Case comment on Adhaar Case
Chetan Trivedi, Law Student, Online Intern @LAwOF
Privacy has been a key focus in the recent debate on Aadhaar. This is a very welcome development. Privacy is being interpreted in different, equally valid, ways by different sets of people. But the differences in interpretations are not always obvious to those who participate in the discussions. For instance, when computer scientists use the word privacy, they tend to it interpret from a narrow ‘data security’ perspective, whereas the lawyers in the Supreme Court have been highlighting the civil liberties angle to it. This has resulted in groups talking past each other – the solutions that the computer scientists propose, for instance, (like stronger standards for data security, including encryption) are not satisfactory to those who highlight the civil liberties aspects of privacy. Constructive conversation on the issue requires a more elaborate look at the different dimensions of privacy.
Five privacy concerns
Possibly the narrowest view of privacy is the technical ‘data security’ point of view. The focus there is on what data need to be secure (the Aadhaar number, demographic information or biometrics), whether data stored in the Central Identities Data Repository is secure (such as the encryption standards or the probability of hacking) and what would the consequences of data breaches be (for instance, some people ask what is the harm if an Aadhaar number is publicly displayed). The response of the Unique Identification Authority of India (UIDAI) and others is that data are encrypted using the highest standards, that access is severely restricted, and that, in any case, there have been no security breaches so far.
Experts, however, believe that for centralised databases the question is not whether it can be hacked, but when. For instance, Bruce Schneier told Pranav Dixit, “When this database is hacked – and it will be – it will be because someone breaches the computer security that protects the computers actually using the data.”A related concern that has been highlighted is that even if data are secure, with Aadhaar-enabled Payments System (AePS), the Aadhaar project has created a vulnerability to identity fraud, even identity theft. The idea behind AePS is, as Prime Minister Narendra Modi put it, ‘Your thumbprint is your bank’. Fingerprint impressions, however, can be easily reproduced. For instance, recently Hindustan Times reported that 200 students in Mumbai replicated their fingerprints on a widely-used resin to fudge biometric attendance. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of banking fraud. In the light of this emerging financial technology infrastructure which rides on Aadhaar and biometrics, the recent ‘Aadhaar leaks’ scandal (whereby Aadhaar numbers of lakhs of people were displayed on government portals) is significant. The emerging AePS architecture opens the door to identity theft. Even in the absence of data breaches, that is an alarming breach of privacy.
A second privacy concern is from the ‘personal integrity’ point of view, the discomfort from information about our lives being available to people or institutions with whom we do not wish to share it. Some believe that this interpretation of privacy is an elitist concern. Veteran journalist Shekhar Gupta tweeted, “Crores of rural and urban poor see Aadhaar as tool of empowerment.
They don’t even know elite anti-Aadhaar echo chambers exist & they don’t care”. Such frivolous comments are an attempt to trivialise the debate on privacy.