Friday, October 30, 2020
Home News Reports Aadhaar, the technology, and the privacy debate

Aadhaar, the technology, and the privacy debate

The Aadhaar project has long been criticised to have impinged upon our privacy. Whether right to privacy is absolute, is it a fundamental right, etc. are matter that are sub-juice with the honourable Supreme court of India, which has reserved its verdict as of now. This article discusses how, and if Aadhaar actually infringes upon our privacy. Let’s dissect between what government claims and reality on ground.

Privacy and Aadhaar

Your Personal Identifiable Information i.e. PII is an essential part of privacy. PII consists of your name, address and other identifiable information along with, but not necessarily, your biometrics i.e. your biological data. With Aadhaar enrollment, you have to submit this data to the Government of India. Does it mean your your privacy has been impinged upon? There are points supporting both sides of the debate.

Even before Aadhaar, there were quite a few government systems that mandated you to submit these details to access a service. For example, you need to submit your Name, Address, Date of birth, Photograph and fingerprints to get a Passport. You need to submit your blood group to get a driving license. All that Aadhaar has introduced for the 1st time is “Iris Scan”, this is because a majority of manual labourers have their fingerprint ridges not clearly recognisable and hence the authorities had to look for some other unique biometrics.

Submitting your PII to government is not new. And Aadhaar is as much ‘mandatory’ as other such schemes. For example, you can refuse to have a Passport or a Driving license, but then you have to let go the privileges that comes with these. Similarly, you can refuse to have Aadhaar and forgo all benefits that comes with it.

One rider though, Aadhaar now seems to be tied up with everything or at least going to be tied up with almost everything. So giving up Aadhaar related benefits is not going to be ‘as easy’ as giving up on a driving license or passport.

What the government claims:

Let’s dissect the steps before you get an Aadhaar card and what happens after that:

Data Collection/ Enrollment

Information collected from you at an Offline centre is encrypted at source. Once your details are keyed in, the vendor collecting data can’t read it. He just has to submit this data to Central Identities Data Repository (CIDR). Also, these packets that are sent to CIDR for storage are biometrical signed by the vendor. In case of any dispute or controversy, the authorities know which vendor gave this data.

Data Storage

All your information along with biometrics are stored in encrypted form and decrypted only on demand. The packets are stored on Hadoop clusters, which provides distribution and high availability of large sets of data. For the searches, they use Mongo with Solr indexes. Because all these support clusters based storage and data is partitioned, there is no single point of failure.

Aadhaar Allocation

Once your data is stored, you are given a unique 12 digit Aadhaar number which is completely random. It doesn’t tell anything about yourself unlike your PAN where the fourth character tells the type of PAN holder, fifth character tells the first letter of your surname and so on.

Aadhaar Data Access

Who Can Access – There is a list of requesting entities known as eKYC User Agencies (KUA) and Authentication User Agency (AUA). They don’t have direct access to CIDR servers to authenticate you. There are Authentication Service Agencies (ASA) who have secured leased line connectivity with the CIDR, which is compliant with UIDAI’s (Unique Identification Authority of India) standards and specifications.

There is a formal set of procedures, guidelines and scrutiny before one becomes a AUA/KUA/ASA. For example, NPCI (National Payment Corp of India) is an ASA. Axis bank is a KUA. So, for the annual KYC activity, Axis bank can just tell you to give your biometrics on a device, it’s transmitted to NPCI which routes it to CIDR and CIDR responds with a Yes (Or No). There is no physical document submission.

Modes of Access – Aadhaar is a ID management system. It authenticates you and tells the authority “You are who you say you are”. Consider getting a SIM with Aadhaar validation as an example. The erstwhile procedure was to give a self attested copy of “Proof of Id” and “Proof of Residence” and upon validation, your SIM will be activated. Your self attested copies of your PAN card or Driving License stays with the company giving you the SIM.

With Aadhaar, when you give your finger print to a JIO SIM provider, it sends a packet to Aadhaar systems and the system authenticates your identity. The answer is boolean, just a Yes or No. It doesn’t tell anything else about you. The vendor in no way can impersonate you later as they don’t have any physical entity of your proof with them.

Biometrics in Aadhaar systems is matched using 3 vendor softwares. Vendor softwares are usually the gateway for vulnerability to creep in. However, there are several security perimeters here and the vendor software doesn’t have any detail of whose biometrics it is matching. It just has a [X,Y] matrix and certain templates to match them against.

