Aadhaar isn’t progress — it’s dystopian and dangerous


This opinion piece by Mozilla Executive Chairwoman Mitchell Baker and Mozilla community member Ankit Gadgil first appeared in the Business Standard.

Imagine your government required you to consent to ubiquitous stalking in order to participate in society — to do things such as log into a wifi hotspot, register a SIM card, get your pension, or even obtain a food ration of rice. Imagine your government was doing this in ways your Supreme Court had indicated were illegal.

This isn’t some dystopian future, this is happening in India right now. The government of India is pushing relentlessly to roll out a national biometric identity database called Aadhaar, which it wants India’s billion-plus population to use for virtually all transactions and interactions with government services.

The Indian Supreme Court has directed that Aadhaar is only legal if it’s voluntary and restricted to a limited number of schemes. Seemingly disregarding this directive, Prime Minister Narendra Modi’s government has made verification through Aadhaar mandatory for a wide range of government services, including vital subsidies that some of India’s poorest citizens rely on to survive. Vital subsidies aren’t voluntary.

Even worse, the government of India is selling access to this database to private companies to use and combine with other datasets as they wish. This would allow companies to have access to some of your most intimate details and create detailed profiles of you, in ways you can’t necessarily see or control. The government can also share user data “in the interest of national security,” a term that remains dangerously undefined. There are little to no protections on how Aadhaar data is used, and certainly no meaningful user consent. Individual privacy and security cannot be adequately protected and users cannot have trust in systems when they do not have transparency or a choice in how their private information will be used.

This is all possible because India currently does not have any comprehensive national law protecting personal security through privacy. India’s Attorney General has recently cast doubt on whether a right to privacy exists in arguments before the Supreme Court, and has not addressed how individual citizens can enjoy personal security without privacy.

We have long argued that enacting a comprehensive privacy and data protection law should be a national policy priority for India. While it is encouraging to see the Attorney General also indicate to the Supreme Court in a separate case that the government of India intends to develop a privacy and data protection law by Diwali, it is not at all clear that the draft law the government will put forward will contain the robust protections needed to ensure the security and privacy of individuals in India. At the same time, the government of India is still exploiting this vacuum in legal protections by continuing to push ahead with a massive initiative that systematically threatens individuals’ security and privacy. The world is looking to India to be a leader on internet policy, but it is unclear if Prime Minister Modi’s government will seize this opportunity and responsibility for India to take its place as a global leader on protecting individual security and privacy.

The protection of individual security and privacy is critical to building safe online systems. It is the lifeblood of the online ecosystem, without which online efforts such as Aadhaar and Digital India are likely to fail or become deeply dangerous.

One of Mozilla’s founding principles is the idea that security and privacy on the internet are fundamental and must not be treated as optional. This core value underlines and guides all of Mozilla’s work on online privacy and security issues—including our product development and design decisions and policies, and our public policy and advocacy work. The Mozilla Community in India has also long sought to empower Indians to protect their privacy themselves including through national campaigns with privacy tips and tools. Yet, we also need the government to do its part to protect individual security and privacy.

The Mozilla Community in India has further been active in promoting the use, development, and adoption of open source software. Aadhaar fails here as well.

The Government of India has sought to soften the image of Aadhaar by wrapping it in the veneer of open source. It refers to the Aadhaar API as an “Open API” and its corporate partners as “volunteers.” As executive chairwoman and one of the leading contributors to Mozilla, one of the largest open source projects in the world, let us be unequivocally clear: There’s nothing open about this. The development was not open, the source code is not open, and companies that pay to get a license to access this biometric identity database are not volunteers. Moreover, requiring Indians to use Aadhaar to access so many services dangerously intensifies the already worrying trend toward centralisation of the internet. This is disappointing given the government of India’s previous championing of open source technologies and the open internet.

