Aadhaar is the most trusted and widely held unique identification system available in India today. It empowers 119 crore Indians with a credible identity and inspires more trust and confidence between person to person and person to a system than any other identity document in the country.
This is possible because of Aadhaar’s technology, its platform, and the authentication infrastructure. Thanks to its potential of cleansing the system of fake, ghost and duplicate identities, Aadhaar has become a game changer for the poor. It has also curbed black money, money-laundering and checked benami dealings and banking frauds, improved tax compliance, transparency and hassle-free delivery of State services. Critics of Aadhaar claim that it is a surveillance tool, which may alter the State-citizen relationship, and that it has led to data breaches and exclusions. With due respect to the critics, these allegations are unfounded.
It is relevant here to discuss the US’ Social Security Number (SSN) story, which was brought in through an enactment in 1935, for the limited purpose of providing social security benefits during the Great Depression. In 1942, the US expanded its scope, mandating all federal agencies to use SSN for their programmes. In 1962, SSN was adopted as the Tax Identification Number and, in 1976, the Social Security Act was further amended to say that any state may utilise the SSN number for taxation, general public assistance, driver’s licence, or motor vehicle registration law to establish a citizen’s identity.
This did not go unchallenged in the courts, which finally ruled that the mandatory use of the number to be constitutional and that the “mandatory disclosure of one’s social security number does not so threaten the sanctity of individual privacy as to require constitutional protection”.
In other cases, courts said: “Requiring an SSN on a driver’s license application is not unconstitutional, nor is a requirement that welfare recipients furnish their SSNs” and “preventing fraud in federal welfare programmes is an important goal, and the SSN requirement is a reasonable means of promoting that goal”.
In Britain, the National Insurance Number (NIN) is required from those who want to work, open bank accounts, pay taxes, want to receive child benefits and even those who want to vote.
Arguing that neither SSN nor NIN is based on biometrics, critics object to the collection of biometric data and the system of central number, which can potentially link all databases. They must realise that the collection of biometrics by the State for a legitimate purpose is an established practice sanctioned by law in India.
First, a citizen is statutorily required to give biometrics if s/he wants a licence, sell or buy properties or get a passport. Two, creating a system of a central number in a central database by the State and mandatory use of such a number and its linking in most citizen databases — be it SSN in USA or NIN in Britain that potentially enables the State to trace every person — has not rendered their citizens vulnerable to State surveillance. This is because there are enough safeguards in place. Similarly, the Aadhaar Act too has safeguards that prevent it from being used as an ‘electronic leash’ or an ‘instrument of state surveillance’.
Aadhaar is based on three principles: minimal information, optimal ignorance and federated database. In its life cycle, an Aadhaar database has your name, address, gender, date of birth/age and photograph and core biometrics, mobile number and email. The core biometrics is encrypted and is not shared. When people use Aadhaar for accessing services, their information remains in silos of federated databases so that each agency that uses it remains optimally ignorant. The UIDAI’s recent measures —- Virtual ID, UID Token, and Limited E-KYC —- will further strengthen privacy.
Aadhaar does not collect or receive any information from any service provider or a linking exercise. The UIDAI responds to such verification requests by replying either ‘yes’ or ‘no’. In few cases, if required, and the UIDAI sends only basic KYC details available with it. Thus Aadhaar empowers the people, not the State.
Aadhaar is legally backed by the Aadhaar Act, 2016, which covers privacy protection measures relating to informed consent, collection limitation, and use and purpose limitation and sharing restrictions, and the UIDAI has a zero-tolerance policy for any violation of the Act. UIDAI remains open to constructive suggestions and will continue to continuously review and strengthen its system for the empowerment of people.
Ajay Bhushan Pandey is CEO, UIDAI