India's billion-member biometric database raises privacy fears
- Biometric database includes around a billion people
- Legislation could open access to security agencies
- Minority groups, opposition sees surveillance risk
- Government says new rules in fact less intrusive (Updates with parliament passing legislation)
NEW DELHI: India's parliament on Wednesday passed legislation that gives federal agencies access to the world's biggest biometric database in the interests of national security, raising fears the privacy of a billion people could be compromised.
The move comes as the ruling Bharatiya Janata Party (BJP) cracks down on student protests and pushes a Hindu nationalist agenda in state elections, steps that some say erode India's traditions of tolerance and free speech.
It could also usher in surveillance far more intrusive than the US telephone and Internet spying revealed by former National Security Agency (NSA) contractor Edward Snowden in 2013, some privacy advocates said.
The Aadhaar database scheme, started seven years ago, was set up to streamline payment of benefits and cut down on massive wastage and fraud, and already nearly a billion people have registered their finger prints and iris signatures.
Now the BJP, which inherited the scheme, has passed new provisions including those on national security, using a loophole to circumvent the opposition in parliament.
"It has been showcased as a tool exclusively meant for disbursement of subsidies and we do not realise that it can also be used for mass surveillance," said Tathagata Satpathy, a lawmaker from the eastern state of Odisha, speaking before the legislation was passed.
"Can the government ... assure us that this Aadhaar card and the data that will be collected under it - biometric, biological, iris scan, finger print, everything put together - will not be misused as has been done by the NSA in the U.S.?"
Finance Minister Arun Jaitley has defended the legislation in parliament, saying Aadhaar saved the government an estimated 150 billion rupees ($2.2 billion) in the 2014-15 financial year alone.
A finance ministry spokesman added that the government had taken steps to ensure citizens' privacy would be respected and the authority to access data was exercised only in rare cases.
According to another government official, the new law is in fact more limited in scope than the decades-old Indian Telegraph Act, which permits national security agencies and tax authorities to intercept telephone conversations of individuals in the interest of public safety.
"POLICE STATE"
Those assurances have not satisfied political opponents and people from religious minorities, including India's sizeable Muslim community, who say the database could be used as a tool to silence them.
"We are midwifing a police state," said Asaduddin Owaisi, an opposition MP.
Raman Jit Singh Chima, global policy director at Access, an international digital rights organisation, said the Indian law lacked the transparency and oversight safeguards found in Europe or the United States, which last year reformed its bulk telephone surveillance programme.
He pointed to the U.S. Foreign Intelligence Surveillance Court, which must approve many surveillance requests made by intelligence agencies, and European data protection authorities as oversight mechanisms not present in the Indian legislation.
The Indian government brought the Aadhaar legislation to the upper house of parliament on Wednesday in a bid to secure passage before lawmakers go into recess.
To get around its lack of a majority, the BJP presented it as a financial bill, which the upper chamber could not reject. It was returned to the lower house which passed it, as the ruling party has a majority there.
In its assessment of the measure, New Delhi-based PRS Legislative Research said law enforcement agencies could use someone's Aadhaar number as a link across various datasets such as telephone and air travel records.
That would allow them to recognise patterns of behaviour and detect potential illegal activities.
But it could also lead to harassment of individuals who are identified incorrectly as potential security threats, PRS said.
Sunil Abraham, executive director of the Bengaluru-based Centre for Internet and Society, said Aaadhaar created a central repository of biometrics for almost every citizen of the world's most populous democracy that could be compromised.
"Maintaining a central database is akin to getting the keys of every house in Delhi and storing them at a central police station," he said.
"It is very easy to capture iris data of any individual with the use of next generation cameras. Imagine a situation where the police is secretly capturing the iris data of protesters and then identifying them through their biometric records." ($1 = 67.0500 Indian rupees)