A scheme in India to help the poor raises privacy concerns

The government has introduced legislation for a biometrics-based digital identity program

India’s legislators are on Wednesday debating a law that would allow the government to collect biometric and demographic information from people in return for distributing to them government benefits and subsidies.

A number of legislators and civil rights activists are concerned about the absence of strong privacy safeguards in the legislation and a provision in the law that allows the government to access the data collected for national security reasons. There is also concern that such a large centralized database of personal information could be hacked and critical information leaked.

Activists are also wary that the program could be extended by the government to make it a mandatory digital ID card for people in the country. Already some telecommunications services and financial services companies use the biometric identity as an optional way for verifying customers.

The biometric ID, which assigns a person a 12-digit number called the Aadhaar number, requires the collection of photos, fingerprints, iris scans and other information such as the name, date of birth and address of the individual. Every time a person has to be verified, he has to present the Aadhaar number, and his biometric information has to match the data stored in a centralized repository.

The digital identity is expected to provide proof of identification to the large number of poor Indians who do not have house addresses, school certificates, birth certificates or other documents that are usually used to prove identity in India.

The traditional paper ration books used in the country are notoriously stuffed with people who are nonexistent or who do not typically qualify for benefits, so the government hopes to save some money by linking the benefits to a digital identity. But the new scheme addresses only end-user fraud and not the large-scale theft prevalent in the entire supply chain, according to analysts.

Rajeev Chandrasekhar, a member of India’s Parliament, has proposed amendments to the bill that would ensure that Aadhaar numbers should not be used as proof of identity for purposes other than subsidies and benefits. Chandrasekhar also wants the Unique Identification Authority of India that manages the project to be responsible for ensuring the security and privacy of the biometric and demographic information of the account holder, with liability for damages in a civil court in the case of a breach.

The Aadhaar program has been allotting IDs for a number of years, even under a previous government, but the program was the offshoot of an executive order and had no legal sanction. The country’s Supreme Court ruled in 2013 in an interim order that people cannot be required to have Aadhaar identification to collect state subsidies. Aware of the legal minefield it was treading on, the government had said the scheme was voluntary.

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 passed recently in the Lok Sabha, one of the houses of India’s parliament, now aims to make the scheme mandatory. The bill sailed through the Lok Sabha where the government has a majority, but will likely meet with strong opposition from the other house, the Rajya Sabha. But the government has classified the bill as a money bill and the Rajya Sabha does not have the final say on such bills. So the legislation is likely to be passed in any case despite its limitations.

Join the CSO newsletter!

Error: Please check your email address.

More about Bill

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Ribeiro

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts