SC Constitution Bench on Aadhaar- Final Hearing (Day XXIX)

By Aditya Singh Chawla

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.

Rakesh Dwivedi resumed his arguments for the Respondents. He began with stating that if there were problems with the system, they should be fixed, rather than the system being demolished completely. He argued that under Section 8 of the Act, the sharing and use of information was confined specifically to the authentication process. He further argued that the mandate of Section 29 states that core biometrics cannot be shared.

Justice Chandrachud asked how the UIDAI planned to control the Requesting Entities. The Counsel responded that control could be in terms of technical specifications of the devices, mandating approved software, mandating information systems audits etc.

In response to Justice Chandrachud’s query about the framing of Sections 8 and 29, the Counsel reiterated that the sharing of information would be limited to the process of authentication. Further, only non biometric information could be shared under Section 29.

Next, there was some disagreement between the counsel and Justice Chandrachud on the interpretation of Section 8. The Counsel stated that the Requesting Entity would not know the purpose for the authentication, but only that authentication had been done. Justice Chandrachud stated that that could be true for UIDAI, but it was uncertain if that would be true for Requesting Entities. According to him, the language of the Act didn’t conform to this design. Justice Sikri added that that would also render Section 8(3) redundant. The Counsel responded that the Bench could chose to read the Act in that way.

Justice Chandrachud then gave an example of an individual who goes to the hospital for certain services. The hospital sought authentication for him, 122 days out in 6 months. He noted that that would be potentially extremely valuable information for pharmaceutical companies, insurance providers etc. Until there was a data protection law, this could be a problem.

The counsel responded that no other jurisdiction has the sort of protections that the Aadhaar Act provides. Justice Chandrachud asked if the protection under the Act was all the data protection the citizens of India would ever need. He also gave the example of the European Union’s General Data Protection Regulation as an example of a comprehensive framework for data protection. The Counsel replied that the Aadhaar Act was sufficient, and in many ways superior. According to him, the GDPR has no penal provisions, and the States have to enact their own, which creates a patchwork. The Counsel argued that the Aadhaar framework has technological security, auditing, as well as penal provisions in place. He went on to say that there could never be 100% surety about anything. The standard to be sought was that of reasonable safeguards, and reasonable protection. He noted that none of the Petitioners had pointed out what more could be done.

Justice Chandrachud then noted that according to the Counsel’s reading, Sections 8(3) and 29(3) could be excised from the Act. The Counsel responded that nothing needed to be excised from the Act, only clarified. Further, there was no intent, purpose, or objective in the Act to allow aggregation of data, its analysis or transfer. In addition, any breach of the provisions would be punitive.

Justice Chandrachud observed that it is hard to predict commercial ingenuity, and it wouldn’t be possible to tell what use the Requesting Entities could make of the data with them. Justice Sikri interjected with the earlier hospital example, noting that the hospital would already have the data about medical treatments of the patients, and may not need Aadhaar to get that information. The main apprehension was one of misuse. The counsel agreed, questioning whether Aadhaar was adding to the problem, or making it worse in any way.

Justice Chandrachud noted that they must evaluate what safeguards can be introduced. He noted that data about individuals was now being used to influence electoral outcomes.

The counsel responded that Cambridge Analytica should not be brought into the discussion, because the nature of the data was different. Justice Chandrachud interjected, stating that that incident was symptomatic of the present times. The counsel responded arguing that the algorithms employed were different. There is a difference between matching algorithms (which Aadhaar uses) and sorting algorithms (which these companies use). He argued that there were many different types of algorithms, and the Petitioner’s had confused this distinction.  He concluded that the data could not be analyzed by the Respondents. If at all, they would have to go through proper procedure.

The counsel continued, stating that Smart Cards were entrenched technology and that the Smart Card lobby in the West didn’t want Aadhaar to succeed. He claimed that other countries like Singapore were looking to replicate our model.

Justice Chandrachud noted that the issue was that there is a big world that interacts with Aadhaar. He said that the UIDAI might only be the least of their problems, since it is a government entity subject to a lot of scrutiny. The Counsel reiterated that only matching algorithms are used.

Coming back to the Act, the counsel submitted that Requesting Entities cannot be enrolled unless they establish the need for authentication.  Justice Chandrachud asked what the purpose behind opening Aadhaar to private players was. In response, the Counsel argued that the nature of the public-private divide was changing. Private companies have been entering fields that were historically the domain of the public sector. The companies are funded by money from Banks, where the people have made deposits. So, it was actually the public that is funding these players. He argued that private players that perform public functions should also be subject to constitutional norms, review and scrutiny. Currently, public companies are subject to many restrictions, such as standards of reasonableness, while no similar shackles apply to private companies. He concluded stating that that was a larger debate for another time. For now, all that was necessary to know is that private players are also regulated by the Act.

The counsel then moved on to responding to the Petitioner’s argument that the Aadhaar framework amounted to the numbering of human beings. Counsel argued that we have been numbering humans for a long time. He cited the PNR number for flights as an example. He also noted that the Supreme Court proximity cards were numbered.

Justice Chandrachud responded that Aadhaar was a unified identity, as opposed to multiple identifying numbers. The counsel responded that just because they were assigning numbers for a specific purpose, didn’t mean that they were numbering people. Further, they were not collecting information such as race, caste etc.

Justice Chandrachud then asked how the Aadhaar became a mandate, from a mere entitlement. The Counsel responded that the Aadhaar was an entitlement, and the UIDAI was mandate neutral. It is the government that notifies that certain linkages are mandatory. Each of these could be examined or challenged separately.

The counsel resumed his arguments after lunch by examining the scope of Section 57.  He argued that the objective of the section was not to expand, but to limit power. He submitted that if this limitation did not exist, anyone could become a Requesting Entity. The provision requires that there must be a law, or a prior contract.

Justice Chandrachud asked if once there was a prior contract under Section 57, if the UIDAI would be bound to offer authentication.  The Counsel responded that UIDAI could still refuse, and there was a requirement of necessity. Further, this embargo was applicable to anyone, which is why State Resident Data Hubs are no longer possible.

