Instead, it appears that they're trying to give citizens more access to and control over their data which seems nice.
That said, the Indian government really don't have a great track record of securing citizens' data. I hope they do a better job this time.
This is the brainchild of Nandan Nilekani. He also developed UPI and Aadhaar. The former is amazing. The latter is... controversial at best. But they really fudged up user privacy, and essentially "tricked" millions into giving up their biometrics and personal info - which were then leaked, stored on US servers, etc. :(
Let's hope they've learnt from their mistakes.
More info about Aadhaar "scandals":
99% of the cases I see is humans being completely inept at handling data - most of them probably don't even realize the implications of such a central repository of data.
Fortunately, UIDAI has made some improvements. You can lock your biometric authentication and every request to verify will fail until you unlock for 10-15 mins. They have implemented a virtual ID over Aadhaar which can be used for verification without handing over your original number - but here's the problem, institutions have no idea that these numbers are valid too!
I do believe that a system like Aadhaar is necessary for India BUT govt institutions like UIDAI cannot and should not declare their end of responsibilities at just the technical level (which UIDAI frequently does by claiming that data is housed in secure vaults and encrypted and blah blah). If you build a system which will be responsible for a billion lives, you are also responsible for teaching people safety and enforcing requirements which minimise, if not eliminate, social engineering.
At the end of the day, you are a government institution, not a company.
UPI is one of the shadiest thing ever. A non profit whose owners are unknown built a suite of technologies and UPI was one of them. I think they did not even build it, it was built by some for profit company and non profit was a front to pimp this idea to government. When India went through the horror show of demonetization the government forced all the banks (most of which I government owned) to implement UPI, these banks who can not develop a webpage without getting their panties in twist suddenly had UPI stack working for them within few weeks (India's largest bank is SBI and their homepage is named mypage.htm, they do not allow ' $ and " in their passwords because they are "hacking characters").
Some people who work with the non-profit Indiastacks were in bay area recently trying to earn some silicon valley creds to pimp this to African countries.
UPI is great and works well but I am not sure the backstory is clean.
In reality I suspect they've created an extremely rich single digital target whose security isn't up to snuff if Aadhar is any indication, and the entire country is about to have an unintentional experiment with completely open finances.
Nandan Nilekani (cofounder of Infosys and one of the main architect of India digital payment movement - UPI ) launched Sahamati (='consent'), a private not for profit company, that aims to be self regulatory organisation for Account Aggregator ecosystem which aims to facilitate financial sharing among financial institutions with user consent.
Never trust a government launched projects which try to disguise itself as good for society and turn it into a tool against the citizens themselves.
For example India launched Aadhar for having identity of every Indian, but it was not enough now government is working on another project called National Population Register (which started in 2010 before aadhar was available and is unnecessary today), which will be used to issue another identity card and it will be at government discretion to decide who is the citizen of India (survey question for this asks the religion or ethnicity of the person according to rules framed by current government for NPR). It’s controversial and government of India is repeating copy of same statement what aadhar was designed for to determine and provide benefits to Indian citizens.
On the surface Indian government monetary agency says it will be on people’s consent on the other hand Government of India is launching another program to force every details of Indian citizen stored by companies like internet service providers, google, Facebook etc. to be accessible to government agency in India without users consent. Indeed Mozilla launched a campaign in India to get clarity on it, as it is happening in closed corridors of power without Indian citizens consent or knowledge.
Combine whole online history with each and every financial transaction and credit history and give it to government agency. It will lead very quickly to a dystopian world and there are example of governments in world already doing it. China can ban its citizens from travelling, buying daily necessities at a click of a button. USA can imprison anyone for even an unproven offence in many parts of the world like the way an executive arrested in Canada or American citizen kept in Guantanamo without trial or due process.
I hope there is a movement that government should be restricted to serving its citizen instead of ruling and controlling them.
Based on what I have seen so far only rich and powerful with resources thrive in autocracy, communism or democracy, for general citizens any remedy is costly and they will suffer even if may get some relief in the end it might be too late. If government becomes all too powerful as it is happening everywhere in the world now, dystopian world where rich and powerful rule the rest is not far away. (Government trying to become more powerful everywhere these days by taking away privacy rights, asking for unfettered access to financial and daily life, use them to restrict citizens).
This is made worse - btw - by privacy laws that limit access to data by you and me but not by powerful interests, w/ a history of ruining lives.
I'd add a few other observations:
- Information by itself isn't power, but is a power multiplier. Given any two entities, and an extant power imbalance, an informational equality between the two still favours the more powerful. Yonatan Zunger, chief architect of G+, made this point eloquently rebutting David Brin's "Transparent Society" argument.
- Privacy alone (or analogues such as anonymity or pseudonymity) are secondary to impunity as an enabling mechansim. For the disadvantaged, privacy and anonymity rights allow redress against the privileged. For the privileged, it's often immunity or impunity that offers sufficient protection. The "MeToo" movement, particularly Epstein and Weinstein cases, are examples of a sudden loss of immunity. For international espionage and terrorism, it's not mastermind wizardry so much as inability to effectively sanction which enables actors, state or non-state.
Some of the arguments raised against GDPR address this -- that the powerful will seek to have inconvenient content redacted, while ordinary citizens would be unable to. My read is that this risk is overstated, though it's one to consider.
The whole data-broker sector, predicated on bulk access to consolidated and well-structured data (postal address change records, DMV, voter registration, credit card purchases, credit scores, browser history, etc., etc., etc.) is a case in point of what you describe.