Multipurpose national ID cards: Some concerns

The celebratory mood regarding the Multipurpose National ID Card project needs to be tempered with some introspection as to how it might impact data protection and privacy rights. In the absence of data protection laws and effective privacy-related legislation, the risk of misuse of the information held by the State should not be underestimated. Further, since much of the data will be collected and processed by private companies, ensuring accountability will be difficult if strong safeguards are not in place.

My organization, the South Asia Human Rights Documentation Centre (SAHRDC), had raised some of these concerns in a 2007 article, reproduced below:

***************************

Multi-Purpose National Identity Cards: Protection or restriction of rights?

In May 2007, the Indian Government launched a pilot project on Multi-purpose National Identity Card (MNIC) and issued cards in select regions of the country in contemplation of later implementing a nation-wide identification system. The Ministry of Home Affairs (MHA) claims the identification system will strengthen national security while facilitating efficiency in e-governance. The system will gather the personal data of Indian citizens—including gender, age, marital status, permanent address, names of family members—into a national register, the maintenance of which will be outsourced to a group of technology corporations. Each citizen will be assigned a specific number that will be used as a reference for various socio-economic databases including passports, driving licenses, and for accessing health care and education. The government hopes that the MNICs, which will require regular editing and maintenance, will ease interactions between the State and the citizen, and keep track of illegal immigrants. However, upon further examination of the MNIC system, it is clear that it has flaws that could jeopardise the fundamental rights of India’s citizens.

Impact on the right to privacy

The right to privacy of citizens will be greatly compromised if MNICs are made compulsory. Although there is sometimes a tension between individual privacy rights and national security, international law and India’s domestic law expressly set a standard in tort law and through constitutional law to protect an individual’s privacy from unlawful invasion. Under the International Covenant on Civil and Political Rights (ICCPR), ratified by India, an individual’s right to privacy is protected from arbitrary or unlawful interference by the state. The Supreme Court also held the right to privacy to be implicit under article 21 of the Indian Constitution in Rajgopal v. State of Tamil Nadu. Moreover, India has enacted a number of laws that provide some protection for privacy. For example the Hindu Marriage Act, the Copyright Act, Juvenile Justice (Care and Protection of Children) Act, 2000 and the Code of Criminal Procedure all place restrictions on the release of personal information.

Privacy is a key concern with respect to the MNIC scheme as all of an individual’s personal information will be stored in one database where the possibility of corruption and exploitation of data is far greater than when having the information disbursed. Risks that arise from this centralisation include possible errors in the collection of information, recording of inaccurate data, corruption of data from anonymous sources, and unauthorised access to or disclosure of personal information. Other countries with national identification systems have confronted numerous problems with similar risks such as trading and selling of information, and India, which has no generally established data protection laws such as the U.S. Federal Privacy Statute or the European Directive on Data Protection, is ill-equipped to deal with such problems. The centralised nature of data collection inherent in the MNIC proposal only heightens the risk of misuse of personal information and therefore potentially violates privacy rights.

In consideration of the risks involved in the creation of a centralised database of personal information, it is imperative that such a programme not be established without the proper mechanisms to ensure the security of each individual’s privacy rights. Unfortunately, India’s proposed MNIC programme lacks any provision for judicial review at the present time. Without credible and independent oversight, there is a risk of ‘mission creep’ for MNICs; the government may add features and additional data to the MNIC database bureaucratically and reflexively, without re-evaluating the effects on privacy in each instance.

Discrimination as an outcome

Furthermore, the implementation of a national identification system represents a vast increase in police power—a troubling prospect given the state of Indian policing and the excessive control of the Executive in its functioning. Indian police and other security forces have a history of abusing their power, from torturing those in their custody and setting up fake ‘encounter deaths’ to more mundane abuses like petty corruption and harassment. Such police abuses typically go unpunished. Thus it does not take a large leap of imagination to expect that some in the security services would abuse the MNIC programme—whether to discriminate against minorities, carry out arbitrary arrests and detentions, facilitate the targetting of opposition groups by political parties in power, and perhaps even blackmail people. According to Simon Davies of Privacy International, national ID cards in virtually every country where they have been introduced have facilitated discrimination. India need only consider the history of national identity cards in other countries and the history of police misconduct within its own borders to realise the potential threats that the MNIC scheme poses. Any perceived advantages of the MNIC programme must therefore be weighed against these very real costs.

