<p>The government’s flip-flop on the use of the Aadhaar card has again raised questions about the security of this database of citizens’ information and concerns over the possibility of surveillance of people using it. An advisory was issued last week warning people not to share photocopies of their Aadhaar card with hotels, cinemas or organisations that lack a user licence from the Unique Identification Authority of India (UIDAI). It also told cardholders not to use public computers to download an e-Aadhaar, and to log into the website and mask all but the last four digits of the number. It triggered a panic reaction, with many saying that they have given away their Aadhaar data to many agencies. But the very next day, the advisory was withdrawn “in view of the possibility of misinterpretation”. But it still advised cardholders to “exercise normal prudence” in sharing their numbers. It did not state how to check the veracity of “user licence” mentioned in the advisory. </p>.<p>There have been serious concerns over the safety of the data contained in the 12-digit unique ID card. The government has always claimed that the data is safe and would not be misused commercially or for surveillance. But the questions in the wake of the flip-flop are many. Why was the advisory issued in the first place? What is “normal prudence” that should be exercised? How would illiterate people, vulnerable sections, and those in need of a service, exercise such caution? It has always been asserted that the Aadhaar card would be used only to avail government services and not as an identity document for all occasions and purposes. But it is a commonly demanded identity proof even by private entities now. Many of them have no licence or equipment to authenticate Aadhaar online, but still ask for and collect copies of Aadhaar cards. These can be manipulated and misused. </p>.<p>The potential for misuse has been demonstrated, too. Some years ago, a newspaper reported that it got downloaded lakhs of Aadhaar card numbers and accompanying personal details for a payment of Rs 500. The Telangana police recently issued a warning to some users that they should disable their biometric link to Aadhaar. Recurring cases like these underline the need for a thorough review of the Aadhaar processes and strict compliance of rules by all stakeholders, including licensed agencies. Experts have pointed out that an OTP system can be used instead of demanding photocopies of Aadhaar cards. Now that such massive personal and biometric data of citizens is with the government, it is its responsibility to ensure that it is not misused. The absence of a privacy legislation adds to the problem and aggravates the risks. </p>
<p>The government’s flip-flop on the use of the Aadhaar card has again raised questions about the security of this database of citizens’ information and concerns over the possibility of surveillance of people using it. An advisory was issued last week warning people not to share photocopies of their Aadhaar card with hotels, cinemas or organisations that lack a user licence from the Unique Identification Authority of India (UIDAI). It also told cardholders not to use public computers to download an e-Aadhaar, and to log into the website and mask all but the last four digits of the number. It triggered a panic reaction, with many saying that they have given away their Aadhaar data to many agencies. But the very next day, the advisory was withdrawn “in view of the possibility of misinterpretation”. But it still advised cardholders to “exercise normal prudence” in sharing their numbers. It did not state how to check the veracity of “user licence” mentioned in the advisory. </p>.<p>There have been serious concerns over the safety of the data contained in the 12-digit unique ID card. The government has always claimed that the data is safe and would not be misused commercially or for surveillance. But the questions in the wake of the flip-flop are many. Why was the advisory issued in the first place? What is “normal prudence” that should be exercised? How would illiterate people, vulnerable sections, and those in need of a service, exercise such caution? It has always been asserted that the Aadhaar card would be used only to avail government services and not as an identity document for all occasions and purposes. But it is a commonly demanded identity proof even by private entities now. Many of them have no licence or equipment to authenticate Aadhaar online, but still ask for and collect copies of Aadhaar cards. These can be manipulated and misused. </p>.<p>The potential for misuse has been demonstrated, too. Some years ago, a newspaper reported that it got downloaded lakhs of Aadhaar card numbers and accompanying personal details for a payment of Rs 500. The Telangana police recently issued a warning to some users that they should disable their biometric link to Aadhaar. Recurring cases like these underline the need for a thorough review of the Aadhaar processes and strict compliance of rules by all stakeholders, including licensed agencies. Experts have pointed out that an OTP system can be used instead of demanding photocopies of Aadhaar cards. Now that such massive personal and biometric data of citizens is with the government, it is its responsibility to ensure that it is not misused. The absence of a privacy legislation adds to the problem and aggravates the risks. </p>
