The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016, better known as Aadhaar Bill, was introduced in Lok Sabha on March 3.
The Bill intends to provide for targeted delivery of subsidies and services to individuals residing in India by assigning them unique identity numbers.
Parliament is debating on the certain portions of the Bill, which may need clarification or amendments:
1. Allowing private agencies to use Aadhaar contradicts statement of objects and reasons of the Bill
The Statement of Objects and Reasons of the Bill states that identification of targeted beneficiaries for delivery of various government subsidies and services has become a challenge for the government. At the time of the introduction of the Bill, the government stated that “the Bill confines itself only to governmental expenditure.” However, the Bill also allows private persons to use Aadhaar as a proof of identity for any purpose.
2. Issues with sharing information collected under Aadhaar
The provisions in the Bill with regard to protection of identity information and authentication records may be affected by an ongoing writ petition in the Supreme Court. The petition claims that Aadhaar may be in violation of right to privacy. A five-judge Bench of the court is examining whether right to privacy is a fundamental right.
3. Disclosure of information to intelligence or law enforcement agencies
The provisions regulating disclosure of private information under the Bill differ from guidelines specified under another law - the Indian Telegraph Act, 1885. The Bill differs from the guidelines for phone tapping in two ways. First, the Bill permits sharing in the interest of ‘national security’ rather than for public emergency or public safety. Second, the order can be issued by an officer of the rank of Joint Secretary, instead of a Home Secretary.
4. Potential to profile individuals
The Bill does not specifically prohibit law enforcement and intelligence agencies from using the Aadhaar number as a link (key) across various datasets (such as telephone records, air travel records, etc.) in order to recognise patterns of behaviour.
Techniques such as running computer programmes across datasets for pattern recognition can be used for various purposes such as detecting potential illegal activities. However, these can also lead to harassment of innocent individuals who get identified incorrectly as potential threats.
5. UID authority’s exclusive power to make complaints
A provision says, “Courts cannot take cognizance of any offence punishable under the Act, unless a complaint is made by the UID authority, or a person authorised by it.” This may present a conflict of interest as under the Bill the UID authority is responsible for the security and confidentiality of identity information and authentication records. There may be situations in which members or employees of the UID authority are responsible for a security breach.
6. Discretionary powers of UIDAI
The Bill empowers the UID authority to specify demographic information that may be collected. The only restriction imposed on the authority is that it shall not record information pertaining to race, religion, caste, language, records of entitlements, income or health of the individual. This power will allow the authority to collect additional personal information, without prior approval from Parliament.
7. Collection of personal information
The enrolment form currently being used contains fields for capturing information such as the National Population Register (NPR) receipt number, mobile number, and bank account number. Though these fields are labelled ‘optional’, it is unclear why this additional information is being recorded.
8. Ambiguity in specifying biometric information
The Bill specifies biometric information to include photograph, fingerprints, and iris scans. Further it empowers the UID authority to specify other biological information that may be collected. Therefore, the Bill does not prevent the UID authority from requiring the collection of biometric information such as DNA.
9. Time period for maintaining authentication records
The Bill does not specify the maximum duration for which authentication records may be stored by the UID authority. Instead it allows the UID authority to specify this through regulations. Maintaining authentication records over a long time period may be misused for activities such as profiling an individual’s behaviour.
The Bill intends to provide for targeted delivery of subsidies and services to individuals residing in India by assigning them unique identity numbers.
Parliament is debating on the certain portions of the Bill, which may need clarification or amendments:
1. Allowing private agencies to use Aadhaar contradicts statement of objects and reasons of the Bill
The Statement of Objects and Reasons of the Bill states that identification of targeted beneficiaries for delivery of various government subsidies and services has become a challenge for the government. At the time of the introduction of the Bill, the government stated that “the Bill confines itself only to governmental expenditure.” However, the Bill also allows private persons to use Aadhaar as a proof of identity for any purpose.
2. Issues with sharing information collected under Aadhaar
The provisions in the Bill with regard to protection of identity information and authentication records may be affected by an ongoing writ petition in the Supreme Court. The petition claims that Aadhaar may be in violation of right to privacy. A five-judge Bench of the court is examining whether right to privacy is a fundamental right.
3. Disclosure of information to intelligence or law enforcement agencies
The provisions regulating disclosure of private information under the Bill differ from guidelines specified under another law - the Indian Telegraph Act, 1885. The Bill differs from the guidelines for phone tapping in two ways. First, the Bill permits sharing in the interest of ‘national security’ rather than for public emergency or public safety. Second, the order can be issued by an officer of the rank of Joint Secretary, instead of a Home Secretary.
4. Potential to profile individuals
The Bill does not specifically prohibit law enforcement and intelligence agencies from using the Aadhaar number as a link (key) across various datasets (such as telephone records, air travel records, etc.) in order to recognise patterns of behaviour.
Techniques such as running computer programmes across datasets for pattern recognition can be used for various purposes such as detecting potential illegal activities. However, these can also lead to harassment of innocent individuals who get identified incorrectly as potential threats.
5. UID authority’s exclusive power to make complaints
A provision says, “Courts cannot take cognizance of any offence punishable under the Act, unless a complaint is made by the UID authority, or a person authorised by it.” This may present a conflict of interest as under the Bill the UID authority is responsible for the security and confidentiality of identity information and authentication records. There may be situations in which members or employees of the UID authority are responsible for a security breach.
6. Discretionary powers of UIDAI
The Bill empowers the UID authority to specify demographic information that may be collected. The only restriction imposed on the authority is that it shall not record information pertaining to race, religion, caste, language, records of entitlements, income or health of the individual. This power will allow the authority to collect additional personal information, without prior approval from Parliament.
7. Collection of personal information
The enrolment form currently being used contains fields for capturing information such as the National Population Register (NPR) receipt number, mobile number, and bank account number. Though these fields are labelled ‘optional’, it is unclear why this additional information is being recorded.
8. Ambiguity in specifying biometric information
The Bill specifies biometric information to include photograph, fingerprints, and iris scans. Further it empowers the UID authority to specify other biological information that may be collected. Therefore, the Bill does not prevent the UID authority from requiring the collection of biometric information such as DNA.
9. Time period for maintaining authentication records
The Bill does not specify the maximum duration for which authentication records may be stored by the UID authority. Instead it allows the UID authority to specify this through regulations. Maintaining authentication records over a long time period may be misused for activities such as profiling an individual’s behaviour.