India’s national ID system: Danger grows in a privacy vacuum☆
Introduction
India is juggling demands and proposals for at least three national data surveillance projects of vast scope, and is now taking its first steps toward a universal identification system. The first project underway, and the main focus of this article, is the Unique Identification Number, development of which has commenced under the Unique Identification Authority of India.1 The UIDAI, charged with allocating unique ID numbers to the approximately 1.2 billion residents of India, was established in February 2009. It plans to issue its first ID number ‘between August 2010 to February 2011’ and by 2015 plans to issue 600 million ‘UIDs’ through various public and private sector ‘registrar’ agencies across the country. Some claim this will be world’s largest IT project. The UIDAI’s system is not in itself supposed to result in a national ID card, just a unique universal number, and a register of biometric and demographic information, on all residents (not only citizens) of India.
The UID system is currently developing without a legislative basis, and in the absence of any significant data protection laws in India. However, on 30 June 2010 the UIDAI released a draft National Identification Authority of India Bill 2010 (the Bill,2 to which section references in this article refer, unless specified otherwise), requesting public comment within two weeks.3 The draft legislation is incomplete in that large areas of its substantive content are to be included in regulations and rules, which are not included with the draft. This can be a common tactic of governments who wish to keep the bad news hidden until later regulations reveal them, or it can be represent the difficulty of drafting complex administrative details as early as broad policy directions. Important matters of policy should go in legislation, not regulations. That is a deficiency here, and it makes analysis at this stage incomplete.
In April 2010 the UID project was renamed ‘Aadhaar’, which means ‘foundation’, and a new logo based on a sun and a fingerprint was unveiled. It is claimed that ‘aadhaar’ communicates ‘across all regional languages’ in India (Economic Times, 2010). The Bill refers to the ‘aadhaar number’ and ‘aadhaar number holder’ (s2) but this article will stick to ‘UID’ and ‘UID holder’, as those are the terms used in most discussion to date.
This article is a critical analysis of the UID project and its implications for privacy in India, based on the draft Bill, planning documents available from UIDAI, and press reports. It aims to provide a basis for further analysis and for comparison with subsequent iterations of the scheme as it develops, and concludes for improvements to the draft Bill.
‘Identification systems have become a key mode of governance in the early years of the twenty-first century’ claim Lyon and Bennett (2008:3) in the opening words of the most extensive text on this subject (Bennett and Lyon, 2008). Torpey (2000) showed that passports represented a new dimension of modernisation, the state’s monopolisation of the regulation of movement. Amoore (2008) and other authors claim that other identifiers and tokens, and the information systems within which they work, go much further than regulating movement and increasingly regulate identification and identity per se.
The analysis of any national identification scheme requires attention to all aspects that contribute to it, including (at least) the number, the biometrics and other identification data collected, the underlying computer system, the tokens (cards or others) carrying the number, the uses to which it is permissible to put the number and the tokens, and the parties who are allowed to participate in any aspect of the system’s operation. We must also ask what legal or other guarantees are there that these matters will not change over time (usually called ‘function creep’). To focus only on the elements emphasised by the scheme’s proponents is likely to lead to privacy and other dangers being overlooked. Focusing on one element of a system, such as card or a number, is a mistake. This topic is often mis-labeled ‘ID cards’. ‘But the card is only the visible evidence of complex and more latent systems of identification’ insist Lyon and Bennett (2008: 3), and another author has phrased a similar caution as ‘Contemporary modes of identification … operate primarily via the screen and not via the card’ (Amoore, 2008: 23).
This analysis is primarily from the perspective of legal regulation of surveillance systems. Here, as with other legislation governing many complex personal information systems, ‘the devil lies in the details’, and the details are usually technical and superficially boring. The meaning and operation of the legislation is not at all apparent on its face, many provisions appear to give protection that is then taken away by less obvious provisions, and much of the danger still lies in as-yet-unknown regulations or (worse) decisions by the system operator that are not even subject to Parliamentary scrutiny. As we will see, India’s ID scheme and its enabling legislation are subject to all these ‘features’. They are not bugs, as studies of proposed ID schemes in many other countries, including those by the author concerning Hong Kong (Greenleaf, 2008a) and Australia (Greenleaf, 1987, Greenleaf, 2007, Greenleaf, 2008b) have shown. The systematic and comparative study of ID systems is as yet limited, the most detailed study being the papers collected by Bennett and Lyon (2008), covering a dozen jurisdictions.
