The Parliament of India is set to pass the Aadhaar Bill that would allow federal agencies access to the world’s enormous biometric database in the interests of national security, raising fears that the privacy of a billion people could be compromised.
The move say some privacy advocates could also help in surveillance far more invasive than the US telephone and internet spying exposed by former National Security Agency (NSA) contractor Edward Snowden in 2013.
Launched in 2009, the Aadhaar ID database scheme was established to streamline payment of benefits and reduce huge wastage and fraud. Nearly a billion people have registered their finger prints and iris signatures. Data collected under the project is encrypted and stored within national data centres in Bangalore and Manesar.
Now the BJP, who have inherited the scheme want to use a loophole to bypass the opposition in Parliament and pass new provisions including those on national security. In an effort to secure passage before lawmakers go into recess, the Centre brought the Aadhaar legislation to Rajya Sabha today as a financial bill – which cannot be rejected. It can be returned to Lok Sabha, but here the ruling party holds a majority.
“It has been showcased as a tool exclusively meant for disbursement of subsidies and we do not realise that it can also be used for mass surveillance,” said Tathagata Satpathy, a lawmaker from Odisha.
“Can the government … assure us that this Aadhaar card and the data that will be collected under it – biometric, biological, iris scan, finger print, everything put together – will not be misused as has been done by the NSA in the US?”
Finance Minister Arun Jaitley has safeguarded the legislation, citing that an estimated 150 billion rupees (approx. £1.6 billion) was saved by the scheme in the financial year 2014-2015. A finance ministry official added that the BJP would ensure that people’s privacy is respected and that third-party federal access would only be granted in special cases.
According to another government official, the new law is in fact more limited in scope than the decades-old Telegraph Act, which permits national security agencies and tax authorities to intercept telephone conversations of individuals in the interest of public safety.
However, political opponents and religious minorities also worry that abusive management of the database could be used as a tool to silence and harass individuals considered as potential security threats.
Cybersecurity experts have further argued that a central reserve of biometric data in the world’s most populated democracy could present a huge risk if compromised.
“We are midwifing a police state,” said Asaduddin Owaisi, an opposition MP.
Global policy director at Access, an international digital rights organisation, Raman Jit Singh Chima said the proposed Indian law did not have the transparency and oversight safeguards found in Europe or the United States, which last year changed its bulk telephone surveillance programme.
He pointed to the US Foreign Intelligence Surveillance Court, which must accept many surveillance requests made by intelligence agencies, and European data protection authorities as oversight mechanisms not present in the Indian proposal.
New Delhi-based PRS Legislative Research in its assessment of the measure, said law enforcement agencies could use someone’s Aadhaar number as a link across numerous datasets such as telephone and air travel records.
That would allow them to identify patterns of behaviour and discover potential illegal activities. But it could also lead to harassment of individuals who are identified incorrectly as potential security threats, PRS said.
“Maintaining a central database is akin to getting the keys of every house in Delhi and storing them at a central police station,” said Sunil Abraham, executive director at the Center for Internet and Society in Bengaluru.
“It is very easy to capture iris data of any individual with the use of next generation cameras. Imagine a situation where the police is secretly capturing the iris data of protesters and then identifying them through their biometric records,” he said.