Saturday, 2 December 2017

The Aadhaar digital biometric identity violates the right to life, right to a secure identity, right to be recognized & constitutes a threat to national security

Fundamental conceptual concerns regarding the Aadhaar number as a unique identity based upon biometric digital data and the associated risks for citizens of India 

- by Seema Sapra 
ABSTRACT

Under the Aadhaar system, all Indian citizens are being allotted a unique twelve-digit identity number by the State upon obtaining biometric data including fingerprint and iris scans and upon submission and verification of certain demographic data including the name, date of birth and residential address. 

The new identity is different from all previous identity documents issued by the State. While a driving license or a passport were identity ‘documents’ that once issued were in the possession and under the control of the citizen as “original documents”, the Aadhaar number and associated demographic and biometric data is a data entry in a digital database in the possession and under the control of the State and any other entities who might gain access to this database whether with legal authority or otherwise. 

Further the nature of the information that the State uses to identify a person under the Aadhaar system is entirely different from that used under earlier systems of identification. Until now the State relied upon photo-identity cards to determine someone’s identity. Under the Aadhaar system, the markers for identity determination include fingerprints and iris scans. For the first time, biological data not visible to the human eye and inaccessible to and non-decipherable by a lay person or a non-expert, is being obtained from citizens and is being stored digitally in a central repository for all 1.3 billion Indians with the ostensible purpose of identifying them. 

Yes, the citizen is issued an Aadhar card with a number on it, but that card and the photograph on it and the face of the person presenting that card are no longer sufficient for the State to accept that the person is who he or she says they are. The biometric data must match. If the biometric data match fails, then the State will refuse to accept the identity of that person. 

Also, the Aadhaar based identity is ultimately a number in a digital database. That number can be deactivated or even deleted. The database is outside the possession and control of the citizen. If his Aadhaar number in the database ceases to exist, the citizen has no proof of his identity as a citizen. The citizen ceases to exist for the State. 

The Aadhaar related debates have focused on the right to privacy and on the apprehension of surveillance by the State and on issues of the security of Aadhaar databases. But there are more deep-seated concerns about the Aadhaar biometric identification system that I discuss here and which are important to understand how great a threat the Aadhaar biometric identification system poses to the privacy, liberty and security of Indian citizens. 

There are several scenarios in which this digital biometric identification database can fail, be modified, be stolen, be leaked, be misused or be manipulated by State or non-State interests to the detriment of citizens and their rights. I discuss how the centralized and digital nature of this database as well as its use of biometric markers of identity which by their very nature are not accessible to or verifiable by ordinary individuals, creates many such scenarios where citizens can lose control over their identity and their very person-hood and be left with no recourse in extremely harmful situations. The greatest threat posed by the Aadhaar system is that citizens will lose control over their identity, they will be unable to establish their identity under certain circumstances, and they will also be exposed to an exponentially higher risk of identity theft. 

The digital Aadhaar biometric identification system it is argued not only violates the right to privacy, but it creates significant risks that threaten the very right to identity and person-hood of Indian citizens and thus the right to citizenship itself. The Aadhaar system fundamentally alters the social contract underlying the Constitution of India by enabling a potentially malevolent State to deny the very identity of “inconvenient” citizens. A cost-benefit analysis of the Aadhaar system, even accepting its stated advantages, cannot justify such immense risks to citizens. 


p.s  reposting below my blog post dated 7 August 2017 from http://seemasapra.blogspot.in/2017/08/the-high-profile-privacy-hearings-have.html


The high-profile privacy hearings became a red herring or a smokescreen obscuring the real dangers of the Aadhaar biometric identification system 

In my comment posted in response to a blog post by Gautam Bhatia at https://indconlawphil.wordpress.com/2017/08/03/the-right-to-privacy-hearing-problems-and-prospects/#comments I argue that the high-profile privacy hearings have become a red herring or a smokescreen obscuring the real dangers of the Aadhaar biometric identification system. 

