The Unique Identity (UID) project presents an interesting paradox: on the one hand, the profile of every single citizen of this country will be available in virtually an instant and on the other hand, access to it will be limited to just a few select individuals. While all our personal information will be easily digitised and available at a click of the mouse, our privacy will be protected!
Now, is that really possible? In the face of increasing fears about intrusions into our personal sphere, Nandan Nilekani, the Chairperson of the Unique Identification Authority (UIA) has been busy reassuring people that it will indeed be so. Privacy will be protected under the Unique Identity (UID) project and personal data will not be accessible to everybody, he insisted.
“We are also conscious of the privacy issue. In fact the UID database cannot be read by anybody. The only thing you can use it for is authentication. We are making all efforts technically and legally to see privacy is protected,” he had said in an interview to IANS a while ago.
But no one seems convinced, not with talk of increasing surveillance, of government access to our data, our computers and emails, our mobile phone conversations, our bank details and a host of other markers of our innocuous existence.
The project has attracted a fair share of detractors. Blogger and social researcher Ruchi Gupta has termed it ‘the bedrock for pervasive state surveillance’ and looks at the project in the backdrop of other security and database initiatives like the National Intelligence Grid, the National Population Registry and of course, the Information Technology Act, (Sec 69 of the act) provisions of which allow for interception and monitoring of all electronic communication by the state.
Others have questioned the rational behind the project and whether it will really help people reach the welfare schemes laid out for them. The collection of all this information can be used to keep track of people, dissenters, civil liberties groups and all else who are beyond the pale of the establishment, they fear. Still others have pointed out that the UIDAI is not even a legally constituted authority!
Besides, the project seeks to bring together disparate information about an individual, hitherto scattered over different agencies. It is this ‘convergence’ of information and the fact that it can be used to track everything about an individual • his/her purchases, travel or bank transactions, that bodes ill for privacy-- ‘completely changing the norms for privacy, confidentiality and security of personal information’.
The idea of a unique identification number has had a fairly long gestational period, going back to the Vajpayee government of 2002. But the November 26, 2008 attacks in Mumbai gave the entire project a huge impetus, and the link with the government’s attempts to deal with security and intelligence issues and the creation of this database has been hard to shake off.
Created under the Planning Commission, the Unique Identification Authority of India (UIDAI) is expected to ‘develop and implement the necessary institutional, technical and legal infrastructure to issue unique identity numbers to Indian residents....Its mission: to issue a unique identification number (UID) that can be verified and authenticated in an online, cost-effective manner, and that is robust enough to eliminate duplicate and fake identities.
Officially, of course, the UID is meant to be part of a welfare measure • of helping a population of 1.2 billion adults in India, hamstrung by several identity strips, including the birth certificate, the ration card, the driving licence, the election identity card or the PAN card. The UID was touted as means of rationalising all these cards and a means of helping people access various welfare schemes. It would also help track the vast majority of people who migrate within the country in search of their livelihood.
The first UID numbers will be issued over the next 12-18 months counted from August 2009. The first number would be issued between August 2010 and February 2011. Over five years, the Authority plans to issue 600 million UIDs. The numbers will be issued through various ‘registrar’ agencies across the country.
Conscious of concerns over privacy, the UIDAI website (http://uid.gov.in/) lists amongst its FAQs:
Who will have access to the UID database? How will the security of the database be ensured?
The UID database will be guarded both physically and electronically by a few select individuals with high clearance. It will not be available even for many members of the UID staff and will be secured with the best encryption, and in a highly secure data vault. All access details will be properly logged.
What are the privacy protections in place to protect the right to privacy of the resident?
The information being sought from the person is basic information which is currently available with several government and private agencies. The information that is unique to UIDAI is the biometric information. In order to protect the right to privacy of the individual the information on the database will not be shared with anyone; all queries will get a ‘Yes’ or ‘No’ response. The UIDAI will also put in place regulations and protocols which have to be followed by the Central Identification Data Repository, Registrar and Enrolling agencies to protect the right to privacy.
Nilekani explained further that 'There may be a requirement for certain frameworks but we are cognisant of the issue of privacy and we are making sure of the design and in a way that when it is used, a person's personal details are not divulged.'
At the moment, opting for an UID number is voluntary. But gradually, it will be required by several other agencies of the government and citizens will find it near-impossible to stay out, Nilekani surmises. 'For a long time, many systems will allow both. But over time as more and more applications require UID for giving the service, people will have to get the number. The UID is a demand-led solution. We expect people to take the number because it is in their interest to do so,' he says.
In any event, with the first set of UIDs to be allotted a few months from now, the discussion around provisions to safeguard personal data and identity must gain momentum. More transparency is essential to assuage fears of its misuse, starting most appropriately with the massive outlay of Rs 1900 crore in the current budget for it!