At the annual conference of the country’s fingerprint bureaus in Hyderabad last week, Ish Kumar, director of the National Crime Records Bureau, pitched for giving police limited access to the Aadhaar database for solving cases and identifying dead bodies. It would especially help the police identify first-time offenders who, Kumar said, are found to be involved in 80%-85% of criminal cases every year. It would also make it easier to identify around 40,000 bodies that turn up at mortuaries across the country every year, he added. The reason for Kumar’s pitch is obvious: the database of Aadhaar, the 12-digit unique identity number that the Indian state wants every citizen to have, contains the biometric information, including fingerprints, of nearly a billion Indians.
The proposal was immediately opposed by activists and cyber security experts on the grounds that it would endanger privacy and data protection. Moreover, they said, it is not a feasible idea to use Aadhaar to identify bodies.
“Partial access to Aadhaar database is easier said than done,” said Kislay Chaudhary, a cyber security consultant to several government agencies. “Technically, it could be a big challenge, almost unfeasible in terms of what details connected with Aadhaar to give access to. On this date, Aadhaar is linked with not just government schemes but also bank accounts and phone numbers. And different cases may demand different details.”
The Unique Identification Authority of India, which maintains the database, also shot down the proposal, saying the law does not allow it. Section 29 of the Aadhaar Act restricts the authority from sharing biometric information with any agency, no matter what the reason. The authority further claimed that it has not shared Aadhaar data with any security agency. The clarification came a day after Minister of State for Home Hansraj Affairs Ahir assured Kumar that the government would mull over the proposal.
Kumar did not respond to phone calls from Scroll.in or messages asking for details of the proposal.
For ease of investigation
Police forces across India have been trying to use Aadhaar for what are known as “smart and predictive policing” ventures. The Telangana police went further than most earlier this year, launching a project to geo-tag repeat offenders. According to reports, they went door to door with a list of “known criminals” and recorded their biometric and demographic details, thereby creating an Aadhaar-like database of their own. The exercise drew flak from activists and security experts, who raised concerns about privacy and surveillance.
However, senior officials in the Bureau of Police Research and Development, which assisted with and partially funded the project, claimed that it is not “directly linked” to the Aadhaar database.
In Delhi, the police have has been trying to use Aadhaar primarily for a different purpose: to identify the abysmally high number of unidentified bodies in the city.
They have been negotiating with the UIDAI for over two years about connecting their Crime and Criminal Tracking System for identifying bodies to the Aadhaar database, a senior official said.
The police’s spokesperson Dependra Pathak could not be contacted for comment despite repeated attempts.
According to the Zonal Integrated Police Network System, which records real-time data on dead bodies across much of northern India, 1,691 unidentified dead bodies were found in Delhi between January 1 and June 25 this year, an average of around 10 bodies a day, which roughly accounts for about 10% of all unidentified dead bodies found in India every day.
Most of the unidentified bodies are housed in the largest of the city’s 11 mortuaries at Sabzi Mandi in North Delhi. Senior police officials said the mortuaries are inadequate for the number of bodies that turn up. They are pushing for using Aadhaar to identify them, they added, to ease the space crunch.
Chaudhary said the police should not be given access to the Aadhaar database. But if they must use it for identifying bodies, he added, “make it a one-way process”. “For example,” he explained, “let the police send biometric details to the UIDAI through some sort of an application protocol interface and seek help on a case by case basis.”
Deepa Verma, director of the Delhi government’s forensic science laboratory in Rohini, said using Aadhaar to identify bodies was not even feasible. Since most unidentified bodies are found days after death, she explained, their fingerprints would hardly ever match with the fingerprints taken while they were alive.
‘It would be a disaster’
Security experts, meanwhile, are divided over whether the UIDAI should have considered Kumar’s proposal more seriously before rejecting it. Interestingly, at the fingerprint bureaus’ conference in 2013, the UIDAI’s then director general, Ashok Dalwai, had assured the security agencies they could use Aadhaar data for their investigations. It is important to mention that the Aadhaar Act, which now prohibits the sharing of biometrics, had not materialised then and the present day government led by the Bharatiya Janata Party, which was then in opposition had strongly opposed the idea of Aadhaar.
Prakash Singh, former police chief of Uttar Pradesh and Assam and director general of the Border Securities Force, said the UIDAI should have “drafted guidelines fixing accountability on part of security agencies, if needed, instead of denying permission in haste”.
Pavan Duggal, an advocate who specialises in cyber law, disagreed. “Sharing the Aadhaar database with the police would be a disaster,” Duggal said. “It is not only a question of privacy but also of human rights. The dictum of natural justice says a person is innocent unless proven guilty and having access to biometric data can enable police officials with malicious intentions to frame individuals in fake cases.”
The bigger question is that of data security, said Ajai Sahni, executive director of the Institute of Conflict Management. “First, India does not have any data protection law,” he pointed out. “Second, we have already witnessed instances of massive data leak and data abuse in the past few years. For a law-abiding citizen, privacy should be a secondary concern.”
In advanced countries such as the United States, for instance, security agencies have access to the database of social security numbers of citizens, Sahni added to back up his argument about privacy.
The nine-digit Social Security Number is given to all American citizens, permanent residents and working residents in the United States. But, unlike Aadhaar, it is not linked to biometric data.
It could well be argued that the UIDAI had little choice but to reject Kumar’s proposal. Not least because Aadhaar’s constitutional validity is under scrutiny and the Supreme Court, which upheld the right to privacy early this year, is likely to decide the matter soon.