A leaked conversation between technology entrepreneurs and a lawyer has raised more doubts about the government’s intentions to push for changes to the law that governs India’s controversial digital identity program.

Over a billion people have already been registered under the Aadhaar program.

Individuals affiliated with a group called iSpirt were caught discussing ways to get around a Supreme Court ruling last September, that upheld the program but banned the sharing of data with any private entity.

One participant in the leaked conversation, Sanjay Jain, a former chief product manager of Aadhaar, now associated with several businesses around the program, responded to queries from Asia Times.

In light of this conversation, can this be described as a policy capture to aid private enterprise at the cost of citizens’ data?

None of the people who feature in the recording recollect being aware of this recording, and hence [it] is unauthorized. I believe that what you hear in the recording is a conversation where we were discussing the second blog that I was writing at that time, and speculating on how we see the scenario unfolding, eventually melding into the topic of the meeting. For a four-minute conversation, this is a wide swathe to cover. Our final views have been published in The Economic Times, on the iSpirt website and as comments on the Personal Draft Data Protection Bill.

It appears that your understanding of the Supreme Court judgment on Aadhaar is very different from ours. We have elaborated on our view in the published pieces that I sent you earlier. To summarize (and provide context for this message): We believe that the court primarily upheld the Act, with some changes. The Supreme Court has clearly stated in multiple places, that there is no bar on a user using his identity to access services. The change to section 57 in particular appears to derive from a need for judicial oversight (The majority judgment actually says so). Hence, for any use of Aadhaar, the government needs to provide a backing law. If required, this can be tested in court for constitutionality.

Our view, at that time, was that the govt will modify the act, to bring it in compliance with the judgment. This would become law, and then subordinate rules or regulations would be published, so that the ecosystem can function smoothly.

This is not any kind of policy capture, but trying to read the tea leaves so that we could inform the startup community, and also respond to the data protection bill appropriately. In fact, that point is made in the recording as well: That we see the judgment, and the data protection bill are aligned.

Has there been any interaction between you and officials in the government of India on the amended Aadhaar bill that is now in Parliament? Please share specifics

iSpirt has provided feedback on the Data Protection Bill (available on our website). We are hopeful that the government will introduce this bill to the Parliament shortly. We really have no strong views on the sequence of introduction between the Data Protection Bill, and the Aadhaar amendment bill, as long as both come in. Beyond the public feedback, we have not had any interactions with the government on either bill.

iSpirt has been described by some of you as an effort to avoid scrutiny in RIT [Right To Information] and CAG [Comptroller and Auditor General] audits as they do not help innovation. Isn’t that contradictory to the basic rationale of Aadhaar was to prevent leakages in welfare schemes through greater accountability?

You have pointed to a published iSpirt video, and appear to have misunderstood what was being said. Could you please point out where we are positioning iSpirt as an effort to avoid scrutiny RTI and CAG audits?

In your conversation, you talk about how to get around the ban imposed by the Supreme Court on the private access to Aadhaar data. In your opinion, why should private entities get access to data that has been collected by the government for subsidies only?

You have also asked for our views on the use of data: The published iSpirt view is that data must be used to empower individuals – which means that it must be used with their consent for purposes that they approve of.

My view has been that the data belongs to the individual; the government via the Unique Identification Authority of India (UIDAI) is only a custodian. The system must empower people to use this identity for their benefit. By the way, this is true for any identity – for instance, the Road Transport Organization (which issues driving licenses and road permits) does not dictate (outside of driving a vehicle) where I can, and cannot use my driver’s license as an identity. Similarly, the role of the UIDAI is being a custodian of the user data, and issuer of the ID. They should have a role in defining the standards on access to the UIDAI servers, and how the data must be stored, and handled. The use should be defined by user consent.

Please note that this is my personal view. I accept that a democratically elected government, through a constitutional process may have a different view. In fact, the previous law, the Supreme Court judgements and the current amendment provides the government or UIDAI with much more control than this. Interestingly, some parts of the Supreme Court judgement do echo this sentiment, that the user can use this identity where they like.

Khosla Labs had official(s) from UIDAI also as officials or members of its board. In your opinion, isn’t this a classic case of conflict of interest?

There is no conflict of interest in my sequential employments at the UIDAI and Khosla Labs. This was clarified by the UIDAI, and Khosla Labs. There was a period of about three years between my leaving the UIDAI, and the launch of Aadhaar Bridge. There was no allegation that Khosla Labs received any undue favors from the UIDAI. The UIDAI clarification was clear that there was no special access granted to Khosla Labs.

There is nothing inappropriate in any of these conversations or actions at iSpirt.