Indian biometric ID plan faces court hurdle
Supreme Court in India rules -- for now -- against plan to make biometric ID mandatory for receiving services
IDG News Service - A controversial biometric project in India, which could require people to produce their biometric IDs to collect government subsidies, has received a significant setback from the country's Supreme Court.
The court ruled this week in an interim order that people cannot be required to have the controversial Aadhaar identification to collect state subsidies, even as the Unique Identification Authority of India (UIDAI), the government agency that manages the project, has been trying to promote the Aadhaar number as proof of identity for a variety of services including banking.
The UIDAI has said that the scheme is voluntary, but some states and agencies have attempted to link the identification to the implementation of programs such as cash subsidies for cooking gas that benefit even the middle and richer classes.
"I signed up for Aadhaar only to ensure that I continue to get a gas cylinder at reasonable rates," said an executive in Bangalore who had queued up a few months ago for an Aadhaar number. The state of Maharashtra, for example, aims to be the first state in the country to roll out Aadhaar-linked subsidy transfers to LPG (liquified petroleum gas) consumers across all the districts in the state.
Pending a final order, the court ruled that "....no person should suffer for not getting the Adhaar card inspite of the fact that some authority had issued a circular making it mandatory...."
UIDAI Chairman Nandan Nilekani did not immediately agree to discuss the court order.
The Aadhaar project is the result of an executive order, and is not backed by a law passed by India's Parliament, so its legality can be in question, said Pavan Duggal, a cyberlaw expert who practices before India's Supreme Court. The project could be in violation of the country's Information Technology Act and rules which cover collection, handling and processing of sensitive personal data, he added.
Aadhaar, though said to be voluntary, could also be in violation of fundamental rights of the Indian constitution relating to right to life and privacy, as a perception is being created that the ID will be required for subsidies and benefits, Duggal added.
The government should have considered getting an enabling law passed by Parliament for the data collection as also a strong privacy law to prevent misuse of Aadhaar related data and collation of multiple databases using Aadhaar, because of the privacy issues involved and its implications on fundamental rights, said Pranesh Prakash, Policy Director at the Centre for Internet and Society in Bangalore.
The biometric project, which collects 10 fingerprints, iris scan and other information such as name, date of birth and address, has been criticized by a number of privacy groups who worry that the data could at some point be misused by the government. There is also a risk that such large databases could be hacked, putting at risk information of people. It is not clear what are the measures taken by UIDAI to protect the authenticity and correctness of the biometric information, and prevent access by foreign powers, Duggal said.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Legal White Papers | Webcasts