NEW DELHI: More than a billion Indians have uploaded their biometric details to a national database in exchange for a unique 12-digit ID that authorities say will transform how citizens interact with government and propel the world’s second-most populous country into the digital age.
But the scheme has faced vocal opposition, with critics claiming the software guarding citizens’ personal information is shoddy and vulnerable to cyber attacks, while others fear the scheme risks turning India into a surveillance state.
On Wednesday the Supreme Court said the ID would be mandatory for accessing government services, but also ruled that private corporations could not force customers to hand over their cards.
Here is the lowdown on “Aadhaar”, the world’s largest biometric database.
– What is Aadhaar? –
Aadhaar, (“foundation” in Hindi), is a 12-digit unique identification number that holds the personal details of an Indian citizen, including their biometric data from photos, fingerprints and iris scans.
Citizens use the ID for everything from filing tax returns, to accessing pensions or welfare as the government seeks to put more of its services on an online platform.
An Aadhaar number is also recognised as valid proof of identity and residence.
Each ID is issued by the Unique Identification Authority of India (UIDAI). The details are stored in a single centralised server centre.
The first Aadhaar cards were distributed in September 2010 and a mammoth information campaign then prompted vast numbers of Indians to enrol at thousands of registration centres.
More than 1.2 billion Indians, some 90 percent of the population, now hold an Aadhaar number. More than 21 billion banking and other digital transactions now take place annually under the scheme.
– What’s the problem? –
The scheme has been dogged by controversy from its inception.
There were cases of Indians finding their social security payments, or access to food and fuel rations, blocked despite possessing an Aadhaar number.
The government has also faced flak over privacy and data protection.
In January, a journalist exposed how the UIDAI database could be hacked and Aadhaar cards printed for the equivalent of a few dollars. She found herself facing criminal proceedings.
Having an Aadhaar card had in practice become a growing pre-requisite to get anything from a mobile phone contract to a bank account.
This had effectively made it compulsory, violating citizens’ right to privacy, opponents argued. They were emboldened by a landmark 2017 Supreme Court ruling recognising privacy as a fundamental right.
– Government response? –
The government has consistently defended its big data programme, including its cyber-security measures.
Ravi Shankar Prasad, minister for information technology, recently told local media that the biometric records in the Aadhaar data vault could not be hacked “even with the billionth effort.”
Meanwhile, India’s Attorney General K K Venugopal raised eyebrows after he told the Supreme Court that Aadhaar data would be safe from hackers as it was stored behind tall, four-metre-thick protective walls.
– What do experts say? –
Amber Sinha, who works for the Bangalore-based non-profit Center for Internet and Society, says that the Aadhaar system is porous because of weak security infrastructure.
“Although the centralised server of the UIDAI seems to be fairly secure from all accounts, other government databases linked to the Aadhaar numbers create points of failure,” he told AFP.
“This is because the same standards of security and privacy do not apply to them,” he said.
Sinha said the creation of laws alone could not fix the irreversible damage resulting from personal data breaches.
“If something is broken by technology, the law cannot fix that. You need both robust laws to protect the system and privacy enhancing technologies which reflect those principles.”
“Rather than continuing the expansion of a project which lacks technical and legal backbone, its scope and use should be limited till these structural reforms are incorporated.”