By Ananth Padmanabhan, Madhav Khosla – This attempt to present a fait accompli of sorts when the constitutional challenge to Aadhaar comes up for hearing is not a new development. Yet, the Court’s privacy verdict has put both linking and enrollment efforts on overdrive. Even private actors have stepped on the accelerator, and not a day goes by without mails and messages from banks and telecom companies asking customers to link their Aadhaar number with their bank accounts and mobile numbers, respectively.
But amidst all this bustle, what are Aadhaar’s realistic chances of survival post-Puttaswamy?
The fear of a digital panopticon is real for the simple reason that desirous individuals need not necessarily approach the UIDAI (Unique Identification Authority of India) to form a complete picture of the various services availed by a citizen. The authentication records also exist in the multiple government offices, ration shops, and other service centers from where welfare benefits are disbursed to citizens.
In fact, the data leakages ailing Aadhaar have all occurred thus far from similar end-points where personnel in charge of our data have little training and even lesser interest in keeping such authentication records confidential.
The data leakages, in fact, are telling not only because they challenge the mantra that the program is technologically safe, and not only because they simply represent a state program that contains flaws and operates below expectations in practice, but because the nature and upshot of the leakages calls into question the safeguards on which the legitimacy of the program rests.
Furthermore, the UIDAI’s role poses serious institutional and rule of law concerns. On one hand, it is the custodian of the Central Identities Data Repository. On the other hand, it is also the data regulator.
As a regulator, it is tasked with deciding on how to deal with data breaches. Thus, we have a body that has minimal incentive to report or act upon data breaches because a vulnerable database architecture does not bode well for either its financial or power incentives as a data custodian. Any breach is, plainly put, a challenge to its authority. more>