Despite a number of leaks, the UIDAI and government authorities have repeatedly reassured the public that the Aadhaar data is safe and secure. On Tuesday, during a hearing on Aadhaar being made mandatory for filing income tax returns and for using a PAN card, Attorney General Mukul Rohatgi represented the government. During the hearing, Rohatogi spoke to a bench comprising Justices A K Sikri and Ashok Bhushan about the leaks of 1.6 million residents from Jharkhand.

“It was from Jharkhand Government office. It is not as if their biometric was shown,” Rohatogi said, “only biometric data cannot be public”, according to a report in Livelaw. The Aadhaar act (PDF) says “No Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations.” This was however, one of the few times that the representatives of the government have accepted that personal data, including Aadhaar numbers, have been leaked from Government sources.

A banner on the UIDAI web site.
A banner on the UIDAI web site.

The UIDAI has insulated itself from any blame or responsibility for leaks in the wider Aadhaar ecosystem. The core database for the Aadhaar APIs have a flawless seven year long record of data security, and is independently audited by security firms at regular intervals. The database anyway contains only the templates needed for biometric authentication. This setup allows the UIDAI and the government to shrug off databases with personal data of individuals, including names, names of parents, PAN numbers, mobile numbers, religion, marks, status of rejection of applications, bank account numbers and IFSC codes available in the public domain, at times after simple queries on search engines such as Google.

During the hearing, Rohatogi used examples of the legal restrictions on organ trading, consumption of drugs, suicide, drunken driving and prostitution to demonstrate that Indians do not have absolute control over their bodies, and used that argument to justify making Aadhaar mandatory for filing income tax returns.

An example of a excel sheet available after a Google search, with information on underage students.
An example of a excel sheet available after a Google search, with information on underage students.

The same attorney, at an Aadhaar hearing in July 2015, had said that Indians do not have a right to privacy at all, “Right to Privacy is not a fundamental right under our Constitution. It flows from one right to another right. Constitution makers did not intend to make Right to Privacy a fundamental right. There is no fundamental right to privacy so these petitions under Article 32 should be dismissed.”

According to the The Center for Internet and Society, the leaks from government sources should not actually be considered as leaks in the traditional sense. This is because the origin of the data coming to the public domain is not through people who are bypassing measures to keep the data confidential, instead the data is in the public domain as the custodians treat the personal information as publicly shareable data.

India has no dedicated laws on privacy and data security, and experts have seen the need for more pro-active approaches by the government. While the UIDAI chief, Ajay Bhushan Panday has claimed that the Aadhaar Act itself has the relevant clauses to ensure the security and privacy of data, privacy advocates point out that the digital rights of Indians are at the mercy of an incomplete Aadhaar Act.

Publish date: May 4, 2017 2:19 pm| Modified date: May 4, 2017 2:19 pm

Tags: , , , ,