I am also pasting the text of our response below.
We would welcome any feedback
The UIDAI project: why some of the optimism might be nir-aadhar
The article by Nandan
Nilekani in the NMJI 2011 May-June issue provides an interesting laundry list of advantages which an Aadhar number could
provide to those registered through the Unique Identification
Authority of India (UIDAI). Nonetheless, it is surprising
to see no equivalent of a limitations section. The article fails to present a
holistic and full picture of the landscape- in absence of any reference to
expected challenges, the potential for duplication of existing mechanisms; and
threats the Aadhar project poses, particularly to privacy of
information of individuals, and data security- and mention of any proposed
measures the UIDAI is taking to address these. Even a cursory uninformed examination of the claims in the article will
lead the reader to believe that while the intention is laudable, the process
and means can definitely be causes of concern. As readers, we had several
questions related to the approach to, implementation of as well as legislative
adequacy of the UIDAI initiative and their implications for its success. . .
Why two sets of
It is unclear as to why
two sets of identification data – demographic and bio-informatics – are
required for securing an Aadhar number. Also, the operational aspects and
possible misuse could be causes of concern. Currently individuals face many
problems in fulfilling the expectations of producing proof of residence, birth
date etc. for securing other
key government identification documents (such as
voting card, passport and ration card) and it is unspecified how similar
tribulations would be minimized for those seeking an Aadhar number?
Would securing an Aadhar
number truly remain voluntary?
While some benefits of
having an Aadhar number are pointed out like immunization tracking for
children, the system also worrying suggests a clear link between basic health
provisioning (such as immunization) and the need for official proof of being an
Indian resident (to be certified through the possession of an Aadhar number).
If this is indeed the case, it would mean that providers especially in the
public healthcare system might not be able to provide any kind of health
services to vulnerable populations like ‘illegal’ immigrants in the country. It
should not be the duty or responsibility of a healthcare provider to sit in
judgment on a patient’s
legal status of entitlement of health services. A
patient presenting at a healthcare facility without an Aadhar number might be
suspected of being a non-citizen- and stigmatized- and not provided any health
services, or even worse, pursued by the state machinery. Linking Aadhar to essential
public health services like immunization could mean that undocumented
immigrants, among other vulnerable groups, would shun health programs and hence
put themselves and others in the community at risk of vaccine-preventable and
other communicable conditions.
Although, it is
currently voluntary to opt to secure an Aadhar number, the emphasis on its use
in health care context in the way Nilekani advocates in the article might run
the risk of Aadhar number becoming almost inevitable and “mandatory” for
better, swifter and smoother access to health care in due course of time.
Aadhar has already become compulsory for LPG
provision by government oil
companies as part of a pilot project in Mysore.
Similar concerns have been expressed by others, too.
Wouldn’t the proposal of
use of Aadhar for immunization tracking be duplication of efforts?
The government has
already launched a separate system for maternal and child health tracking,
including immunization through the National Rural Health Mission Health Management Information
System (http://nrhm-mis.nic.in/mchtracking.htmand http://nrhm-mcts.nic.in/
) and it’s not clear why UIDAI should aim to replicate the same through
Aadhar. We believe there might be other instances where such replication of
efforts might be probable- this is both a waste of resources and increases the
chances of threats to data security.
Is the health system
sufficiently equipped to use Aadhar number?
Assuming the Aadhar
number could finally be used in the health care context as Nilekani delineates,
is our health system equipped with the required e-platform across the nation; and
are there adequately trained human resources to run such a sophisticated system
available, or being recruited, at every level within the health system? It appears that the use of the Aadhar number as
envisioned would warrant inter-ministerial and inter-sectoral coordination and
resource investment for its meaningful realization. It is not clear as to how
this is being planned and executed.
Would the system to
protect privacy and data protection be truly foolproof?
The issue of privacy of
personal information (especially health) and associated challenges are not
mentioned in the article. It is also not clear as how data safety will be ensured.
response to one of the questions in the parliament regarding mechanisms to
protect data from unauthorised use in UIDAI, it was said that the data would be
encrypted at source along with measures such as limiting physical use, and
putting standard security infrastructure.
We wonder if that would be sufficient given the current trends of data theft
from the supposedly safe and well protected sectors, such as banking and
information technology which use similar mechanisms. As
instances of theft and misuse of information becomes commonplace, as evidenced
by increasing credit card fraud and frequent hacking of government websites,
any framework for information collection which does not have robust safeguards
should be grounds for concern. As well, India does not have any coherent policy
or law governing data encryption ,, .
