By Vritika Mathur
Confronted with multiple instances of data breach, a Constitution bench dealt with questions raised by several petitioners regarding the same on Wednesday.
Judges’ concerns
A five-judge Constitution bench comprising of justices AK Sikri, A M Khanwilkar, D Y Chandrachud, Ashok Bhushan and headed by Chief Justice Dipak Misra emphasised on the need for “robust” laws when it comes to Aadhaar authentication. This comes in the face of widespread leaks of sensitive citizen information. The Supreme Court questioned the UIDAI about the established provisions to prevent private entities that are involved in the authentication process from parting with it for commercial gains. An example of one such private entity involved is Authentication User Agency (AUA), which is engaged by UIDAI to provide Aadhaar enabled services to Aadhaar number holders by using the authentication. However, Pandey stated that there was no control over this sharing by private entities, working as AUA’s.
Addressing the UIDAI CEO Ajay Bhushan Pandey, the bench questioned, “There are two ends of authentication. You say that you do not know the purpose of authentication and the data at your (UIDAI) end is safe. AUA may be a private entity, what are the safeguards if AUA parts with the sensitive information?”
Need to protect the Aadhaar Act
The Aadhaar Act, in a nutshell, is to do with the assignment of unique identity numbers to all individuals residing in India for purposes of good governance, benefits and so on. So whenever any private information submitted is exposed, it brings the violation of our fundamental rights into consideration. By disclosing information without consent it opens up space for unequal practices and discrimination. Such sharing is prohibited under the Aadhaar Act.
There is a strong need to protect privacy in the country. In an attempt to illustrate the dangers of information leak, Justice Chandrachud gave the example of ordering pizza from a pizza chain on a regular basis. If he said, the chain shares this information with his health insurance firm; it will definitely hold some weight as a lifestyle is one of the key factors. “This is a commercially sensitive information”, he added and further shared his concern of there being no “enforceable protection against others” even if the data repository of UIDAI is completely secure.
UIDAI’s assurance
To ease concerns, the UIDAI asserted that they would be keeping a constant vigil to safeguard all information. As stated by CEO Pandey, breaches taking place happen from the other end and not the repository, as it is completely safe and not connected to the Internet. However, this prompted Justice Chandrachud to respond saying, “Merely protecting your end is not enough there needs to be a robust law in place to protect the other end of the spectrum.” According to Pandey, there has not been a single breach of biometric details in the last seven years. Sharing of information requires permission of the district court concerned. Whereas when it comes to biometrics, it was confirmed that the following are only shared in cases of protection of national security and requires consent at the level of the Cabinet secretary. Up till now, no request has been put forward to procure the same. He said, “In the IT world, new technologies are coming. While it is enabling the people, it is also enabling the other side who do not have good intentions. So what we need to do is keep upgrading our technology, keep assessing what new technology our opponents would apply, how to take proactive steps in time, so that our data remains safe.”
Following a recent directive, only the last four numbers of the Aadhaar will be put up on a public domain. The case will be heard next on the 3rd of April in order to respond to the petitioners.
Stay updated with all the insights.
Navigate news, 1 email day.
Subscribe to Qrius