates differently. The reason we worry about the state is that it can coerce you, imprison you, deprive you of your rights. So the standards of accountability have to be correspondingly adjusted.

States have also used a generalised state of insecurity to make surveillance normal. Our fears trump our quest for autonomy. This is a Faustian bargain we have struck with the state. But the political sustainability of this bargain depends upon trust in the state. A good-faith attempt to give as many safeguards as possible should not be seen as coming in the way of the state. It rather enhances its ability to exercise power when it truly matters. But a state that rides roughshod over privacy from the start will not be a state that will elicit trust. What is at stake is not just a right to privacy but the building of a trustworthy state.

Finally, we are in an age where we live in what the Columbia legal theorist, Bernard Harcourt, has in his book, Exposed: Desire and Disobedience in the Digital Age, called the “expository society”. We not only crave exposure but the better satisfaction of our desires requires us to give up privacy. But even the craving for the satisfaction of our desires should not make us immune from worrying about how power is exercised over us. In its crude instrumentalism about constitutional propriety and privacy, the Aadhaar bill is a demonstration of just how easily state power can become arbitrary. Even though the bill has been passed, it is important to keep up the pressure so that we can frame better regulations and seek judicial protection.

The writer is president, Centre for Policy Research, Delhi, and contributing editor, ‘The Indian Express’

For all the latest Opinion News, download Indian Express App

  1. R
    Reader
    Oct 13, 2017 at 4:33 pm
    A centralized and inter-linked biometric database like Aadhaar will lead to profiling and self-censorship, endangering freedom. Personal data gathered under the Aadhaar program is prone to misuse and surveillance. Aadhaar project has created a vulnerability to identi-ty fraud, even identi-ty theft. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of impersonation, especially online and banking fraud. Centralized databases can be hacked. Biometrics can be cloned, copied and reused. Thus, BIOMETRICS CAN BE FAKED. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can clone your fingerprints and iris images without your knowledge, and the same can be used for authentication. If the Aadhaar scheme is NOT STOPPED by the Supreme Court, the biometric features of Indians will soon be cloned, misused, and even traded.
    (0)(0)
    Reply
    1. R
      Reader
      Oct 13, 2017 at 4:32 pm
      UK’s Biometric ID Database was dismantled. Why the United Kingdom's biometrics-linked National Identi-ty Card project to create a centralized register of sensitive information about residents similar to Aadhaar was scrapped in 2010?? The reasons were the massive threat posed to the privacy of people, the possibility of a surveillance state, the dangers of maintaining such a huge centralized repository of personal information, and the purposes it could be used for, and the dangers of such a centralized database being hacked. The other reasons were the unreliability of such a large-scale biometric verification processes, and the ethics of using biometric identification.
      (0)(0)
      Reply
      1. R
        Reader
        Oct 13, 2017 at 4:32 pm
        The US Social Security Number (SSN) card has NO BIOMETRIC DETAILS, no photograph, no physical description and no birth date. All it does is confirm that a particular number has been issued to a particular name. Instead, a driving license or state ID card is used as an identification for adults. The US government DOES NOT collect the biometric details of its own citizens for the purpose of issuing Social Security Number. The US collects the fingerprints of only those citizens who are involved in any criminal activity (it has nothing to do with SSN), and the citizens of other countries who come to the US.
        (0)(0)
        Reply
        1. B
          Bharat Varma
          Mar 28, 2017 at 10:39 am
          Some fundamental questions -lt;br/gt;lt;br/gt;1. How are the biometrics stored? Are they encrypted or not? If yes, who all have the encryption keys?lt;br/gt;lt;br/gt;2. Who is legally responsible and liable for misuse of the biometrics that we are being forced to give?lt;br/gt;lt;br/gt;3. There is no verification of physical addresses or the email address. Process and timeline for rectification. Who is responsible for rectification and in the absence of timely rectification, for the misuse and consequent damages? (The present rectification process does not work from my experience of the last 6 months).lt;br/gt;lt;br/gt;4. What is the practical (and technological) protection against the so called biometric "replay" attacks? Stored biometrics were used for authentication. This means that anyone with aadhaar (and consequently surrendered biometrics) can be impersonated and his/her transactions authenticated without the knowledge (or even the presence) of the person.lt;br/gt;lt;br/gt;5. IF your biometrics do not match (authentication failure is a statistically significant percentage), then what happens to your ideny? You are no longer a person. WHAT IS THE BACKUP?lt;br/gt;lt;br/gt;These are only some of the questions.
          (0)(0)
          Reply
          1. S
            subba rao
            Mar 27, 2017 at 3:24 pm
            Rajya Sabha is full of MPs who are obstructing any legislation / bill brought there without rhyme or reason. Hence this is the only to push the govt's agenda. Regarding Aadhar a coomon man need not worry about govt's survillence even if it is true. Only law breakers and antinational need to worry.
            (0)(0)
            Reply
            1. Load More Comments