Is Aadhar the only leak of demographic data?

Is Aadhar the only source to leak personal demographic data? As an ordinary consumer, I don’t think so.

Last year my car was insured with one car insurance company. How did the three other insurance companies call me this year for the renewal of my car insurance policy? It means that these other three insurance companies have my mobile number, know which car I drive, when my insurance expires, and they even know my car registration number. I don’t know what else they have on me but I can be pretty sure that they have my postal address as well, since they mailed me insurance policy without once asking for my address? Is that a leak of information or it is not? It is a threat to privacy or it not? When I complained bitterly to my original insurance company, all they could tell me was that they don’t give away the personal data of their customers. When asked how my personal data had become available to three other insurance companies that I had never dealt with ever before, they had no answer for me. I can’t help feeling that all insurance companies, share a common database of all insurers. But no one is speaking about it.

And what about the hundreds of spam SMS’s I get including offers to get me a second mobile number that is very close to my current mobile numbers but a difference of one or two digits from my current number? These SMS’s don’t even seem to go away in spite of activating DND. Frankly, I have given up on the wholesale invasion of my privacy in more ways than one.

This leads you to conclude that demographic data is available on a number of databases :insurance, financial services sector, telecom companies and other government databases for income tax etc. The biggest threat the Aadhar database faces is the third party operators that were given access.

What about the recurring calls from Ghaziabad in UP that spam me with calls on how I have not redeemed my credit card points, one of the ploys for credit card fraud? If not for Truecaller I might have fallen prey to these calls as well. They seem to know my name, my mobile number and even the last 4 digits of my credit card. I have no idea what else they know. Not to mention hundreds of SMSs from the real estate sector.

So when the recent sting operation by the Tribune journalist revealed that Aadhar data was available through agents at Rs 500 for the actual data, and Rs 300 to print it, the AIDAI response that demographic data is not useful without the biometric data, I thought was a very weak response. Does it mean that demographic data is leaking out of Aadhar, and the only safe piece of data is the biometric data? And a leak of demographic data is not considered serious enough?

Edward Snowden, the whistleblower in exile had a comment on this when he tweeted:

 

Snowden has captured the feeling of how citizens feel when their privacy has been violated when he says ;

‘We’re becoming less citizens and more subjects.’

Edward Snowden

While the Aadhar database is perhaps not yet being used for surveillance, which is something Snowden was rebelling against many years ago about the situation in the US, the current situation does reveal that the data could well be used for surveillance of any kind; private or governmental were it to fall into the wrong hands at the wrong time.

Before implementing Aadhar with such vigour across the system, we might have considered looking at our privacy laws. Currently, our privacy is protected by other laws like the Constitution and the Information Technology Amended Act, 2008 (ITAA). But unlike the EU we don’t have a separate privacy law which is critical now, with the huge proliferation of personal data available in several databases from cellular companies, financial institutions to government sources.

‘There would be no place to hide if this government ever became a tyranny’

Edward Snowden

The Personal Data Collection Bill has been unfortunately languishing with the government since 2006. While the original draft is perhaps hopelessly out of date and needs a lot of revision before it can be implemented, it needs to be put on the top priority list.

Digital privacy is going to become a moot point as India moves rapidly into the Digital Age and the future of Big Data!

 

Prabhakar Mundkur has spent 40 years in advertising and worked in India, Africa and Asia. He is currently Chief Mentor with HGS Interactive a part of HGS in the Hinduja Group. He is on the advisory board of Sol 's Arc (solsarc.org ) an NGO dedicated to special education for intellectually challenged children. He is also a member of Whiteboard ( whiteboardindia.org ) which supports senior management of NGOs in financial management, PR, Communication and HR through pro bono expertise.

5 Comments

  1. Very happy to read what you have written.I believe the Supreme Court needs to take note of what you and others have written about the dangers of linking AADHAAR with every conceive service.
    My expectation is that the SC will restrict the linking only to those persons’ accounts where a Government subsidy is being given and special concessions are being given(e.g.Public distribution of food grains etc).
    The passport is the document of citizenship. AADHAAR is a document of identity (not citizenship).
    If a passport copy is submitted, why the AADHAR?

  2. Thanks Guruduttanna for your comment. The original purpose behind Aadhar was indeed to ensure that special concessions given to the public would reach the final recipient, not only for food grains but for other government schemes like NREGA etc where because of middle men the amount disbursed by the government was falling into the wrong hands since the final recipient did not have a proper identification. However with the original scope of Aadhar being extended, we should have ensured that privacy laws were in place to protect our personal data, which has not happened.

  3. As you’ve pointed out, Aadhar is not the only source of privacy leak.

    I was surprised when I first got involved with Direct Marketing in the late 1980’s that data bases could be bought at will.

    One could buy census data, one could buy “market research data”, one could buy “cross-verified” data (where two or more databases confirmed the same information), one could buy “warranty” data (facts the consumer provides to ensure warranty on consumer durable purchases). So you could target your direct marketing by the price of the durable that had been bought.

    Companies ran sweepstake promotions just to be able to get the demographic data, and the cleverer ones with purchase behaviour as well. The prizes of these sweepstakes could be decided by the pricing system of the databases of that time: Rs. 1 per name and address, Rs. 5 if you also wanted phone number, Rs. 10 if you wanted to add any other purchase habit, and so on and so forth…. Thus if you wanted 1 lakh of marketable database you could afford to make your sweepstakes prize a car, a fridge or a television set, according to what you were prepared to pay for the data base. Those who remember the “Ramon Bonus Stamps” craze will remember how viral that went with consumers freely presenting their data so that they could redeem each transaction they made with a few rupees worth of bonus stamps.

    Now you know why e-commerce sites and food delivery companies and cab service companies can afford to out price their less digital competition.

    In the digital age I do not know the going rates but it is easy to figure out why a “free” service like WhatsApp can get a $19 billion valuation for a purchase by a company like Facebook who can now target advertising at you depending on your last conversation on WhatsApp. They had to buy it because their “advertising media competitor” was delivering ads based on what you were searching for or writing in your e-mail, or where you went to depending on how you used their map searching service, now accompanied by a friendly voice, in an accent of your choosing, to guide you.

    So, yes, people don’t need to sell data to get rich. They just sell the company that has the data. And has the potential to keep acquiring marketable data.

    The sin lies with those who pay for data.

    If one does not bribe, a bribe can not be taken.

    Other than by extortion.

    P.S. : I just realised that I am freely giving the blogging service you have chosen to use because of their easy to use features by providing them with my first and last names, my e-mail id and my website address. If I clicked twitter, facebook or g+ to have the pleasure of conversing with you, I would make your blogging service that much richer.

    Are you sure you are not breaching my privacy by writing so engagingly? 🙂 🙂 😉

    At least I am not giving your service provider my fingerprint and iris specs as yet. But if I had used a hardware device that used those features just to unlock my phone, I probably would have made that information available to your blogging service as well!

    PPS. Oh, sneaky. They insisted that http://www.univbrands.com is not a valid “url” and thus forced me to use one of my social media data bases. To get even richer!

  4. Wow Sumit. That is a fantastic addition to my article. You have pointed out how many data bases are there, how they are available for money. This does mean that the threat to our privacy is perhaps humungous. We do need a privacy bill now to protect its citizens and if they are not be converted to subjected a la Snowden. Thanks for the exhaustive comment. Cheers. Prabs

    1. The only problem that I see for a restrictive privacy bill is that useful apps like WhatsApp will not happen. Might be easier to make corruption laws more enforceable. Another law is not the solution. The privacy bill will also be breached with impunity.

Leave a Reply