The Bench noted that nothing in the Act seems to give UIDAI this type of discretion, and questioned whether there were any guidelines for how the UIDAI would come to its decisions. The counsel responded that the power came from Section 57. He gave the example of the CBSE, noting that there had been many cases of fraud. The Board could apply to be a Requesting Entity for the purpose of conducting the exam. However, this would require the presence of a prior contract, and it cannot be an ex post facto exercise. He argued that this contract must also state that authentication must be in accordance with Sec. 8 and Part VI of the Aadhaar Act.

The counsel then went on to examine the Information Technology Act, arguing that all the provisions and safeguards under that Act and its Rules would also be applicable. For instance, the CIDR had been notified as a protected system under the Act.

The counsel then discussed the attributes and benefits of biometric data. He argued that Aadhaar brings service providers face to face with the beneficiaries. He noted that Aadhaar would not be a panacea for all problems, but the issue of fake identity documents would be solved.

He then responded to other arguments raised by the Petitioners. In response to the argument that there was no legal mandate to store information in the CIDR, he brought the Bench’s attention to Section 10 of the Act. On the argument of the use of foreign suppliers and licensors, the Counsel responded that the hardware all belonged to the UIDAI, and even technicians only had access when there was some troubleshooting required. In response to the system being probabilistic, he argued that there were appropriate fall back mechanisms under Section 7.

The hearing will continue on April 18, 2018.

Aditya is an Analyst at the Centre for Communication Governance at National Law University Delhi

 

SC Constitution Bench on Aadhaar and the Fundamental Right to Privacy – Day I

In October 2015, a 3 judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. The reference was mainly to determine the existence of a right to privacy as a fundamental right, after the Government of India argued that there is no such fundamental right under the Constitution of India. The arguments were originally made in Justice K.S. Puttaswamy (Retd.) & Another v Union of India and Others. Under this petition, the Indian Government’s Aadhaar project was questioned on issues such as a lack of procedural safeguards, coercion for enrollment and blocking access to multiple schemes by permitting access only through Aadhar in this matter. Several petitions that address various facets of the Aadhaar project have since been tagged with this petition.

Nearly two years after this reference, a 5 Judge constitution bench of the Supreme Court of India (SC) heard arguments on whether the Constitution of India provides for a fundamental right to privacy earlier today. After hearing limited arguments from both sides, the Court decided that this limited question on the existence of a fundamental right to privacy will be heard and decided by a 9 judge constitution bench tomorrow (July 19, 2017).

The proceedings began with the bench asking the respondents to identify the scope of the question before them, and their position on the issue. The Attorney General (AG) stated that while it is admitted that there is a right to privacy under common law, the Constitution of India does not explicitly provide for a fundamental right to privacy. He further stated that based on the judgments in Kharak Singh v. State of Uttar Pradesh and M P Sharma and Others v. Satish Chandra it is clear that there is no fundamental right to privacy under the Constitution of India, and that subsequent judgments on the issue are per incuriam. The AG stated that the issue before the court is whether there is a ground to distinguish these two judgments.

At this stage, Justice Chandrachud observed that these judgments were made on the basis of the prevailing doctrine at the time as described in A K Gopalan v. State of Madras, which treated each fundamental right as an individual and separate right. He further observed that this doctrine was overturned under Maneka Gandhi v. Union of India, which provides for a new reading of fundamental rights, and that the rights must be read together.

Reiterating his earlier argument, the AG observed that the ratio in the Kharak Singh judgment clearly states that there is no fundamental right to privacy under the Constitution of India. He submitted that the immediate issue before the Court should be limited to whether or not the judgments in Kharak Singh and M P Sharma continue to be binding, or have been distinguished by the subsequent judgments (of smaller benches) on the issue.

Justice Chandrachud and Justice Chelameswar both intervened, pointing out that the Kharak Singh judgment is limited to a discussion on the right to privacy in the context of surveillance, and makes specific reference to the Fourth Amendment of the Constitution of the USA in this context. It was observed that while the judgment in Kharak Singh does refer to the lack of a specific right to privacy under the Indian Constitution, this statement is not central to the ratio in the judgment. Justice Chelameswar observed that it is difficult to accept an argument against a constitutional right to privacy if a common law right to privacy exists, and predates the Constitution. He also noted that several (smaller) benches of the court have since recognised the right to privacy under the right to personal liberty.

The AG questioned whether the present 5 judge bench, could overrule the Kharak Singh and M P Sharma judgments which were both made by larger benches (6 and 8 judges respectively).

Justice Chandrachud also subsequently reiterated his observation that the judgment in Kharak Singh was made on the basis of the doctrine set forth in A K Gopalan. This approach has since been discarded post the Maneka Gandhi judgment, which also overruled the Kharak Singh judgment and adopted the minority / dissenting judgment in Kharak Singh.

The Chief Justice of India also intervened, stating that it was unnecessary to further argue the merits of this issue if it needs to be decided by a larger bench, and that it was not necessary for the entire matter (i.e. the entire petition) to be argued before a larger bench. He suggested that the limited question being discussed before the court may be argued before a larger 9 judge constitution bench immediately. He also suggested that once the decision of the 9 judge bench is available, the matter could go back to the original bench that was hearing the petition.

At this stage the counsels for the petitioners observed that several questions relating the existence of a fundamental right to privacy were of constitutional importance, and must be discussed. The counsels stated that several developments have occurred in jurisprudence since the judgments in Kharak Singh and M P Sharma were written, both in India and internationally, and noted that a full discussion needs to be had on the nature of this right. The Chief Justice agreed, and stated that this larger question will be referred to the 9 judge bench. The counsels for the petitioners also argued that subsequent to the decision of the 9 judge bench, the full petition should also be heard before a 5 judge constitution bench, given the importance of the matter.

