Legal sanctity to Aadhaar does not guarantee its security. Government needs to step up
Urgent steps need to be taken to make the Aadhaar database safe from cyber-attacks, data theft, and misuse of information.
The Supreme Court’s recent Aadhaar verdict — stating that the 12-digit unique identification number is constitutionally valid — was along expected lines. It was believed that with Aadhaar penetration having come a long way, the clock could not be turned back by invalidating it altogether.
But the many conditions that the court imposed on the use of Aadhaar cards have pertinent messages hidden in them.
The court has made it clear that the use of Aadhaar will not be mandatory, except for a few services. People had been fed up of being asked to produce Aadhaar cards everywhere they went — at banks, phone companies, or even to access private buildings. But now the court has specifically banned banks, private companies and schools from demanding Aadhaar cards.
This to some extent takes care of the data security concerns, because the risk of data theft was higher from private institutions.
But while Aadhhar getting constitutional validity was a huge victory for the government, legal validity and data security are separate issues.
While delivering its verdict, the Supreme Court has not deliberated much on the safety aspect. This has led to a bigger challenge before the government. It may have won the legal battle and got legal sanctity for Aadhaar, but on it lies the huge obligation to secure the Aadhaar database.
All the judges of the Constitution bench agreed that having an Aadhaar card does not infringe upon our right of privacy, but at the same time, they pointed out that there should be a law on data protection.
After all, a key concern still remains —what if the government itself misuses our data? It can do so easily, because there is not enough room for “check and balance” on this aspect in our country. It is in this context that Justice Chandrachud’s minority judgment must be given due importance. If the issues raised by him are not addressed properly, it can have far-reaching consequences in the days to come.
Already, several organisations and individuals have demonstrated that the Aadhaar database can be hacked. The government has nonetheless continued to insist that our information is safe.
Recently, the TRAI chairman, RS Sharma, tried to prove that the Aadhaar system was safe by making his Aadhaar number public. Soon, hackers proved to him and to the world how wrong he was.
A lot needs to be done to secure the Aadhaar database. The first task before the government should be how to make the system immune from cyber-attacks. It is also necessary that all the stakeholders of the Aadhaar data be assigned their specific responsibility. We will also have to find ways to bring transparency in the entire system. Then, the biometric data transmission (transfer) or management aspect of the security framework will have to be taken into account.
The problem is that India’s national cyber security policy does not say anything about the security of the Aadhaar. In fact, we do not even have any robust cyber security law.
Our Attorney General claims that all information is safe within the confines of four walls that are “13 feet high and five feet thick”. But, in saying so, he forgets that no data can be kept secure within physical walls today. We can only keep it safe with the help of new and advanced technology.
There have been several reported cases of Aadhaar data theft so far. Clearly, the security of the database is a bigger issue than its legal validity.
The government must take concrete steps in this direction and ensure the safety of our information. Because, once it is attacked, it will imperil our country’s sovereignty and integrity.