THREATS GALORE FOR CEN­TRALISED DATA

A re­cent ex­pose on the short­com­ings of Aad­haar ecosys­tem has trig­gered a de­bate on pri­vacy and safety of data. In the wake of Aad­haar link­ages, ques­tions are be­ing raised about the safety of fi­nan­cial, bio­met­ric data, and much more. Here is an as­sess­ment

The Asian Age - - 360° - ( The writer is a prac­tis­ing ad­vo­cate at the Madras High Court) Narasimhan Vi­ja­yaragha­van

Even as a Con­sti­tu­tion bench of the Supreme Court is slated to hear the Aad­haar chal­lenge on and from Jan­uary 17, we have the scary re­port of a deputy di­rec­tor of the Unique Iden­ti­fi­ca­tion Au­thor­ity of In­dia ( UIDAI) reg­is­ter­ing an FIR against The Tri­bune news­pa­per and its re­porter for the re­port that said: ‘ It took just ` 500, paid through Paytm, and 10 min­utes in which an “agent” of the group run­ning the racket cre­ated a “gate­way” for this cor­re­spon­dent and gave a lo­gin ID and pass­word. Lo and be­hold, you could en­ter any Aad­haar num­ber in the por­tal, and in­stantly get all par­tic­u­lars that an in­di­vid­ual may have sub­mit­ted to the UIDAI, in­clud­ing name, ad­dress, postal code, photo, phone num­ber and email.’

To add colour to this pic­ture, Ed­ward Snow­den, the US fugi­tive who is un­der the pro­tec­tive cus­tody of Rus­sia af­ter leak­ing clas­si­fied in­for­ma­tion from the NSA, has waded into this con­tro­versy with this Tweet: ‘ The jour­nal­ists ex­pos­ing the # Aad­haar breach de­serve an award, not an in­ves­ti­ga­tion. If the gov­ern­ment were truly con­cerned for jus­tice, they would be re­form­ing the poli­cies that de­stroyed the pri­vacy of a bil­lion In­di­ans. Want to ar­rest those re­spon­si­ble? They are called @ UIDAI.’

Lib­er­als have gone to town that Aad­haar is the Big Brother of Or­wellian 1984 fame. They say that when it was launched in 2009 it was meant to clean up the cor­roded pub­lic distri­bu­tion sys­tem and en­sure that gen­uine ben­e­fi­cia­ries were the re­cip­i­ents. But the cur­rent gov­ern­ment has spread its ten­ta­cles to make it manda­tory and in­sist on link­ages with PAN cards, bank ac­counts, in­sur­ance poli­cies, mo­bile phones and even school ad­mis­sions and it was an end­less ex­ten­sion.

The avail­abil­ity of num­bers and de­mo­graphic data in cen­tralised data­bases and dis­bursed ones as well, is a sure tar­get for hack­ers, and in a data- leaky In­dia, cit­i­zens run huge risks on sev­eral fronts.

While the gov­ern­ment’s claim of sav­ing ` 57,029 crore is chal­lenged as il­lu­sory and stated that net net, af­ter costs, there would be no sav­ings at all, the scarier al­le­ga­tion is that the creation of State Res­i­dent Data Hubs can en­able gov­ern­ments to pro­file res­i­dents and can po­ten­tially be­come tools for dis­crim­i­na­tion.

What is the com­mon man to make of this? Is Aad­haar good, bad or ugly? Has it come to stay? Or does it run the risk of be­ing de­railed mid­way by a court rul­ing? All th­ese crit­i­cal ques­tions are await­ing an­swers.

There are huge le­gal im­pli­ca­tions re­gard­ing the pri­vacy of the data. Be­cause the data is now avail­able in a long trail

link­ing a per­son’s ev­ery habit, the gover nment has to­tal ac­cess to his en­tire record, in­clud­ing health, sex­ual pref­er­ence, etc. The con­se­quences of gov­ern­ment agen­cies hav­ing ac­cess to all in­for­ma­tion on a per­son are not mea­sur­able, par­tic­u­larly when it comes to mala fide ac­tion. The pro­tec­tion would, how­ever, come un­der Data Pro­tec­tion laws that will have to come into force so that the in­di­vid­ual does not suf­fer. The scary part is not the leg­is­la­tion but the fol­low- up by courts and law en­forc­ing author­i­ties. How ef­fec­tive would that be once a per­son’s dig­i­tal foot­print has been ex­posed?

