Aadhaar uses fingerprints, linked to bank accounts: How safe is your unique identity?
Since every instance of use of Aadhaar for
authentication or for financial transactions leaves behind logs in the Unique
Identification Authority of India’s (UIDAI) databases, the government can
potentially have very detailed information about everything from the your
medical purchases to your use of video-chatting software. The space for digital
identities as divorced from legal identities gets removed. Clearly, Aadhaar has
immense potential for profiling and surveillance. Our only defence: law that is
weak at best and non-existent at worst.
The Aadhaar Act and
Rules don’t limit the information that can be gathered from you by the
enrolling agency; it doesn’t limit how Aadhaar can be used by third parties (a
process called ‘seeding’) if they haven’t gathered their data from UIDAI; it
doesn’t require your consent before third parties use your Aadhaar number to
collate records about you (eg, a drug manufacturer buying data from various
pharmacies, and creating profiles using Aadhaar).
It even allows your
biometrics to be shared if it is “in the interest of national security”. The
law offers provisions for UIDAI to file cases (eg, for multiple enrollments),
but it doesn’t allow citizens to file a case against private parties or the
government for misuse of Aadhaar or identity fraud, or data breach.
It is also clear that
the government opposes any privacy-related improvements to the law. After
debating the Aadhaar Bill in March 2016, the Rajya Sabha passed an amendment by
MP Jairam Ramesh that allowed people to opt out of Aadhaar, and withdraw their
consent to UIDAI storing their data, if they had other means of proving their
identity (thus allowing Aadhaar to remain an enabler)...