The order of the Court states as follows: “During the course of the hearing today, it seems that it has become essential for us to determine whether there is any fundamental right of privacy under the Indian Constitution. The determination of this question would essentially entail whether the decision recorded by this Court in M.P. Sharma and Ors. vs. Satish Chandra, District Magistrate, Delhi and Ors. – 1950 SCR 1077 by an eight-Judge Constitution Bench, and also, in Kharak Singh vs. The State of U.P. and Ors. – 1962 (1) SCR 332 by a six-Judge Constitution Bench, that there is no such fundamental right, is the correct expression of the constitutional position. Before dealing with the matter any further, we are of the view that the issue noticed hereinabove deserves to be placed before the nine-Judge Constitution Bench….”

The order does not specify whether the petitions will be placed before the original bench or a 5 judge bench once the 9 judge bench has made its decision.

It has been argued that without the right to privacy, our other rights will not stand for much. The decision of the 9 judge bench will be of importance in determining the validity of the Government’s Aadhaar project. It will also be of equal importance in determining the rights of India’s citizens in a world which affords increasing value to the collection and use of personal information (often indiscriminately), whether for public or private purposes.

Linking PAN with Aadhaar – Update from the Supreme Court Hearing (Day – III)

In the on-going case challenging the constitutionality of Section 139AA of the Income Tax Act (‘IT Act’), the petitioners concluded their arguments today. Our coverage of the arguments made over the last two days can be found here and here.

Today, the petitioners’ counsel elaborated on the concept of informational self-determination, as propounded by the German Federal Constitutional Court in the landmark Census decision of 1983.[1] Relying on three scholarly pieces[2], he explained that informational self-determination stemmed from the fundamental rights of human dignity and personal liberty. Collectively, these two rights formed the constitutional right to personality under the German legal framework. Informational self-determination was therefore not just a necessary condition for the free development of one’s personality, but also an essential element of a democratic society. He argued that irrespective of whether this was a constitutional value under the Indian framework, it was a legitimate value and concern for the petitioners before the Court.

The petitioners, and others who object to the Aadhaar project must have the right to informational self-determination to not give their personal information to private entities empanelled by the Government. The counsel argued that UIDAI’s enrolment process was through a network of private entities and reiterated that more than 34,000 had been blacklisted for various reasons. This, in his view established the lack of control exercised by the government during the enrolment process. Further, he relied on UIDAI’s Handbook for Registrars[3] to show that even registrars (who may be state governments, or other public or private entities) are at liberty to retain biometrics and use them for other purposes. In his view, this represented a complete destruction of personal autonomy. He argued that the IT Act could not compel him to part with his biometrics under such circumstances.

The second main ground advanced by the petitioners’ counsel was ‘compelled speech’ as a violation of Article 19(1)(a). He distinguished giving demographic information to government authorities for a singular, defined purpose from information collection under Aadhaar. As per him, the state could not compel an individual to provide fingerprints and iris scans to private third parties. He cited Bijoe Emanuel v. State of Kerala (1986) 3 SCC 615 in support of this contention.

On proportionality, it was argued that the number of PAN cards for individuals (as per the Central Government’s figures) was 29 crore. When seen against the government’s figures for duplicates, this would only amount to 0.4% of all PANs. On the other hand, the intrusion caused by enrolling for Aadhaar would be tremendous.

The petitioner’s counsel reiterated his argument on the legislature lacking competence to enact Section 139AA. He stated that the doctrine of eminent domain was limited to land and could not be extended to one’s body, except under narrowly tailored circumstances under legitimate circumstances. Therefore, the legislature lacked competence under Entry 82 of List I or any residuary power to enact a statute compelling parting with such intimate information.

While summing up, he also reiterated the argument on voluntariness, relying on Lord Atkin’s dissent in Liversidge v. Anderson (1942 AC 206) to emphasise that voluntary could never be interpreted as mandatory.

Finally, he urged the Court to strike down Section 139AA of the IT Act, or alternatively, read down the mandatory nature of the provision to make it voluntary. He also suggested that if the bench thought issues such as informational self-determination and compelled speech are too intertwined or if it appeared not appropriate to decide this matter independently, they may be referred to a larger bench. However, considering the irreversible consequences created by the 1^st July deadline, he pressed for interim relief to stay the application of the Act or restrain the government from taking coercive steps for non-compliance. He added that protecting against invalidating one’s PAN would also be essential.

A third petition, which was subsequently filed, was also argued in Court today. The counsel for this petitioner (Mr. Dashrathbhai Patel) contended that Section 139AA was a ‘confused, self-defeating and self-destructive’ provision. He pointed out that the Explanation to the section assigned meanings to several terms as per their definitions under the Aadhaar Act. In such a circumstance, borrowing the definition of ‘enrollemt’ from the Aadhaar Act (where it was a voluntary exercise), made it impermissible to make it mandatory under the IT Act. Secondly, it was contended that the definition of demographic information under the Aadhaar Act specifically prohibited collecting information related to income. By linking PAN with Aadhaar, Section 139AA was facilitating the convergence of income information, in direct contradiction with the Aadhaar Act. He argued that what was impermissible directly could not be permissible in an indirect manner.

With this, the petitioners concluded their arguments before the Supreme Court today. The Central Government will respond on 2^nd May (Tuesday).

­­

Disclosure: The author assisted the petitioners’ (Maj. Gen. Vombatkere and Mr. Bezwada Wilson) lawyers for today’s arguments.

[1] BVerfGE 65, 1.

[2] Bernd R. Beier, Genetic Testing and the Right of Self- Determination: The Experience in the Federal Republic of Germany 16(3) Hofstra Law Review 601-614 (1988); and Susanne Baer, Dignity, Liberty, Equality: A Fundamental Rights Triangle of Constitutionalism 59(4) University of Toronto Law Journal 417-468 (2009); Gerrit Hornung and Christoph Schnabel, Data protection in Germany I: The population census decision and the right to informational self-determination 25(1) Computer Law & Security Report 84–88 (December 2009).

[3] p. 16

Linking PAN with Aadhaar – Update from the Supreme Court Hearing (Day – II)

The petitioners resumed their arguments in the case challenging the constitutionality of Section 139AA of the Income Tax Act (‘IT Act’). This provision mandates individuals to link their Permanent Account Numbers (PAN) with their Aadhaar number. The background to the case and our report from yesterday’s hearing can be found here.

