My computer assembler, Viresh, is a permanent resident of Almora. This doesn’t mean he lives there. His parents do. He migrated as a teenager to Delhi in 1993, and 11 months in a year, he operates out of a cubbyhole in Nehru Place. He lives in a rented apartment in Kalkaji.
His driving licence and passport are from Almora. It was easier to wangle paperwork since his folks own the “permanent residency”. His election ID and PAN are from Delhi. He went through hoops for them. He needed local proof of residence to open a bank account, etc. He could easily get a second passport on the basis of those documents.
Viresh is not a terrorist trying to maintain dual identities. A convoluted bureaucracy makes it necessary for him to be resident in two places. Anybody who has ever transferred cities will sympathise. A shift means a whole rigmarole of organising local ID. Without that, you cannot open a bank account, own a phone, or Net connection, have insurance, PAN, etc.
The Unique ID Authority of India (UIDAI) is supposed to plug this gap in governance. By providing a single UID to all residents of India, it will eliminate the need for multiple verifications and duplication. UID will be high-tech with digital photos and biometric data like fingerprints. Post-UID, passports, licences, PANs, etc., will be linked to it.
There will be a central registrar, a single-window for basic data (photograph, parents’ names, present address, permanent address, date of birth, biometrics, etc.). Partner-registrars such as the PDS system, regional passport offices, IT Department, etc., will add detail. UID would be assigned at birth and maintain a record of death as well.
UIDAI Chairman Nandan Nilekani is confident of meeting the rollout deadline in the last quarter of 2010-11. UID should empower hundreds of millions lacking in ID at the bottom of the pyramid. It should stop some leakages in PDS and NREGS and reach BPL targets who are not being reached.
In theory, UID should make it possible for itinerant day-labourers to open bank accounts. It should make life easier for everyone. The single-window should make it possible to get details (gender, marital status, residential address, etc.) amended quickly. More sophisticated uses such as credit card verification can easily be dreamt up.
UID dwarfs anything that’s ever been attempted. It will generate and maintain a database of 1.2 billion-odd records while interfacing seamlessly with whatever authorities request, information, verification and validation.
There lies the rub. India has inadequate data-protection laws. Section 43 and 43A of the IT Act is the sum and substance. That legislation wasn’t designed to cover UID and its linkages. It pertains only to electronic data. UID (plus partners) also involves physical document. Personal data has binary classification as sensitive or non-sensitive.There are no specified restrictions on usage of non-sensitive data.
Any post-UID legal framework must be both broader and more nuanced in treatment. You don’t want a policeman checking out the credit card limit before he writes a challan for a traffic offence. Nor should the local PDS shop be able to ascertain who has made RTI applications.
Metaphorically speaking, marketers would kill for UID data and it is unclear now what can be shared, or sold. Even worse, electoral rolls have literally been used to kill by communal rioters in Rwanda, Gujarat and Delhi itself. UID could lend itself very easily to such misuse.
The linkages between government departments and databases could measurably improve governance. But it could immeasurably increase leverage for unscrupulous officials to feather their nests. It creates potential avenues for new governance disasters. By keeping to his deadline, Nilekani is setting one for legislators, and for civil society. India must review and amend its data protection laws and do it now!