acm-header
Sign In

Communications of the ACM

India Region Special Section: Big trends

Privacy Concerns with Aadhaar


Indian flag and binary code

Credit: Getty Images

The debate engendered by the Aadhaar project has propelled India from being a predominantly pre-privacy society to one in which privacy protection in digital databases has emerged as a major national concern. The welcome and scholarly Supreme Court judgment8 has upheld privacy as a fundamental right, and informational self-determination and the autonomy of an individual in controlling usage of personal data have emerged as central themes across the judgment. The main privacy concerns with Aadhaar are:1

  • Identity theft. Aadhaar is vulnerable to illegal harvesting of biometrics and identity frauds because biometrics are not secret information.4,11 Moreover, possible leakage of biometric and demographic data, either from the central Aadhaar repository or from a point-of-sale or an enrollment device, adds to the risk.
  • Identification without consent using Aadhaar data. There may be unauthorized use of biometrics to identify people illegally. Such violations may include identifying people by inappropriate matching of fingerprint or iris scans, or facial photographs stored in the Aadhaar database, or using the demographic data to identify people without their consent and beyond legal provisions.
  • Correlation of identities across domains. It may become possible to track an individual's activities across multiple domains of service using their global Aadhaar IDs, which are valid across these domains. This would lead to identification without consent.
  • Illegal tracking of individuals. Individuals may be tracked or put under surveillance without proper authorization or legal sanction using the authentication and identification records and trails in the Aadhaar database, or in one or more authentication-requesting-agencies' databases. Such records may reveal information on location, time, and context of authentication and the services availed.

Also, Aadhaar does not record the purpose of authentication. Authentication without authorization and accounting puts users at serious risks of fraud because authentication or KYC meant for one purpose may be used for another.6 Recording the purpose of authentication is crucial, even for offline use.2 Privacy-by-design is not achieved by self-imposed blindness.


Comments


Vellore Sasi Kumar

It is a good that Upholding of the Identity theft is a Violation of the Fundamental Right, as decided by the Honb'le Apex Court. But a Surveillance Mechanisms are to be developed by the Union Governments for monitoring the Flow of Data and the Agents involved with deterrent Punitive Actions.For this matter not only the Data available with Aadhar can be taken in to account but also the DATA available through the Social Media can also be considered.

After all protecting the Individual Identity is nothing but Protecting the Society at large.


Displaying 1 comment

Log in to Read the Full Article

Sign In

Sign in using your ACM Web Account username and password to access premium content if you are an ACM member, Communications subscriber or Digital Library subscriber.

Need Access?

Please select one of the options below for access to premium content and features.

Create a Web Account

If you are already an ACM member, Communications subscriber, or Digital Library subscriber, please set up a web account to access premium content on this site.

Join the ACM

Become a member to take full advantage of ACM's outstanding computing information resources, networking opportunities, and other benefits.
  

Subscribe to Communications of the ACM Magazine

Get full access to 50+ years of CACM content and receive the print version of the magazine monthly.

Purchase the Article

Non-members can purchase this article or a copy of the magazine in which it appears.
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account