Deep Dives Level Up Newsletters Saved Articles Challenges

India is making sure it doesn’t lag behind the personal data collection craze

By Yair Oded

Apr 18, 2018


With its largest collection of personal data to date, India launches a brand new national system for identification of citizens called Aadhaar (Indian for ‘foundation’). 1.1 billion Indians have already signed up for the mandatory smart ID system, which presently permeates all layers of life and holds the key to accessing anything from government welfare services to traffic tickets and bank accounts.

Throughout the country, citizens have been required to report to Aadhaar centres, where their faces and eyes were scanned and fingerprints taken. Currently, and until otherwise instructed by the Indian Supreme Court, all citizens must be registered in the national Aadhaar database in order to purchase a local SIM card, open a bank account, receive government welfare services, participate in school competitions, and the list goes on. As usual, it is the poor who get most royally screwed, with Aadhaar malfunctions reportedly causing millions to lose access to food rations (in Jharkhand, for instance, this afflicted roughly 20 per cent of the state’s population).

Die hard fans of Aadhaar (of which there are many) claim that glitches can, and will, be fixed to ensure easy access to services for all. It is the surveillance aspect, however, that poses the real threat for Indian citizens. Though it doesn’t explicitly score and rate citizens—not yet—the programme nonetheless bears striking resemblance to its Chinese stepbrother: the newly piloted Social Credit system. The database was founded by a private firm under the supervision of a technology billionaire named Nandan Nilkani. This fact alone is highly problematic as it blurs the lines between public and private interests (which are already alarmingly fuzzy in a growing number of countries). Furthermore, similarly to the Chinese programme, Aadhaar is utilised to formulate a certain profile of citizens; many employers, for instance, already use Aadhaar to conduct background checks on job applicants.

Aadhaar thus raises grave ethical concerns, and although Prime Minister Narendra Modi argues the programme is aimed at making government services more efficient (claiming it already saved Indian taxpayers $9.4 billion by eliminating fraudulent welfare claims) and defines it as “India’s ticket to the future”, it’s impossible to remain apathetic to the degree of its invasiveness. Besides, the prospect of leakage has justifiably alarmed many across the country, with reports of at least 210 government websites leaking personal information of millions of Indians. In response, dozens of petitions against Aadhaar were submitted to the Indian Supreme Court, claiming it infringes on Indians’ right to privacy.

There is no doubt that the issue is complex. In a country like India, where millions can’t prove their identity, fraud is a serious problem and access to services is denied to millions. Both Indian government agencies and corporations therefore want to find a way to verify people’s identity and credibility in order to minimise abuse and enlarge the scope of services offered. Technology can certainly come in handy to facilitate these goals, but at what price? Is it possible to develop a smart registry of citizens with minimal infringement on their privacy?

Solutions exist, for those who genuinely seek them. One example is the General Data Protection Regulation (GDPR) recently passed in the EU to protect the privacy rights of its citizens. According to the new regulations, institutions that collect personal data (such as banks and hospitals, for instance) will only be permitted to use the data for the purpose for which it was gathered. In order to allow companies to employ information for other ends, such as research, while complying with GDPR, the Dutch firm Rabobank developed a software which, through a pseudonymization process, retains the data’s original form while eliminating the identifying information from it (by replacing it with a series of random numbers). The altering of the data is carried out by a designated department, which will prevent one entity from possessing all of it and ensure each division of the organisation gains access only to information relevant to its operation.

As for the future of Aadhaar, it is hard to predict the decision of the Indian Supreme Court (due to be announced later this spring), but as the programme is already in place and covers over a billion citizens, it is highly unlikely the court would order to dismantle it. Modifications to it, however, such as eliminating registration as a condition to receive certain government benefits and prohibiting the centralisation of information under one agency, could be substantial.

It is true that a government should do all in its power to guarantee the functionality of the state (a task turning ever more challenging as populations across the globe swell up rapidly); it is therefore unreasonable to argue that no measures should be taken by the state authorities to maintain a proper registry of citizens and prevent abuse of public (as well as private) services. Thus taking advantage of technological innovations that can promote such endeavors is reasonable. Yet, the possession of private information of citizens in concentrated databases can be easily abused by the authorities for sinister purposes, or handed over to private hands who seek to utilise them for personal gains.

As we march deeper into the technological abyss of the future, issues of privacy and freedom will continue to clash with those of transparency and surveillance. It is therefore vital to recognise that discussions about privacy rights cannot be held independently from ones about the encroachment on government issues under the disguise of public interest, and on the shape and scope of a state’s obligations to its citizens.