‘We have far bigger privacy risks today from cellphones, CCTVs than Aadhaar’
There has been a stream of negative news surrounding Aadhaar, with wideranging concerns being raised on the security of the system and the potential leakage of Aadhaar numbers by government departments. In an interview, Infosys co-founder and former Unique Identification Authority of India (UIDAI) chairman Nandan Nilekani, the creator of Aadhaar, dispelled most of the concerns surrounding Aadhaar, but conceded there are areas where it could improve. Edited excerpts:
How big a problem is the current situation with the lack of a privacy law?
India needs a very modern privacy and data-protection law. But the only issue I have with the current narrative is why should Aadhaar be singled out as a reason for the law? The biggest privacy risk that you have is your smartphone. A billion people will have smartphones as we go forward, their conversations will be recorded, their messages will be read, their location can be identified with GPS. The kind of intrusion of privacy that the smartphone does is order of magnitudes higher. Aadhaar is a sporadic thing -- it is episodic, for instance, when I go and open an account, etc.
The second big privacy risk are CCTV cameras -- there doesn’t seem to be a law on these things. Every mall, every ATM, every bus stand, every railway station, every hotel has a CCTV camera.
Thirdly, we have Internet companies and data collection centres. Indians are essentially giving data to companies that are essentially unaccountable to Indian law and that data is often shared with foreign governments.
Then there are drones, or the Internet of Things, with sensors everywhere collecting data on you. So, there is a data tsunami that is coming due to a variety of things -- (it has) nothing to do with Aadhaar as such. We should have a privacy law, which looks at all these phenomena.
But people are acting as if Aadhaar is the only reason why we should have a privacy law. That’s where I have a problem. We have a far bigger risk today from a cellphone than Aadhaar.
Concerns have been raised around how Aadhaar is facilitating the creation of an Orwellian sort of surveillance state…
Again, this is another attempt to create this notion that Aadhaar is an instrument of mass surveillance. It’s complete nonsense. Your smartphone is a much better tool for the government to do surveillance than Aadhaar. By definition, a surveillance system is collecting data about you. The Aadhaar system does not collect data.
But there’s no limit to the amount of data the system can collect on individuals...
When you do an Aadhaar authentication, the Aadhaar authentication does not even know for what purpose that authentication has happened. Suppose I use it to do a financial transaction in a bank, the bank knows the financial transaction, but the Aadhaar system does not know. It has been deliberately designed like that.
What happens in case of a data breach? Unlike a credit card, one cannot block Aadhaar.
The Aadhaar system is extremely well-designed. It’s not an online system that is exposed to the Internet. When the enrolment happens, the packet is encrypted at source and sent, so that there can’t be a man-in-the-middle attack. And when the authentication happens, that is also encrypted — not compared to the original data, but to a digital minutiae. The the system is very, very secure.
So, if the objection is to centralisation, then you should not have clouds. Clouds are also centralised. Everything today is centralised—otherwise, let’s all go back to pen and paper.
What are some of things that still need to be fixed in the system?
One, I agree we need a privacy law, covering everything.
Secondly, we need to implement (the concept of) registered devices as soon as possible. The first launch is by June…
Also, the Aadhaar law already provides that anyone who uses the Aadhaar number cannot display the number or publish it, so that enforcement has to happen. We have to make sure that any user of this, whether it’s the government or the private sector, follows the law of the protection of the Aadhaar number.
Protection of numbers and preventing leakages have been a massive issue…
I know the government has sent a notice to everyone. If somebody has done it, they ought not to have done it— there’s a law for that.