1.Identification without consent-
With the help of your Aadhaar number, it is possible to track an individual’s activities across multiple domains of service using the mainframe database. This leads to identification without consent. Besides, there have been instances where unauthorized use of biometrics have been done to illegally identify people by matching of iris scans and fingerprints or facial photographs stored in the Aadhaar database, or using the demographic data to identify individuals without their consent outside the domain of law. The recent e-KYC data being used by several private firms is a good example of it.
Imagine Orwell’s 1984, Big Brother might as well be watching you, and he knows your Aadhaar number. With the accumulation of huge sets of private data, there is no guarantee if tomorrow the same data is used to keep track of where you go, what you eat and whom you meet. This is blatant violation of Fundamental Rights of people, and no enforcement mechanism to prevent this exists.
3.Illegal Tracking of individuals-
Having a database of private information of 1.27 billion people means that individuals may be put under surveillance without appropriate authorisation or legal backing using the authentication and identification records held by the authorities, such record also contains data on the time, location and the context of the identification, authentication and services availed.
Insider attack is one of the most dangerous threats faced with accumulation of private information of this scale. For instance, an attacker can collude with an insider who has access to database to misappropriate various components of the Aadhar system. Such types of attacks have occurred in the past in major developed countries like USA and UK.
5.Theft of data-
Having data of more than billion people is not the problem, but when it is coupled with dismal infrastructure, complications are bound to arise. Theft of data is prevalent everywhere, with nearly 1.4 billion data records being stolen by hackers only in 2016. Such data is later used by hackers either for revenge purposes, financial gain or coercing people through blackmail. It can also be sold to underground forums and used for illegal purposes such as accessing bank account details, identity thefts and so on. The problem is more grave in India, where no proper structure to protect this data exists.
6.Sale of private information-
Did you know that the data being collected by UIDAI is not the property of the Government? When the state holds the data it collects from its residents in its transactions, it only holds the data in fiduciary capacity and does not own the data. This means that the Government is also a customer in utilisation of your private data which is held by National Information Utilities, a non-governmental body, who actually own the data. NUI’s are private companies with the sole objective of making money out of your data. What’s more, the UIDAI is also a business entity governed by Companies Act and therefore has a separate legal entity not bound by law that recognizes the fiduciary capacity of the state. Your data is being sold, without even letting you know!