The counsel for Maj. Gen. Vombatkere and Mr. Bezwada Wilson continued his arguments today. Today’s hearing commenced with pointing out that despite the government’s assurances, the Aadhaar framework was extremely porous and ineffective. That 34,000 enrolment agencies have been blacklisted was pointed out to substantiate this claim. It was also pointed out that biometric technology itself is fallible – instances of a hacker successfully copying the German Defence Minister’s fingerprints and Angela Merkel’s iris scans were also pointed out. Further, replies to RTI queries showed that more than eighty-five lakh Aadhaar numbers had been de-activated due to biometric and demographic errors discovered later. The counsel also apprised the bench of Aadhaar numbers being issued to dogs, trees, chairs and ‘Coriander s/o pulao’. Pertinently, he outlined concerns about Aadhaar data being leaked by several state and central government portals. These facts were brought to the Court’s attention to emphasise that the petitioners were conscientious objectors to the Aadhaar project and had serious apprehensions regarding its robustness, among other issues.

With the court’s permission, the counsel then revisited the Supreme Court’s interim orders in the main challenge to Aadhaar. He pointed out that due to the reference order, and the difficulties associated with forming a large bench, the case had essentially been ‘canned’ or ‘put in deep freeze’. However, he emphasised that at each stage, judges had been conscious of the gravity of issues involved and had consequently protected citizens with strong interim orders. This was done to protect individuals’ interest and prevent a situation of fait accompli. Particularly with respect to the order passed on 15 October 2015, it was pointed out that the Central Board of Direct Taxes was also a party before the Court in that interim order.

The counsel highlighted the graveness of the issues involved. If allowed, Aadhaar was likely to fundamentally alter the relationship between the citizen and the state and put every citizen on an ‘electronic leash’, enabling real-time surveillance. The Attorney General objected to this line of argument, contending that issues of privacy must not be raised in this case, in light of the pending reference.

On the issue of Section 139AA specifically, it was prayed that the provision must either be struck down or read down to make it voluntary. The submission was that the scheme of the Aadhaar Act was purely voluntary – it created a right to enrol for Aadhaar, but imposed no duty to do so. Reading sections 3 and 7 of the Act, he argued that in addition to being purely voluntary, the only detriment could be the denial of a benefit or service. Since paying tax was neither, one could not be compelled to part with their biometrics. He also argued that the Act and the enrolment process contemplated free and informed consent. When viewed in this light, the mandatory nature of Section 139AA was in direct collision with the scheme of the Aadhaar Act. Justice Bhushan interjected pointing out that the scheme of both statutes was different, and that made the legislation under challenge permissible. To this, it was submitted that a voluntary scheme could not be grafted onto the IT Act as a mandatory provision.

To support this contention further, it was contended that converting a right into a duty amounted to a colourable exercise of legislative power. Further, being coerced to enrol for a scheme that is essentially voluntary negates consent, rendering the legislation unworkable.

The petitioners’ counsel then apprised the Court regarding the penal consequences that would arise in the event of non-compliance with Section 139AA. These included higher Tax Deducted at Source (TDS), a penalty for failure to furnish income and a fine of Rs. 10,000 for not possessing a PAN card. Further, disabilities associated with not having a PAN under Section 114B were reiterated. On being queried by the bench whether PAN being mandated was the same as any other alternative (such as Aadhaar), it was argued that Aadhaar was intrusive to an unprecedented level. PAN, on the other hand, was not intrusive to one’s body. Routine transactions such as opening a bank account or purchasing a motor vehicle should not me made contingent on parting with biometrics.

The bench also quizzed the petitioners on the issue of giving up biometrics for passports and other similar circumstances. The counsel responded distinguishing such circumstances, arguing that in certain limited situations, such identification might be legitimate and necessary. This would be different from Aadhaar, where biometric authentication would become ubiquitous. Other circumstances would include identifying prisoners. Additionally, such information would be stored locally and only used for a limited purpose.

It was also argued that under Section 30, the Aadhaar Act itself defined biometrics as sensitive ‘personal’ data or information. Reference was also made to Section 43A of the Information Technology Act to emphasise that ‘personal’ information is of, and belongs to a person. Being intimate parts of the body, biometrics could not be considered a dominion of the state. Reliance was also placed on On Jurisprudence by Salmond and the Oxford Handbook on Jurisprudence and Philosophy of Law to highlight that the right of bodily integrity included ‘exclusive possession and use of his or her own body as against everyone else’. The petitioner’s counsel went on the state that the Indian Constitution does not establish a totalitarian state but creates a state that is respectful of individual liberty and freedoms. Drawing from the preamble and emphasizing on the idea of a limited government, he said that the Indian Constitution is ‘not a charter of servitude’.

The petitioner’s counsel took the Court through a host of judgments for the proposition that the right to life extended to a right to protect one’s body and identity from harm. He cited landmark judgments such as National Legal Service Authority v. Union of India and Others (2014) 5 SCC 438 and Sunil Batra v. Delhi Administration and Others (1978) 4 SCC 494 to emphasise that personal liberty went beyond mere animal existence. He also touched on the context of bodily integrity, informed consent and self-determination as essential facets of Article 21, read with Articles 14 and 19.

As a final argument, it was argued that the object of the statute itself was discriminatory. Section 139AA discriminates between a homogenous class of assessees – individuals willing to part with biometrics to enrol for Aadhaar and those who’re unwilling to do so. The provision unreasonably discriminates against the latter by subjecting them to grave penal consequences, given that both categories are willing tax payers. A voluntary scheme could not, and should not deprive individuals of their choice.

The petitioners’ counsel also briefly touched upon the concept of ‘informational self-determination’ and argued that the state did not have any imminent domain regarding one’s body. Parting of sensitive features such as biometrics should be subject to one’s control and consent.

Arguments on behalf of the petitioners are likely to be concluded tomorrow. The Attorney General, representing the Central Government, is likely to advance arguments on Tuesday (May 2).

Aadhaar – Identity without Consent, Control or Security

The Central Government notified certain sections of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (‘the Act’) last month. As of now, only the sections setting out the establishment, powers and functions of the Unique Identification Authority of India (UIDAI) have been brought into force.

