Need to protect people's data legally and technologically: Nandan Nilekani

He says Aadhaar is a much simpler system, but if it becomes ubiquitous and is used in several applications, then the number would go into every database and somebody can combine the databases

Nandan Nilekani, the technology billionaire who was the first chairperson of the Unique Identification Authority of India (UIDAI), the parent organisation for Aadhaar, said on Monday that data privacy is a major concern area in the country and there is a need to make sure that people are protected as much as possible both legally and technologically. “I think it is something we should take cognizance of and we should be concerned about,” said Nilekani at an event organised by trade body FICCI.

When asked if Aadhaar could be misused referring to the Supreme Court case, Nilekani said the case was fought on multiple dimensions and there were many arguments including data privacy. Data privacy, he said, is a broader argument beyond Aadhaar as it includes everything such as issues related to mobile phones and social media data. 

Aadhaar is a relatively much simpler system because the privacy problem becomes more acute when organisations collect personal data about people, while Aadhaar was never about collating that information, according to Nilekani. “It was about giving identity and doing the verification,” he said. 

However, one of the concerns was that if Aadhaar number becomes ubiquitous and is used in multiple applications, then the number would go into every database and somebody can combine the databases. But Nilekani said private companies can’t store the Aadhaar number. Instead, they need to use virtual ID (VID) and UID token as a substitute of Aadhaar number for the purpose of authentication. “A lot of features are there for privacy,” he said. 

When asked if it makes sense to have ‘personal digital security’ as part of the curriculum in the schools, as children are growing up in a digital ambience, Nilekani said, some basic hygiene of digital security should be there. 

Nilekani’s data privacy comments come at a time when the enterprises across the country are witnessing increasing cases of sensitive data exposure risks and breaches as services are rapidly getting digitalised. In February, French researcher Robert Baptiste, who goes by the online handle Elliot Alderson, claimed that he found a security breach that allegedly exposed millions of Aadhaar numbers of dealers and distributors associated with Indane, an LPG brand owned by the Indian Oil Corporation (IOC). 

Last week it was revealed that local search provider Justdial’s website was exposed which made the personal information of 100 million users “publicly accessible.” This included information such as names, email IDs, mobile numbers, genders, date of births, addresses, photos and occupations of the users. KrebsOnSecurity, a website about cybersecurity, reported last week that hackers had compromised IT services firm Wipro’s systems and used them to launch attacks on some of its clients. It also reported that cyber attackers may have targeted IT majors Infosys, Capgemini and Cognizant to access data of third-party company resources. 

Besides data privacy, there are also concerns about the surveillance state. “I think that (surveillance) is a concern we should have... somebody can listen to your conversations,” added Nilekani.

In China, there is ‘Social Credit System’ proposed by the Chinese government for creating a national reputation system to rate the trustworthiness of its citizens including their economic and social status. It works as a mass surveillance tool and uses big data and analytics technology.