Aadhaar: What’s wrong with a national identity number?

Written By Dhananjaya Tambe | Updated: Sep 05, 2017, 10:26 PM IST

The law can also lay down how this data would be protected from unauthorized use

The Supreme Court verdict of 24th August 2017 pronouncing right of privacy as a fundamental right has been interpreted in some circles as a verdict against Aadhaar. In some quarters, it has immediately been concluded that Aadhaar violates privacy and that all those regulations which made obtaining of Aadhaar mandatory for certain services will now be struck down by the five-judge Constitution Bench, when it pronounces its verdict on Aadhaar related matters.

But does Aadhaar really violate a person’s privacy? At a basic level, Aadhaar is nothing but a unique 12-digit number that is assigned to a person living in India. In this respect, it is no different from a passport number or a driving licence number. The difference arises in the methodology adopted for assigning the Aadhaar number to an individual. When an individual registers for Aadhaar, he needs to provide proofs of identity, address, relationship (to head of family) and date of birth, in addition to getting his countenance photographed. But this also does not differentiate Aadhaar, as some or all of these proofs are required to be provided at myriad other places such as getting a child admitted to a school, or obtaining a passport. What differentiates Aadhaar is that the individual also needs to provide his biometrics (fingerprint and iris scan), which is used initially for the purpose of deduplication and later, other systems could use it for authentication. All other forms of identification can be obtained by a person multiple times fraudulently, but not the Aadhaar number due to the feature of deduplication on biometrics. It could be argued that it is possible to fake identity even in the Aadhaar system, and that a Ram Kumar could register as a Dashrath Prasad by giving fake documents in the latter name. While this is possible, once he has been registered as Dashrath Prasad, he cannot again register as Ram Kumar, which will deter him from registering in any name other than his own. None of the other systems of identity have this feature. Elimination of multiple and fake identities is the greatest boon of Aadhaar, as the accuracy of any action based on Aadhaar number if far superior to that based on other IDs.

Use of an identity number to record a transaction, such as opening a bank account, has never been questioned in any forum, on grounds of privacy or otherwise. So why is use of Aadhaar been called to question? For those who argue that Aadhaar is linked to the biometrics of the individual, may I ask in what way does this linkage by itself violate privacy? In other words, how does this linkage infringe upon personal autonomy, intimate personal choices or personal dignity, which are the key elements of privacy?

Some have argued that making Aadhaar mandatory is violation of privacy? How? If it had not been Aadhaar, it would have been some other identity number, such as driving licence number or election ID number, that an individual would have had to provide? If providing any other identification number is not a violation of privacy, how does providing of Aadhaar number become so?

Another variant of the above argument is that if Aadhaar is made mandatory for all types of transactions, then it will be possible for the State to know everything about an individual. Supporters of this argument have conjured up images of an Orwellian State which could have a tendency to wrest ownership of data away from individuals by expanding Aadhaar to every conceivable arena. Examples are given of how the Government would know everything from which school you went to, to where you bought your apartment, to where you did your last shopping. This argument presumes that data linked to Aadhaar would necessarily be aggregated by some agency. If this is the fear, then a law can brought regarding aggregation of Aadhaar-based data, clearly defining who may aggregate it, under what circumstances, with whose authority, and for what purpose. The law can also lay down how this data would be protected from unauthorized use.

While on the subject, let me also clarify that the other use of Aadhaar, namely, biometric authentication, by itself does not result in generation of any personally identifiable data and is analogous to affixing of signature. In as much as that is concerned, there can be no breach of privacy associated with it, and while there can be arguments regarding whether biometrics is a failproof method of authentication, that would be a separate debate.

The Aadhaar system is one of the finest identity management systems in the world, and is also one of the few Government initiatives where the implementation has been a success. While building safeguards and addressing the concerns regarding its misuse, I fervently hope that good sense will prevail and the baby will not be thrown out with the bath water.

The writer is a Mumbai-based banker