Aadhaar and Personal Sensitive Information in the centralised database maintained by UIDAI is "Janamkundali" of an individual. It must be protected by Central Government like valuable Jewellery, diamond and white Gold.
1. Privacy of Data in
Aadhaar Mandate:
An Analysis of the
Aadhaar (Targeted
Delivery of Financial
and Other Subsidies,
Benefits and
Services) Act, 2016
By:
Dr. Gagandeep Kaur, 3rd COLS
International Conference Data
Privacy: Road Ahead in Data
Protection on 1-2 September,
2017 at Dehradun.
2. Introduction
• The ‘Aadhaar Project’ is the
world’s largest national
identity project, launched by
the government of India in the
year 2016 with the enactment
of the Aadhaar (Targeted
Delivery of Financial and
Other Subsidies, Benefits and
Services) Act, 2016.
3. Objective
• This project seeks to collect biometric
and demographic data of residents
and store it in a centralised database
controlled by Unique Identification
Authority of India (UIDAI) under the
Ministry of Electronics and Information
Technology.
• The 12-Digit biometric Aadhaar Card
meant to be voluntary or optional has
become a compulsory mandate to
receive the benefits of welfare
schemes launched by the government
from time to time.
4. Personal Opinion
Janamkundali
• Sensitive personal information of
an individual in the hands of
centralised database symbolises
‘janamkundali’ of the concerned
person and if the ‘janamkundali’ is
being compromised the
consequences would be serious.
Similarly, if such database is not
secure then speaking about the
Privacy as a fundamental right is
only a myth.
5. Mini Biography of an Individual
School Admission/
College/Hospitals
Mobile Number
Bank Account/ PAN Card
Internet Connection
Recently Added: Death
Certificate
6. Why and How Janamkundali:
Analyze Benefits
LPG SUBSIDY
Pradhan
Mantri Jan
Dhan Yojana
(PMJDY)
Passport in 10
Days
10. Features of the Aadhaar (Targeted
Delivery of Financial and Other
Subsidies, Benefits and Services) Act,
2016: An Overview
11. 1. Nature of the Aadhaar Act,
2016:
• This Act is divided into 8 Chapters and
consists of 59 sections. This Act has
received the assent of President on the
25th March 2016. This legislation is
“Social-Welfare Legislation” as it
appears from the Preamble of this Act.
12. Preamble:
• It states:
• “An Act to provide for, as a good governance,
efficient, transparent, and targeted delivery
of subsidies, benefits and services, the
expenditure for which is incurred from the
Consolidated Fund of India, to individuals
residing in India through assigning of unique
identity numbers to such individuals and for
matters connected therewith or incidental
thereto.”
13. 2. Intra-Territorial and Extra-
Territorial Application
• According to Section 1 (2):
This Act extends to the whole of India except the State of
Jammu and Kashmir and save as otherwise provided in
this Act, it also applies to any offence or contravention
thereunder committed outside India by any person.
According to Section 44 (1) subjects to certain conditions,
the provisions of this Act also apply to any offence or
contravention committed outside India by any person,
irrespective of his nationality.
14. 3. Aadhaar Number is not Evidence
of Citizenship or Domicile
• According to Section 9 of this Act the Aadhaar
number or the authentication thereof does not,
by itself, confer any right and proof of,
citizenship or domicile in respect of an Aadhaar
number holder.
• Any individual who is a resident in India and
satisfies the verification process laid down by the
Unique Identification Authority of India (UIDAI)
can apply for Aadhaar card irrespective of age
and gender.
15. 4. Aadhaar Number is necessary for the
purpose of “Establishing Identity”
through the process of “Authentication”:
• According to Section 7 of the Act, the proof of Aadhaar
Number is necessary for receipt of certain subsidies,
benefits and services, etc.
• There is a subtle difference between two terms namely
‘identity verification’ and ‘authentication’. Identity
provides an answer to the question “who are you?” and
authentication is a challenge-response process that
provides a “proof of the claim of identity”/ or how you can
say who are you?”
