The debate over Government’s adamant stance on linking Aadhaar with mobile connections and bank accounts took another twist recently.
As you might be aware, the Government has made it mandatory for citizens to provide their Aadhaar number along with PAN details for new bank accounts and should be quoted for a transaction above Rs 50,000. For the existing account holders, December 31, 2017, is the deadline to link their Aadhaar number with their bank accounts. Those who would fail to do so will end up making their bank account non-operative.
However, some media reports created confusion that RBI hasn’t issued any circular making it compulsory to link Aadhaar with bank accounts. Putting a full stop to any further speculation on this topic, RBI was quick to clarify that, the "Linkage of Aadhaar number to bank account is mandatory under the Prevention of Money-laundering (Maintenance of Records) Second Amendment Rules, 2017 published in the Official Gazette on 1 June, 2017."
Mr Arun Jaitley—the Finance Minister—revealed that 52.4 crore Aadhaar numbers have been already linked to 73.6 crore bank accounts. The Finance Minister also shed light on Government’s ambitious plan "one billion-one billion-one billion "—100 crore Aadhaar numbers must be linked to 100 crore bank accounts and 100 crore mobile phone accounts. He believes once this milestone is achieved “India can be a part of the digital mainstream.”
However, a petition challenging the decision of linking Aadhaar to Bank account claims that "Building a database dependent on Aadhaar and information linked there constitutes an unreasonable risk for financial autonomy and privacy of account holders, banks and financial sovereignty of the nation."
What’s the debate all about?
Privacy activists and others those who oppose Aadhaar believe when opting for Aadhaar itself isn’t mandatory how can that be made compulsory for availing other services? Moreover, a few of them are of the view that, allowing the use of Aadhaar as a part of Know Your Customer (KYC) compliance would make the personal data vulnerable to breaches.
One of the senior advocates arguing against linking PAN with Aadhaar questioned the security of private data saying, “If my password is hacked I can replace it. How do I replace the biometrics?”
Alleviating these concerns the Unique Identification Authority of India (UIDAI) has already clarified that, it gives return response to requesting agencies as “yes/No” without providing access to any personal identity information. For the purpose of Aadhaar-based authentication mainly three modes can be used. They are as follows:
- Demographic authentication
- One-time pin based authentication
- Biometric-based authentication
The UIDAI encourages agencies to use a multi-factor authentication method—a combination of two or more modes mentioned above—for the verification purpose. Moreover, it has also clarified that “e-KYC authentication shall only be carried out using OTP and/or biometric authentication.”
So the sceptics make three assumptions here:
- The agencies—such as banks and telecom companies—handling the verification process may not be competent to handle biometric details collected by them for the purpose of verification.
- If the biometric details collected by the agency can be misused for any purpose including opening bank accounts in others names using a fake identity.
- In this process, even the multi-factor authentication system may also get compromised. Which essentially means one’s mobile phone will also get stolen after the OTP—which is valid for 30 minutes—is sent to the registered number.
- UIDAI may fail to protect its databases.
Looks farfetched? Well, when the Supreme Court will hear the cases on “privacy concerns linked to Aadhaar”, the Government may challenge the claims of privacy activists based on assumptions above. In May 2017, UIDAI published a paper “Aadhaar—Myth Vs Fact”. It says, “Aadhaar number, bank account number and mobile numbers are not secret. They are sensitive personal identity information. Secret numbers are your PIN, passwords etc. While these should not be shared, one can give his sensitive personal identity information such as bank account number and Aadhaar number to others for transactional purposes. When you write a cheque, it will have your bank account number. Just because someone knows your bank account number, it will be wrong to assume he will be able to hack your bank account. If someone knows your Aadhaar number, it will be wrong to assume he will be able to hack your Aadhaar-linked bank account. However, a prudent practice is that you should not put up your sensitive personal information such as bank account numbers, Aadhaar number on website or social media platform.”
However, what the Government may find difficult to defend is something different. The biggest worry is while the core-biometric identification information such as fingerprints and iris scans available in the Aadhaar database is entirely ring-fenced in almost all cases unequivocally, it makes an exception. The data can be divulged in the interest of “national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government.” However, it offers no definition of “national security”, and thus the intent remains elusive.
Many believe that the Government may (mis)use this provision to take a backdoor entry to “personal information” of people and actually use this as a part of (ill-intended) surveillance.
It remains to be seen how the Supreme Court assesses these issues. Until then, it’s wise to comply with the RBI directive and link Aadhaar number with your bank account. As far as the security of your personal information goes, UIDAI has spoken about it publically several times.
By the way is it safe to assume that, anyone concerned with the “Privacy” isn’t using any contemporary mobile app? More than the Government mobile apps track you closely and monitor your activities. Take out some time to see permissions you grant at the time of installation. Is privacy an illusion although we may call it a fundamental right?
Add Comments