Relevance : GS Paper II
Why has this issue cropped up?
The Aadhaar amendment bill, which provides for voluntary use of Aadhaar for KYC,under the Telegraph and Prevention of Money Laundering Acts, has now been passed by both Houses of Parliament.
Amendment feature
It has reinstated many of the provisions of Section 57 of the original Aadhaar Act which was struck down by the Supreme Court in September 2018 as unconstitutional. The amendment comes with no major alteration in either design or use cases.
Concerns with amendment
- The steamrolling of the legislative processes, without heed to the Supreme Court judgment or civil society concerns, is a definite cause for disquiet.
- Section 57 was struck down not only because of the procedural issue of passing Aadhaar as a money bill, but also due to serious concerns relating to privacy and proportionality.
- The dissenting judgment of Justice DY Chandrachud found many other aspects of Aadhaar objectionable, including biometric authentication, and declared it to be unconstitutional in its entirety.
Problems with technical design of Aadhaar
- Mandatory deployment of biometric authentication for everyday transactions in sectors like welfare causes denial of service for some.
- The requirement of reliable online connectivity compounds the problem.
- A nation-wide digital identity limited only for de-duplication, authentication, KYC and limited fintech services is rather narrow. The Aadhaar design did not envisage using it for building online social, financial and asset registries, electronic health records etc.
- The design also did not examine safe protocols for facilitating analytics for targeting of welfare, education and healthcare, econometric analysis, epidemiological studies, tax compliance etc.
- Commercial use of Aadhaar linked data raises yet another set of very serious legal and technical questions.
- There is no clear analysis of the minimum information that needs to be exchanged during authentication and KYC for various applications.
- Also, using the same identity across multiple applications may allow a correlation of identities across domains and illegal profiling.
- Because biometrics are not secret information, Aadhaar is vulnerable to illegal harvesting of biometrics, identity thefts and other frauds.
- Lack of protection against insider threats, lack of clear policies on the use of virtual identities lack of any regulatory oversight and a data protection law raise some serious privacy concerns.
- The inadequate privacy safeguards can potentially give the government of the day unprecedented access to information and power over its citizens, threatening civil liberty and democracy.
- Also, Aadhaar does not record the purpose of authentication. Authentication without authorisation and accounting puts users at serious risk of fraud because authentication or KYC meant for one purpose may be used for another.
- Neither the Aadhaar holders nor the agencies responsible for service delivery have any control over either identity or authentication, causing understanding gaps and making grievance redressal difficult.
Way forward
- Transparency, regular design reviews, use case audits, and a reliable process of public consultation seem to be the way forward.
- A thoughtful design with provable privacy guarantees would be able to support large scale registries and analytics by the government.
Conclusion
Thus, AADHAR’s technical design requires serious reconsideration, following amendments to the law.
