14 April 2017

Aadhaar: In the eye of the privacy storm

Anil Padmanabhan

For the last few weeks, Aadhaar, or India’s unique identity number programme, has been in the news for all the wrong reasons.

First, there was the news about some business correspondents illegally storing biometric data and misusing it.

Second, there was a (orchestrated) backlash against the government’s move to make Aadhaar mandatory for filing of income tax returns as well as for obtaining and retaining the permanent account number (PAN); which among other things will make it very difficult to elude the radar of the tax sleuth. Just remember that some 250 million PAN numbers have been issued so far and yet, there are only 40 million taxpayers.


The privacy warriors have used this moment to argue their long-standing case against Aadhaar. While no one can dispute their concerns on privacy, it is unfair to pick on Aadhaar as the sole example of such breach of privacy; indeed it has its shortcomings, as the Telangana example showed, but they don’t fall in the realm of privacy breaches.

This thing that just because it is government ordained it therefore implies that “big brother” is watching plays on our worst fears (Remember George Orwell’s gripping book: 1984). Even if it is true (personally, I hope not), it is more likely that we voluntarily put out more of our personal data in public domain—through the proliferation of social media tools like Twitter, Facebook, WhatsApp, Viber and so on—which is vulnerable to misuse.

At this stage therefore it is important to agree to the first principles of this debate.

One, let us not be a Luddite and demand that Aadhaar, which is based on sound logic, be disabled. Second, as privacy warriors point out, there is an urgent need to protect privacy of data; and this is not just important from the point of view of individuals, even companies and countries are vulnerable (hackers mostly go after institutions, which curate all kinds of information).

Nandan Nilekani, also the person who gave us Aadhaar, explains this best. In a recent interview published in The Economic Times he said, “Privacy is an all-encompassing issue because of the rapid rate of digitisation the world is seeing. Your smart phone has sensors, GPS and is generating more and more information about everything; voice-activated devices could also be recording your conversations. There’s a profusion of CCTV cameras at malls, restaurants, ATMs recording your movements. We have a broader issue on how people retain their privacy in this world.”

But this is where we run into a problem, even though there is concurrence on the need for a privacy law. For one, there is a great reluctance on the part of the government to come out with one.

A draft law was put up for conversation in the second term of the Congress-led United Progressive Alliance, but never saw the light of the day; in fact, they are guilty of not creating Aadhaar under a law (something that was closed out only last year and that too after the Supreme Court stepped in).

Second, it is something easier said than done. As the latest cover story (8 April) of The Economist points out: “There is no way to make computers completely safe. Software is hugely complex. Across its products, Google must manage around 2 billion lines of source code—errors are inevitable. The average program has 14 separate vulnerabilities, each of them a potential of illicit entry. Such weaknesses are compounded by the history of the Internet, in which security was an afterthought.”

But this is not to suggest that we should just be wringing our hands and forget about privacy. Absolutely not.

Instead, there is an urgent need to generate a larger conversation on privacy, which involves all stakeholders—including the consumer (so critical as we move into the era of Internet of Things like smart TVs, Fridges and so on). And this has to be done soonest.

Till then, let us desist from submitting to fear-mongering on Aadhaar.

Anil Padmanabhan is executive editor of Mint and writes every week on the intersection of politics and economics.

No comments: