A Failure to “Do No Harm” -- India’s Aadhaar biometric ID program and its inability to protect privacy in relation to measures in Europe and the U.S.

It is important that digital biometric identity systems be used by governments with a Do no Harm mandate, and the establishment of regulatory, enforcement and restorative frameworks ensuring data protection and privacy needs to transpire prior to the implementation of technological programs and services. However, when, and where large government bureaucracies are involved, the proper planning and execution of public service programs very often result in ungainly outcomes, and are often qualitatively not guaranteeable. Several important factors, such as the strength of the political and legal systems, may affect such cases as the implementation of a national digital identity system. Digital identity policy development, as well as technical deployment of biometric technologies and enrollment processes, may all differ markedly, and could depend in some part at least, on the overall economic development of the country in question, or political jurisdiction, among other factors. This article focuses on the Republic of India’s national digital biometric identity system, the Aadhaar, for its development, data protection and privacy policies, and impact. Two additional political jurisdictions, the European Union, and the United States are also situationally analyzed as they may be germane to data protection and privacy policies originated to safeguard biometric identities. Since biometrics are foundational elements in modern digital identity systems, expression of data protection policies that orient and direct how biometrics are to be utilized as unique identifiers are the focus of this analysis. As more of the world’s economies create and elaborate capacities, capabilities and functionalities within their respective digital ambits, it is not enough to simply install suitable digital identity technologies; much, much more - is durably required. For example, both vigorous and descriptive means of data protection should be well situated within any jurisdictionally relevant deployment area, prior to in-field deployment of digital identity technologies. Toxic mixes of knowledge insufficiencies, institutional naïveté, political tomfoolery, cloddish logical constructs, and bureaucratic expediency must never overrun fundamental protections for human autonomy, civil liberties, data protection, and privacy.

[1]  J. L. Carney The national criminal justice reference service , 1973 .

[2]  James F. Wilson Bureaucracy: What Government Agencies Do and Why They Do It , 1990 .

[3]  J. R. Scotti,et al.  Available From , 1973 .

[4]  Christian Parenti,et al.  The Soft Cage: Surveillance In America From Slavery To The War On Terror , 2003 .

[5]  K. A. Taipale,et al.  Technology, Security and Privacy: The Fear of Frankenstein, the Mythology of Privacy and the Lessons of King Ludd , 2004 .

[6]  Pam Dixon Medical Identity Theft: the Information Crime That Can Kill You , 2006 .

[7]  Conny Rijken,et al.  A human rights based approach to trafficking in human beings , 2008 .

[8]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[9]  C. Kuner Regulation of Transborder Data Flows Under Data Protection and Privacy Law: Past, Present, and Future , 2010 .

[10]  A Briefing Document on the National Identification Authority of India Bill, 2010: Questions of Constitutionality & Legislative Options Open to Parliament , 2011 .

[11]  I. Rubinstein Regulating Privacy by Design , 2011 .

[12]  Graham Greenleaf,et al.  Global Data Privacy Laws: 89 Countries, and Accelerating , 2012 .

[13]  Tanuj Kanchan,et al.  The Fingerprint Sourcebook , 2012 .

[15]  A. Anonymous,et al.  Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy , 2013, J. Priv. Confidentiality.

[16]  J. Henry,et al.  Adoption of Electronic Health Record Systems among U . S . Non-Federal Acute Care Hospitals : 2008-2015 , 2013 .

[17]  F. K. Boersma,et al.  Histories of State Surveillance in Europe and Beyond , 2014 .

[18]  Woodrow Hartzog,et al.  Obscurity and Privacy , 2014 .

[19]  Dr. S. Manimekalai A Study on Biometric for Single Sign on Health Care Security System , 2014 .

[20]  Richard Kissel,et al.  Glossary of Key Information Security Terms , 2014 .

[21]  The Origin of Fair Information Practices: Archive of the Meetings of the Secretary's Advisory Committee on Automated Personal Data Systems (SACAPDS) , 2014 .

[22]  P. Barnwal Curbing Leakage in Public Programs with Biometric Identification Systems: Evidence from India's Fuel Subsidies , 2015 .

[24]  Woodrow Hartzog,et al.  Should the FTC Kill the Password? The Case for Better Authentication , 2015 .

[25]  Luuk J. Spreeuwers,et al.  Designing a Low-Resolution Face Recognition System for Long-Range Surveillance , 2016, 2016 International Conference of the Biometrics Special Interest Group (BIOSIG).

[26]  M. Vaishnav When Crime Pays: Money and Muscle in Indian Politics , 2017 .

[27]  S. Privacy and Regulatory Innovation : Moving Beyond Voluntary Codes , .