Let us understand the basics of the Aadhaar scheme and the Social Security Number (SSN).
Everyone in India knows what an Aadhaar card is. Also, one can’t imagine their public life without an Aadhaar card as we are used to producing it everywhere. For example, to book flight tickets, check in to a hotel room, apply for a passport etc.
No-one is concerned about how the Aadhaar card became so popular and easy-to-use in a very short time. Only a few activists and intellectuals are concerned about it, as the entire structure of the Aadhaar scheme is a threat to our fundamental rights: privacy, liberty, autonomy and personal data protection.
As per the Indian government, the aim of Aadhaar is to provide targeted delivery of subsidies, benefits and services—the expenditure for which is incurred from the consolidated fund of India, or the consolidated fund of the state to residents of India through assigning of unique identity numbers. [1]
The Unique Identification Authority of India (UIDAI) is a statutory authority established under the provisions of the Aadhaar Act (2016) by the government of India, under the Ministry of Electronics and Information Technology. The Aadhaar Act has been amended by “The Aadhaar and Other Laws (Amendment) Act (2019)”. [2]
What Is A Social Security Number?
In the US, the SSN was created in 1936 for the sole purpose of tracking the earnings histories of American workers, which could then be used in determining social security benefits entitlement, and computing benefit levels. Since then, the use of the SSN has expanded substantially.
Today, the SSN is the most commonly used numbering system in the US. As of December 2008, the Social Security Administration (SSA) had issued over millions of original SSNs, and nearly every legal resident of the US had one. The SSN’s universality led to its adoption throughout government and the private sector, as the chief means of identifying and gathering information about an individual. [3]
The Social Security Administration website stated in a 2009 bulletin:
“The card was never intended to serve as a personal identification document–that is, it does not establish that the person presenting the card is actually the person whose name and SSN appear on the card.”
The Aadhaar card seems to be intended to verify the identity of an individual.
Designated Authorities For Both The Schemes
The Social Security Agency is the sole body in the US that receives and processes applications for SSN, issues SSN numbers, and grants verification of the SSNs. The UIDAI is the sole body that issues Aadhaar numbers.
Registrars (contracted bodies under the UIDAI) and enrolling agencies (contracted bodies under the registrars), are responsible for receiving and processing enrollments into the UID scheme. In short, the UIDAI does not have direct contact and control over the enrollment agencies. Thus, the UIDAI does not takes any responsibility for the correctness of the data of an Aadhaar-holder.
Personal Data Storage Of Both Schemes
SSN data are stored in the “numident” (or numerical identification system). The numident is a centralised database containing the individuals original SNN and application, and any re-application for the same. All information stored in the numident is protected under the Privacy Act of 1974.
Individuals may request records of their own personal information stored in the numident. Federal agencies and private entities that collect the SSN for a specific service store the number at the organisational level.
The Privacy Act of 1974 and various state level legislation regulates the disclosure, access, and sharing of the SSN number collected by agencies and organisations. [4]
Aadhaar and data related to it is stored in the CIDR (or the central identities data repository), and processed in the physical data warehouse of the UIDAI. At the UIDAI, data generated at multiple sources typically comes to the CIDR (the UIDAI’s data centres) through an online mechanism.
Personal Data Holding Of Both Schemes
The SSN number does not hold any biometric data. It doesn’t even have any demographic data printed on the physical card. On the printed SSN card, only basic details like the SSN Number, name of the SSN holder and their signature, can be seen.
On the other hand, the Aadhaar card collects, stores and uses the biometric data of the Aadhaar-holder. Also, the printed Aadhaar card has personal demographic details like name (in both English and a regional language), date of birth, gender and residential address. These are deemed to be extremely sensitive information in the context of data privacy.
SSN can be replaced in some circumstances. If an individual loses their SSN card, or their number is fraudulently used, they can apply for a replacement SSN card or a new SNN number. An individual can request for the deletion of their SSN number after completion of the due process.
An Aadhaar number can’t be replaced or deleted. Yes, an Aadhaar holder gets a second copy of their Aadhaar card if they lose the print copy of their Aadhaar.
However, there is no option for the removal of one’s Aadhar number. You can’t exit from the Aadhaar scheme. There is no provision in place to delete an Aadhaar number of an alive or dead person.
Judicial Protection Under Both Schemes
The SSN program was brought into existence via the “Social Security Act”, and officially rolled out while eventually being adopted across federal departments in the US. It is also governed and protected under the Tax Reform Act of 1986, Internal Revenue Code, and Privacy Act of 1974.
The Aadhaar scheme, initially the UID scheme, has been envisioned as being brought into existence via the Unique Identification Authority Bill (2010). This Bill was rejected by a parliamentary committee over legislative, security, and privacy concerns.
In March 2016, the government passed the Aadhaar Act as a money bill, bypassing the Rajya Sabha. From 2009 to 2016, hundreds of Aadhaar cards were issued without a proper legal framework, and strong privacy protection.
The Aadhaar Act (2016) was amended later, in 2019m after final verdict by the apex court of India.
