Monday, Aug 03, 2020 | Last Update : 06:36 PM IST

132nd Day Of Lockdown

Maharashtra44122827680915576 Tamil Nadu2576131964834132 Andhra Pradesh158764828861474 Delhi1376771233174004 Karnataka134819577252496 Uttar Pradesh92921533571730 West Bengal75516527301678 Telangana6766048609551 Gujarat63675466892482 Bihar5727036637322 Rajasthan4441031216706 Assam4290532385105 Haryana3651929690433 Odisha3491321955236 Madhya Pradesh3353523550886 Kerala259121446383 Jammu and Kashmir2141613127396 Punjab1785311466423 Jharkhand121884513115 Chhatisgarh9608699158 Uttarakhand7593443786 Goa6530466853 Tripura5248346323 Puducherry3806230952 Manipur283117377 Himachal Pradesh2654150813 Arunachal Pradesh19359693 Nagaland19356484 Chandigarh111769819 Meghalaya8742645 Sikkim6582891 Mizoram4702580
  360 Degree   14 Jan 2018  Aadhaar Law is inadequate to deal with privacy issues

Aadhaar Law is inadequate to deal with privacy issues

THE ASIAN AGE. | PAVAN DUGGAL
Published : Jan 14, 2018, 3:33 am IST
Updated : Jan 14, 2018, 3:33 am IST

Aadhaar ecosystem is unsafe as there are no parameters for protecting cyber security and privacy of its users.

People have many doubts about the safety of their information and the adequacy of current laws in addressing the issues that may arise from any future breach of privacy or data theft from Aadhaar database or its vast network.
 People have many doubts about the safety of their information and the adequacy of current laws in addressing the issues that may arise from any future breach of privacy or data theft from Aadhaar database or its vast network.

The unauthorised access to the Aadhaar database that was obtained by a journalist to prove how unsafe the system was, has only increased concerns about the safety of personal data of nearly 120 crore people — the largest database available with a single authority anywhere in the world. Contrary to assertions of the government, this incident proved that the database is available on demand.

Though the Unique Identification Authority of India (UIDAI), the body responsible for Aadhaar, proposed the concept of Virtual Identity on January 10, whereby people would not have to share their actual Aadhaar number, the damage has already been done.

 

People have many doubts about the safety of their information and the adequacy of current laws in addressing the issues that may arise from any future breach of privacy or data theft from Aadhaar database or its vast network.

The legal framework for Aadhaar is the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Servi-ces) Act, 2016 and a January 10, 2018, circular that seeks to introduce virtual identity. The Aadhaar Act, however, does not envisage a virtual identity.

If we look at these legal frameworks, we find that the Aadhaar Act is not adequate to deal with the challenges thrown up, due to the increased breaches in the Aadhaar ecosystem. The offenc-es under the Aadhaar Act are defined under chapter VII.

 

Section 48 of the said Aadhaar Act makes the act of unauthorised accessing or extracting data from the Central Identities Data Repository, downloading, copying or extracting data therefrom, introducing or causing to be introduced any virus or computer contaminant, damaging or causing to be damaged the data in the Central Identities Data Repository or disrupting or causing to be disrupted the access to data in the Central Identities Data Repository as an offence punishable with three years imprisonment and Rs 10 lakh fine. The elements of hacking of Aadhaar database could be brought under Section 38 of the Aadhaar Act, 2016.

In addition, the provisions of Section 66 read with Section 43 of the Information Technology Act, 2000, relating to computer related offences could also be invoked. The said provisions make the act of hacking an offence that is punishable with five years of imprisonment.

 

 As of now, the Aadhaar Act is almost two years old and outdated, given the increasing focus of the government on making Aadhaar mandatory for most services. The obvious result is that there are almost no convictions under this law.

Therefore, the Aadhaar ecosystem is completely unsafe as there are no parameters for protecting cyber security and privacy of Aadhaar holders. Rights, duties and obligations of service providers and stakeholders need to be defined clearly. On top of it, the new concept of Virtual Identity, which is introduced on an optional basis, makes the entire exercise not very effective in the long run.

 India cannot take inspiration from advanced countries as there are no specific model laws in other countries in this regard. Some countries have tried to experiment with national biometric identity systems but have chosen not to implement it, given the huge security and other legal challenges that were in store.

 

Despite all the shortcomings in Aadhaar, there is no denying the fact that it has become the central point of our day-to-day life. Hence, all efforts must be made now to make Aadhaar more secure and safe. The government needs to revise and amend the Aadhaar Act, 2016 to mirror existing ground realities. While the Supreme Court judgment on Aadhaar law violating privacy is awaited, the government must proactively work on protecting cyber security of the Aadhaar ecosystem as a whole.

(The author is an advocate of the Supreme Court of India and the chairman of the International Commission on Cyber Security Law)

Tags: aadhaar, biometric identity, aadhaar database, virtual identity