16. 5. Unique Identification Authority of
India (UIDAI)
Chapter IV, Section 11-23
The Central Government establishes the Unique
Identification Authority of India to be responsible for the
processes of enrolment and authentication and perform
such other functions assigned to it under this Act. This
Authority is a body corporate having perpetual succession
and a common seal, with power, to acquire, hold and
dispose of property, both movable and immovable, and to
contract, and to sue or be sued. The head office of the
Authority is in New Delhi.
17. Other Provisions
• Offences: Chapter VII, Sections 34-46,
Section 47
• Relationship of the Aadhaar Act, 2016 and
the Information Technology Act, 2000:
• Under the Aadhaar Act, 2016 Chapter VI
entitled, “Protection of Information” deals
with safety mechanism.
18. • Does ‘Aadhaar Project’ violate
the Fundamental Right to
Privacy and Is it
‘Unconstitutional’: An Analysis
19. Variables under study
In order to reach a logical conclusion the variables under
study are:
• The type of information being collected from Citizens and
Residents
• The Adequate Security Measures to Protect Sensitive
Personal Information
• The Real risks posed by Hacking from Enemy Nations
20. The Nature of Information
Collected
1. Supported Proof of Identity (PoI) Documents having Name and
Photo
2. Supported Proof of Date of Birth (DoB) Documents
3. Supported Proof of Address (PoA) Documents having Name and
Address
4. Supported Proof of Residence (POR)
5. Documents containing Relationship details to Head of Family: PDS
Card, MNREGA Job Card, CGHS/State Government/ECHS/ESIC
Medical Card, Pension Card, Army Canteen Card, Passport, Birth
Certificate issued by Registrar of Birth.
21. Security Measures to Protect
Sensitive Personal Information
• “All the data is stored in encrypted form: “The data is
encrypted with the highest 2048 bit encryption, which
takes 1000s of years to crack and it is what the
government notifies it as a minimum security standard.”
PKI-2048 and AES-256, the “highest available public key
cryptography encryption” is being used, according to the
UIDAI. Hence, even if any computer or data is stolen,
without the code, it will not be decipherable.”
• Aarthi S. Anand , “India, the Aadhaar Nation: That Isn’t Legally Equipped to Handle
Its Adverse Effects”, Retrieved from< https://thewire.in/84925/aadhaar-privacy-
security-legal-framework/ 10 July 2017.
22. The Real risks posed by Hacking from
Enemy Nations and Dark Net
• Archana Dureja, a scientist in the Ministry of Electronics
and Information Technology, wrote on 25 March 2017:
• “There have been instances wherein personal identity or
information of residents, including Aadhaar number and
demographic information and other sensitive personal
data such as bank account details etc. collected by
various Ministries/Departments, has been reportedly
published online and is accessible through an easy
online search.
23. For the first time, the Modi government has officially
acknowledged that:
“personal identity of individuals, including Aadhaar number
and other sensitive information, has been leaked to the
public domain”.
• Yatish Yadav, “Government admits your Aadhaar data has been leaked”, Published:
31st March 2017 01:14 AM. Retrieved from:<
http://www.newindianexpress.com/nation/2017/mar/31/government-admits-your-
aadhaar-data-has-been-leaked-1588027.html
24. Conclusion
• In India the judgment of Justice K S
Puttaswamy (Retd.) and Anr. (Petitioners)
Versus Union of India and Ors.
(Respondents) SC 2017 delivered on 25
August, 2017 has made it a historic day.
Decision on Aadhaar is still pending.
• It would be declared Constitutional.
25. • If someone knows bank account number,
it will be wrong to assume that he/she will
be able to hack our Bank account.
Similarly if someone knows Aadhaar
number, it will be wrong to assume that
he/ she will be able to hack Aadhaar-
linked account unless secret numbers are
PIN, OTP, Passwords, Login Ids and
username are shared with.
26. Suggestions
1. Strong and adequate Privacy Policy
2. Awareness to Aadhar card holder
regarding precautions.
3. The legal framework on security and
privacy assurance, however, needs to be
more specific and requires significant
strengthening.