Based on a similar project being tried out in Maharashtra, the service allows people with Aadhar cards to store scanned copies of their passports, birth certificates, ration cards and other important documents on remote servers. This way, people can digitally back-up important documents and also send them over the internet to others, such as potential employers or banks, for availing themselves of other services.
The service, whose test version was launched on February 12, will be optional. But it could find takers from among the about 90% of India’s households who do not own a laptop or computer and the 95% that do not have an internet connection, according to the 2011 census. Experts are concerned that sensitive data stored in a central place could be stolen or misused.
“Any large linked database with personal information is a serious threat to citizen's data,” said G Nagarjuna, a researcher at the Homi Bhabha Centre for Science Education in Mumbai and a member of the Free Software Movement. “There exists no agency that could secure their data till date without any possibilities of data theft.”
Digitisation is not inherently a problem, experts say. It is the kind of information stored that is. There are two kinds of information people need to be concerned about, said Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, in an email to Scroll.in. Public domain information such as land records, pan cards and ration cards should be available to the public anyway. However, private information such as biometrics and passports are of concern.
“Unless the cryptography and architecture is organised in such a manner that only the citizen will have access there can be very serious consequences for the individual’s right to privacy,” he said.
The scheme raises the same concerns about privacy that came up during the creation of Aadhar cards, for which the government has collected biometric and identification data for 773 million citizens.
Information is power
Experts pointed to the dangers of the state having access to crucial data about citizens. The dangers are perhaps greater when the data passes into the hands of private corporations, they said.
The Indian government has not said who will run the central servers on which all the data is to be stored, but Maharashtra said in January that it would upload the data it was collecting to a private cloud service run by Microsoft.
“This is a terrible idea because it is centralising storage of personal information across silos controlled by different data controllers and also giving the citizen no control over who has access to his or her data," said Abraham.
“A blunder of the highest order is to pass this information to a cloud, and that too to a foreign company,” said Nagarjuna. “India is a sovereign republic, and hence we should assert this in the country’s digital assets as well. How secure can India be if our security is passed on to another agency that owes its allegiance to another country?”
Surykant Jadhav, joint secretary of the Directorate of Information Technology in Maharashtra, defended the scheme, comparing it to other optional services that the state provides such as online ticketing and filing of income tax returns. “The lockers are there only if people want to use it,” he said.
Cart before the horse
But the government ought to be trying to improve the basics, such as increasing computer and internet penetration, before launching value-added digital services, said Nagarjuna.
“What is the basic social or economic problem that the government is trying to solve by creating the digital lockers?” “Just as each citizen learns how to protect their assets, the digital natives of a digital society will eventually learn how to protect their digital assets. Digital India cannot be created without providing digital literacy to all the citizens. Did we do that? Once we do that, citizens will learn what is good for them, particularly for their own assets over which the government has no ownership.”