On the stump, Narendra Modi had repeatedly excoriated the Aadhaar scheme as a massive fraud perpetrated by then UPA government. Dismiss that as part of the usual cut and thrust of electoral politics. In 2013, an incensed Arun Jaitley had, in a widely circulated article on governmental spying, called out a far more pressing concern:
This incident throws up another legitimate fear. We are now entering the era of the Adhaar number. The Government has recently made the existence of the Adhaar number as a condition precedent for undertaking several activities; from registering marriages to execution of property documents. Will those who encroach upon the affairs of others be able to get access to bank accounts and other important details by breaking into the system? If this ever becomes possible the consequences would be far messier.
All those concerns remain unaddressed in the Aadhaar legislation that will likely be introduced in Parliament today. Introduced, and passed — because the government seeks to circumvent any opposition by the simple – if dubious — expedient of treating it as a money bill and thus getting it passed without the need for Rajya Sabha approval.
Sunil Abraham of the Center for Internet and Society lists those concerns. Read — this concerns you. And then he says:
The government narrative has not changed in the last six years; the bill is basically the same as the UPA (United Progressive Alliance) version, with some cosmetic changes, and some tokenism towards the right to privacy. The proof that the technology is fallible is in the bill.
If the technology was infallible, as the UIDAI would like us to believe, then the bill would not criminalize the following: (1) impersonation at the time of enrolment; (2) unauthorized access to the Central Identities Data Repository.
Imagine that the bill admits that every Indian’s biometric can be stolen from one single centralized database. Now why don’t we have a similar offence for stealing all private keys from the Internet—we don’t because that is technical impossibility thanks to decentralization.
Therefore we don’t need a law to make (it) illegal. We’ve suggested changes to both the technology and the law. We’ve written seven open letters to the UIDAI, and we’ve never gotten any response. Very few of our concerns have been addressed. We’ve seen dogs getting UID, various other things getting UID, so there’s a lot of evidence that the system does not work. From Kerala we have stories of one person getting several UIDs, so we have no idea about technological feasibility of the project.
No person who spends a minute and a half thinking about it will have serious objections to the concept of a UID, <em>provided</em> it is well thought through and architected, and the basic concerns of the citizen — his privacy, protection against fraud, etc — are taken care of. Why is the government — this one, just like the previous one — insistent on shoving a flawed model down our throats, rather than harnessing the country’s undoubted technical expertise to get it right in the first place?
Read also, Usha Ramanathan’s canary in the coalmine dissection of all that is wrong with the project. Not that reading is going to do you much good, but anyway.