Many perspectives other than a legal analysis are needed to do justice to a development as complex as India’s ID systems, including analyses of whether they will deliver better social incomes to disadvantaged people as claimed; of the role played by the private sector in influencing or determining the technical directions of the systems; of the historical and cultural factors leading to acceptance or rejection of different systems; and of the constitutional implications of the changes to the relationships between citizen and state. But all of these perspectives need to be informed by detailed knowledge of the legal framework within which the systems will operate.
India has no effective protection of information privacy, either through legislation or court decisions (Greenleaf, 2010 provides a 40 page summary). The Information Technology (Amendment) Act 2008 contains a few fragments of data protection rights, but the only significant one is not yet in force (Greenleaf, 2009b). The Constitution of India provides that ‘No person shall be deprived of his life or personal liberty except according to procedure established by law’ (Article 21). The Supreme Court has interpreted this provision to include the protection of privacy since Kharak Singh v. The State of U. P. [1962] INSC 377; 1963 AIR 1295 1964 SCR (1) 332. This was advanced beyond issues of search and surveillance by the Delhi High Court’s decision to strike down provisions criminalising homosexual sexual conduct on grounds of invasion of privacy (Naz Foundation v Government of NCT of Delhi WP(C) No.7455/2001 (2 July 2009)). The broadest statement of the Delhi High Court’s approach is where, following its review of Indian case law to date on protection of privacy, it states ‘The right to privacy thus has been held to protect a “private space in which man may become and remain himself”. The ability to do so is exercised in accordance with individual autonomy’. If such an expansive approach were to be adopted by the Indian Supreme Court, it could develop into something like the ‘right to informational self determination’ of the German Constitutional Court (Greenleaf, 2009a). But this has not yet occurred. Indian constitutional law does not provide data protection as yet, and nor does its tort law provide protection to privacy.
In relation to the surveillance systems discussed in this article, it is particularly important to note that there are no provisions in current Indian law restricting interconnection of files, either in the public sector or the private sector. On the contrary, the Right to Information Act 2005 (RTI Act) s4(1)(a) requires all public authorities to:
maintain all its records duly catalogued and indexed in a manner and the form which facilitates the right to information under this Act and ensure that all records that are appropriate to be computerised are, within a reasonable time and subject to availability of resources, computerised and connected through a network all over the country on different systems so that access to such records is facilitated;
This legislative requirement is not balanced by any data protection law placing limits on such ‘linking up’ in the case of personal data. If such a ‘linking up’ of all records of public authorities were in fact undertaken, rather than just being legislative wishful thinking, then it would be extremely dangerous to Indian citizens in the absence of the protections of a full-fledged data protection law. Even with such a law, the advisability of interlinking all such records is very questionable. There does not seem to be evidence that it is yet occurring in the unrestricted way anticipated by s4(1)(a), but in the absence of other legislative prohibitions, s4(1)(a) gives public authorities the imprimatur to network record systems, ostensibly to facilitate the access right, but it could be just as easily turned to data matching and similar surveillance uses.
The development of data protection laws in India, when it finally does occur, will only be able to be understood in light of the development of these government surveillance systems and their intersection with private sector activities.
Section snippets
India’s converging data surveillance context
The second vast surveillance project is the National Population Register (NPR) of persons resident in India, which is to be a by-product of, but separate from, the Census data collection commencing April 2010. NPR is eventually intended to lead to the issue of national identity cards based on citizenship (not just residence) and a National Register of Citizens. The third is the National Intelligence Grid (NatGrid), a centralised data system, which is intended to amalgamate and integrate data
The authority: establishing the ID number system
First, who will operate the UID scheme, and in particular the Central Identities Data Repository (CIDR), the intended register for identity information on 1.2 billion people?