In the contemporary
context of globalised terrorism, it would also be
challenging for the UIDAI to
comply with the promise of confidentiality towards data collected if faced with
mounting pressures from investigation and intelligence agencies, whether
domestic or foreign, to share bioinformatics information of individuals suspected to be associated with
terrorism and violence. Although a
somewhat different context, the recent episode of a vaccination campaign
launched by the US intelligence agency CIA aimed specifically at collecting DNA
samples from the Osama Bin Laden household in Abbottabad in Pakistan is representative of reasons for our concerns on this front of the potential of
misuse of a public health program collecting identifiable data.
The initial Aadhar
registration system being implemented also provides reason for worry. As the
enrolment process has been sub-contracted via tenders to private firms, there
is seemingly no guarantee of how information and data security
maintained. Moreover, ensuring data protection from interested parties such as
insurance companies who could choose to deny health insurance coverage to
individuals based on their health profiles is paramount. Unless stringent
safeguards are built in, the Aadhar number could be a serious and risky
intrusion into our privacy.
it is ambiguous as to how harmonization and reconciliation across various legal
apparatuses, such as, the National Identification Authority of India Bill and
the proposed Right to Privacy Bill would be achieved with regards to protecting personal information gathered
under the Aadhar project.
Against this backdrop,
we believe the editorial by Nilekani raises more questions than provides
answers, and hence it is apt to question the claims of the article.
Finally, we also find it
disconcerting that though the author declares his affiliation with
there is no conflict of interest statement in the article. Nilekani as head of
the initiative is expected to have a positive bias towards the program. We
believe it would have been good practice for a conflict of interest statement
to have been appended with the article.
Anant Bhan, Pune, Maharashtraanantbhan@...
Sunita V S Bandewar, Pune, Maharashtrasunita.bandewar@...
and SB both contributed equally in developing this article. Both authors
approved the final version of the manuscript.
The authors declare that they have no competing interests.
N. Building a foundation
for better health: The role of the Aadhaar number. Natl Med J India.2011 May-Jun;24(3):133-5.
Milton L. Aadhaar number to be must for LPG
services. The Times of India. 2011 Aug 8 [cited 2011 Aug 18]. Available: http://timesofindia.indiatimes.com/city/mysore/Aadhaar-number-to-be-must-for-LPG-services/articleshow/9533385.cms
A private right or a public affair? Tehelka
Magazine. 2011 Jul 9 [cited 2011 Aug 18]; Vol 8, issue 27. Available: http://www.tehelka.com/story_main50.asp?filename=Ne090711PROSCONS.asp
Health. Now, a
tracking system for immunisation in India. 2011 August 3 [cited 2011 August
 Unique Identification
Authority of India. Government of India Planning Commission, Rajya Sabha
Questions. Question no 393(Answered on 2011 Feb 24) [cited 2011 Aug 20]. Available:http://uidai.gov.in/index.php?option=com_content&view=article&id=171&Itemid=150#rs
Kurup D. ‘State actor’ linked to major cyber intrusions in India, world.
The Hindu Bangalore edition. 2011 Aug 4 [cited 2011 Aug 18]. Available:http://www.thehindu.com/news/article2319894.ece
Data Security Council of India.
Recommendations for Encryption Policy Regulation u/s 84A of the Information
Technology (Amendment) Act, 2008. Prepared by DSCI/NASSCOM with inputs from the industry. 2009 Jul 13 [cited 2011 Aug 16]. Available: http://www.dsci.in/sites/default/files/encryption_policy_dsci_final_submission_to_dit.pdf
Encryption policy of India needed. 2011
Jun 19 [cited 2011 Aug 5]. Available: http://ictps.blogspot.com/2011/06/encryption-policy-of-india-is-needed.html
Waris S. Government asleep over
encryption regulations. 2009 Aug 20 [cited
2011 Aug 21], Available: http://www.legallyindia.com/20090820138/Legal-opinions/government-asleep-over-encryption-regulations
Reardon S. Pakistan. Decrying CIA vaccination
sham, health workers brace for backlash. Science.2011 Jul 22;333(6041):395.
Venkatesan J. Bill on ‘right to privacy' in monsoon
session: Moily. The Hindu, 2011 June 7 [cited 2011 Aug 17]. Available: http://www.thehindu.com/news/national/article2082643.ece