The last 60 days have not been good to India’s much-feted Aadhaar project.
On the 30th of January, the UPA pressed the pause button on direct benefits transfer for cooking gas. On 26 February, the Mumbai High Court directed Aadhaar to share its biometrics database with the CBI. A year earlier, a seven year old had been raped in Goa. And the investigating agency, struggling to make headway, had asked the Unique Identification Authority of India (UIDAI) for biometrics it had collected in Goa. UIDAI refused to share information saying such a move would violate privacy of its number-holders and that its biometric database and deduplication systems were not designed for forensic inquiries. In response, the CBI went to the Mumbai High Court which directed UIDAI to share its database.
The third blow fell on 24 March when investigative journalism portal Cobrapost aired videos that allegedly showed UIDAI’s enrolment agencies agreeing to enrol people from neighbouring countries in return for a bribe. Between them, these three events underlined long-standing questions about the Aadhaar project.
Between them, these three developments highlighted large worries about the ambitious Aadhaar project. Read more here.
yesterday was profoundly anomalous. i filed two stories. both, as it were, on aadhaar. one on a sting by cobrapost which flagged faulty enrolments. and the other where the supreme court said aadhaar cannot share its database with anyone without consent from the number holders.
this is a significant development. over the last five years, a clutch of government departments and private companies have been collecting biometrics with gusto. however, with the privacy bill still on the drawing board, India has seen biometric data get collected, by multiple agencies, without any laws governing their collection, use or retention.
in the process, the country has entered a world of new risks. without, sigh, getting the safeguards in place. which brings us to the dispute between the cbi and the uidai which culminated in this SC judgement. it is one kind of an outcome.
The SC ruling was in response to a 26 February, 2014 ruling by the Mumbai High Court directing the UIDAI to provide the CBI with biometrics of all residents of Goa. The High Court’s ruling was related to the rape of a seven year old in Vasco last January. The case was handed to the CBI which, as the Aadhaar appeal to the SC says, initially asked it for biometric information of “all the persons in the state. That request was modified and only the fingerprints of 3 specified persons were asked for.”
Later, the CBI dropped that request. Says the Aadhaar affidavit, “The CBI has now found a chance fingerprint and asked Aadhaar to compare its data and the biometric data provided by the CBI.” Aadhaar refused to share information citing two reasons. One, that such a move would violate privacy of the number-holders. And two, that its biometric database and deduplication systems are not designed for forensic inquiries. When its appeal was rejected by the HC, UIDAI appealed to the SC.
what are the protocols for the use of such data? as legal researcher usha ramanathan says in the article: “the idea that databases can be used by anyone makes people vulnerable, especially in a state where there is neither law nor much respect for law.”
the good news is that the SC verdict clarifies matters to some extent. but the country still needs a regime on privacy and data (including biometrics) protection.