Aadhaar undermines informational privacy and data protection

When the Internet Freedom Foundation (IFF) was launched more than a year ago, we had a spirited conversation on taking forward our work from SaveTheInternet.in and net neutrality. What brought us together was a shared passion for protecting the open internet and the digital rights of users. We strongly felt that this couldn't be done without protecting the privacy of individuals [https://static.internetfreedom.in/issues-privacy/]. Our very fundamental notions and protections of privacy and data

23 November, 2017
1 min read

When the Internet Freedom Foundation (IFF) was launched more than a year ago, we had a spirited conversation on taking forward our work from SaveTheInternet.in and net neutrality. What brought us together was a shared passion for protecting the open internet and the digital rights of users. We strongly felt that this couldn't be done without protecting the privacy of individuals. Our very fundamental notions and protections of privacy and data protection are today under challenge by Aadhaar, and we are taking the following steps to protect it.

What is the problem with Aadhaar?

Aadhaar is the government of India’s mandatory, biometric identification system. It uses a centralised repository to maintain digital identities and their authentication records. This is open for use not only by government but also private companies. As a centralised system with a shared identifier, it enables mass surveillance that breaks data silos and increases the profiling of individuals. The technology implemented to build Aadhaar is not only demonstrably faulty, it has evaded any public scrutiny or transparency as to its security and reliability. We are gravely concerned with its architectural design, and with implementation flaws.

The Aadhaar program has undermined the fundamental right to privacy and left us without safeguards. There is absolutely no recognition of consent as the use of Aadhaar is mandatory, which violates the very premise of any data protection law. Further, centralisation and the lack of data minimisation principles has made us all vulnerable to be profiled from the cradle to the grave. This continues in the face of legal challenges before the Supreme Court, and in the absence of any meaningful data protection law.

What is IFF planning to do?

While our work remains limited to privacy and data protection, there have been citizen groups who have been working on Aadhaar for a long time. They come from diverse streams of work. Some agitate against the system on grounds of the right to information, some on exclusion from rations, subsidies and pensions, and others on grounds of national security. As the Aadhaar program grows in scale, so does the opposition against it.

We offer our support to these groups, making available our tools, techniques and time. IFF also recognises that far more work on privacy is needed, and will seek avenues to complement existing efforts. There will be further updates.

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
Your personal data, their political campaign? Beneficiary politics and the lack of law

As the 2024 elections inch closer, we look into how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means, to create voter profiles for targeted campaigning, and what the law has to say about it.

6 min read

2
Press Release: Civil society organisations express urgent concerns over the integrity of the 2024 general elections to the Lok Sabha

11 civil society organisations wrote to the ECI, highlighting the role of technology in affecting electoral outcomes. The letter includes an urgent appeal to the ECI to uphold the integrity of the upcoming elections and hold political actors and digital platforms accountable to the voters. 

2 min read

3
IFF Explains: How a vulnerability in a government cloud service could have exposed the sensitive personal data of 2,50,000 Indian citizens

In January 2022, we informed CERT-In about a vulnerability in S3WaaS, a platform developed for hosting government websites, which could expose sensitive personal data of 2,50,000 Indians. The security researcher who identified the vulnerability confirmed its resolution in March 2024.

5 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!