The Unique ID scheme is poorly conceived and may end up trampling on citizen rights, including privacy. It should be scrapped.

By Yogi Aggarwal

The government’s controversial scheme of giving a unique 12-digit identification (ID) number to identify a resident (and not necessarily a citizen) of this country got a massive leg up with the announcement of the direct cash transfers programme. The UID is the technology anchor of the programme, the first of many to come. It is to be linked to payments under MGNREGA, subsidised foodgrain under the public distribution system (PDS), and many others.

Some news reports on the UID, or the Aadhaar scheme, indicate which way it may be leading us. The Hindustan Times of 28 November states: “The Delhi government is considering making UID numbers mandatory for all public services from next year.” A report from Nagpur dated 4 December says: “The state government has made it clear to all schools that unless all staff and students are enrolled in the Unique identification scheme, no salaries will be paid from next financial year.” The Hindu reported on 20 November: “A government order says that school children who are not enrolled in the Aadhaar scheme by 31 March 2013 will not be given benefits, including scholarships, grants, and various certificates.”

This is only the beginning of the story. Even though UID is not currently mandatory, it is increasingly being made so and banks, the labour ministry and even the railways are planning to incorporate it to provide services. An approach paper on privacy done for the Department of Personnel and Training (DoPT) says: “As more and more agencies of the government sign on to the UID project, the UID number will become the common thread that links all those databases together ... There is tremendous scope for... commercial exploitation of this information without the consent/knowledge of the individual.”

The dangers of the state using the UID to collate information from different databases such as those of banks, the tax authorities, hospitals, passport offices, driving licences and others are increasing. In December 2009, the National Intelligence Grid (Natgrid), established within the home ministry, will funnel information about us from 21 databases to 11 security agencies. In April 2011, rules framed under the Information Technology Act explained that those holding “sensitive personal data,” which includes “physical, physiological and mental health condition”, “sexual orientation”, “biometric information” and so on would be are required to share it with the government when asked.

Parliament’s Standing Committee on Finance (SCoF), chaired by Yashwant Sinha, in its December 2011 report on the UID had several objections to the scheme. While the committee “categorically conveyed their unacceptability of the National Identification Authority of India Bill, 2010,” it was damning when it said that, “The UID scheme has been conceptualised with no clarity of purpose and leaving many things to be sorted out during the course of its implementation; and is being implemented in a directionless way with a lot of confusion.”

The SCoF raises serious questions about the government beginning Aadhaar enrolments without parliament’s approval of the Bill, and comes down heavily on the government for proceeding without the “enactment of a national data protection law” - an essential prerequisite “for any law that deals with large-scale collection of information from individuals and its linkages across separate databases.”

The report also questions the use of biometrics to prove the unique identity of individuals. It notes that “the scheme is full of uncertainty in technology” and is built upon “untested, unreliable technology.” It notes that under Indian conditions, where most people, especially farmers, do manual work which scars or damages fingerprints, the “estimated failure of biometrics is expected to be as high as 15 percent”. So instead of a foolproof method of verifying a person’s uniqueness, it becomes a dangerous sham.

The SCoF report states that “there are lessons to be learnt from the global experience” which the ministry has “ignored completely”. The UK shelved its identity cards project for a number of reasons, including the huge costs involved, untested and unsafe technology, and risk to security of citizens. It adds that the London School of Economics report on the UK Identity Project inter-alia states that “…..identity systems may create a range of new and unforeseen problems……the risk of failure in the current proposals is, therefore, magnified to the point where the scheme should be regarded as a potential danger to the public interest and to the legal rights of individuals”.

In the US, though there is no comparable identity scheme, the social security number (SSN) plays a similar role. Until the early 2000s, it was closely guarded by the state and employers. Then the SSNs of individuals were exposed to a wide array of private players, which identity thieves used to access bank accounts, credit accounts, utilities records and other sources of personal information. In 2006, the Government Accountability Office noted that “over a one-year period, nearly 10 million people — or 4.6 percent of the adult US population — discovered that they were victims of some form of identity theft, translating into estimated losses exceeding $50 billion.”

In India, the dangers are manifold. The UIDAI has subcontracted its entire enrolment process to private companies, unlike the census, which is usually conducted by government employees. Thousands of private agents, acting as enrollers, data-collectors, and data-transporters, will have the potential to make a quick buck by selling UID data in electronic form to market players. This is especially risky, since information about biometric details, bank account numbers, and telephone numbers of potential customers can have a huge market demand.

As the government rushes ahead with plans to make the UID more ubiquitous, pushing ahead with its spread, the opposition to it is also growing. On 28 November 2012, civil rights activists issued a statement demanding that "the project be halted, a feasibility study be done covering all aspects of this issue, experts be tasked with studying its constitutionality, the law on privacy be urgently worked on (this will affect matters way beyond the UID project), a cost- benefit analysis be done and a public, informed debate be conducted before any such major change be brought in.”

This statement was issued by luminaries including former Supreme Court Justice VR Krishna Iyer, historian Romila Thapar, NAC member Aruna Roy, Upendra Baxi, jurist and former vice-chancellor of the Universities of Surat and Delhi, and many others. They raised 10 questions about the UID.

These included: (1) the need for UID, when 15 other identity proofs exist; (2) why Indian citizens should be profiled based on biometric data when even prisoners are not; (3) how the UID project poses a threat to the privacy rights of citizens; (4) the implications of an extraordinary dependence on corporations, many of them companies with close links to foreign intelligence agencies; (5) linking of UID with voter ID, land titles, National Intelligence Grid, National Population Register (NPR), National Counter Terrorism Centre (NCTC), etc, as an assault on the rights of citizens; (6) the lack of guarantees on the use of the database for communal and ethnic targeting of minorities and political dissidents.

With the parliamentary committee having rubbished the UID scheme and shown how it is inimical to national interest and individual privacy, the government should drop the idea instead of continuing with its folly.