The National Identification Authority of India Bill (‘the Bill’) leaves many things unsaid. It has delegated most key areas relating to the institution of the system of unique identification (‘UID’) numbers (officially known as ‘aadhar’ numbers) to rules to be framed by the authority subsequently. Its definitions are almost all open-ended. Right from the public announcement of the project, to the drafting of the Bill, the furore over the introduction of this system of identification has only been growing. Those critical, as well as those in support of the project have based their opinions on the various hypothetical outcomes they believe this project could have on welfare schemes, privacy of individuals and indeed, the nature of governance in India. Such critiques are based on the ambiguities in the law and a suspicion that such ambiguity will prove to be particularly dangerous with respect to information privacy. In this context we will examine the exact contours of what this draft legislation does say, and the system of identification it envisions. Whether inevitable privacy concerns arising out of such a data collection excercise have been dealt with in a meaningful and comprehensive manner and furthermore, the manner in which the national security rationale has manifested itself in the project as well as the legislation.