In the mid-1990s the government of Iceland had granted deCODE Genetics exclusive access to the medical records, some of them hundreds of years old, of the tiny European nation. The move caused a furore inside and outside Iceland with many calling it to be the sellout of the genetic identity of every Icelander. A woman moved the supreme court of Iceland against deCODE and the court ruled in favour of her. The controversy did not die down with it, since then whenever the researchers of the Human Genome Project wanted to study the genetic makeup of a unique group of people there have been protests that derailed many well-designed and well-meaning experiments. The concern these protests articulated was loud and clear – identity is a private preserve and governments and other institutions should be kept off that ground.
In India the loud and passionate protests over Aadhaar number and its linking with several services are similar to the Iceland imbroglio; again, the anxiety over the loss of the private preserve of identity caused anger among the population. At the centre of the debate is the unique Aadhaar number printed on a card, which captures personal details of a person. It is a 12-digit unique identity number issued to all Indian residents by the Unique Identification Authority of India (UIDAI) since 2009. The number is based on a citizen of India’s biometric and demographic data.
88.2% of the population has now been enrolled for Aadhaar. The idea of such a citizen identification system was first mooted by Nandan Nilekani, one of the founders of the Indian IT firm, Infosys, who later on served as the head of UIDAI and presided over the launch of the project. Needless to say, since its launch Aadhaar has been at the centre of controversy. Some, such as economist Jean Dreze, feel that in its present avatar Aadhaar Act can be misused to attack the fundamental right to privacy.
The Government of India in its submission to the Supreme Court had held that the right to privacy was not a fundamental right. The court in a landmark judgment ruled against the GOI and that in turn added more firepower to the activists fighting against the UIDAI Act in courts and outside.
Identity is crucial to all human activities. Every individual treats his or her functioning psychological and social identity as a necessary ingredient for his or her wellbeing. Any attempt, be it by deCODE or UIDAI to tinker with the setup, is interpreted as a threat to identity resulting in loud and strong reactions. People conveniently shift between several identities wearing particular identity hats given the context – family, jobs, friends and so on – and many of these identities are necessary to lead a normal life. Your name, bank card number, your nickname- the identities are many and they are essential for daily life. However, it is the so-called ‘legal identities’, someone’s marriage registration number that is essential for the functioning of modern societies that many find difficult to share with authorities.
The Aadhaar number was there in 2009 but the moment the government decided to link it to bank accounts direct payment of subsidies and payment under National Rural Employment Guarantee Act (NREGA) the questions related to identity encroachment began to arise. People saw their safely kept secret suddenly laid bare; their legal identities under attack. Fears of identity attack among the people are not unfounded; despite atrocious claims by supporters of Aadhaar of keeping the personal data safe behind a 13-foot wall, regular reports appear in the media of card data on sale, people denied food supplied through the public distribution system because their Aadhaar number does not match with their biometric profile, the Personal Authentication Number (PAN), issued by the Income Tax department, of an Indian citizen cannot be linked with the Aadhaar number because of mismatch of names… The complaint list gets longer every day.
One of the common concerns of many Indians is safe-keepingof Central Identities Data Repository (CIDR). Interestingly, according to the Aadhaar Act of 2016, a lot of the information stored in the CIDR is accessible by various organizations so to treat this as the Fort Knox of personal data would be erroneous. One should, however, add that CIDR has the usual checks and it is by no means an open-door-to-all vault.
People allege that the concerns over identity theft and misuse are genuine because of the nature of the Aadhaar Act. To enroll with UIDAI authority one has to share a lot of personal data. The Act, people fighting the cases, say can protect only a part of the data and not all. It is difficult to ascertain how much of the shared information can be concerned as sensitive as it varies from individual to individual. We voluntarily share a lot of personal information on social media that many would consider an act of foolhardiness but the same information, when asked by any other authority, can cause us to clam up.
Our openness on social media helped Facebook to allegedly share personal data with the likes of Cambridge Analytica who in turn used our identity profiles to help people gain power, or suppress dissent. In fact, the Aadhaar debate opened a can of worms where issues such segregation, alienation, subterfuge, espionage and identity masking have come to the fore.
Some see any attempt at storing personal data as inviting trouble. In this world of intimate connectivity, events of rogues getting hold of some key number keys and cleaning up personal savings have become commonplace; and CIDR is not an isolated system. It is not difficult to see why many treat their 12-digit identity as a time-bomb ticking in their safe. The supporters of Aadhaar have been trying to convince the people by highlighting the security measures in place but their assurances are not doing enough. While the number of enrolment is growing, the detractors attribute arm-twisting to a growing list of government agencies, from the tax department to the licensed PDS shops.
As the online identities continue their march northwards and grow in the importance they add to already existing complex issues. While Aadhaar is one such ‘number identity’ many of us have several identities floating all across the web. They may be Gmail passwords or phone security codes, all of them are vulnerable to attacks from groups looking for a small breach. As many of us knowingly or unknowingly link our multiple digital identities to a legal identity, we are inviting trouble. Some internet security experts say Aadhaar faces similar issues in the form of privacy breaches, risks of identity theft, damage to reputations, reprisals and above all exploitation. It is becoming increasingly difficult for authorities to keep onlinedata safe, many have moved to multiple layers such as facial data to secure systems but no one is sure that it will help.
One of the biggest issues that both deCODE Genetics and UIDAI Authority suffer from is the spread of non-technical, ill-informed rumours. They could not convince people of the utility of their platforms. The predicament lies in the ethical and moral issues involved with such projects. What does a person lose if he or she enrolls with Aadhaar? It is not his or her identity but one cannot be so sure about his or her privacy. Thus Aadhaar has some serious identity crisis as the authorities are scrambling to save it.
As legal battles over the 12-digit unique identification number rage, the citizen of India is looking for a few answers. Whose identity is Aadhaar trying to protect and why?
(Debkumar Mitra is a Kolkata-based writer)