The story of Aadhar linking so far:
Have you linked your mobile phone with Aadhar card?
Initially, it was a voluntary decision. You might or might not verify your phone number via it. But, the Supreme Court in February 2017 ordered to carry out biometric verification of customers. It deeply examined and decided that all mobile phone users should be authentic. Therefore, the Department of Telecommunications (DoT) brought this card in the mainframe.
Meanwhile, a social group filed petition against this decision of the government in 2015. In the beginning, a five membered bench of the Supreme Court, headed by Chief Justice Deepak Mishra heard the case. Later, Chief Justice JS Khedkar ruled that privacy is a fundamental right that would be conserved. The decision of the Supreme Court on the right to privacy and Aadhaar controversy is still on-the-hold.
How is Aadhar linking an attack to the right to privacy?
When this card was launched, it was purely a voluntary decision. But today, it is compulsory for verifying your phone number. Moreover, you can’t take benefits of various social welfare schemes without this 12-digit unique number. For example-
- You can’t file income tax returns.
- Neither can you book a ticket through IRCTC.
- Also, Opening a bank account will be impossible sans integrating your biometric details.
What does ‘Right to Privacy’ mean?
It, indeed, is a constitutional law concerning intensively the personal matters. It’s a fundamental right that leaves your decisions alone. It defines that your decisions are free from the government coercion, intimidation and regulation.
A nine-judge Bench declared it as an intrinsic to life and liberty. The constitution is committed to protect it. Plainly saying, a layman can directly knock at the door of the court in case of violation of his privacy.
The problem: The mandatory integration of this biometric detail determines a violation of the right to privacy. Simply saying, if someone links his mobile phone with Aadhaar, his personal information can be compromised. The telecom industry may sell or use it personally. It can create data-fuelled profiling of every customer. Thereby, targeting and manipulating their buying decisions would be a walkover.
Later, the RBI issued an instruction to Indian citizens. On constitutional ground, it stated that your bank accounts must be attached with this card. But, a feminist scholar Kalyani Menon Sen challenged this decision while calling it unconstitutional. And, its last date of verification was March 23, 2017 in the court.
Shocking facts: Linking social welfare schemes is a threat to privacy
Tribune unearthed the scam of data-selling. It surfaced the shocking fact that your data is sold @INR 500 or $7.8. An access to your biometric detail was sold at this trivial price a few months ago. It determined that the administrator login IDs and password were vulnerable.
Besides, such a hypersensitive system had nearly 100k illicit users. However, the authority straightly rejected this allegation. But, this was not the first incident of breaching. In November 2017, the UIDAI confirmed that more than 200 central and state government websites were left public.
In August 2017, the co-founder and an Ola employee Abhinav Srivastava was put behind the bars. He was alleged with the charge of an illicit infiltration into the Aadhaar e-KYC verification.
Wikileaks, also, cited the similar breaching incident. It claimed that the Central Intelligence Agency (CIA) left the Aadhaar data exposed in its effort of spying.
UIDAI’s Biometric Data’s Surveillance Program Launched:
The consistent hacking cases need a concrete and proactive control. While sensing the sensitivity of such data leaks, the government in association with the UIDAI came with two programs:
Two-layered security: It’s a bi-folded safety net feature that proactively controls data hacking. According to it, the authority will allot a virtual ID. It would be 16-digit long, rather than the original alphanumeric 12-digit unique identification number. The access to Know-Your-Customer for this biometric detail storage would be strictly restricted. The citizens can harness this facility from June, 2018 onwards, although, it will come into effect from March 31, 2018. All UIDAI centers would be adapted to this security circle.
Face recognition: Till now, the biometric print was stored in particular. It included the scanned copy of your iris and fingerprints. From now, you have to go through another security measure. It’s face recognition. Now, the Aadhaar staff would scan your face also along with other biometric data. Thereby, the access to your aadhaar account would be a battle for the cybercriminals.
Data Protection Bill:
A set of lawyers and policy analysts tabled a bill called the ‘Indian Privacy Code 2018’. Internet Freedom Foundation or IFF has backed it. It wants to make people aware of such data policy. Simultaneously, it wants to poke the government to adopt a stringent law addressing the users’ right. This bill will shift power of data access from UIDAI to a layman.
What does this bill state?
It sounds an imitated version of the modern GDPR directives. Anyhow, it advocates for:
- Allowing people to know how much of their data are collected.
- Parting with the information & its consequences.
- Taking consent or refusing access to their data.
- Holding the right to ask for their data destruction by their controller and processor within a fixed timeframe.
- Seeking right to get information about its purpose, processing and utilization.
- Taking permission to whom the personal data have been/ will be shared with.
- Granting right to lodge a complaint against the breaching case with a supervisory committee.
- Considering phone tapping an inadmissible proof in the legal proceeding (in case the person/authority has not taken legal orders to tap the phone calls).
- All the tapping orders should be put up front with the person who is surveilled.
Offences and penalties:
An illegal collection, processing, storing and handling or disclosure of data may lead to:
- Fine of INR 1 crore and 3 years imprisonment
- May extend to INR 10 crore fine plus 5-year jail