Gautam Bhatia's post refers to the ‘main’ ground of challenge to the Aadhaar scheme as that involving concerns around the right to privacy. The 9 Judge Bench heard arguments about the existence and status of the right to privacy in the Indian legal system.

Gautam Bhatia urges the Court to issue a judgment confined strictly to the legal principles involved in the abstract and to not limit the scope and meaning of the right without a specific fact situation at hand.

Yet the 9 Judge Bench heard some arguments based upon the Aadhaar scheme and we can be certain that the Aadhaar scheme will find mention or discussion in the 9 Judge ruling on the right to privacy.

It is my opinion that the challenge to Aadhaar is being framed too narrowly around privacy and there are other more serious concerns about Aadhaar and facts about the Aadhaar biometric identification system that have not been placed before the Supreme Court or are being sidelined by the focus on the privacy right. These are concerns that Aadhaar in its very design and implementation more fundamentally violates the right to identity, to person-hood, to citizenship and consequently the right to life itself. The security concerns are also extremely important and are being overlooked.

I had posted three comments here in the above context, which Gautam Bhatia deleted on the ground that they were off-topic.

So let me make the topical relevance clear. Surely discussion about the inadequacy of the framing of a legal challenge is relevant to the discussion about how the Court might respond to the arguments before it on a particular framing of an issue.

There is an LSE report on the aborted UK biometric identity project that sets out several concerns, some of which fall within the privacy concept and others which don’t. See http://www.lse.ac.uk/management/research/identityproject/identityreport.pdf

It is also my view that by centering the Aadhaar challenge around privacy, the Aadhaar legal challenge might really be getting sabotaged and is being mishandled.

I do think my remarks are topical as I question the very focus of the 9 Judge Bench which emanates out of the Aadhaar petitions and which will be used by a smaller Bench to eventually decide the Aadhaar cases.

The problem with the Aadhaar hearings appears to be that the hearings are taking place without a complete narrative of all relevant facts around Aadhaar. It is the facts that help a Court determine the legal issues at hand. It is my position that the legal issues around Aadhaar are not adequately enumerated before the Court. And that the high-profile privacy hearings have become a red herring or a smokescreen.

We can all predict where the privacy hearings will go. The Court will hold that it is a fundamental right subject to restrictions. The 9 Judge Bench will certainly venture to discuss what these restrictions might be as well as what the right to privacy may itself include.

The impact of this ruling on the Aadhaar petitions will depend upon whether or not the Court subsequently finds that Aadhaar either does or does not infringe the privacy right or does so within permissible limitations. The Court will direct the Government to ensure that the data base is secure and that data protection laws are framed and that privacy rights are protected. But Aadhaar will stay.


But in this focus on privacy by the constitution of the 9 Judge Bench, the real concerns about Aadhaar will not be heard. These have not been highlighted until now in the hearings. For instance, why has the Supreme Court not been told that the digital biometric database of 1 billion Indians can never be secured and that we the citizens have no idea who stores, secures, accesses or backs up this data. Many of the Aadhaar related concerns which will end up being discussed as privacy concerns are really concerns about the right to identity, to person-hood, to citizenship, to a secure identity, to recognition by the State. These need to be addressed by attacking the Aadhaar system as a concept. The Right to Privacy will not help to make these points.

Some useful links 

http://series.fountainink.in/aadhaar-in-the-hand-of-spies/

https://www.buzzfeed.com/pranavdixit/airbnb-uber-and-ola-may-start-using-aadhaar-indias?utm_term=.vjaw83RnY#.rsEJloENv

http://perry4law.org/cecsrdi/?p=1188

https://jrvarma.wordpress.com/2017/07/19/why-aadhaar-transaction-authentication-is-like-signing-a-blank-paper/

http://indianexpress.com/article/opinion/columns/aadhaar-card-data-privacy-the-right-to-be-left-alone-4774645/lite/

https://barandbench.com/privacy-public-value/

http://cadmus.eui.eu/handle/1814/21376

http://www.legallyindia.com/blogs/aadhaar-identity-without-consent-control-or-security



1 comment:

  1. This is an Abstract. Have you published the entire paper online ?

    ReplyDelete