Biometric Lock

If all these safeguards doesn’t sound convincing, you can go to UIDAI website, login using Aadhaar number and OTP, and lock your biometrics. What that means is, the biometric authentication is now not possible on your Aadhaar. You can turn it on when you want to avail a biometric authentication based service and turn it off back again.

Is it foolproof?

All these securities apart, chance of a data leak can’t be denied. Anything, that is connected to a computer network is hackable including your bank account. In fact, there was a large breach on 3.2 million debit cards of ICICI, Axis, HDFC, Yes bank and SBI. As usual, the malware originated from Hitachi Payment Systems ATMs and POS terminals, a 3rd party vendor software.

Does that mean we should stop electronic banking and go back to paper based system? And no, you not having an ATM card or having not applied for net banking doesn’t make your account safe. The bank still stores your financial data electronically. If there is a breach, there is a breach. It may make your account safer than those who use internet banking, but it doesn’t make it absolute safe. Nothing on computer networks is absolutely  safe.

Govt claims to have built adequate measures to safeguard our data. However, there are reports like this, which suggests, there was data leakage at ASA/AUA/KUA level. How did these agencies get the data in the first place is something the authorities should find out and answer.

The privacy debate

While we are at privacy, allow me to bring up something unrelated to Aadhaar but related to privacy. If you have a bank account, in all likelihood, your PII has been passed onto a private agency called CIBIL without even taking your consent.

Surprised? Request for CIBIL report and see all your PIIs  like name, all addresses where you have ever stayed, DoB, financial data (Loans, CC, A/cs) printed on sheets of paper right in front of you. The custodian of your data in case of Aadhaar is Government of India, who is bound by the Aadhaar act (pdf) unlike CIBIL.

Currently, the central govt has a long list of schemes for which it has made Aadhaar “sort of” necessary. Most of these are related to subsidies, which was the primary aim of Aadhaar — To de-dup the list of beneficiaries and check subsidy leak through DBT. Other schemes like PAN-Aadhaar or linking your bank a/c with Aadhaar is done to make the “Id management” easier and hassle free.

As per the MoS, Finance, Shri Gangwar’s answer in Rajya Sabha, with Aadhaar seeding, over 11 lakh duplicate and fake PANs have been deactivated:

Privacy is something people closely guard with. Hence, it’s natural to ask question about resilience of the system that stores and claims to safeguard our personal information. In fact, questioning the system should be encouraged. They help in finding flaws and make the system stronger and as much hack proof as it can be. However, a nation as diverse as ours definitely need a unique id and that is the only way forward.

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

Related Articles

Trending now

Munger SP Lipi Singh’s claims shattered, CISF report says Police first opened fire against Hindus, 13 bullets fired

Munger SP Lipi Singh had earlier defended the police violence on Durga Procession attendees in Munger and claimed that Hindus had fired, not the police

AMU students, who wanted to dig ‘Hindutva ki kabar’, now protest against French President for standing up to Jihad after ‘blasphemy’ beheadings

After chanting against Hindus the students in AMU have now started a protest French President Emmanuel Macron for his remarks against Islamic terrorism

Congress MLA organises protest of thousands of Muslims against French President and his ‘Islamophobia’ after his citizens were beheaded for ‘blasphemy’

Congress MLA Arif Masood organised and led a protest supporting terrorism in the name of Islam that led to the beheading of Samuel Paty and others in France.

As Pakistan minister admits role in Pulwama attack, Rajdeep Sardesai rushes to his rescue, allows him to ‘clarify’, attack India instead, NDTV follows suit

India Today and NDTV come together to rescue Pakistan minister Fawad Chaudhry after he admitted Terroristan's role in Pulwama attack

Former PM of Malaysia goes from talking about women’s ‘secret place’ to inciting genocide for insulting Islam in single tweet thread: Read details

Mahathir Mohamad justified the attacks on French people by Islamist terrorist saying that mere boycott could not compensate the wrongs of France.

