<p align="justify">The question whether Aadhaar is mandatory or not has become one of the greatest existential enigmas of our time. Transparency is the key to deepening democracy, but when elected governments maintain strategic uncertainty on key policy matters, we must sense danger.<br /><br />Aadhaar has a long history in Indian public policy. The creation of unique identity numbers for citizens was essentially a demand of the Ministry of Home Affairs (MHA) in the 1990s to address the threat of terrorism. The Vajpayee government introduced the Multi-purpose National Identity Card” (MNIC) in 2003, for which it also amended the Citizenship Act of 1955. The aim was to create a National Register of Indian Citizens (NRIC). The new Citizenship Rules of 2003 spoke only of a National Identity Number attached to the names of citizens in the NRIC. However, sometime in 2004-05, biometrics was stealthily added to the list of data to be collected and stored. <br /><br />The confusion began when the MHA encountered the complexities of determining who was a citizen. It then decided that NRIC should be preceded by the National Population Register (NPR), which would have data on residents and not citizens. As the NPR database was to include biometrics, the MHA required technical expertise. The establishment of the Unique Identification Authority of India (UIDAI) in 2008 was to meet this requirement. In parallel, the idea of a unique identity number for developmental purposes was mooted by the Planning Commission in 2006. When Nandan Nilekani took over as the UIDAI Chairman in 2009, this agenda received a boost. Nevertheless, the links between the UIDAI database and the NPR database remained intact. The Aadhaar number in the UIDAI database was to be the same as the National Identity Number in the NPR database.<br /><br />Any understanding of Aadhaar would be incomplete without appreciating this crucial link of dependency between the developmental and security dimensions of Aadhaar. It is from this link of dependency that the fears of privacy and of a surveillance state have arisen. There is always the problem of “functionality creep”, where data collected serves purposes other than its original intent. There are many ways in which the state can use such a database against its own citizens. The database could be used to persecute marginalised sections of the population. The police and security forces could extensively use it for regular surveillance and investigative purposes. It is the same link of dependency that also helps explain the urge of governments to make Aadhaar mandatory. <br /><br />Voluntarily mandatory <br />To begin with, the UIDAI had no qualms in conferring the status of a Registrar to the Census Commissioner; as a result, when anyone registered in NPR, they received an Aadhaar too. The UIDAI also attempted to cajole different government agencies to make service provision contingent on the submission of Aadhaar. For such public services, the UIDAI had a name: “Killer Applications”. In 2010, a UIDAI document argued: “Every citizen must have a strong incentive or a ‘Killer Application’ to go and get herself a UID, which one could think of as a demand side pull”.<br /><br />In January 2011, Nandan Nilekani tried to sanitise the compulsory nature of Aadhaar thus: “Yes, (Aadhaar) is voluntary. But the service providers might make it mandatory. In the long run, I wouldn’t call it compulsory. I’d rather say it will become ubiquitous.” He further stated in November 2012: “If you do not have the Aadhaar card, you will not get the right to rights”. Clearly, the UPA government was deeply complicit in ensuring that Aadhaar was made mandatory for a range of social services. Interestingly, during the same period, the BJP leaders were spewing venom at Aadhaar. According to Narendra Modi, the then chief minister of Gujarat, Aadhaar was a security threat and a political gimmick; the scheme had no vision and crores were wasted on it. Arun Jaitley too wrote blog posts against Aadhaar arguing that it was an invasion of the right to privacy. But once in power, the BJP made a remarkable U-turn and embraced Aadhaar wholeheartedly. The Modi government unleashed a blitzkrieg of sorts in trying to ensure that each and every crucial service provided to the citizens of India was mandatorily linked to Aadhaar. </p>.<p align="justify"><br />Three arguments raised by the defendants of Aadhaar may be worth restating and responding to.