While the political tug-of-war over the intrusion to privacy and the ensuing legal battle over the use of biometric AADHAAR seeding with identifiers such as mobile numbers, tax e-filing registrations and bank account numbers continues the common man seems to be stuck in legal limbo with accusations, suspicion and intrigue flying thick and fast in both respectable journalistic and social media circles.
Have you had the experience of finding out that your fingerprint does not match the one stored in the UIDAI database. If you have tried obtaining a mobile number or a bank account recently then at least a few of you would find resonance with this story. Apparently, biometric information does not stay constant. Even fingerprints are subject to ageing, injury or illness.
Did you know that the AADHAAR Act puts the onus of updating your demographic and biometric information to the UIDAI from time to time in the manner prescribed so as to ensure continued accuracy of your information in the Central Identities Data Repository (Section 6).
Sections 31(1) and 31(2) further enjoin the responsibility of correcting incorrect information or information that has changed at a later date on the AADHAAR account holder.
Section 19(a) simply states that the procedure of updating an account holder’s details can be carried out at any enrolment centre with the “assistance of an operator and/or supervisor”. The individual will be biometrically authenticated along with such updation of information as may be required.
It may be imagined that poor classes of beneficiaries such as PDS ration takers would bear the brunt of periodic harassment due to changing contours of thumb impressions. Section 28(5) bars the “core biometric information” from being shared even by the AADHAAR holder herself although other details would be available to her.
The problem with biometric identification lies in the fact that it rests on a mechanism of image comparison with an algorithm that computes a probabilistic score. In the reported breach of UIDAI data concerning Axis Bank revealed that if several hits pertain to the same biometric ID then that ID could be linked with a particular user. This information could then be used to steal the person’s identity, start a new bank account, get a new passport and many other criminal activities.
Is it not also true that fingerprints can be copied off surfaces that you touch? In that case is it wise to use a thumbprint for identifying a particular individual. Cannot a motivated agency in political authority access individual biometrics and establish associations with political attitudes? How do we know that one is not constantly under surveillance already?
Now imagine what would happen if commercial institutions get a hold of your biometric data. Already, we know that our online behaviour is being monitored by software code that gives advertisers our “consumer preferences” based on social media profiles, activity and site visit histories. Advertisers sell it as “personalization”. But it is akin to online surveillance.
There are tons of treatises that have managed to co relate lack of privacy with loss of autonomy. People who say that a person would only fear surveillance if she has something to hide. Personal information affects our reputation, decisions, social attitudes and behaviour. It can easily be a tool in the hands of authority to manipulate its subjects. As such, functional autonomy is very important to put fetters on the powers of governments.
Moreover, we may lose respect for individuals if no information is sacred. Social boundaries would break down. Trust would be at a premium. Think of what other freedoms would be encroached upon. Think of individual dignity that we would be giving up by giving away our right to privacy.
The Constitution of India does not mention privacy as part of any Fundamental Right in India but the Supreme Court has already ruled in its favour as part of Article 21 - the right to life.
The Supreme Court of India has already appointed a 5-judge bench which is slated to hear petitions questioning the validity of the AADHAAR Act with respect to linking it with such personal data as mobile numbers and savings bank accounts in November end.
More petitions have been filed after it was revealed that biometric data were collected without a system to protect that data was in place.