‘We are proud’: Terroristan admits hand in Pulwama attack, minister claims victory of people under leadership of Imran ‘Taliban’ Khan

"Humne Hindustan ko ghus ke maara", Pakistani minister Fawad Chaudhry described how Pakistan orchestrated Pulwama terror attack

Recently Popular

‘Modi, Modi’ slogans inside Pakistan National Assembly: Here is what happened

The name of PM Modi echoed on Monday as members of Pakistan's opposition members chanted 'Modi, Modi' slogans inside Pakistan National assembly

Chinese state-run channel shows the portrait of Prophet Muhammad, netizens ask if Muslim nations will boycott China

Arslan Hidayat, an Uyghur Rights Activist, took to Twitter shared a video of a Chinese TV series on Twitter in which it was depicted that an Arab ambassador visiting China during the rule of Tang dynasty gifts a portrait of the Prophet Muhammad to the Chinese emperor.

‘His legs were shivering, head was sweating fearing attack by India’: Pakistani opposition leader reveals why Imran Khan govt had released Abhinandan Varthaman

PML(N) leader Ayaz Sadiq said that Pakistani Foreign Minister had feared that India would attack Pakistan if Abhinandan is not returned

Watch: Pro-India accounts disrupt Pakistan’s anti-India online meeting on Zoom, play pro-Hindu and Indian nationalistic songs

Indic social media users caused embarrassment to Pakistani authorities and diplomats after they raided their online event on zoom

Here are ‘liberals’ who hailed Imran Khan’s benevolence for releasing Abhinandan, while he was shaking in his boots, thinking of Modi going to war

The usual suspects declared Imran Khan 'won' despite the fact that it was Indian Armed Forces that destroyed terror camps in Pakistan.

France: Three killed, reportedly beheaded by an Islamic terrorist shouting Allahu Akbar at a Church in Nice

Three people have died of which at least two are reportedly beheaded in a terrorist attack at Notre Dame Church in Nice, France.
- Advertisement -

France wakes up to the menace of ‘Islamo-leftism’, an alliance between leftists and Islamists that has been attacking India for decades

The French education minister spoke out on the dangers of Islamo-leftism in the aftermath of the beheading of Samuel Paty.

Pakistan court gives custody of 13-year-old Christian girl, who was kidnapped, raped and converted to Islam, to 44-year-old abductor Ali Azhar: Details

In a startling decision, a Pakistan court has granted the custody of a 13-year-old girl Christian girl to her 44-year-old abductor, Ali Azhar.

Nikita Tomar murder: Main accused Tauseef wants to be shifted to Bhondsi jail in Gurugram where his uncle, a hardened criminal is lodged

The SIT formed to investigate the Nikita Tomar murder case will be filing the charge-sheet in the coming 12 days

Munger SP Lipi Singh’s claims shattered, CISF report says Police first opened fire against Hindus, 13 bullets fired

Munger SP Lipi Singh had earlier defended the police violence on Durga Procession attendees in Munger and claimed that Hindus had fired, not the police

After Pakistan Minister’s Pulwama attack confession, India to approach International Court of Justice, seeks blacklisting of Pakistan by FATF

India is planning to approach International Court of Justice on the basis of admission on Pulwama attack made by Pakistan Minister

AIMPLB asks Muslims to boycott French products days after President Emmanuel Macron vowed to fight radical Islamic terror

AIMPLB said that freedom of expression is a right, however, one is not allowed to insult the sentiments of others in the name of freedom

AMU students, who wanted to dig ‘Hindutva ki kabar’, now protest against French President for standing up to Jihad after ‘blasphemy’ beheadings

After chanting against Hindus the students in AMU have now started a protest French President Emmanuel Macron for his remarks against Islamic terrorism

While Pakistan passes resolution against France for ‘islamophobia’, its NSA says Chinese persecution of Uyghur Muslims is a non-issue

Pakistan, which is vocal about rights of Muslims everywhere else, have chosen to turn a blind eye to persecution of Uyghur Muslims in China

Congress MLA organises protest of thousands of Muslims against French President and his ‘Islamophobia’ after his citizens were beheaded for ‘blasphemy’

Congress MLA Arif Masood organised and led a protest supporting terrorism in the name of Islam that led to the beheading of Samuel Paty and others in France.

Mumbai: French President’s posters pasted on road to be trampled upon after ‘blasphemy’ beheadings, Islamist Raza Academy lauds the act

Muslims in Bhindi Bazaar of Mumbai posted images of French President on the streets of the city, walked and drove on these posters as a mark of protest against Macron

Connect with us

245,563FansLike
471,316FollowersFollow
19,500SubscribersSubscribe