Prime Minister Modi and the government of India should pause the further roll out of Aadhaar until a strong, comprehensive law protecting individual security and privacy is passed. We further urge a thorough and open public process around these much-needed protections, India’s privacy law should not be passed in a rushed manner in the dead of night as the original Aadhaar Act was. As an additional act of openness and transparency and to enable an informed debate, the government of India should make Aadhaar actually open source rather than use the language of open source for an initiative that has little if anything “open” about it. We hope India will take this opportunity to be a beacon to the world on how citizens should be protected.

22 comments on “Aadhaar isn’t progress — it’s dystopian and dangerous”

  1. Myth Buster wrote on

    “This would allow companies to have access to some of your most intimate details and create detailed profiles of you, in ways you can’t necessarily see or control.”

    The CIDR only stores your Name Address, Gender and Age. The spec is open, so you can check it out yourself, once you’re done ranting. The rest of this is you painting a dystopian future with very little proof. Facebook Google Ad tracking know way more.

    Yes there should be a privacy law. But aadhaar doesn’t necessitate it.

    1. Dil wrote on

      Aadhar does not necessitate it? seriously? When a large centralised database of every citizen is created, you dont need privacy law to protect it? ridiculous.

    2. Abhinandan wrote on

      Completely agree.

  2. Jay wrote on

    Come to India.

    Live here for a year

    And you will see why it’s needed.

    One of my best friends father works in the police and in a country, where fingerprinting results or any kind of forensic results takes months (over 10) or years to come, this is a God send. Simply because aadhaar has the potential to make the crime investigation faster and with greater transparency. You shouldn’t be able to just disappear after commiting a crime, which happens a bit in rural areas (60% of the country)

    Yes, I will lose privacy to some extent but our “privacy invasions” are nowhere at the level of the US as most of the country doesn’t know what wifi is. And we are not that “connected”, if you will.

    This is basically a social security number with biometrics. No different than a passport, or when you travel to another country and smile for the camera at immigration.

    Different countries have different priorities at different times in history.

    PS. I am a Bernie liberal.

    1. Dil wrote on

      Seems like you dont have an iota of idea about SSN. Read article that differentiates SSN and aadhar.

      Also, you lose “some” privacy? Fingerprints and retinal scan are part of your body. They belong to you. Mine belong to me. I dont need to give it to someone else without my will. Also you equating aadhar with passport verification is ridiculous. I go to other country on my will and I choose to go or not. But living in my own country is necessity. Also, govt linking aadhar with each and every activity of us will definitely collect large data about each and every one of us unlike fingerprint verification for passport that happens only when you enter or exit a country. Stop bullshitting around.

    2. jai wrote on

      Completely Disagree. I feel really sorry to be the supporter of mozilla. Don’t give your own thoughts for your fundraising. Not sure is it for some kind of publicity or to raise fund from someone. Don’t need your advice on AaDhaar just concentrate on your business. I vow not to use firefox anymore for this kind of spam emails..

  3. Sony wrote on

    Why would you write negative about aadhaar when there are so many positive to it? Governance of 1.3 billion people, assisted digitally. What loss do I suffer in my privacy if my photo name and address goes to a bunch of companies?

    1. Dil wrote on

      Read basics about privacy, understand it, then come here and read the article.

    2. Sahil wrote on

      You so conveniently missed biometric data as well as subsidy/purchase data?
      Stupid arguments/Modi Bhakt

  4. Pradeep wrote on

    What can common people can do about it?
    How to stop this non sense?
    How to make this aadhar shit useless?
    HOW??

  5. Abhishiv Saxena wrote on

    Complete misrepresentations of the situation

    #1) Here is SC allowing use of #Aadhaar for Food and Kersoene subsidy.

    http://timesofindia.indiatimes.com/india/Supreme-Court-allows-linking-Aadhaar-with-PDS-and-LPG-subsidies/articleshow/48444953.cms

    #2) Pvt companies get access to 4 attrs name/dob/gender/address. No intimate details, or detailed profile. And only if you allow them by authenticating! No selling. If you don’t want to share even these 4 attributes with these private company, just don’t use Aadhaar. It would be your choice. But why stop me from using Aadhaar.

    1. Dil wrote on

      There is a difference between allowing and compelling. SC allowed, did not mandate.

