NEW DELHI: The last four digits of your Aadhar number could be published or made available online by the government. But the mobile numbers should not be. This idea along with many such others were discussed by at least top 40 bureaucrats of the country.
The high-level meeting last month at the Cabinet Secretariat was in the backdrop of the Aadhar data leak that has cast a shadow over government departments’ capability to safeguard the vast troves of biometric records and other sensitive personal information of individuals they have stockpiled over the years.
The minutes of the meeting accessed by The Sunday Standard show lack of a clear security protocol.
This is what Ajay Bhushan Pandey, CEO of Unique Identification Authority of India (UIDAI), told the meeting: “Full Aadhar number should not be published on websites or printed on certificates, cards, licences etc. However, if required, last four digits of Aadhar can be displayed/printed. If an agency is storing Aadhar numbers in any database, then the data must be encrypted and stored.”
This sounds reassuring until another bureaucrat said the government agencies need to develop a clear security protocol. So, there isn’t one?
Amarjeet Sinha, Secretary, Ministry of Rural Development, has been quoted in the document raising the issue. “He (Sinha) suggested that clear protocols from National Informatics Centre (NIC)/UIDAI are required to ensure security of data, as mandated by the Aadhar Act. He further suggested that trainings and workshops should be organised for NIC officers on safeguards and protocols to be followed for managing Aadhar-related data.”
The National Informatics Centre (NIC) is responsible for providing network backbone to Central government departments while UIDAI’s function is to secure people’s biometrics data. The earlier revelation that Central departments hadn’t encrypted the personal information of Indians drew criticism from experts for compromising people’s privacy.
Other concerns were raised by senior bureaucrats in a meeting that was chaired by A R Sihag, Secretary (Coordination). On top of the questions flying thick and fast in the committee room was about data that could be displayed without violating the provisions of Aadhaar and the Information Technology Act. Some bureaucrats wanted to know if legacy demographic data, which had been obtained prior to Aadhaar’s existence, also attracts similar provisions regarding safeguards. And, few others questioned if phone numbers of beneficiaries are also sensitive personal information that needs to be secured.
The Ministry of Electronics and Information Technology (MeiTY) and UIDAI were told to examine issues such as the need for encryption of mobile numbers of individuals available in government databases, treatment of legacy data available with departments, are examined and requisite clarifications are issued at the earliest.
But what about the security culture of private institutions that are implementing the government schemes? Ameising Luikham, Secretary in the Ministry of Minority Affairs, said, “Certain Ministry schemes were being implemented through private institutions and protocols for ensuring secure storage of Aadhaar information with proper safeguards by such institutions had yet to be evolved,” Luikham said.
Not Without My Consent
UIDAI’s Ajay Bhushan Pandey, who made a presentation in the meeting, said the biometric information cannot be shared with anyone or used for any purpose other than generation of Aadhaar numbers and authentication.
“Identity information available with a requesting entity cannot be shared without consent of the individual and can only be used for the specific purpose for which such consent has been given,” Pandey said, adding that regular audits must be conducted.“It is imperative that government departments and agencies should take care while handling personal data and Aadhaar numbers and follow the provision of the act,” Pandey said.
Privacy Concerns Remain But Govt Pushes For Aadhaar
Earlier the government faced criticism for making Aadhaar mandatory for mid-day meals in schools. And, it was forced to withdraw the order in March. However, Anil Swarup, Secretary, School and Education argued that integrating Aadhaar linked information in regard to schoolchildren could enable better service delivery.
He added that it was difficult to maintain databases in silos for various schemes, and it would be better to have a unified database for all programmes. Latha Krishna Rao, Secretary, Ministry of Social Justice and Welfare said that correlating Aadhaar information from databases of schemes of different ministries would enable de-duplication of beneficiaries. SK Pattnayak, Secretary Agriculture said that if Aadhaar information of farmers could be linked with land records, soil health cards and supply of fertilisers, it would enable calibrated delivery of requisite inputs.