Not enough safeguards
In a significant development, the National Democratic Alliance government has made unique identification number Aadhar card mandatory for those availing subsidised food grains at Public Distribution System outlets. According to the Press Trust of India, the government has set a deadline of June 30 for people who have not still got linked with Aadhar after that the law will take effect across the country. The move to make Aadhaar mandatory comes despite a Supreme Court interim order in October 2015 which allowed its voluntary use for availing of benefits but said no citizen could be denied a service or subsidy for want of the identification card. However, the Centre found a route to bypass the court’s order after enacting the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill was passed in Lok Sabha in March last year. As per the new Aadhar Act passed last year by Parliament, an Aadhar card has become a necessary document for the “receipt of certain subsidies, benefits, and services”. The mandatory provision for Aadhaar card should be waived until there is 100 percent coverage. Despite the Centre’s assurances, there are doubts whether government agencies, both at the central and state level, possess the necessary incentive to ensure that no one is left out. Ground reports from rural India have noted how many beneficiaries have been denied critical services entitled to them. “For instance, MGNREGA functionaries have cancelled job cards on a large scale for the sake of achieving ‘100 per cent Aadhaar seeding’ of the job-card database,” says Jean Dreze, a reputed academic who conceptualised and drafted the first version of the rural jobs programme. “MGNREGA workers have been offloaded by rural banks on Aadhaar-enabled ‘business correspondents’ who proved unable to pay them due to poor connectivity.” These workers were denied access to subsidies and benefits because they did not have an Aadhar card or poor internet service. When the previous UPA government introduced Aadhar-based pilot projects across various districts to determine whether welfare services are delivered to the doorstep of the intended beneficiary, it ran into many problems. These include poor internet connectivity, bank technology up gradation, lack of data security, doubts over the integrity of banking correspondents deputed by the state government. These problems have not disappeared in 2017. Even though this newspaper has been critical of the government’s Unique Identification System (UID), there is little doubt that if implemented with proper safeguards, the Aadhar Bill could become one of the most progressive pieces of socio-economic legislation in the country’s history. Votaries of the system often argue that the technology used could stem political and bureaucratic corruption in the delivery of social schemes through direct income transfers. Much of the excitement surrounding the Aadhar card has to do with these intended benefits. However, fundamental structural concerns remain, and the current system will only prevent specific types of leakages, such as those related to duplication in beneficiary lists. Poor states, where centrally-sponsored schemes are most needed, are not adequately prepared to deal with the fundamental structural issues that stand in the way. Moreover, the UID Authority of India’s own Biometrics Standards Committee has noted that retaining biometric efficiency for a database “has not been adequately analysed”. In a recent column for a leading Indian publication, Pratap Bhanu Mehta, a noted political scientist, has pointed out some of the glaring gaps in its privacy and security architecture. “There are technical issues around the security of databases, the problems of misidentification and so forth that experts can discuss. But even assuming all of them to be fixable problems, the four central issues relevant to preventing Aadhaar from becoming a tool of state suppression are simply not being addressed. There is still no clear transparent consent architecture, no transparent information architecture (which agency or vendor shares what information with whom), no privacy architecture worth the name, and increasingly, no assurance about what exactly you could do if the state decides to mess with your identity. The project of force-feeding digitisation, now with the help of commercial players whom we can hold even less accountable, and giving short shrift to all concerns of dignity, autonomy and privacy, should cause worry,” he writes.
With the move to digital payments, these fears take greater precedence with citizens vulnerable to data misuse and without any rights to protect that information and data. In the past, the government has indeed ridden roughshod over privacy concerns in allowing the wider use of a citizen’s personal Aadhar data by private bodies under clause 57 of the Aadhar Bill. The opposition asked the government to drop the provision but to no avail. With inadequate safeguards for data protection, among other concerns, the government has avoided critical and detailed questions. In response, concerned citizens have petitioned the Supreme Court, and the question of whether privacy is a fundamental right is now under review. Clearly, the provisions enshrined in the IT Act are not enough, considering the limited scope provided for data protection and privacy-related requirements. This 15-year-old piece of legislation does not foresee a comprehensive legal framework for privacy and data security. “In fact, the passing of issues pertaining to Aadhaar as a money bill has become a perfect metaphor for what our system has become. We have made rights instrumental to outcomes. The idea that we can institute sophisticated checks and balances seems a pipe dream. No one wants to watch the watchers,” Mehta goes on to add.