When the ticketing portal of the vast Indian Railways reported the theft of personal data from millions of customers in May it exposed the kind of nightmarish scenario being portrayed by those opposing ‘Aadhaar’ – a project to biometrically identify all Indian citizens and place them on a national database.

Aadhaar, easily the world’s largest biometric capture and identification project that has been in the making, received statutory in March after five years wrangling. And that after the present government moved it as a money bill to prevent it being stopped in the Rajya Sabha (upper house of parliament). That move has been challenged in the Supreme Court as unconstitutional by opposition leaders.

The court’s existing view on Aadhaar is that biometric identification should be voluntary. On 23 September 2013, the court ordered that “no person should suffer for not getting Aadhaar”.

Yet, since introduction, Aadhaar has been creeping up on the India’s 1.3 billion population with service after service being made unavailable to citizens who are not enrolled. To be sure Aadhaar has benefits. Already the system is being used to check late coming and absenteeism among government employees.

Aadhaar is now linked to everything from mobile phone SIM cards to passports and voter identification rolls. In March 2015, the government introduced the Aadhaar-linked ‘DigiLocker’ service which allows personal documents to be stored on the cloud and made accessible when required, say for passport applications. Aadhaar has helped stop the fraudulent withdrawal of pension funds by people representing hundreds of beneficiaries who died years ago.

There is support for Aadhaar from the corporate world. Mukesh Ambani, India’s wealthiest businessman, has described it as “the world’s largest online platform to deliver government welfare services directly to the poor.” But, there is more to it than the welfare of the poor. A clause in the Aadhaar bill says that apart from allocating entitlements, subsidies, benefits or services, it can also be used for commercial transactions.

The main objections to Aadhaar are no different from objections that have come up in other countries and they have to do with privacy. In the UK, plans to issue biometric national identity cards were dropped in January 2011 and there has been opposition enough in the US to slow down implementation of the ‘Real ID’ scheme.

India’s activists have been arguing that the country’s privacy laws should have been strengthened first, given that it is impossible to carry out a retrofit later. The Aadhaar Bill was rushed through with no provision for privacy safeguards or independent oversight. While there were assurances of safety, no guarantee of compensation has been specified in the event of leakages.

The gold standard on the privacy issue is the July 2014 report ‘The Right to Privacy in the Digital Age’ published by the then UN High Commissioner for Human Rights Navi Pillay. Her report opines that known and accessible remedies need to be provided to those whose privacy is violated. Rather than following Pillay’s recommendations, the Aadhaar Bill actually empowers the authority under which it is constituted to stop prosecution for action taken under the legislation.

This creates a window for misuse of the database. There is also pressure from the burgeoning biometrics industry. According to a study released by Technavio, the global biometrics market in the government sector is likely to grow at a compound annual growth rate of over 11 per cent until 2020.

Activists SciDev.Net spoke with say that once someone’s facial features, finger prints, palm profile and DNA details becomes part of a digital file it becomes impossible to protect them and these are bound to seep into commercial applications. Also, as camera technology advances, it will become easy to acquire facial close-ups and even iris-scans of people in a crowd, even at a distance of several metres. The question of who owns data whether acquired voluntarily, coercively or surreptitiously remains unanswered.

In contrast to Aadhaar, laws framed under colonial rule appear more benign. According to the 1920 Identification of Prisoners Act, biometric measurements like fingerprints can be taken only with the permission of a magistrate and these are to be destroyed on acquittal or after a sentence is served.