Passed earlier this year, the Act is aimed at more efficient delivery of government subsidies and services by eliminating ghost identities and reducing corruption. It does so by obtaining and storing, in a centralized database, biometric and demographic information of all Indians who have been residing in India for more than one hundred and eighty-two days. This database, called the Central Identities Data Repository (CIDR), not only stores information parted with at the time of enrolment, but also keeps a record of every identification request sent to it. Thus, every time a resident is required to authenticate her identity by any service provider, the CIDR would maintain a record of it.  Significantly, (and contrary to three previous Supreme Court orders), there is little room for doubt that the scheme has been envisaged as being mandatory to avail the benefits attached to it.

If the lack of an overarching privacy law wasn’t enough reason to worry, the government’s submission before the Supreme Court that there is no fundamental right to privacy has raised legitimate concerns about the project and its implementation. A lot has been written about the problems with the Act and the larger scheme itself. But two aspects of the privacy debate under Aadhaar deserve urgent attention. First, as a mandatory scheme with no option to opt-out at a later stage, Aadhaar raises important issues of consent and one’s right to control the use of their personal information. This has famously been articulated as ‘informational self-determination’ in several European jurisdictions. The second concern is procedural and pertains to the method of collection and storage of sensitive personal information.

No Power to Consent or Opt-out

Biometric information such as fingerprints and iris scans form a core part of one’s bodily integrity. A requirement to part with such information as a condition precedent to availing essential services undermines basic constitutional values. While the enrolment form has a checkbox to verify consent, this is merely illusory, as failure to consent would amount to automatic exclusion from a host of benefits and services. Despite the fact that the Act mandates ‘enrolling agencies’ (discussed later) to explain the purpose of collecting demographic and biometric information at the time of enrolment, there is no legal obligation to inform residents of the extent of information being held about them. Aggregation of information within the CIDR as a result of a series of authentication requests over a long duration of time comes perilously close to creating a complete personality profile of every resident. This makes the state privy to a wide range of activities from buying an LPG cylinder to enrolling in a school, thereby drastically altering the individual-state power dynamic.

The Act further dilutes individual agency by creating statutory exceptions to how personal information can be used. Section thirty-three of the Act allows disclosure of personal information if a court (a District Judge or above) deems fit or if it is in the interest of “national security”. Both these caveats are problematic. To illustrate the first, in 2014, the CBI approached the Bombay High Court asking the UIDAI to run a fingerprint match on its database in order to enable it to identify culprits in a criminal investigation. Before the Court, the UIDAI had argued against sharing its data owing to privacy concerns. However, the Court felt differently. The Bombay High Court directed the Central Forensic and Scientific Laboratory to appoint an expert to determine if the Aadhaar database was technologically capable of matching fingerprints. This order has been stayed by the Supreme Court but the case is yet to be disposed off. The information shared with UIDAI was never envisaged to be used in criminal investigations. However, the Act explicitly allows information to be shared if a court allows it. As per UIDAI’s own statement, the system has a False Positive Identification Rate of 0.057 per cent. When applied to all residents within the country, a fingerprint search would have the effect of putting lakhs of residents under scrutiny.

Secondly, not only has the phrase “national security” not been defined in the Act (or in any other legal text for that matter), it would be the Executive’s sole prerogative to determine whether a situation qualifies for the exception. In both these situations, the individual whose information is actually at stake need not be consulted before her information is disclosed. These two exceptions are couched so broadly, that it is almost farcical to say that personal information will be used only for the authentication of one’s identity.

The Act contains broad exceptions to how personal information can be used and does not provide for any mechanism to opt-out or have one’s data deleted from the CIDR. In doing this, it diminishes one’s agency to consent, revoke consent and control how this information can be used. A society where individuals are unable to anticipate and predict the amount of information held about them and how it may be used is likely to have a chilling impact on democratic participation.

Dubious Collection and Storage of Personal Information

The issue of consent aside, organizational mechanisms in place to collect and store personal information of over a billion residents also give rise to multiple concerns. Prior to the passing of the Act, the UIDAI had outsourced the process for enrolment to various private entities which possessed the requisite know-how. Sensitive personal information such as biometrics has thus been captured, stored and retained by private companies using their own technology and without any oversight by government officials. In 2014, news reports of ‘Lord Hanuman’ having an Aadhaar card surfaced. Vijay Madan, the then Director General of the UIDAI later explained in a statement that this was ‘not a security issue’ but an instance of ‘malpractice’. The agency was then reportedly removed from the UIDAI panel. The Act has not only given legislative sanction to the practice of private companies collecting personal information, but also does not present the affected individual with any recourse in case of a breach.

Once the data is transferred to the UIDAI, it is maintained by it in the form of the CIDR. The perils of centralized storage of personal information have long been acknowledged. Any unauthorized security breach could jeopardize the information of all residents at once. This is vastly different from a smart-card system or Apple’s Touch ID, which stores biometric information locally on the device. Under European data protection jurisprudence, storage is an important element to ascertain whether the means used are proportionate to the aim sought to be achieved by the law. If the purpose of the system is only to authenticate identity in order to plug leakages in the distribution system, the need for centralized storage must be questioned.

Aadhaar has the potential to irreversibly alter the relationship between the government and people. As the world’s second most populous country, the desire to make the distribution system more efficient is an important goal to strive for. But in this case, the trade-off between privacy and efficiency is not only undesirable but also unnecessary. Finally, the manner in which the Act was passed and the government’s submissions before the Supreme Court display a lack of good faith that only add to the already long list of concerns associated with the project.

 

CCG analyses on the Criminal Defamation ruling

Written by Nakul Nayak

Since the Supreme Court’s May 13th ruling on the constitutionality of criminal defamation laws in India, CCG has come out with two op-eds on the shortcomings of the judgment.