The unique ID number (aadhaar)
We now consider how the number is to be constituted, its coverage, whether obtaining one will be voluntary, and what entitlement individuals have to a UID.
Biometric and demographic data to be collected
Next we turn to what information is to be collected by UIDAI on each individual. ‘Identity information’ in the Bill means the biometric information, demographic information and aadhaar number held about each individual (s2(k)).
The number allocation process
What is the process by which this information is to be collected, and UIDs then allocated?
Uses of UIDs and CIDR data by UADAI
Once the identity information is collected, and a UID allocated, what can UADAI do with the information it holds? The Central Identities Data Repository (CIDR) will contain the demographic and biometric data described above, but no other data.
Use of the UID number and ID tokens by others
How will the UID and identity information (demographics and biometrics) be used by those outside the Authority? First is the obvious use, that anyone will be able to make ‘authentication queries’ about a UID holder (and get a yes/no answer). Second are the public sector ‘data sharing’ uses, and the private/public sector ‘forced disclosures’, already discussed. Third is the way in which ID cards will in fact be issued. Finally, inclusion of the UID in other databases must be considered. We
Conclusions and recommendations
There are many perspectives on ID systems that this article does not address, such as whether the claimed benefits to poor and underprivileged communities will result, whether the proposed biometrics can deliver the degree of de-duplication claimed or can be utilised under Indian conditions without causing misery to applicants that are no improvement on the paper systems they replace, where the benefits claimed for the system are likely to outweigh its costs, whether it can be delivered on its
References (33)
- Amoore, L. Governing by identity in Bennett and...
- et al.
Playing the identity card
(2008) - Brown, C L ‘China’s second-generation national identity card’, pp. 57–74 in Bennett and Lyon,...
- Lyon, D and Bennett, C. ‘Playing the ID card: Understanding the significance of identity card systems’, introduction to...
We hope Naxals allow census data collection – Q&A: C Chandramouli, registrar general and census commissioner
Business Standard
(11 April 2010)UID has Aadhaar for new name, logo
(27 April 2010)(Prevent genocide International) Group classification on national ID cards as a factor in genocide and ethnic Cleansing, presentation to Seminar Series of the Yale University genocide studies Program
Country studies B.4 – INDIA
Naz Foundation Case expands India’s constitutional privacy rights [2009] ALRS 16
Privacy Laws & Business International Newsletter
(2009)India’s new Act creates civil liability for data breaches and criminal offences
Privacy Laws & Business International Newsletter
(2009)
Hong Kong’s “smart” ID card: designed to be out of control
Function creep defined but still dangerous in Australia’s ID card Bill
Computer Law & Security Report
Computer law & security report
Access all areas: function creep Guaranteed in Australia’s ID card Bill (No. 1)
The Australia card: towards a national surveillance system
Law Society Journal (NSW)
‘COMMENTS ON THE DRAFT NATIONAL IDENTIFICATION AUTHORITY OF INDIA BILL, 2010’
Chidambaram has his way as National Intelligence Grid gets PM’s okay. Daily News & Analysis (DNA)
Cited by (19)
Aadhaar and data privacy: biometric identification and anxieties of recognition in India
2021, Information Communication and SocietySmart Cards for All: Digitalisation of Universal Health Coverage in India
2020, Science, Technology and SocietyThe digital state: A tale of tweets and foods in contemporary India
2019, Digital Transactions in Asia: Economic, Informational, and Social ExchangesBiometric Bodies, Or How to Make Electronic Fingerprinting Work in India
2018, Body and SocietyThe Poverty of Privacy: Understanding Privacy Trade-Offs From Identity Infrastructure Users in India
2018, International Journal of Communication
- ☆
Research for this article was conducted as part of an Australian Research Council ‘Discovery’ project, ‘Interpreting Privacy Principles’ <http://www.cyberlawcentre.org/ipp/>. Some work toward this article was published in Privacy Laws & Business International Newsletter, Issues 103, 105 and 106. Thanks to Jill Matthews for editing, and for helpful comments an anonymous reviewer, Ruchi Gupta and Usha Ramanathan. This article was also part of a submission by the author to the Unique Identification Authority of India (UIDAI).