NEW DELHI: Minister of Communications and Electronics and Information Technology Ravi Shankar Prasad said on Thursday that the report by UK-based research firm Comparitech, highlighting that India ranks behind only Russia and China when it comes to surveilling citizens, appear to be flimsy and questionable.
The report stated that India is the fifth-worst country after China, Malaysia, Pakistan and the US in terms of extensive and invasive use of biometric data.
The minister said that there are suitable provisions under the IT Act and work is in progress to bring in a law for data protection. Further, there is a baseless assumption that the Aadhaar database includes information such as purchases, bank accounts, insurance and others.
The government's request to WhatsApp regarding traceability without compromising on encryption has been wrongly projected as a possible privacy intrusion. Therefore, even while the report recognises that the laws and courts in India are working to protect data privacy, it seems to have jumped to a conclusion without looking at the legal regime in India and the checks and balances available.
"These attempts to malign the Government of India for reportedly surveilling citizens are completely misleading," the minister said.
He said that the government is committed to protect the fundamental rights of citizens, including the right to privacy. The government operates strictly as per the provisions of law and laid down protocols. There are adequate safeguards to ensure that no innocent citizen is harassed or his privacy breached.
The Ministry of Electronics and Information Technology is working on the Personal Data Protection Bill to safeguard the privacy of citizens, and it is proposed to table it in Parliament.
Prasad said that there has never been any instance of data breach from the Aadhaar database (Central Identities Data Repository). For the security of Aadhaar data centres, Unique Identification Authority of India (UIDAI) has a well-designed, multi-layer robust security system in place and the same is being constantly upgraded to maintain the highest level of data security and integrity.
The architecture of the Aadhaar ecosystem has been designed to ensure security and privacy which is an integral part of the system from the initial design to the final stage.
Various policies and procedures have been defined and are reviewed and updated continually thereby appropriately controlling and monitoring any movement of people, material and data in and out of UIDAI premises, particularly the data centres.
"UIDAI data is fully secured/encrypted at all times i.e. at rest, in transit and in storage. For further strengthening of security, security audits are conducted on regular basis," the minister said.
Additionally, there are multiple layers of security at the physical level in UIDAI Data Centres and it is being managed by armed CISF personnel round the clock.
The security assurance of the Aadhaar ecosystem has been strengthened with the enactment of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and subsequently the Aadhaar and Other Laws (Amendment) Act, 2019 which has stringent penalties and punishments for offenders.
The UIDAI has been declared ISO certified with respect to information security which has added another layer of IT security assurance. In pursuance of sub-section (1) of Section 70 of the IT Act 2000, UIDAI has also been declared as a Protected System by the National Critical Information Infrastructure Protection Centre, the minister said.