1. In today’s Indian Express, Chinmayi Arun (Executive Director of CCG) raises important questions surrounding the implications of the judgment. Specifically, Chinmayi points out the glaring dissonance in the Central Government arguing for a right to reputation in the domain of defamation and simultaneously arguing against the fundamental right to privacy in the Aadhar hearings. Chinmayi also goes on to criticise the Supreme Court’s inadequate recognition of the powerful parties that use criminal defamation laws and their disparate impact on ordinary citizens. Her op-ed can be found here.
2. A few days back, I wrote an opinion piece in Livemint arguing that criminal defamation laws can and have been used by state officials to obfuscate public inquiry. This affects the truth-seeking endeavour of free speech, apart from the fact that India necessitates a “public good” value to truthful statements to qualify as a defence. I also argue that section 199 of the CrPC, which enlists the procedure to be followed in any criminal defamation prosecution, envisages an additional avenue for silencing criticism of official conduct by allowing a public prosecutor to file a complaint even when the particular state servant may not have felt aggrieved. My op-ed can be found here.
3. Post Script [May 27, 2016]: Anna Liz Thomas, a student at NALSAR University and an intern with CCG, has written an interesting piece analysing the arguments of the petitioners that were never countered or even addressed by the Supreme Court. Anna proceeds with look at the effect of these arguments and this, apart from making for a compelling read, makes one wonder whether the rebuttal of these arguments would have made the judgment a more informed and nuanced one. Anna’s post can be found here.

The Dirty Picture Project: Dil Dhadakne Do- A welcome foray into feminism.

By Bhargavi Vadeyar, as part of the Dirty Picture Project

Dil Dhadakne Do is the story of the Mehras, a dysfunctional, Delhi high society Punjabi family, the kind where the women talk in overly sugary tones and the men run businesses and play golf. The line-up includes the narcissistic father, Kamal (Anil Kapoor); the socialite/housewife mother, Neelam (Shefali Shah); the prodigal son and heir, Kabir (Ranveer Singh); and the quietly extraordinary daughter, Ayesha (Priyanka Chopra).

The cast is rounded out by Ayesha’s sexist and controlling husband, Manav (Rahul Bose); Farah (Anushka Sharma), Kabir’s love interest and a dancer on the ship, and Sunny (Farhan Akhtar), Ayesha’s one-time best friend and love interest. Last, but certainly not least, Aamir Khan voices the Mehras’ dog, Pluto, who narrates the film and comments on the hypocrisy of Indian families.

The movie’s premise is the Mediterranean cruise to celebrate the 30th wedding anniversary of Kamal and Neelam Mehra. Shenanigans predictably follow as many of the Mehras’ family and friends are forced together for a two-week period.

Bechdel Testing

The movie just about passes the Bechdel Test with a fleeting conversation between Ayesha and her cousins Divya and Putlu about what Divya wants to do with her life, now that she has graduated from college.

This is one of those cases, however, where the Bechdel Test doesn’t paint a true picture. The movie is filled to bursting with subversive one-liners and feminist characters that are completely out of the ordinary for a mainstream Bollywood film. It would be very difficult to talk about every insight the movie provided into the gender roles of the Indian upper class family, so I’ve chosen to focus only on the key elements.

Ayesha, the Superwoman

Ayesha is far and away the most interesting of the Mehras. For a Bollywood heroine, her clothing is not overly sexualised, and she is a well-developed female character. Ayesha is a successful businesswoman who sold her jewellery to start a travel company that landed her in the Forbes top 10 entrepreneurs list (just roll with it, this is Bollywood). However, she has to endure a controlling husband who “allows” her to run her business, along with barbs from her mother-in-law about talking business at the dinner table and never being at home.

She is a self-made businesswoman, but everyone around her just wants her to have a baby, including her husband and her parents. When told about her appearance in Forbes, her father only replies that next year his son’s name will be featured, and later announces in front of the entire gathering that his only wish is for her to give him a grandson (but not a granddaughter, of course). The gender bias is clear: her father, also a self-made businessman, shouts his achievements from the rooftops but is unwilling to acknowledge his daughter’s.

Ayesha, though, is secretly taking the monthly birth control pill. She is deeply unhappy in her marriage and already contemplating a divorce when the return of Sunny finally galvanises her into action. It becomes clear that Sunny and Ayesha were in love before her parents separated them.

The only flaw in the otherwise excellently written Ayesha is that she is unwilling to ruffle her parents’ feathers, often at the cost of her own happiness. She also seems to need Sunny’s appreciation of her achievements in order to be able to value herself enough to finally ask Manav for a divorce. This is slightly irking, but I’ll let it slide because Ayesha’s overall story ark is the best thing about this movie.

Sunny, the “Journalist-Activist Type”

Sunny is possibly the first openly feminist male character in Bollywood, and the film somewhat puts him on a pedestal for it. One of the best moments of the film is a conversation between Sunny and Manav, where Manav lets it slip that he “allows” Ayesha to run her business. Sunny immediately picks up on this and tells him that by allowing her to run her business, he is assuming a position of authority and control, and that this is not equality. This proves his point, he says, that women have not yet achieved equality. The movie portrays Sunny as admirable and intelligent for his feminist views, and Manav as controlling and unwittingly sexist.

Talaq, Talaq, Talaq

Once Ayesha admits she wants a divorce, both families sit together in order to work out what has gone wrong. The movie really highlights that everyone is against Ayesha here; she sits alone, facing her parents, Manav and her mother-in-law. They all treat Ayesha’s divorce as a something hurtful to them, echoed by Neelam asking Ayesha why she is doing this to them.

Both Neelam and Ayesha’s mother-in-law can’t seem to understand that she wants a divorce because she doesn’t love her husband. They both believe that as long a husband can provide a good standard of living and is not violent, there should be no problem, something that the film is quick to make fun of. This is especially ridiculous because, again, nobody seems to notice or care that Ayesha is financially independent.

Here the film also draws a stark contrast between the generations. Ayesha, who is financially independent, can divorce her husband. Neelam, on the other hand, has been forced to pretend that she is unaware of Kamal’s affairs for years because she has nowhere else to go.

Of Sons and Daughters

The movie also highlights the differences between the treatment meted out to sons and daughters. Once Ayesha is married, her birth family effectively disowns her to the point where her name is not mentioned on the cruise invitation cards, even though she planned the whole trip. Kamal also repeatedly insists that her home is now with her husband’s family.