<br /><br />There is no threat to privacy, as Aadhaar data is safe and only a “Yes/No” is provided from the Central Identities Data Repository (CIDR) server during authentication. <br />- This is absolutely wrong. The potential of Aadhaar to violate privacy is not limited to data stored in the CIDR but is a systemic concern. With Aadhaar becoming pervasive, multiple agencies would begin to collect, use and store Aadhaar and biometric information of individuals. While these agencies may partly use it for authentication with the CIDR, it would always be possible for them to also retain the information. We run a real risk of biometric information attached to Aadhaar numbers becoming a commodity freely available for purchase. Biometric information left behind by the individual is only part of the cause for worry; what is also equally confidential is the information that an act of authentication was undertaken at a particular point in time by a particular individual with a particular agency. In other words, every individual, during authentication, would leave behind a biometric trail. This is the real fear.<br /><br />Biometrics provide the most effective route to authentication. <br />- Given that a large share of India’s population is involved in manual labour and the share of the elderly in the population is rising, the average quality of fingerprints is poor. As a result, there are large error rates in the centralised biometric authentication of beneficiaries in addition to the presence of disruptive factors like lack of electricity and poor Internet connectivity. The government’s own Economic Survey 2016-17 put the error rates in Aadhaar-based authentication at 49% in Jharkhand and 37% in Rajasthan.<br /><br />Aadhaar results in huge public savings.<br />- Careful analysis has shown that most of the de-duplications in the beneficiary lists resulted before Aadhaar was introduced. But the government has been claiming even the savings from de-duplications undertaken without Aadhaar as due to Aadhaar. It has been shown that only 1% of the savings from Aadhaar, as claimed by the government, was actually because of Aadhaar. <br /><br />Sadly, the Supreme Court is yet to form the constitutional bench to examine if privacy is a fundamental right. It has also chosen to remain silent even as five of its orders from 2013 are being regularly violated by the government and other service providers. When will it wake up? <br /><br />(The writer is a professor at the Tata Institute of Social Sciences, Mumbai) </p>
<p align="justify">The question whether Aadhaar is mandatory or not has become one of the greatest existential enigmas of our time. Transparency is the key to deepening democracy, but when elected governments maintain strategic uncertainty on key policy matters, we must sense danger.<br /><br />Aadhaar has a long history in Indian public policy. The creation of unique identity numbers for citizens was essentially a demand of the Ministry of Home Affairs (MHA) in the 1990s to address the threat of terrorism. The Vajpayee government introduced the Multi-purpose National Identity Card” (MNIC) in 2003, for which it also amended the Citizenship Act of 1955. The aim was to create a National Register of Indian Citizens (NRIC). The new Citizenship Rules of 2003 spoke only of a National Identity Number attached to the names of citizens in the NRIC. However, sometime in 2004-05, biometrics was stealthily added to the list of data to be collected and stored. <br /><br />The confusion began when the MHA encountered the complexities of determining who was a citizen. It then decided that NRIC should be preceded by the National Population Register (NPR), which would have data on residents and not citizens. As the NPR database was to include biometrics, the MHA required technical expertise. The establishment of the Unique Identification Authority of India (UIDAI) in 2008 was to meet this requirement. In parallel, the idea of a unique identity number for developmental purposes was mooted by the Planning Commission in 2006. When Nandan Nilekani took over as the UIDAI Chairman in 2009, this agenda received a boost. Nevertheless, the links between the UIDAI database and the NPR database remained intact. The Aadhaar number in the UIDAI database was to be the same as the National Identity Number in the NPR database.