Wednesday, 19 July 2017

Privacy a fundamental right? Here are 5 concerns with Aadhaar

A centralised and inter-linked database like Aadhaar will lead to profiling and self-censorship

5 Concerns with Aadhaar

Privacy has been a key focus in the recent debate on Aadhaar. This is a very welcome development. Aadhar Privacy is being interpreted in different, equally valid, ways by different sets of people. But the differences in interpretations are not always obvious to those who participate in the discussions. For instance, when computer scientists use the word privacy, they tend to it interpret from a narrow ‘data security’ perspective, whereas the lawyers in the Supreme Court have been highlighting the civil liberties angle to it. This has resulted in groups talking past each other – the solutions that the computer scientists propose, for instance, (like stronger standards for data security, including encryption) are not satisfactory to those who highlight the civil liberties aspects of privacy. Constructive conversation on the issue requires a more elaborate look ate the different dimensions of privacy.

Five privacy concerns

Possibly the narrowest view of privacy is the technical ‘data security’ point of view. The focus there is on what data need to be secure (the Aadhaar number, demographic information or biometrics), whether data stored in the Classless Inter-Domain Routing is secure (such as the encryption standards or the probability of hacking) and what would the consequences of data breaches be (for instance, some people ask what is the harm if an Aadhaar number is publicly displayed). The response of the Unique Identification Authority of India (UIDAI) and others is that data are encrypted using the highest standards, that access is severely restricted, and that, in any case, there have been no security breaches so far.(economy news)

Experts, however, believe that for centralised databases the question is not whether it can be hacked, but when. For instance, Bruce Schneier told Pranav Dixit, “When this database is hacked – and it will be – it will be because someone breaches the computer security that protects the computers actually using the data.”

A related concern that has been highlighted is that even if data are secure, with Aadhaar-enabled Payments System (AePS), the Aadhaar project has created a vulnerability to identity fraud, even identity theft. The idea behind AePS is, as Prime Minister Narendra Modi put it, ‘Your thumbprint is your bank’. Fingerprint impressions, however, can be easily reproduced. For instance, recently Hindustan Times reported that 200 students in Mumbai replicated their fingerprints on a widely-used resin to fudge biometric attendance. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of banking fraud. In the light of this emerging financial technology infrastructure which rides on Aadhaar and biometrics, the recent ‘Aadhaar leaks’ scandal (whereby Aadhaar numbers of lakhs of people were displayed on government portals) is significant. The emerging AePS architecture opens the door to identity theft. Even in the absence of data breaches, that is an alarming breach of privacy.
  • Why is Aadhaar different?
  • Aadhaar and the ‘personal data economy’
  • Usual, inadequate responses

(read more)






14th BRICS summit to review current global issues, reach key agreements

  At the   14th BRICS summit   which is to be hosted by China in a virtual mode on 23-24 June, the member nations will review the current gl...