Kabir, on the other hand, is being pressurised into succeeding his father as CEO of their flailing company, Ayka. This is despite the fact that it is clear he has very little interest or aptitude for business, while Ayesha runs her own business successfully. After Kabir refuses to run the company, Neelam asks what they will do with the company if he doesn’t run it. They don’t even consider the possibility of Ayesha being her father’s heir until Kabir points it out to them.

The Pilot and the Dancer

Kabir is the youngest member of the Mehra family. Overall, his character is also rather feminist, as he is unwavering in his support of his sister and is one of the few who acknowledge her success. Kabir falls in love with Farah Ali, who appears to be a very strong character until you scratch the surface. She is a dancer on the ship who ran away from home because all her parents wanted for her was to become someone’s housewife. Her story and her advice inspire Kabir to follow his heart and refuse to give in to his parents’ pressurising about his career.

Farah’s character is the where the film trips up slightly; it isn’t very well developed, which definitely puts her on the Manic Pixie Dream Girl scale. A Manic Pixie Dream Girl is a character that enters the (always male) hero’s life to change it for the better without ever changing herself, a role that Farah fulfils here. However, every character who is not a Mehra is similarly underdeveloped, so this film doesn’t seem to make a gender-based distinction on that front.

In Conclusion

Dil Dhadakne Do’s feminism is probably down to the fact that the two screenplay writers are both female: Zoya Akhtar and Reema Kagti. The film is certainly a step forward for Bollywood, and I can personally assure you that the film’s social commentary even improves on repeat viewings, a rare feat for any Bollywood movie. Dil Dhadkane Do is definitely worth a watch, for its rare nod to feminism and for the catchy songs that I’m sure I will be humming for several days.

*

For more information on the Dirty Picture Project, contact Aarti at aarti.bhavana@nludelhi.ac.in

Aadhaar (the Larger Bench): Day I

Written By Joshita Pai

The 5 judge bench this afternoon commenced with the Aadhaar hearing after reference from the Supreme Court on the issues of existence of privacy as a constitutional right and on clarifications of the interim order issued on 11^th of August. The bench seemed determined to focus on the clarification issue and the as the beginning of the proceedings, the CJI stated with particular regard to the privacy issue that he has not concluded what bench can be constituted to determine the question.

Mr. Shyam Divan, Senior Advocate insisted on delivering preliminary findings concerning privacy and in the latter part of the hearing, he introduced the subject again and threw considerable light on the previous orders issued by the Court in the matter. The Attorney General’s arguments primarily were based on firstly, the authentic nature of Aadhaar cards; secondly, on the non-viability of procurement of other identity cards such as PAN cards and driving license by the poorest of the poor, thirdly, that 92 crores of the population has already enrolled for Aadhar; fourthly, that the Aadhaar project is centred around a social welfare scheme, finally, on the premise that the card does not contain the biometric information and only displays the unique identification number.

Referring to the Big Brother concerns, the AG asserted that communication on WhatsApp can be snooped into by Facebook. Whatsapp however, in the light of the recent encryption debacle had assured that the encryption keys loaded at the time of sending a message by a particular user can be read in readable format only by the targeted receiver. Certainly, doubts galore the credibility of such end to end encryption. Moreover, commercial use of data is a tangential concept to surveillance and maintenance of database by the Government.

Delving upon the 92 crores Aadhar card holders, the bench asked the AG if he ruled out the possibility that these many people volunteered for aadhar since that would be their only means to access the proposed schemes. The Court, referring to the interim orders sought clarification w.r.t. the voluntary nature of Aadhaar post those orders. The advocates for the string of defendants reinstated that for all schemes outside PDS and LPG, it has been voluntary and insisted that they wish to resume schemes since they are attached to Aadhar.

Arguing for the petitioners, Mr. Shyam Divan reintroduced privacy concerns and stressed upon how the issue can not be looked into in isolation since the basis for Aadhar is built on collection of biometric information and fingerprinting which has been conducted in the absence of any statutory backing or in the least, issuance of a circular. He also mentioned that the enrollment form does not contain the requirement of supplying biometric data. He read out the interim order issued by the Court on August 11^th and stated that there was no notice served to the petitioners from the Centre stating that its challenging the Court order.

The bench intermittently expressed concerns about how the order would be carried out since post clarifications by the constitutional bench of the 11^th August order, the same would be referred back to the 3 judge bench. The Court will begin by looking into the interim order issued by the court last week in the next hearing, which is scheduled for 2 pm tomorrow.

Aadhar: the Past and the Future

By Joshita Pai & Sarvjeet Singh

The Unique Identification Authority of India (UIDAI) was set up under the chairmanship of Mr. Nandan Nilekani in 2009 by an executive notification to generate and assign unique identification numbers to residents.

After persistent protests asserting that a project, which requires collection of information such as biometric data, cannot be carried out in the absence of a legal framework, the National Identification Authority of India Bill, 2010 was introduced in the Rajya Sabha. The Parliamentary Standing Committee on Finance  subsequently found the bill unsuitable citing concerns such as national security and potential privacy violations, duplication of the National Population Register’s (NPR) activities and asked the Government to reconsider the UID scheme. A fundamental issue raised by the Committee was the scope of Aadhar, which covers residents and not citizens.

Towards Aadhaar-enabled delivery of services and applications, UIDAI provides online authentication using the resident’s demographic and biometric information. Services such as e-ration card, linkage of banking services, The Ministry of Petroleum and Natural Gas brought in an amendment in 2011 to its Liquefied Petroleum Gas (Regulation of Supply and Distribution) Order 2000 making the Unique Identification Number (UID) under the Aadhaar project compulsory for availing LPG refills.

The mandatory nature attached to the Aadhaar project however, invited a string of petitions linked to main petition filed by Justice Puttaswamy addressing the lack of procedural safeguards, coercion for enrollment and blocking access to multiple schemes by permitting access only through Aadhar. In November 2013 during one of the hearings of the matter, the Supreme Court concluded that the matter holds importance to all the states and union territories to be impleaded as parties to the case and passed an order to this effect.