<br /><br />Any understanding of Aadhaar would be incomplete without appreciating this crucial link of dependency between the developmental and security dimensions of Aadhaar. It is from this link of dependency that the fears of privacy and of a surveillance state have arisen. There is always the problem of “functionality creep”, where data collected serves purposes other than its original intent. There are many ways in which the state can use such a database against its own citizens. The database could be used to persecute marginalised sections of the population. The police and security forces could extensively use it for regular surveillance and investigative purposes. It is the same link of dependency that also helps explain the urge of governments to make Aadhaar mandatory. <br /><br />Voluntarily mandatory <br />To begin with, the UIDAI had no qualms in conferring the status of a Registrar to the Census Commissioner; as a result, when anyone registered in NPR, they received an Aadhaar too. The UIDAI also attempted to cajole different government agencies to make service provision contingent on the submission of Aadhaar. For such public services, the UIDAI had a name: “Killer Applications”. In 2010, a UIDAI document argued: “Every citizen must have a strong incentive or a ‘Killer Application’ to go and get herself a UID, which one could think of as a demand side pull”.<br /><br />In January 2011, Nandan Nilekani tried to sanitise the compulsory nature of Aadhaar thus: “Yes, (Aadhaar) is voluntary. But the service providers might make it mandatory. In the long run, I wouldn’t call it compulsory. I’d rather say it will become ubiquitous.” He further stated in November 2012: “If you do not have the Aadhaar card, you will not get the right to rights”. Clearly, the UPA government was deeply complicit in ensuring that Aadhaar was made mandatory for a range of social services. Interestingly, during the same period, the BJP leaders were spewing venom at Aadhaar. According to Narendra Modi, the then chief minister of Gujarat, Aadhaar was a security threat and a political gimmick; the scheme had no vision and crores were wasted on it. Arun Jaitley too wrote blog posts against Aadhaar arguing that it was an invasion of the right to privacy. But once in power, the BJP made a remarkable U-turn and embraced Aadhaar wholeheartedly. The Modi government unleashed a blitzkrieg of sorts in trying to ensure that each and every crucial service provided to the citizens of India was mandatorily linked to Aadhaar. </p>.<p align="justify"><br />Three arguments raised by the defendants of Aadhaar may be worth restating and responding to.<br /><br />There is no threat to privacy, as Aadhaar data is safe and only a “Yes/No” is provided from the Central Identities Data Repository (CIDR) server during authentication. <br />- This is absolutely wrong. The potential of Aadhaar to violate privacy is not limited to data stored in the CIDR but is a systemic concern. With Aadhaar becoming pervasive, multiple agencies would begin to collect, use and store Aadhaar and biometric information of individuals. While these agencies may partly use it for authentication with the CIDR, it would always be possible for them to also retain the information. We run a real risk of biometric information attached to Aadhaar numbers becoming a commodity freely available for purchase. Biometric information left behind by the individual is only part of the cause for worry; what is also equally confidential is the information that an act of authentication was undertaken at a particular point in time by a particular individual with a particular agency. In other words, every individual, during authentication, would leave behind a biometric trail. This is the real fear.<br /><br />Biometrics provide the most effective route to authentication. <br />- Given that a large share of India’s population is involved in manual labour and the share of the elderly in the population is rising, the average quality of fingerprints is poor. As a result, there are large error rates in the centralised biometric authentication of beneficiaries in addition to the presence of disruptive factors like lack of electricity and poor Internet connectivity. The government’s own Economic Survey 2016-17 put the error rates in Aadhaar-based authentication at 49% in Jharkhand and 37% in Rajasthan.<br /><br />Aadhaar results in huge public savings.<br />- Careful analysis has shown that most of the de-duplications in the beneficiary lists resulted before Aadhaar was introduced. But the government has been claiming even the savings from de-duplications undertaken without Aadhaar as due to Aadhaar. It has been shown that only 1% of the savings from Aadhaar, as claimed by the government, was actually because of Aadhaar. <br /><br />Sadly, the Supreme Court is yet to form the constitutional bench to examine if privacy is a fundamental right. It has also chosen to remain silent even as five of its orders from 2013 are being regularly violated by the government and other service providers. When will it wake up? <br /><br />(The writer is a professor at the Tata Institute of Social Sciences, Mumbai) </p>
