SL-UDI project raises fears over Sri Lankans’ biometric data, with critics warning fingerprints and iris scans may face foreign control.
SL-UDI has triggered a serious national debate over whether the biometric data of nearly 22 million Sri Lankans could fall under foreign control.
Today, a country’s sovereignty is not measured only by its military strength or physical borders.
It is also measured by its ability to protect the sensitive biometric data of its citizens, including fingerprints and iris scans.
However, major concern has now emerged in society over the risk of sensitive personal data belonging to all Sri Lankans coming under the influence of a foreign country.
The reason is the proposed Sri Lanka Unique Digital Identity project, known as SL-UDI, or the new digital identity card project.
The Rs.10.4 Billion Aid Condition Trap
The project is being implemented with financial assistance of Rs.10.4 billion, equivalent to Indian Rs.300 crore, provided by the Indian government.
Although this may appear to be relief at first glance, critics say the most serious concern is that this is “tied aid”.
According to the tender conditions, the main tasks of the project are assigned only to companies of Indian origin.
Furthermore, the software for the project is also provided through India’s MOSIP platform.
What has caused even greater concern is that the Indian High Commissioner also serves as a co-chairman of the Sri Lankan committee overseeing the project.
When the funds, technology, and tender process are all linked to India, critics argue that reasonable suspicion arises over the security of Sri Lanka’s national data.
Indian Firms And Security Concerns
Five Indian companies have reportedly been shortlisted for the project.
However, critics say an examination of their backgrounds raises questions over possible national security risks.
Bharat Electronics Limited, known as BEL, is a military company operating under the Indian Ministry of Defence.
The key question being asked is how safe it would be to entrust Sri Lankans’ data to a company linked to another country’s military.
RailTel Corporation, owned by the Indian Ministry of Railways, is also among the companies named.
Critics claim the company has no international experience in handling digital identity systems of this nature.
Protean e-Gov Technologies has also come under scrutiny, with critics pointing out that it was previously rejected by Sri Lanka for being technically unsuitable under an earlier government.
Infosys and TCS have also been named, with critics alleging that both companies have faced accusations linked to large-scale technological breakdowns in India’s tax systems.
Is Aadhaar A Risky Model For Sri Lanka?
Sri Lanka is reportedly planning to implement a model based on India’s Aadhaar system.
However, critics point out that even the World Economic Forum has highlighted data breaches affecting millions of Indians through that system.
International reports have also indicated that some Indians lost benefits due to data leaks and technical errors linked to Aadhaar.
Broken Promises And Legal Changes
While in opposition, key figures in the current government, along with civil activists, strongly opposed the project.
Those who once described it as a “betrayal of the country to India” now appear to have changed their position after coming to power.
Critics say the danger has increased further because recent amendments to the Personal Data Protection Act have removed legal barriers to transferring data out of the country.
Safer Options Still Remain
Technical experts say Sri Lanka still has safer alternatives.
The country already has an e-NIC system, with 80 percent of the work completed at a cost of Rs.5.5 billion through a French company.
Sri Lanka could also seek a loan from an institution such as the World Bank, without being trapped in tied aid, and call for open tenders from international companies.
Experts also argue that highly secure digital identity models used by countries such as Singapore and Estonia could be adopted by Sri Lanka.
Critics are strongly urging authorities to conduct an immediate independent security audit to protect Sri Lanka’s data sovereignty before what they describe as an irreversible betrayal of national data takes place.