The Attorney General defended the project stating that UIDAI requires only basic identity data such as name, age, gender, address and relationship details in case of minors, for issue of unique identity number, commonly known as Know Your Resident. The maintained response from the ministry has been that the UID scheme is envisaged as a means to enhance the delivery of welfare benefits and services and is not carved out for fulfilling surveillance purposes. The UID has clarified that only the person to whom the data is related will be entitled to seek and access the information contained in the Aadhaar database, in pursuant of section 8(j) of the RTI.

In March 2014, the Supreme Court restrained the UIDAI from transferring biometric information to any other agency without the written consent of the aadhaar card holder. The CBI, while investigating the rape of a girl in a school toilet in Goa requested the UIDAI to handover its biometric database. The Judicial Magistrate First Class of Goa issued an order directing the UIDAI to comply with the CBI’s requests. It was protested by the UIDAI in the Bombay High Court which dismissed the petition and the matter was appealed before the Supreme Court. CBI’s request for handing over the data was declined and the UIDAI in its petition refused to share the data citing privacy concerns. The UID petition has also been tagged with the other petitions.

The Supreme Court has prior to the 11^th August, 2015 interim order, on three occasions – on September 23^rd 2013, March 24^th 2014 and March 16^th 2015 declared that services cannot be made incumbent on the Aadhar number.

Reiterating the mandate of making Aadhaar and optional process, the Supreme Court, on 11^th August, 2015 declared that Aadhaar card will be mandatory only for availing LPG and PDS services. The UID website now carries at the bottom of its homepage a statement to the end that enrollment for Aadhaar is voluntary. The order has not been implemented in practice since schemes such as digital locker and the online health portal schemes are still linked to Aadhaar. The principal opposition to Aadhaar in the Supreme Court has been the question of privacy and the same was argued before the Court.

Defending Aadhaar, the Attorney General placing reliance on M.P. Sharma v. Satish Chandra (decided by a 8 judge bench in 1954) and Kharak Singh v. State of U.P. (decided by a 6 judge bench in 1962), stated that the right to privacy is not guaranteed under the Constitution and its position is doubtful. He further argued that the subsequent decisions in Gobind v. State, Rajagopal v. T.N. and PUCL v. UOI were rendered by smaller benches. The August 11^th order therein referred the question of determining the existence of privacy to a larger constitutional bench.

The interim orders were repeatedly sought to be quashed by the Centre in order to facilitate the promised social welfare schemes. Last week, the Supreme Court rejected the plea to stay the order and decided to refer any clarifications or modifications to the Constitutional Bench. The request was processed immediately and a five judge bench was accordingly set up and will be hearing the petition on the 14^th of October, 2015. According to these reports, six different state governments, Indian Banks’ Association, UIDAI, SEBI, RBI, and TRAI have joined the case defending the Centre’s stance and asking the court to allow usage of Aadhar identity proof for all welfare schemes.

Going forward the various issues that need to be decided by the Court are in respect to the issue of privacy are:

1. Whether there is any “right to privacy” guaranteed under the Indian Constitution?
2. If such a right exists, what is the source and what are the contours of such a right as there is no express provision in the Constitution adumbrating the right to privacy.

India follows the principle of “stare decisis”. The principle of stare decisis is of utmost importance by virtue of the fact that the law declared by the Supreme Court shall be binding on all courts within India (article 141). Moreover, it is an accepted principle that except in certain situations, in cases of conflict between various judgments the opinion expressed by the larger bench prevails. Therefore, ideally to overrule the judgment by an eight-judge bench in MP Sharma, a nine-judge bench should be constituted.

The constitutional bench that has been formed is a five-judge bench comprising of Chief Justice of India H.L Dattu, and Justices M.Y Eqbal, C. Nagappan, Arun Mishra and Amitava Roy. Starting this afternoon, it will be tasked with determining the fate of Aadhaar and deciding on Centre’s plea of seeking a modification of the Court’s order restricting the usage of Aadhar and to decide upon the existence of privacy as a constitutional right.

Certain reports have stated that the constitutional bench will only hear arguments on the validity of Aadhar and take up Governments request for interim relief. For deciding whether there is a fundamental right to privacy a larger bench will be formed later. This seems problematic on a number of levels:

1. If the court allows the Centre to make Aadhar mandatory for other welfare schemes, it will be doing so without having any clarity on the status of right to privacy in India.
2. In case the Court provides the relief to the Government and allows Aadhar to be used for other schemes, without looking at the scheme privacy concerns, how will it later reconcile it when the larger bench decides the rights contours.
3. If the Court only takes up the issues relating to privacy violation by Aadhar, it will be doing so without deciding whether there is a right to privacy and it contours?

A timeline of the case till August 2015 is available here and a list of the various petitions tagged together is available here.

Supreme Court refers clarifications on Aadhar to the larger bench

Written By Joshita Pai

The Supreme Court has rejected the plea of the Union Government and several other public organisations to stay the interim order passed on the 11^th of August, 2015 in the Aadhar matter. The Court has declined the request for making Aadhar mandatory except for availing LPG and PDS services. It has referred all applications seeking clarification or revocation of the order to a larger bench of the Supreme Court, which would also be presiding on the issue of privacy.

The larger bench is yet to be constituted, however the lawyer for the petitioner has asked the Chief Justice to constitute the bench at the earliest and the Chief Justice has asked the petitioners to present their case in court tomorrow.

Many schemes such as digilocker which will serve as an e-locker for official documents and the Online Registration System, an e-health-centric initiative by Deity require one to enter their Aadhar number for access; there has been a blatant disregard of the limited purpose prescribed by the order. The Court, earlier in the month asked the Centre to strictly comply with the order and reminded it that the mandatory nature of aadhar is applicable only to LPG and PDS schemes.

The reservation of a clarification and a stay on the application of aadhar is certainly going to pace up the setting up of a constitutional bench. The execution and continuation of several projects and social schemes now hinge on the decision of the Court. The Constitutional bench is now entrusted with deciding on the scope and utility of Aadhar, over and above determining the existence of privacy as a fundamental right.