The cur­rent laws are not ad­e­quate to deal with such sit­u­a­tions, which will not come un­der the ex­ist­ing pro­vi­sions deal­ing with the In­for­ma­tion Act and cy­ber­crimes. The lawyer com­mu­nity would stress that it is im­por­tant to put in the safe­guards first, be­fore in­sist­ing that Aad­haar be com­pul­so­rily pro­vided for 150 ser­vices.

Ideally, a per­son would feel obliged to present his data if he is de­riv­ing a ben­e­fit from the gov­ern­ment. Can Aad­haar stop just there? Of course, the im­por­tant thing is no one must have ac­cess to the en­tire dig­i­tal data un­less it is on a need- to- know ba­sis.

Even so, while the naysay­ers can see ghosts in the im­pon­der­ables, Aad­haar is not want­ing in sup­port. “It is a big deal that In­dia has built a sys­tem that now has over a bil­lion peo­ple with unique au­then­tic IDs. Peo­ple do not fully ap­pre­ci­ate its power. It is go­ing to be a great as­set for In­dia. I really have a soft spot for Modi for not throw­ing out some­thing that wasn’t his idea. It was my friend Nan­dan Nilekani’s idea. But he kept it and pur­sued it,” said Thomas Fried­man, who is a three- time Pulitzer Prize win­ner.

And then the god­fa­ther of the plat­form Nan­dan Nilekani says, “In­stead of hav­ing a larger con­ver­sa­tion on data pro­tec­tion laws, Aad­haar was be­ing dem- onised. In­dia needs a mod­ern data pro­tec­tion and pri­vacy law, be­cause to­day there are many, many sources of dig­i­tal data. I use it all the time as a photo ID. The thing is that it’s also about con­ve­nience, right? See pri­vacy and con­ve­nience go hand in hand. All of us give up a bit of pri­vacy for con­ve­nience. When we use a smart phone, we’re giv­ing up pri­vacy for con­ve­nience. When we use an email ac­count, we’re giv­ing up pri­vacy for con­ve­nience, and so on.”

With such cleav­age of opin­ion, al­most un­bridge­able, what is the com­mon man, who is di­rectly im­pacted, to make of it? But to those trained in law, it would be no sac­ri­lege or blas­phemy or even con­tempt of court to ex­press the opin­ion that the chances are of the Supreme Court up­hold­ing the Aad­haar leg­is­la­tion and even the manda­tory im­ple­men­ta­tion and yet di­rect­ing the gov­ern­ment to ex­pe­dite the re­ceipt of the re­port of the Ex­pert Com­mit­tee led by Jus­tice B N Srikr­ishna on Data Pro­tec­tion Law and leg­is­late on it. In short, the or­der may be to re­dress the fault­ines that the dig­i­tal plat­form may be in­fected with be­fore im­ple­men­ta­tion.

The rea­son is quite sim­ple. As on date, cy­ber­world is in our homes and lives 24 x7 and 365 days a year. We live, breathe, or­der, eat, func­tion, even ex­er­cise and med­i­cate our­selves on it. If so, mere ac­cess to the mo­bile and in­ter­net have meant that our de­mo­graphic pro­file is well and truly out in the open al­ready and as Face­book and Twit­ter/ What­sApp ma­ni­acs, there is noth­ing new to leak.

So In­dia needs Aad­haar. But it needs a com­pre­hen­sive and sou- nd data pro­tec­tion leg­is­la­tion too. The trick lies in bal­anc­ing the two rather than trash­ing the Aad­haar plat­form as if it was a Big Brother in the mak­ing.

THE AVAIL­ABIL­ITY OF NUM­BERS AND DE­MO­GRAPHIC DATA IN CEN­TRALISED DATA­BASES AND DIS­BURSED ONES AS WELL, IS A SURE TAR­GET FOR HACK­ERS

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.