Open Letter to the Finance Committee: UID and Transactions
Since official documentation from the UIDAI is very limited, we assume that data pertaining to transactions would comprise of the Aadhaar number, identifier of the authenticating device, date-time stamp, and approval/rejection/error code. Recording and maintaining of data pertaining to transactions is very important because it increases transparency and accountability through an audit trail. However, storage of such sensitive data creates many privacy risks, because more often than not metadata gives you as much intelligence as raw data.
For example – even if you didn’t have access to the Radia recordings – just knowing who she called, when, how frequently, in what order, and for how long, will give quite a comprehensive picture. Thus, we believe that such data should not be fully stored in a central database. By way of an open letter, we suggest three alternative ways of storing and securing data relating to transactions, so that transparency and accountability is preserved without enabling surveillance or profiling of individuals.
- Partial storage of data relating to transactions
Once a transaction is processed, half of the UID number is stored in the central database, while the other half of the number is stored with the service provider. Thus, for an agency to reconstruct the audit trail they must seek consent from the service provider and the UIDAI for information regarding a specific transaction. The process would follow steps like these:
- Send part of the Aadhaar number to the CIDR
- Service provider stores part of the Aadhaar number locally.
- Law enforcement and intelligence agencies seeking transaction data securing required approvals from the Home Ministry and then request data from the UIDAI and service provider
- Data is provided by UIDAI and the service provider and combined to reconstruct the audit trail.
- Storage of the public keys with a custodian
Similar to the model followed in the new wiretapping regulations1, the transaction details in the central database is secured using several custodians. Thus, no single entity has complete knowledge of access to the database. And if the transaction details are leaked to the public, the custodian can be held responsible for negligence. Thus, for an agency to reconstruct the audit trail they must seek approvals and request encrypted data. The process would follow steps like these:
- Encrypt transaction data with the public key of the ‘custodian’
- Store encrypted data in CIDR
- Law enforcement and intelligence agencies seeking transaction details require approvals from the Home Ministry, and then request encrypted data from the UIDAI.
- The custodian on receipt of the necessary approvals decrypts the data using his/her private key, and then the audit trail becomes available.
- Complete storage of transaction details at the service provider level
- Encrypt transaction data
- Store encrypted data at service provider level
- Law enforcement and intelligence agencies seeking transaction details require approvals from the Home Ministry, and then request encrypted data from each service provider. Audit trail is reconstructed by merging data sets from different service providers.
- The CIDR will only hold Aadhaar number, date-time stamp, and approval/rejection/error code.