Personal Data Collected During Enrollment
To obtain an SSN, you must be able to provide proof of your age, identity and US citizenship, or permission from the Department of Homeland Security, in case of an overseas citizen working in the US. To avail SSN, there are minimal data requirements as follows:
- Name to be shown on the card
- Full name at birth, if different
- Other names used
- Mailing address
- Citizenship, or alien status
- Gender
- Date of birth
- Place of birth
- Mother’s name at birth
- Mother’s SSN (SSA collects this information for the Internal Revenue Service on an original application for a child under the age of 18. SSA does not retain these data)
- Father’s name
- Father’s SSN
- Whether the applicant has ever filed for an SSN before
- Prior SSNs assigned
- Name on most recent social security card
- Different date of birth if used on an earlier SSN application
- Date on which the application was filled
- Phone number
- Signature
- Applicant’s relationship to the number holder
In the Aadhaar scheme, to obtain an Aadhaar number, proof of identity, age (or date of birth), address and biometric information is required. The requirements are as follows:
- Name
- Date of birth
- Gender
- Address
- Details of a parent or guardian
- Mobile number
- Indication of consenting or not consenting to the sharing of information provided to the UIDAI with public agencies to be used for services like welfare schemes.
- Indication of if the individual wants the UIDAI to facilitate the opening of a bank account linked to the Aadhaar number, and permits the sharing of information for this purpose.
- Indication of if the individual has no objection to linking their present bank account to the Aadhaar number and the relevant bank details.
- Signature of the applicant, or introducer in case of an applicant who is a minor.
- Aadhaar enrolment also takes biometric data of an applicant: (a) live colour photo of the face, (b) fingerprints of all the fingers, and (c) iris scan of both the eyes.
The Aadhaar Act’s section 2(g) states that “other biological attributes” may be collected in the future. In contrast, when the SSN was created in the 1930s, the US government decided not to collect fingerprints.
Database Seeding In Both The Schemes
One of the key concerns around Aadhaar is that the government has “seeded”, or introduced or shared the Aadhaar number in multiple databases, which makes it easier for government agencies to converge personal information of individuals across databases.
Millions of Aadhaar numbers have been linked to the bank records, ration lists, educational records and many others. New analytical data techniques mean this “big data” could reveal much more about a person than standalone data could in the past.
There is no seeding done using the SSN. Federal agencies and private entities that collect the SSN for a specific service store the number at the organisational level.
Restrictions Under Both Schemes
Given privacy concerns over the use of SSNs, governments in the US have passed several laws and orders since 1996 to restrict and limit its use and collection. The Social Security Administration website says state entities have begun to delete SSNs from electronic, public records.
Several US states have also passed laws. For example, New York and West Virginia have statutes that limit the use of the SSN as a student identity number. Kentucky allows students to opt out of the use of SSNs. Arizona law requires companies to give a right to users to opt out. California prohibits businesses from printing SSNs on bills, and companies must notify individuals in case of data breaches.
The Intelligence Reform and Terrorism Prevention Act (2004) prevented the printing of SSNs on driver’s licenses and other government-issued identity cards. A 2015 law prohibited the inclusion of SSNs on Medicare cards, though this has not yet been achieved.
The vast number of Aadhaar uses are increased day-by-day. The Indian government has not even taken a single step to make people aware about this. Citizens need to be told that an Aadhaar is not required everywhere, except for any benefits funded by the consolidated fund of India.
Privacy Protection In Both Schemes
In response to growing concerns over the accumulation of massive amounts of personal information, the US government passed the Privacy Act of 1974. The law was passed in recognition of the dangers of the widespread use of SSNs as universal identifiers.
Subsequently, the Computer Matching and Privacy Protection Act of 1988, tightened regulation by providing for the establishment of Data Integrity Boards at each agency.
India does not have a special or designated privacy law, either at the national or state level. As per Section 8 of the Aadhaar Act, requesting agencies are required to obtain the consent of the individuals before collecting their identity information, inform them of what information will be shared, and for what purposes it is being collected.
As per Section 47, of The Aadhaar Act 2016, a person whose information is collected and shared without their consent, or personal data of his breaches or misused, can’t invoke the criminal penalty. The victim can not initiate legal action directly on the culprit.
The Act says such a complaint can only be made by the Unique Identification Authority. As per our knowledge, any audit (or forensic audit) on data privacy and protection, has never published by the UIDAI till now.
The European Union has its own an independent “supervisory authority” with judicial powers under the “General Data Protection Regulation (GDPR)” of the European Parliament, for monitoring data privacy.
Also, the authority can engage in legal proceedings when the national provisions adopted pursuant to this directive have been violated, or to bring these violations to the attention of the judicial authorities.
New Zealand has an independent authority called the “Office of the Privacy Commissioner”, just to ensure the protection of civilian’s privacy and personal liberties. India ought to, but does not have any such legal framework. Hence, the Aadhar ends up violating child rights among such other security concerns.
__
REFERNCES:
- https://uidai.gov.in/about-uidai/unique-identification-authority-of-india/vision-mission.html
- https://uidai.gov.in/about-uidai.html
- https://www.ssa.gov/policy/docs/ssb/v69n2/v69n2p55.html
- https://catalog.archives.gov/id/12004494