As the former Privacy Commissioner for the Australian state of Victoria Paul Chadwick argued, the responsibility of proving whether one is acting lawfully or not should be on the state, not on the citizen. He gives examples of precautions taken to prevent abuse of police power in countries with centralised personal identification databases including parliamentary scrutiny, judicial review, statutory regulators, and protection for whistleblowers, but he argues that even these mechanisms are not enough to completely keep bureaucracies honest.

In the United States, there is at present a debate concerning the implementation of the REAL ID Act, which is meant to regulate all U.S. state-issued identification cards at a national level. As Professor Mark Rotenberg of Georgetown Law Center explained in a report to the Electronic Privacy Information Center, new stronger precautions are needed because of evidence of abuse of police power through security measures such as the REAL ID Act and the Patriot Act. Rotenberg suggests that an effective way to monitor how government uses the information it collects is to have entities independent of the government conduct oversight, and he adds that the potential abuse of police power will remain until there is effective judicial oversight of the use of the collected information.

Issue of access

Although a widely-implemented MNIC programme risks violating individual privacy rights and facilitating security forces’ violation of other fundamental rights, an MNIC programme that leaves some people outside its reach carries its own risks of denying human rights. The MHA seeks to make the possession of the card a prerequisite for citizens who wish to avail of certain governmental schemes, such as passports, driving licenses, health care, school enrolment and the like, in order to encourage all citizens to obtain one. Thus, no card, no services.

Switching to an MNIC system for the delivery of social services could result in the denial of fundamental rights of equality to Indians left without a card. Under Articles 13 and 14 of the Indian Constitution, the fundamental rights of citizens must be protected by the state, and the government is required to follow a policy consistent with the goals of equal opportunity and justice for all. Millions of Indians are at risk of never receiving MNICs and therefore may be excluded from accessing certain services, denied the freedom to travel, or prohibited from certain employment opportunities. The likelihood that MNICs will not reach all of India’s one billion plus citizens is high considering the government’s historic inability to account for everyone within the national borders. This is illustrated by the shortcomings of India’s electoral photo identity card (EPIC). According to records obtained from the Election Commission by the Hindustan Times, over 186 million Indian citizens eligible to vote do not posses EPICs even though the programme was created over a decade ago.

Proponents of the MNIC programme argue that people without MNICs could use alternative means of identification in order to obtain benefits until they are incorporated into the MNIC system. But those without MNICs—most likely the poor and members of tribal groups—would almost certainly also lack other sufficient forms of identification for the simple reason that they have never needed any. There is also the related issue concerning directive principles of the state policy in Part IV of the Indian Constitution. Among other things, the directive principles provide that the government should make laws with a view to ensuring for each citizen equal rights to an adequate livelihood, and social and economic equality and justice. Denying minority tribal groups or the rural poor certain government services and entitlements based on the lack of an MNIC is contrary to the guidelines set out by the directive principles. The net result of the MNIC programme may be a denial of access to government services in such a disproportionate and discriminatory manner that it would amount to violation of the fundamental right to equality.

Conclusion

The concerns mentioned above do not necessarily mean that India’s planned MNIC programme must be discarded, but they signal a need for oversight to protect the privacy and equality rights of India’s citizens from the inherent risks of a national database for personal information. Implementing and maintaining the MNIC system will generate high costs along with risks to safety, security, privacy, freedom, and liberty. MNICs should not become compulsory until there is an established judicial overview to ensure that the privacy rights of India’s citizens are not unlawfully violated. It is important that India confront and manage these risks and consider all alternatives before implementing the MNIC programme nationwide.

Source: Human Rights Features