      Those private companies, can use my data if I am willing to provide them and give them permission to use it. Thats what happens with facebook, google, etc. Not like whats happening now: govt mandating and forcing me to provide them my data.

      No one is stopping you from using aadhar. But govt is forcing me to use aadhar.

    2. Ramalingam wrote on

      The main point would be to protect the collected data by law. Is there any assurance that only the 4 basic attributes will be shared with corporate companies? Who knows the data won’t be stolen or looted? What if someone else use ones data on behalf of he/she fraudulently? Don’t you know in share market, the uncollected dividends including shares (sent by post) swallowed by share transfer agencies? What will happen if they can easily get biometric data of all the citizens?

      No need to protect anything about you and your personal details?

  6. Kirupakaran wrote on

    Mozilla,
    People here do not understand the implications of revealing personal data like address, dob and gender to everyone. You can publish an article explaining how it can be used by companies and how it can lead to identity thefts.

  7. Oru Desh Premi wrote on

    The CEO of Aadhar vouches for the safety of Aadhar but cannot stop leaks .
    Reference : https://qz.com/965911/uidais-ceo-vouches-for-aadhaars-safety-but-there-is-no-stopping-the-leaks/

    The Supreme court of India now has a case filed about linking the Aadhar number to Income Tax returns after newspapers broke the new that more than 13 crore Indian citizens biometric data was leaked from Govt. of India websites.

    https://scroll.in/article/836516/the-daily-fix-the-aadhaar-case-brings-centres-views-on-civil-rights-and-liberties-into-the-open

  8. Essen wrote on

    Just because we can’t do anything constructive doesn’t mean we are totally useless ! We are determined to serve as bad examples. We will show everyone that we are the world leaders in self-destruction 😛

  9. ultimatetechnews wrote on

    The CEO of Aadhar vouches for the safety of Aadhar but cannot stop leaks .

    http://www.ultimate-tech-news.com/xiaomi-mi-pad-2-review-mi-pad-2-india

    http://whatsapphindifunnyjokes.blogspot.in/2016/01/1000whatsapp-jokes-images-2016whatsapp.html

  10. Prantik Chatterjee wrote on

    We Indians will decide what is right or wrong for us. We don’t need Mozilla or anyone else to comment on it. Please don’t try to interfere in our administrative policies.

  11. MOHAMMED ABDUL RAWOOF wrote on

    It is regret to say that even the sharnathies from BURMA, BANGLADESH and other countries getting Aadhaar Cards with the help of leaders of the political parties, for the benefit of casting the vote,how far it is useful to the real citizen of INDIA.

  12. ajay chauhan wrote on

    Dear Dil ,

    I hope you have seen Apple and Samsung or other companies new Branded phone where everyone just use fingerprints and retina Biometric feature .
    But I have never seen any one protesting for you identity theft . Even worse the company like Google and Apple store worldwide data under no International law . Even they use it to monetize it .

    And I wanted to tell AADHAR don’t share your Biometric details to any vendor . It just identify you on real-time quick way and only share the common information like Name, Gender , Age etc .

    And I have seen how so called educated people share their personal details to different Private and government departments via Brokers , then where is your privacy .

    And I am Bit worry when Mozilla claim for openness , if they do care of your privacy etc. then they must stop option “Do Not Track ” in their Web Browser and worse it is by default enabled .

    We must ask Government to come up with new strong Privacy bill rather than start opposing everything .

    And This article is pure bullshit when they quote Supreme Court here and there .
    Supreme court itself force central government to validate every single mobile or phone connection using only “AADHAR”

    http://timesofindia.indiatimes.com/india/sc-asks-centre-to-link-all-mobile-numbers-to-aadhaar-within-one-year/articleshow/56997256.cms

  13. jai wrote on

    Just check how many of this so called supporters use mozilla.. ha ha ha

  14. s singh wrote on

    this article talks about privacy concerns in broad strokes and generalizations – it would have been better if you had given concrete examples of how aadhar data can be misused by corporations and by a rouge govt.