AAD­HAAR LAW IS IN­AD­E­QUATE TO DEAL WITH PRI­VACY IS­SUES

AAD­HAAR ECOSYS­TEM IS UN­SAFE AS THERE ARE NO PA­RAM­E­TERS FOR PRO­TECT­ING CY­BER SE­CU­RITY AND PRI­VACY OF ITS USERS

The Asian Age - - 360° - PA­VAN DUGGAL

The unau­tho­rised ac­cess to the Aad­haar data­base that was ob­tained by a jour­nal­ist to prove how un­safe the sys­tem was, has only in­creased con­cerns about the safety of per­sonal data of nearly 120 crore peo­ple — the largest data­base avail­able with a sin­gle au­thor­ity any­where in the world. Con­trary to as­ser­tions of the gov­ern­ment, this in­ci­dent proved that the data­base is avail­able on de­mand.

Though the Unique Iden­ti­fi­ca­tion Au­thor­ity of In­dia ( UIDAI), the body re­spon­si­ble for Aad­haar, pro­posed the con­cept of Vir­tual Iden­tity on Jan­uary 10, whereby peo­ple would not have to share their ac­tual Aad­haar num­ber, the dam­age has al­ready been done.

Peo­ple have many doubts about the safety of their in­for­ma­tion and the ad­e­quacy of cur­rent laws in ad­dress­ing the is­sues that may arise from any fu­ture breach of pri­vacy or data theft from Aad­haar data­base or its vast net­work.

The le­gal frame­work for Aad­haar is the Aad­haar ( Tar­geted De­liv­ery of Fi­nan­cial and Other Sub­si­dies, Ben­e­fits and Ser­vices) Act, 2016 and a Jan­uary 10, 2018, cir­cu­lar that seeks to in­tro­duce vir­tual iden­tity. The Aad­haar Act, how­ever, does not en­vis­age a vir­tual iden­tity.

If we look at th­ese le­gal frame­works, we find that the Aad­haar Act is not ad­e­quate to deal with the chal­lenges thrown up, due to the in­creased breaches in the Aad­haar ecosys­tem. The of­fences un­der the Aad­haar Act are de­fined un­der chap­ter VII.

Sec­tion 48 of the said Aad­haar Act makes the act of unau­tho­rised ac­cess­ing or ex­tract­ing data from the Cen­tral Iden­ti­ties Data Repos­i­tory, down­load­ing, copy­ing or ex­tract­ing data there­from, in­tro­duc­ing or caus­ing to be in­tro­duced any virus or com­puter con­tam­i­nant, dam­ag­ing or caus­ing to be dam­aged the data in the Cen­tral Iden­ti­ties Data Repos­i­tory or dis­rupt­ing or caus­ing to be dis­rupted the ac­cess to data in the Cen­tral Iden­ti­ties Data Repos­i­tory as an of­fence pun­ish­able with three years im­pris­on­ment and ` 10 lakh fine. The el­e­ments of hack­ing of Aad­haar data­base could be brought un­der Sec­tion 38 of the Aad­haar Act, 2016.

In ad­di­tion, the pro­vi­sions of Sec­tion 66 read with Sec­tion 43 of the In­for­ma­tion Tech­nol­ogy Act, 2000, re­lat­ing to com­puter re­lated of­fences could also be in­voked. The said pro­vi­sions make the act of hack­ing an of­fence that is pun­ish­able with five years of im­pris­on­ment.

As of now, the Aad­haar Act is al­most two years old and out­dated, given the in­creas­ing fo­cus of the gov­ern­ment on mak­ing Aad­haar manda­tory for most ser­vices. The ob­vi­ous re­sult is that there are al­most no con­vic­tions un­der this law.

There­fore, the Aad­haar ecosys­tem is com­pletely un­safe as there are no pa­ram­e­ters for pro­tect­ing cy­ber se­cu­rity and pri­vacy of Aad­haar hold­ers. Rights, du­ties and obli­ga­tions of ser­vice providers and stake­hold­ers need to be de­fined clearly. On top of it, the new con­cept of Vir­tual Iden­tity, which is in­tro­duced on an op­tional ba­sis, makes the en­tire ex­er­cise not very ef­fec­tive in the long run.

In­dia can­not take in­spi­ra­tion from ad­vanced coun­tries as there are no spe­cific model laws in other coun­tries in this re­gard. Some coun­tries have tried to ex­per­i­ment with na­tional bio­met­ric iden­tity sys­tems but have cho­sen not to im­ple­ment it, given the huge se­cu­rity and other le­gal chal­lenges that were in store.

De­spite all the short­com­ings in Aad­haar, there is no deny­ing the fact that it has be­come the cen­tral point of our day- to- day life. Hence, all ef­forts must be made now to make Aad­haar more se­cure and safe. The gov­ern­ment needs to re­vise and amend the Aad­haar Act, 2016 to mir­ror ex­ist­ing ground real­i­ties. While the Supreme Court judg­ment on Aad­haar law vi­o­lat­ing pri­vacy is awaited, the gov­ern­ment must proac­tively work on pro­tect­ing cy­ber se­cu­rity of the Aad­haar ecosys­tem as a whole.

( The author is an ad­vo­cate of the Supreme Court of In­dia and

the chair­man of the In­ter­na­tional Com­mis­sion on

Cy­ber Se­cu­rity Law)

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.