A recent visit to an RTO (regional transport office) in Ghaziabad was nothing short of a nightmare. Files would not move without the help of touts. While ordinary residents like me had to wait for hours in a queue for their turn to give biometric details like fingerprints and photographs, a side counter was always available for some VIPs or influential touts. After endless paperwork, followed by two rounds of the office and shelling out a few thousand rupees, I did manage to get the licence. But the whole experience was traumatic, to say the least.
However, getting myself enrolled for unique identification number called Aadhaar was a different experience altogether. One visit, minimal paperwork, few minutes at the counter was all that it took to get the entire thing done. The executive overseeing the operation was polite and cooperative making me suspicious whether I had reached the right centre or not. The suspicion stayed till I checked my enrollment details at the Unique Identification Authority of India (UIDAI) website.
Similar work and two contrasting experiences! I was made to furnish the same set of documents at both the places. While we never crib about the safety of documents and biometric details given to RTO because it is managed by government officials, there is such a hue and cry about infringement of privacy with regard to details given for Aadhaar through private agencies.
Safeguarding Our Privacy
- Biometric-based
authentication ensures that any transaction cannot happen without an individual’s
consent thus, empowering him in a way.
- Data aggregation
is not possible as the UIDAI does not keep anything except the logs of
authentication.
- Data submitted
is in encrypted form and the probability of breaking through to access data is
very low.
- There might be
privacy-related issues for which we need a standard privacy law.
- UIDAI must be credited
for achieving a rare milestone, that of enrolling one billion people in record
time.
Backed by Legislation
Now that a much-needed legislation has been cleared by the government to give legal sanctity to the UIDAI, the same set of concerns are bound rise again: why yet another identity card? Does Aadhaar violate privacy? Why involve private players in an exercise as important as this one? Etc.
Let us look at the privacy issue. One is required to furnish seven details while enrolling for Aadhaar: name, age, gender, address of communication, photograph, fingerprints and iris. The biometric details like fingerprints and iris are required to establish uniqueness of identity. Isn’t that a mandate of the Unique Identification Authority? How else can it establish a database of unique identities?
Biometric-based authentication entails participation of the concerned individual in the process. Nothing can happen without his/her consent. If no transaction can take place without his consent, it empowers him and not take away any right.
Consider a different scenario. All of us are required to provide proof of identity in physical form to avail different services. Can we ensure that such papers once submitted will not be misused? We keep hearing reports of how someone got hold of a mobile sim card with fake identity proof or someone checking in at a hotel using someone else’s identity proof.
None of that is possible with Aadhaar. Every transaction using Aaadhar
as proof has to be authenticated by the user. The user gets an
instant message when an authentication takes place. Isn’t that empowering?
Data Sharing Not Allowed
Whatever little I know about the UIDAI, it does not allow search or data download and no information can be shared just by giving the Aadhaar number. Data aggregation –which may be misconstrued – is not possible as the UIDAI does not keep anything except the logs of authentication. It does not know what the authentication was used for. Data submitted is in encrypted form and the probability of breaking through to access data is very low. Aren’t these features meant to protect the privacy of data?
There are many domains – like making of driving licence and passport – which take biometrics but do not do anything with it later. In other words, the biometrics are never used to de-duplicate and hence, theoretically, it is possible to get multiple driving licences. It is a sheer national waste.
There is also no privacy of biometrics in these domains. They are just lying in some places. On the other hand, the enrolment process of Aadhaar ensures that the biometrics are encrypted immediately after submission. Hence, they can never be stolen and used as they are not available in a non-encrypted form, at any time. The data is encrypted with a 2044-bits encryption, which is one of the highest encryption standards and is almost impossible to break.
Standard Privacy Law
This is not to suggest that we should lower our guard on privacy issues. We must be ready to protect our privacy at any cost. For that to happen, we need to have a standard privacy law (there is none at the moment) that should be applicable to all organisations – government or private – that have anything to do with storage of data of individuals.
Why single out Aadhaar? Just because it adopted the best practices from the government and private sector? If it had remained an ideal-typical government organisation, the UIDAI would not have achieved the kind of things it has in its uncertain existence of nearly seven years. The UIDAI is close to achieving a rare milestone of enrolling one billion people in record time and at a fraction of the cost.
At a time when we are talking about ‘minimum government’ in our lives, let us welcome many more organisations like the UIDAI which can be controlled by the government but is imbued with the energy of the private sector. Otherwise, we will continue to go through the horrors of RTOs.
(The writer is Consulting Editor, Business Standard, and contributes regularly to The Quint on politics and contemporary issues)
Also read: Aadhar Scheme Collects Biometric Data of 99 Crore Indians
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)