From: Seema Sapra <email@example.com>
Date: Sun, Jul 30, 2017 at 8:50 PM
Subject: Fundamental conceptual concerns regarding the Aadhaar number as a unique identity based upon biometric data digital records and the associated risks for citizens of India
To: "firstname.lastname@example.org" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, "EthicsAndCompliance@starbucks.com" <EthicsAndCompliance@starbucks.com>, "firstname.lastname@example.org" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, hschultz <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "Dimitrief, Alexander (GE, Corporate)" <email@example.com>, "Suhel.Daud@ic.fbi.gov" <Suhel.Daud@ic.fbi.gov>, "firstname.lastname@example.org" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, Ashish Sawkar <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "NDwebmail@state.gov" <NDwebmail@state.gov>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
Cc: seema sapra <email@example.com>, Seema Sapra <firstname.lastname@example.org>
Fundamental conceptual concerns regarding the Aadhaar number as a unique identity based upon biometric data digital records and the associated risks for citizens of India
- by Seema Sapra
Under the Aadhaar system, all Indian citizens are being allotted a unique twelve-digit identity number by the State upon obtaining biometric data including fingerprint and iris scans and upon submission and verification of certain demographic data including the name, date of birth and residential address.
The new identity is different from all previous identity documents issued by the State. While a driving license or a passport were identity 'documents' that once issued were in the possession and under the control of the citizen as "original documents", the Aadhaar number and associated demographic and biometric data is a data entry in a digital database in the possession and under the control of the State and any other entities who might gain access to this database whether with legal authority or otherwise.
Further the nature of the information that the State uses to identify a person under the Aadhaar system is entirely different from that used under earlier systems of identification. Until now the State relied upon photo-identity cards to determine someone's identity. Under the Aadhaar system, the markers for identity determination include fingerprints and iris scans. For the first time, biological data not visible to the human eye and inaccessible to and non-decipherable by a lay person or a non-expert, is being obtained from citizens and is being stored digitally in a central repository for all 1.3 billion Indians with the ostensible purpose of identifying them.
Yes, the citizen is issued an Aadhar card with a number on it, but that card and the photograph on it and the face of the person presenting that card are no longer sufficient for the State to accept that the person is who he or she says they are. The biometric data must match. If the biometric data match fails, then the State will refuse to accept the identity of that person.
Also, the Aadhaar based identity is ultimately a number in a digital database. That number can be deactivated or even deleted. The database is outside the possession and control of the citizen. If his Aadhaar number in the database ceases to exist, the citizen has no proof of his identity as a citizen. The citizen ceases to exist for the State.
The Aadhaar related debates have focused on the right to privacy and on the apprehension of surveillance by the State and on issues of the security of Aadhaar databases. But there are more deep-seated concerns about the Aadhaar biometric identification system that I discuss here and which are important to understand how great a threat the Aadhaar biometric identification system poses to the privacy, liberty and security of Indian citizens.
There are several scenarios in which this digital biometric identification database can fail, be stolen, be leaked, be misused or be manipulated by State or non-State interests to the detriment of citizens and their rights. I discuss how the centralized and digital nature of this database as well as its use of biometric markers of identity which by their very nature are not accessible to or verifiable by ordinary individuals, creates many such scenarios where citizens can lose control over their identity and their very person-hood and be left with no recourse in extremely harmful situations. The greatest threat posed by the Aadhaar system is that citizens will lose control over their identity, they will be unable to establish their identity under certain circumstances, and they will also be exposed to an exponentially higher risk of identity theft.
The digital Aadhaar biometric identification system it is argued not only violates the right to privacy, but it creates significant risks that threaten the very right to identity and person-hood of Indian citizens and thus the right to citizenship itself. The Aadhaar system fundamentally alters the social contract underlying the Constitution of India by enabling a potentially malevolent State to deny the very identity of "inconvenient" citizens. A cost-benefit analysis of the Aadhaar system, even accepting its stated advantages, cannot justify such immense risks to citizens.