Frequent data breaches dent Aadhaar’s role as a unique identifier: petitioners tell Supreme Court
“Aadhaar numbers are being issued to ‘Lord Hanuman,’ ‘Rani Jhansi,’ chairs, dogs, etc.,” the affidavit said.
Multiple data breaches from government portals, resulting in unfettered, unauthorised access to Aadhaar details, have affected 135 million Indians, and exponentially increased the danger of perpetuating Aadhaar as a “universal, unique identifier”, petitioners said in the Supreme Court, responding to the Centre’s submissions listing the benefits of Aadhaar.
Coupled with this is the studied opacity shown by Aadhaar’s nodal agency, UIDAI, in revealing to the public the number of data breach incidents on its servers, they said.
A five-judge Constitution Bench is scheduled to hear over 20 petitions, challenging the Aadhaar scheme and its linking with 139 government subsidies, SIMs, bank accounts and various other essential financial and everyday services.
An RTI query on the suspension / blacklisting of enrolment operators till October 31, 2016 revealed that despite having received almost 1,400 complaints related to bribery, duplicate enrolments etc., the UIDAI initiated police complaints in only three cases.
“There is no obligation on the UIDAI to provide any reasons for taking or failing to take any action,” the petitioners submitted in the court.
The government’s insistence on seeding Aadhaar furthers the risk of identity theft as mere possession of the Aadhaar number can enable an identity thief access a host of other information stored in different databases, the petitioners — represented by senior advocate Shyam Divan and advocate Vipin Nair — submitted in a detailed additional affidavit.
They argued that data breaches are in flagrant violation of Section 29 of the Aadhaar Act read with Regulations 6 and 7 of the Aadhaar (Sharing of Information) Regulations 2016. The government-appointed Justice B.N. Sri Krishna Committee has not given a deadline for submitting its recommendations on a new data protection regime. Besides, the government is not bound by such recommendations. This leaves the Supreme Court to decide the validity of Aadhaar without any further delay, the petitioners said.
They said, the government has provided in the Rajya Sabha a list of 210 websites of the Central government, State government departments and some educational institutes which have displayed the list of beneficiaries along with their name, address, other details and Aadhaar numbers.
By the UIDAI’s own admission, 49,000 Aadhaar enrolment operators were blacklisted for violations. These operators were entrusted by the UIDAI to capture sensitive biometric information of over 1.3 billion Indians. “Aadhaar numbers are being issued to ‘Lord Hanuman,’ ‘Rani Jhansi,’ chairs, dogs, etc.,” the affidavit said.
The affidavit said biometric failures and botched authentication attempts due to electricity or internet related failures or the inability of machines to scan biometrics correctly have resulted in untold sufferings to the common man. As per the Economic Survey 2016-17, these authentication failures are as high as 49% in some States.
By aggregating personal data and biometrics in one centralised database, the government is ignoring precedent like that in the United Kingdom which scrapped a similar “identity card” project in 2010 following popular opposition. A report by the London School of Economics found that “no database’s security can be guaranteed.”
The affidavit pointed to the Equifax breach, which resulted in the leak of several million Americans’ Social Security Numbers, has led to renewed debate in the U.S. to scrap the Social Security Number entirely.
Noting that the issue of Aadhaar transcends mere data protection but involves the fundamental right to privacy, the petitioners said sophisticated data breaches affecting large populations indicates the inherent dangers of aggregating valuable personal information of Indian residents in one centralised database.
Source: The Hindu