Wednesday, June 26, 2013

Indian's Identity Crisis Between KYC, Aadhaar and CMS

By Arhaan Faraaz / Hyderabad

What is the main purpose of issuing citizens a passport? The idea, as the name suggests, is to enable a you and me to pass through another country’s port. It helps identify one as a citizen of a country, so that other countries know where you or I belong. The passport is one country’s guarantee to another that it is responsible for the person carrying the document.

But surprise! Thanks to stringent identity checks everywhere, the soft police state that India has become is forcing many citizens to carry their passports around to get into domestic airports, buy gold or start a bank account. From being an external validation document, the passport has become a domestic ID document.
What is the purpose of issuing taxpayers a PAN card? The idea is to give them a unique number so that their transactions can be matched, mapped and checked through backend software for potential tax evasion. But in India, the PAN card now travels in wallets, jostling for space with cash, credit cards and driving licences.

The PAN card has also become a primary identity confirmer. It is an essential requirement for opening bank accounts, or doing any kind of high-value financial transaction, but its largest role is about establishing identity. And getting it in future will become harder, Business Standard assures us.

What is the purpose of the Aadhaar card? It is proof of identity and residence -– not citizenship. The Unique Identification Authority of India (UIDAI) collects the biometrics of individuals residing in India—iris prints, fingerprints, demographic details, etc.—and issues you a unique number with which you can be identified anywhere and for validating any transaction. It is the ultimate weapon a police state can possess – and currently the Aadhaar card operates under no law, and has no legislation to protect the privacy of your data.

It is a rogue element in the pack.

But Aadhaar has become more or less mandatory without any law backing it since every other purpose—from obtaining PAN cards to starting demat accounts—can be served by seeding it with an Aadhaar number. It is a matter of time before every government department—from the provident fund office to banks to employment agencies to mutual fund registrars—will be demanding it. Aadhaar is voluntary, the UIDAI site assures us, but try arguing with your bank document-checker or the counter-girl at your mobile service provider. They don’t know that.

So what is one driving at? Four issues primarily.

One, Aadhaar is based on a very long list of documentary proofs – from credit card statements to letters of introduction from companies and educational institutions to even letters from MPs and MLAs, many of them possibly with criminal records. A thug can thus validate you Aadhaar form. And it has become the primary document for everybody – and it does not matter if you are not a citizen.

If you have an Aadhaar, you can get every other kind of document waived. It will become an entry point to legitimacy for every illegal migrant into India, or even crooks, even while it offers no legal protection to citizens who share their biometric data with the UIDAI.

Two, if Aadhaar becomes the primary number linking you to every possible transaction—from passports to bank withdrawals to tax returns to everything—it is like putting all your faith in the bureaucracy to protect you. In the wrong hands, Aadhaar details will compromise all citizen security. Anyone unscrupulous enough to be able to access your biometric data can use it to clean out your bank account – or even blackmail you. Aadhaar cannot be trusted till the law starts guaranteeing you your privacy and also provides clear safeguards against misuse.

Three, the whole business of KYC—know your customer—has now become a traumatic process for all citizens. If every single service you need from the state, private institutions (banks, mobile companies) or from anybody (civic authorities, gold jewellers, car retailers, or anyone seeking to sell anything above a certain value to you) needs a KYC, we are not only heading towards a police state, but also creating a new licence-permit raj with huge costs being loaded on to citizens without any corresponding benefits.

Four, the Centre is already arming itself with the capability to track every call, read every email of yours through an innocuously-named Central Monitoring System (CMS). Add the Aadhaar linkage, and it basically can map all your relationships and implicate you for someone else’s links to you – even if its one way. If some terrorist sent you a spam mail, you could be linked. Big brother is developing huge capabilities to reduce citizens to ciphers.

We need to ask ourselves the following questions:

1)   Does all this documentation and intrusion into private domains enhance our security one bit? Can we be certain that this sacrifice of privacy and addition of costs will prevent the next terror attack? There is no evidence of that.

2)  Do these KYC checks give us any kind of guarantee that our bank accounts won’t be hacked or that our phones won’t be bugged? For example, a bank account statement can help you validate a mobile service KYC. But should your mobile company have details of your bank records? Should he know how much money you hold in your bank account?

3)  Who is accountable if information is leaked from the system? We know how the Niira Radia tapes were leaked, and even Ratan Tata’s privacy could not be protected by the state or its officers. Then what about us?

4)  As citizens of a democratic country, do we need to be burdened with so many checks and counter checks? Have we compromised our freedom for minimal gains in security?

5)  How do we know the Aadhaar process is so safe when dogs, trees and chairs have been issued these numbers?

It is time to junk the whole nonsense of KYC as it is completely counter-productive. It is also time to question Aadhaar and its credentials. It should be scrapped if it does not guarantee citizen privacy with clear accountability established in case it is compromised.

What we need is a people-based system of identity and authentication where individuals can be authenticated by other individuals apart from documentation. Banks, mobile companies and other agencies should be asked to evolve their own system of verification instead of being forced to conform to government guidelines.

We all know how KYC norms were simply abandoned in the case of the CobraPost sting operations involving banks. When big money is at stake, KYC goes out of the window. KYC and harassment is only for lesser mortals.

No comments: