This post has been self-published on Youth Ki Awaaz by Youth Ki Awaaz. Just like them, anyone can publish on Youth Ki Awaaz.

Note To Govt: Here’s How Not To Screw Up Your National ID

More from Youth Ki Awaaz

By Nikhil Pahwa:

At an ISOC Asia Pacific meeting on privacy last week, a representative of a government asked about how we can have National ID systems that protect privacy. From what I gathered from conversations that followed, several governments are looking to set up National IDs in the Asia Pacific region.

While having National ID system is by itself problematic, here’s a quick list I made, for how not to screw up your National ID, IF you want to have one despite its risks, along with an explanation for each point:

1. Make it optional: A mandatory National ID is a recipe for surveillance and runs the risk of citizens’ data being compromised in one way or another. Even an optional National ID stands the chance of becoming “voluntary but mandatory” – as the joke about Aadhaar goes – where making it mandatory for services that cover almost the entire population, such as getting mobile services, means that it becomes mandatory for the entire population. Remember that data will get collected, stored, shared and compromised. By making it mandatory, you rob people of the choice of not getting a National ID, and thus rob them of the option of protecting themselves against potential hacks, leaks and malafide intent and persecution from future or current dictators.

National ID’s, and associated data, do get hacked and leaked. Estonia, the poster child of digital governance, has had to suspend its digital ID cardsSpain is facing similar issues143 million social security numbers have been compromised in the US. At least 130 million Aadhaar numbers werer published online by the government in India.

2. Make it one of the many ID’s for authentication: Federated means of identification ensures that people can identify themselves where needed without necessarily compromising the only ID they have. A credit card theft doesn’t affect a debit card usage. A theft of a drivers license as an identity doesn’t affect collection of bank subsidy. However, the more linkages you create for a single ID, and the more places people use it, the risk of identity theft increases. By limiting usage – for example, for bank accounts, mobile phones, college exams, mutual funds, stock market trading, to a single ID, you run the risk of making that National ID a single point of failure for an individual. Databases will get compromised. Thus, you also run the risk of making it a single point of failure for your entire citizenry/population.

3. Give control to users, to change and revoke an ID: every instance of usage should be shared with the user who is supposedly using the ID, just like with messages and cash withdrawal. This helps because in case the ID is compromised, users can then contact the ID authority or the data controller, and ask them to revoke or freeze usage. The most important aspect of this is that the ID number must not be a permanent, non-changeable number. The Indian passport, for example, once stolen, is re-issued with a different number. There is also the issue of bounded rationality: that people don’t necessarily fully understand the implications of what they’re signing up for. Thus, if they feel, say a few years later, that having a National ID puts them at risk of their data getting misused or compromised, they must have the right to revoke it. Consent should not be forever.

4. Enforce the usage of derived authentication/pseudomisation: The usage of derived identification numbers, or of artificial and/or temporary identification numbers means that the core National ID does not typically get exposed. This means that each derived ID has a limited use case and/or a limited shelf life, and thus this mitigates the potential harm from a single ID leaking or being exposed. A National ID by itself should never be a means of identification. For example, see what Austria has done.

5. Give citizens legal right to recourse: A legal recourse is a deterrent against misuse. While it may sound inexplicable that someone cannot sue an entity that has stolen their data, or sue a data controller (which holds data) against improper storage/security or conduct when it comes to processing or storage of this data, that has what has happened in case of India’s National ID project, Aadhaar. There is no legal deterrent against, say, publishing data online, which has been done by 210 government websites, and just four of which have led to the publishing of data for 130 million. An option of a legal recourse against something that compromises your personal data acts as a deterrent against such acts. All it takes is one case to make everyone change the way they operate.

6. Purpose limitation for national ID usage: A National ID that is digitally linked to, and can authenticate a large number of services is likely to be seen as a key reason, and a significant convenience, for having a national ID. However, it’s important to not link the National ID for things where it is not absolutely necessary, where you don’t have an option for something to function without a linkage of that ID. The more the use cases for the National IDs, the more the risks of social hacks that can compromise even the most digitally literate citizens. This leaves the illiterate and the digitally illiterate, or neophytes, even more vulnerable: they do not know the risks of the consent that is given. This is where a consent is insufficient. Most importantly, the National ID should not be linked to sensitive personal data, such as DNA banks, Health records etc. The National ID becomes especially problematic when it is linked to external, non-governmental databases such as mobile numbers, and used to share personal data with a mobile operator, given that governments, ID authorities do not necessarily have the wherewithal or capacity to monitor the security practices of third parties.

7. No biometric authentication: I can’t emphasise this enough. Biometric information is a permanent identifier, and can be easily compromised. Fingerprints can be copied from high-resolution photographs, or from that glass that you just held. So can the iris. Social hacks can lead to copying of fingerprints, say, if someone puts a fake authentication machine before you, before they place a real one. Sure, credit cards can be copied too, but cards can be replaced. Your fingerprints cannot. If you have a permanent ID (say, Aadhaar) and a permanent password (your fingerprint), one getting compromised means someone only needs the other factor, and you’re compromised forever. Note that mobile One Time Password isn’t secure either, and has been used in hacks in the past, and mobile networks operate on a maximum of 44 bit encryption.

Outside of security, also note that digital, biometric authentication suffers from other issues: for example, lack of Internet connectivity for authenticationfingerprints getting worn out – an issue for manual labourers and the aged. Such situations could end up depriving those who really need it, for their benefits.

8. Data protection law comes BEFORE national ID: One of the key mistakes that India made with its National ID (Aadhaar), was that a data protection law isn’t there yet, but the National ID has been around for almost seven years. An Act governing the National ID wasn’t even passed until almost five years of the ID being around. Thus, no privacy principles have been established, and no norms regarding data collection, storage, transfer, linkages, sharing and disposal are in place. There are no penalties in place for violations of these norms either. It’s a free-for-all. Do not do this.

9. Don’t hurry, don’t push for 100% penetration: Undue haste and the creation of deadlines for enrolment for a national ID can create panic for citizens, and such situations lend themselves to exploitation and fraud, especially in scenarios where people are being denied their entitlements, or run the risk of key accounts – like their bank account – getting frozen for lack of having a mandatorily linked ID. Don’t subvert democracy for increasing speed of enrolment. Instead, if you must have a National ID, roll it out without undue haste, at peoples convenience, with improved checks and balances. Above all, don’t be daft enough to outsource enrolment to third-party agencies, paying them on a per enrolment basis, which then creates a perverse incentive of maximising enrolments. Speed causes more harm than good here.

10. A budget for citizen awareness, education and grievance redressal: Something as significant as a national ID project can lend itself to a lot of misinformation and misinterpretation. There are also likely to be several issues related to enrolment and registration, as well as authentication.

This is, of course, is besides the point that there are excellent reasons for not having a national ID:

1. Linking multiple databases to a single ID is harmful for citizens, and puts them at risk. it is more likely to form the basis of a mass surveillance system, and has a risk that a fascist regime can use it for ethnic cleansing or segregation.

2. It doesn’t address terrorism or volume based pilferage of benefits, which are likely to continue despite a national ID. I can, in fact, be used to deny people benefits.

3. It also creates a new power center, from the perspective of a single body which has the power to delist an individual from the database, thereby delinking them from essential services (if those are linked to a national ID).

4. It’s also worth noting that data is a toxic asset, and the harms of losing data when it leaks or gets hacked are far greater than the benefit of collecting and storing that data.

This post was first published here on Medianama.

You must be to comment.

More from Youth Ki Awaaz

Similar Posts

By Hammad Bin Rashid

By Alok Mishra


Wondering what to write about?

Here are some topics to get you started

Share your details to download the report.

We promise not to spam or send irrelevant information.

Share your details to download the report.

We promise not to spam or send irrelevant information.

An ambassador and trained facilitator under Eco Femme (a social enterprise working towards menstrual health in south India), Sanjina is also an active member of the MHM Collective- India and Menstrual Health Alliance- India. She has conducted Menstrual Health sessions in multiple government schools adopted by Rotary District 3240 as part of their WinS project in rural Bengal. She has also delivered training of trainers on SRHR, gender, sexuality and Menstruation for Tomorrow’s Foundation, Vikramshila Education Resource Society, Nirdhan trust and Micro Finance, Tollygunj Women In Need, Paint It Red in Kolkata.

Now as an MH Fellow with YKA, she’s expanding her impressive scope of work further by launching a campaign to facilitate the process of ensuring better menstrual health and SRH services for women residing in correctional homes in West Bengal. The campaign will entail an independent study to take stalk of the present conditions of MHM in correctional homes across the state and use its findings to build public support and political will to take the necessary action.

Saurabh has been associated with YKA as a user and has consistently been writing on the issue MHM and its intersectionality with other issues in the society. Now as an MHM Fellow with YKA, he’s launched the Right to Period campaign, which aims to ensure proper execution of MHM guidelines in Delhi’s schools.

The long-term aim of the campaign is to develop an open culture where menstruation is not treated as a taboo. The campaign also seeks to hold the schools accountable for their responsibilities as an important component in the implementation of MHM policies by making adequate sanitation infrastructure and knowledge of MHM available in school premises.

Read more about his campaign.

Harshita is a psychologist and works to support people with mental health issues, particularly adolescents who are survivors of violence. Associated with the Azadi Foundation in UP, Harshita became an MHM Fellow with YKA, with the aim of promoting better menstrual health.

Her campaign #MeriMarzi aims to promote menstrual health and wellness, hygiene and facilities for female sex workers in UP. She says, “Knowledge about natural body processes is a very basic human right. And for individuals whose occupation is providing sexual services, it becomes even more important.”

Meri Marzi aims to ensure sensitised, non-discriminatory health workers for the needs of female sex workers in the Suraksha Clinics under the UPSACS (Uttar Pradesh State AIDS Control Society) program by creating more dialogues and garnering public support for the cause of sex workers’ menstrual rights. The campaign will also ensure interventions with sex workers to clear misconceptions around overall hygiene management to ensure that results flow both ways.

Read more about her campaign.

MH Fellow Sabna comes with significant experience working with a range of development issues. A co-founder of Project Sakhi Saheli, which aims to combat period poverty and break menstrual taboos, Sabna has, in the past, worked on the issue of menstruation in urban slums of Delhi with women and adolescent girls. She and her team also released MenstraBook, with menstrastories and organised Menstra Tlk in the Delhi School of Social Work to create more conversations on menstruation.

With YKA MHM Fellow Vineet, Sabna launched Menstratalk, a campaign that aims to put an end to period poverty and smash menstrual taboos in society. As a start, the campaign aims to begin conversations on menstrual health with five hundred adolescents and youth in Delhi through offline platforms, and through this community mobilise support to create Period Friendly Institutions out of educational institutes in the city.

Read more about her campaign. 

A student from Delhi School of Social work, Vineet is a part of Project Sakhi Saheli, an initiative by the students of Delhi school of Social Work to create awareness on Menstrual Health and combat Period Poverty. Along with MHM Action Fellow Sabna, Vineet launched Menstratalk, a campaign that aims to put an end to period poverty and smash menstrual taboos in society.

As a start, the campaign aims to begin conversations on menstrual health with five hundred adolescents and youth in Delhi through offline platforms, and through this community mobilise support to create Period Friendly Institutions out of educational institutes in the city.

Find out more about the campaign here.

A native of Bhagalpur district – Bihar, Shalini Jha believes in equal rights for all genders and wants to work for a gender-equal and just society. In the past she’s had a year-long association as a community leader with Haiyya: Organise for Action’s Health Over Stigma campaign. She’s pursuing a Master’s in Literature with Ambedkar University, Delhi and as an MHM Fellow with YKA, recently launched ‘Project अल्हड़ (Alharh)’.

She says, “Bihar is ranked the lowest in India’s SDG Index 2019 for India. Hygienic and comfortable menstruation is a basic human right and sustainable development cannot be ensured if menstruators are deprived of their basic rights.” Project अल्हड़ (Alharh) aims to create a robust sensitised community in Bhagalpur to collectively spread awareness, break the taboo, debunk myths and initiate fearless conversations around menstruation. The campaign aims to reach at least 6000 adolescent girls from government and private schools in Baghalpur district in 2020.

Read more about the campaign here.

A psychologist and co-founder of a mental health NGO called Customize Cognition, Ritika forayed into the space of menstrual health and hygiene, sexual and reproductive healthcare and rights and gender equality as an MHM Fellow with YKA. She says, “The experience of working on MHM/SRHR and gender equality has been an enriching and eye-opening experience. I have learned what’s beneath the surface of the issue, be it awareness, lack of resources or disregard for trans men, who also menstruate.”

The Transmen-ses campaign aims to tackle the issue of silence and disregard for trans men’s menstruation needs, by mobilising gender sensitive health professionals and gender neutral restrooms in Lucknow.

Read more about the campaign here.

A Computer Science engineer by education, Nitisha started her career in the corporate sector, before realising she wanted to work in the development and social justice space. Since then, she has worked with Teach For India and Care India and is from the founding batch of Indian School of Development Management (ISDM), a one of its kind organisation creating leaders for the development sector through its experiential learning post graduate program.

As a Youth Ki Awaaz Menstrual Health Fellow, Nitisha has started Let’s Talk Period, a campaign to mobilise young people to switch to sustainable period products. She says, “80 lakh women in Delhi use non-biodegradable sanitary products, generate 3000 tonnes of menstrual waste, that takes 500-800 years to decompose; which in turn contributes to the health issues of all menstruators, increased burden of waste management on the city and harmful living environment for all citizens.

Let’s Talk Period aims to change this by

Find out more about her campaign here.

Share your details to download the report.

We promise not to spam or send irrelevant information.

A former Assistant Secretary with the Ministry of Women and Child Development in West Bengal for three months, Lakshmi Bhavya has been championing the cause of menstrual hygiene in her district. By associating herself with the Lalana Campaign, a holistic menstrual hygiene awareness campaign which is conducted by the Anahat NGO, Lakshmi has been slowly breaking taboos when it comes to periods and menstrual hygiene.

A Gender Rights Activist working with the tribal and marginalized communities in india, Srilekha is a PhD scholar working on understanding body and sexuality among tribal girls, to fill the gaps in research around indigenous women and their stories. Srilekha has worked extensively at the grassroots level with community based organisations, through several advocacy initiatives around Gender, Mental Health, Menstrual Hygiene and Sexual and Reproductive Health Rights (SRHR) for the indigenous in Jharkhand, over the last 6 years.

Srilekha has also contributed to sustainable livelihood projects and legal aid programs for survivors of sex trafficking. She has been conducting research based programs on maternal health, mental health, gender based violence, sex and sexuality. Her interest lies in conducting workshops for young people on life skills, feminism, gender and sexuality, trauma, resilience and interpersonal relationships.

A Guwahati-based college student pursuing her Masters in Tata Institute of Social Sciences, Bidisha started the #BleedwithDignity campaign on the technology platform, demanding that the Government of Assam install
biodegradable sanitary pad vending machines in all government schools across the state. Her petition on has already gathered support from over 90000 people and continues to grow.

Bidisha was selected in’s flagship program ‘She Creates Change’ having run successful online advocacy
campaigns, which were widely recognised. Through the #BleedwithDignity campaign; she organised and celebrated World Menstrual Hygiene Day, 2019 in Guwahati, Assam by hosting a wall mural by collaborating with local organisations. The initiative was widely covered by national and local media, and the mural was later inaugurated by the event’s chief guest Commissioner of Guwahati Municipal Corporation (GMC) Debeswar Malakar, IAS.

Sign up for the Youth Ki Awaaz Prime Ministerial Brief below