Number, No Privacy Threat

Source: Indian Express

Relevance: This article justifies making aadhaar, a public utility, against a general perception of making it confidential information.

Synopsis: Some privacy proponents are of the view that the Aadhaar number should be treated as a secret or confidential number, making its retrieval an uphill task.

Is Aadhaar number confidential?

• Firstly, as per the Aadhaar Act, “An Aadhaar number shall be a random number and bear no relation to the attributes or identity of the Aadhaar number holder.”
  • It is neither secret nor confidential. For this reason, the IT Act also does not classify the Aadhaar number as sensitive personal information.
• Secondly, the UIDAI was acutely aware of the possibility of an individual losing the Aadhaar card and the short longevity of a paper one.
  • It does not describe Aadhaar as a card, but a number, which is easy to retrieve, download, and print with no original, copy, or duplicate concept.

Why treating Aadhar numbers as confidential is not right?

• Firstly, if Aadhaar number is treated as a secret or confidential number, its retrieval will be difficult,
• Secondly, Under the IT Act, the biometric information collected by the UIDAI for uniqueness is sensitive personal data.
  • However, due to privacy-related issues, the UIDAI is not allowing individuals to leverage their biometrics to retrieve lost Aadhaar numbers.
  • Thus, if it is confidential, searching a database of billion-plus residents without biometrics may be challenging for the ones without other unique identifiers like email and phone numbers.
• Thirdly, Section 29(4) of the Aadhaar Act prohibits the publication of Aadhaar numbers except for purposes specified by regulations.
  • The purpose of these restrictions is that while the Aadhaar number is not confidential, its publication in various government records will make it easy to collate information.
  • However, the collation of data in the digital world is easy even otherwise.
• Lastly, the Aadhaar number is not an ID or a password.
  • “Analysis of Major Concerns about Aadhaar privacy and security” refutes that the Aadhaar number is vulnerable to surveillance attacks by the state, forgery attacks by miscreants, or database attacks by hackers.
  • It says that getting access to somebody’s Aadhaar number does not increase the digital vulnerability of the owner.

Way forward:

• Dreze and Anil suggest ways to simplify the retrieval of lost Aadhaar numbers.
  • A lucid policy for recovery and easy to access support services is required.
  • Recalling demographic data submitted to the Authority will suffice to retrieve lost numbers.
  • The use of biometrics as a measure of last resort needs to be permitted.
  • The UIDAI needs to act with urgency to end the woes of the less well-versed.
• UIDAI should vigorously promote the adoption of the Aadhaar as a public utility, not just by the government but the nation.

Hence, Aadhaar must be seen as an instrument to empower people across domains to realize their rights and place in the digital world.