Economic Times, August 29, 2017
Original link is here
The Supreme Court’s verdict affirming the fundamental right to privacy should not come as news to technology companies. The court merely codifies what should have been an article of faith for Internet platforms and businesses: the user’s space is private, into which companies, governments or non-state actors must first knock to enter.
The technical architecture of Aadhaar and its associated ecosystem, too, will now be tested before a legal standard determined by the court. But GoI should see this judgment for what it is: a silver lining. The verdict bears enough hints to suggest the court sees the merits in a biometrics-driven authentication platform.
In fact, Justice DY Chandrachud impresses upon the possibility of better governance through big data, highlighting that it could encourage “innovation and the spread of knowledge”, and prevent “the dissipation of social welfare benefits”. The court’s words should spur GoI to create a ‘privacy-compliant Aadhaar’.
But this requires systematic thinking on the part of its architects. The private sector, too, will have to put ‘data integrity’ and privacy at the core of their consumer offerings and engagement.
For starters, GoI must account for Aadhaar’s biggest shortcomings — its centralised design and proliferating linkages. A central data base creates a single, and often irreversible, point of failure. GoI must decentralise the Aadhaar database.
Second, Aadhaar must be a permission-based system with the freedom to opt-in or out, not just from the (unique identification (UID) database but from the many services linked to it. This must be a transparent, accessible and user-friendly process.
With a ‘privacy-compliant’ Aadhaar, GoI would not merely be adhering to the Supreme Court verdict, but also be on the verge of offering the world’s most unique governance ecosystem. Take Beijing’s efforts, for instance.
In 2015, the Chinese government unveiled a national project to digitise its large, manufacturing-intensive economy and to create a digital society. The ‘Internet-plus’ initiative aimed for the complete ‘informationisation’ of social and economic activity, and harvest the data collected to better provide public and private services to citizens.
China has no dearth of capital or ICT infrastructure. But the ‘Internet plus’ initiative has struggled to take off in any significant way. The project suffered from a fundamental flaw: Beijing believed by gathering information — from personally identifiable data to more complex patterns of user behaviour — the State would emerge as the arbiter of future economic growth, consumption patterns and, indeed, social or political agendas.
If a project like Aadhaar is to succeed, its underlying philosophy must be premised on two goals: first, to increase trust and confidence in India’s digital economy among its booming constituency of Internet users; and second, to ensure that innovations in digital platforms also result in increased access to economic and employment opportunities.
A privacy-compliant Aadhaar creates trust between the individual and the State, allowing the government to redefine its approach to delivering public services. The Aadhaar interface, that the Unified Payments Interface (UPI) and other innovations rely on, could well generate a ‘polysemic’ model of social security, where the same suite of applications cater to multiple needs such as digital authentication, cashless transfers, financial inclusion through a Universal Basic Income, skills development and health insurance.
But such governance models should not be based on a relationship of coercion or compulsion. It is heartening that India’s political class has embraced the court verdict.
A key reform missing in current debates about the UID platform is GoI’s accountability for its management. Aadhaar, to this end, should have a chief privacy officer who will be able to assess complaints, audit and investigate potential breaches of privacy with robust autonomy.
A privacy-compliant Aadhaar, with a bottom-of-the-pyramid financial architecture, would inspire confidence in other emerging markets to also adopt the platform, with Indian assistance. Companies and platforms must internalise that promise of black box commitments towards privacy and data-integrity may no longer suffice. These commitments must be articulated at the level of the board, and communicated to each user that engages with them. Overseers of data integrity must be appointed to engage with users and regulators in major localities.
The writer is Commissioner, Global Commission on the Stability of cyberspace