Aadhaar was conceived as an idea after Kargil war by Kargil
Review Committee as an identity card to be issued particularly to villagers
abiding in the border areas and terrorism inflicted zones. But it has now
evolved into an all inclusive Indian Identity Card that bears sensitive bio-metric
information’s of its citizens.
Aadhaar and Security
Aadhaar has now been increasingly used for social security
schemes like linking Direct Benefit Transfer (DBT), opening bank accounts, buying
mobile SIM cards etc. This has greater security implications like
of Mass surveillance: This may put individual liberty
in peril questioning the fundamental rights guaranteed by the constitution. In
a democracy like India where vote bank politics plays a major role in
determining election results, Aadhaar may be misused for political purposes.
security: As all financial data like PAN Card information, Tax returns,
Bank Details are stored in a single UID database any breach would have a
potential to cause a financial breakdown.
security: India still in want of robust Cyber security infrastructure.
There are legal lacunae dealing with data’s taken out of the country. The
National Cyber security policy, 2013, which envisages for National Critical
Information Infrastructure Protection Centre (NCIIPC) is yet to be implemented.
features: With only Bar Code and QR code the physical Aadhaar card do not
have any secured featres like Digital signature or Halogram. This makes it easy
and vulnerable for duplicating.
Need for new security updates
With so many
security implications at its hand Aadhaar’s claimed security was questioned and
put into scanner following certain incidents.
Alleged breach by Tribune Report: A sting operation conducted by ‘The Tribune’ claimed to have
access to Aadhaar details by bribing an agent.
alleged hacking of website of the Government of Rajasthan, “aadhaar.rajasthan.gov.in”,
through which one could access and print Aadhaar cards of any Indian citizen.
Suspension of License for Airtel Payment Bank: The Unique Identification Authority
of India (UIDAI) temporarily suspended the eKYC (electronic know your
customer) licence of Airtel Payments Bank for allegedly opening bank
accounts and force-seeding them with Aadhaar numbers without obtaining the
informed consent of the customers in question. PTI report also notes that
Airtel routed the LPG subsidies of 31 lakh users (payments worth Rs 190 crore)
to their Airtel payment bank accounts instead of the beneficiaries’ original
into cognizance the potential threat, the UIDAI has responded with increasing
the security features of Aadhaar such as introducing,
1. Two tier shield
for Aadhaar Data: To eliminate the need to share and store Aadhaar numbers,
the UIDAI has introduced virtual ID.
A virtual ID can be used by the Aadhaar card holders in place
of the actual biometric ID. It is a temporary 16-digit random number mapped
with the aadhaar umber.
2. Introduction of
UID Token: It is
a 72 character alphanumeric provided by UIDAI. This allows an agency to ensure
uniqueness of its beneficiaries, customers etc… without having to store
Aadhaar number to their databases.
3. Introduction of
Face recognition: This feature can be used in fusion with existing
fingerprint, Iris scanner and OTP.
Aadhaar and Right to Privacy
Supreme Court in Justice puttaswamy vs Union of India case,
ruled that right to privacy is intrinsic part of life and liberty under Article
The judgment also concludes that privacy is a necessary
condition for the meaningful excuse of other guaranteed freedoms. It also
clarified that privacy is a fundamental, inalienable right intrinsic to human
dignity and liberty.
Supreme Court’s verdict Aadhaar has assumed greater significance as it directly
affects the fundamental right. Its implications are now far beyond just data
security. They are,
Privacy enjoys a robust legal framework internationally and India has also
signed and ratified International Covenant on Civil and Political Rights (ICCPR).
Drafting Data (privacy & Protection) bill, 2017: Introducing a rights based approach
where consent of individuals is mandatory for collecting, processing storing
and deletion of personal data with very limited exception on case by case.
The bill will be drafted taking key inputs from the former Supreme
Court Judge, BN Srikrishna.
by digital e-commerce business such as ensuring checks on accessibility of data
harvested and taken to servers outside the country.
like DNA Profiling Bill as it violates the right to privacy
institutional mechanism such as Privacy Commissioner should be constituted to
prevent unauthorized disclosure of or access to such data.
2. National cyber cell should be made well capable
of dealing with any cyber-attack in the shortest time. Implementing National
Cyber Security Policy, 2013 and
addressing the issue of Data and identity theft.
3. We need to
educate people on the risks involved and highlight examples of Digital fraud
and Safe cyber usage policies.
4. The government
should recognise all dimensions of the right to privacy and address
concerns about data safety, protection from unauthorised interception,
surveillance, use of personal identifiers and bodily privacy.
5. Laws need to be
updated to fix accountability for Multi National Companies that stores Data’s
outside national borders by enacting concrete Privacy Laws.
As more and more Bank accounts and Direct Benefit Transfer
(DBT) are linked with Aadhaar it becomes imperative to build a robust security infrastructure.
With that, the new security measures are a welcome step in ensuring data
security and in tune with upholding individuals fundamental right to privacy.