On 30 January 2020, NetMission Academy hosted another very interesting session on “Cybersecurity, Privacy and Safer Internet“. On a very honest note, this was actually my first choice when I was asked to pick 3 working groups that I’d like to contribute in and to. But since the program is extremely competitive, I couldn’t get into this working group. So, it’s needless to explain why I was very keenly waiting for this working group to present and this particular training to happen. My first choice, after all!
So, our guests for that day were Satish Babu (India Trivandrum Chapter, ISOC) and Alejandra Prieto (Program Manager, Internet Leadership, ISOC). The PowerPoint presentation prepared by the working group was extremely comprehensive and very in-depth. And we were then quickly sent to our breakout groups. I was in Alejandra’s group. Our moderator Aneesah kick-started the discussion. The policy questions were:
- Does national security outweigh the right to privacy?
- What are some established cybersecurity or privacy-related laws in your country?
- How do/should companies handle our personal data? Is our data even our own?
- How can we control the usage of our data?
- What can multistakeholder do to improve regional/global security?
- How far is it true to say that sharing much more personal information on the Internet is creating difficulty to maintain our privacy?
When my turn came, I responded to the first and second questions jointly by narrating my experience as a NextGenner at ICANN64, Kobe, Japan where I’d presented on the National Identification System of India – Aadhar.
Love it or hate it, you just can’t escape it. I’m talking about Aadhaar. Aadhaar, a Hindi word meaning “Foundation”, is a 12-digit unique identity number that can be obtained by residents of India, based on their biometric and demographic data. Aadhaar is the world’s largest biometric ID system. World Bank Chief Economist Paul Romer described Aadhaar as “the most sophisticated ID program in the world”.
The Indian government has made it mandatory for consumers to link many important services with Aadhaar. Every day all the 132 crore Indians are flooded with frequent reminders to link their bank accounts, mutual fund and mobile number with Aadhaar. Recently, the Reserve Bank of India also clarified that it is mandatory to link bank accounts with Aadhaar. Linking Aadhaar with these services will help eradicate fake accounts, fake insurance policies, and unauthorized mobile connections. The government claims to have removed millions of fake beneficiaries for government benefits by Aadhaar linking. It’s been reported that over 23 million fake ration cards have been scrapped, potentially saving the government Rs14,000 crores in food subsidy every year. Another Mint report in August says, three states discovered that about 2,72,000 fake students were availing the mid-day meal (MDM) scheme. In order to make Aadhaar accessible to often undocumented poorer citizens, obtaining an Aadhaar card does not require significant documentation, with multiple options available. In theory, the use of biometric facilities should reduce or eliminate duplication. So, in practical, while it may be possible to obtain the card under a false name, it is less likely that a person would be able to obtain another Aadhaar card under a different (or real) name.
But since its inception in 2009, the Aadhaar project has been shrouded in controversy due to various questions raised about privacy, technological issues, welfare exclusion, and security concerns. The fundamental objection to this linking of services is that all information on an individual will be available at a single place, which could make surveillance easier and also increase the risks if this information is hacked.
For instance, as of now, one’s bank knows something about him/her, one’s insurance company knows something and one’s mobile phone company knows something about him/her. Each of these is different silos of information. When these converge, which is then accessible to a single person, that person knows almost everything about the given person.
Moreover, a user’s Aadhaar number and fingerprint are permanent identifiers, and at least the Aadhaar number has been compromised for over 130 million citizens, as per a study by Centre for Internet & Society. The detailed personal information being collected is of extremely high importance to an individual. However, once collected, it is not being treated with the required sensitivity for privacy concerns. Major financial transactions are linked with information collected in Aadhaar. Data leaks are a gold mine for criminals who now use sophisticated hackers.
Another major concern is the absence of a clear redressal mechanism for consumers in case of a data leak, misuse or hack.
So, is the government ready to compromise the privacy & cybersecurity of 132 crore citizens “online” in the name of social security? What can be done to minimize the risks associated with Aadhar? Should the program be scrapped entirely or should India finally ratify a more clearly stated Data Privacy & Cyber Security Policy?
And finally, my fellow friend Kenneth responded to question no. 5, by explaining the importance of government intervention in privacy-related issues and how posting things online has indeed landed people in trouble. To this, I countered by saying “who gets to decide what is private to me? And if someone else gets to decide what is private to me then, is it even my privacy any longer? How can someone else tell me what I should do and what I shouldn’t? Isn’t that a breach of my Right to Liberty and Freedom of Expression?”
And I was extremely glad when this question was also taken up to the main room and was discussed at length by Satish.
I thoroughly enjoyed this session and tomorrow is my working group’s – Digital Economy and Emerging Technologies – presentation. Stay tuned for more updates!
About the writer
Ananya Singh (NetMission Ambassador of class 2019/20, India)
Bachelor’s Degree in Economics, BJB Autonomous College