Something strange and worrisome is happening in Hyderabad. The Hyderabad City Police Commissionerate wants to collect records of every resident, regardless of whether or not the person is a suspect of any crime. And it doesn’t end there. They want to collect very specific details including phone numbers, relationships, voter identification numbers and Aadhaar numbers.
Almost like how the National Security Agency (NSA) in the US used the “collect it all” approach to surveillance. We found that out only when Edward Snowden leaked top secret NSA files.
The profile data collected will include the individual’s name, their father’s, mother’s and spouses names, date of birth, mobile number and contact number, apart from driving license, voter identification, Aadhaar, FIR numbers and case diaries
This approach to collecting citizens’ data poses a huge threat to an individual’s privacy and is prone to abuse.
According to a tender floated by the Hyderabad City Police in 2016, the law enforcement agency wants to create what it calls the Integrated Information Hub (IIH), which will collect, tag and analyse user data from various internal and external sources.
The profile data collected will include the individual’s name, their father’s and mother’s names, spouse’s name and address, date of birth, mobile number and contact number apart from driving license, voter identification, Aadhaar and FIR numbers. The government will also gather other details to help identity a person along with records defining relationships and crime records, if any.
The proposal also includes mining of external data sources, the details of which are not mentioned in the tender document. But one can imagine this will include the user’s social media accounts, relationship information, camera footage and so on. All in all, it looks like the system collects everything that a regular citizen would like to protect.
Aadhaar is the key to matching profiles with external data sources
Quote from the tender: “The system should have the ability to make request to the external databases on the basis of data fields (e.g. Aadhaar, Driving License No) and capture the response from the external database sources.”
The tender document makes it clear that the Aadhaar number, along with other identifiers like passport number and voter ID, form what they call “unique identifiers” to match the external sources. Given the biggest unique identifier in India is Aadhaar, it is going to be used primarily for matching the external data sources.
What makes the IIH move unique is the ability to aggregate the data from different sources on the basis of unique identity
Intelligence agencies around the world collect such information about people. What makes the IIH move unique is the ability to aggregate the data from different sources on the basis of unique identity. It’s for similar reasons countries like UK have abandoned their identity schemes.
There have always been concerns a about Aadhaar being used outside The Unique Identification Authority of India (UIDAI) for aggregating data for surveillance on citizens. Though the UIDAI has resisted sharing data with investigative agencies, it can’t stop third parties, both government and private, from aggregating the user data and building user profiles based on Aadhaar as the linking key. We have already seen police departments collecting Aadhaar information for innocuous acts like buying IPL tickets in the name of security.
Why you should be worried
While the intent of the system seems to be effective policing, it’s not just criminals or suspects that the IIH is trying to profile. It profiles everyone.
But, just like in the real world government representatives are not allowed to enter our houses and collect items without a warrant, they shouldn’t be allowed collect data on us either. Because, just like in the real world, there is a good chance it will get abused.
While the intent of the system seems to be effective policing, it’s not just criminals or suspects that the IIH is trying to profile. It profiles everyone
Governments across india are virtually making it impossible to access any kind of service without Aadhaar, despite the Supreme court ruling against it. Even private companies are making it impossible to conduct business with them. The Indian government’s argument that “Privacy is not a fundamental right” gives a boost to organisations across the country to collect and use personal details of citizens without consent or accountability measures in place.
What can be done
Aadhaar has become so big that it’s almost impossible to scrap it. It’s time that we ask for a full-fledged and widely discussed Aadhaar Bill instead of a half-baked money bill to evade Supreme Court ruling and reveal user data in the name of national security. We need to start working on the bill that is focused on protecting the overall user data not just within UIDAI but also the ones linked using it as it’s more obvious than ever that Aadhaar will be used as a surveillance primary key.
Disclosure: FactorDaily is owned by SourceCode Media, which counts Accel Partners, Blume Ventures and Vijay Shekhar Sharma among its investors. Accel Partners is an early investor in Flipkart. Vijay Shekhar Sharma is the founder of Paytm. None of FactorDaily’s investors have any influence on its reporting about India’s technology and startup ecosystem.