Verdicts of Justices
D Y Chandrachud, Sikri and Protik Prakash Banerjee reveal questionable nature of
Aadhaar law and UID/Aadhaar scheme
‘He who has been banned is not, in
fact, simply set outside the law and made indifferent to it but rather
abandoned by it, that is, exposed and threatened on the threshold in which life
and law, outside and inside, become indistinguishable’
- Giorgio
Agamben, Italian philosopher, 1998
“The entire Aadhaar programme, since 2009,
suffers from constitutional infirmities and violations of fundamental rights.
The enactment of the Aadhaar Act does not save the Aadhaar project. The Aadhaar
Act, the Rules and Regulations framed under it, and the framework prior to the enactment
of the Act are unconstitutional.”
- Order of Justice D Y Chandrachud, Constitution Bench, Supreme Court, 26
September, 2018 (pages 1028-1048)
“The descendants of Mr. Nilekani have
perfected the doublespeak of 1984 (George Orwell) if not the Yes Minister and
Yes Prime Minister (Jonathan Lynn and Anthony Jay, BBC) where it appears that a
given question is being answered, though no information is given.”
- Justice Protik Prakash Banerjee, Calcutta High Court, January 3, 2019
“The violations of fundamental rights
resulting from the Aadhaar scheme were tested on the touchstone of
proportionality. The measures adopted by the respondents fail to satisfy the
test of necessity and proportionality for the following reasons:
(a) Under the Aadhaar project, requesting
entities can hold the identity information of individuals, for a temporary
period. It was admitted by UIDAI that AUAs may store additional information
according to their requirement to secure their system. ASAs have also been
permitted to store logs of authentication transactions for a specific time
period. It has been admitted by UIDAI that it gets the AUA code, ASA code,
unique device code and the registered device code used for authentication, and that UIDAI would know from which
device the authentication took place and through which AUA/ASA. Under the Regulations, UIDAI further
stores the authentication transaction data. This is in violation of widely
recognized data minimisation principles which mandate that data collectors and processors delete personal data
records when the purpose for which it has been collected is fulfilled. Moreover,
using the meta-data related to the transaction, the location of the
authentication can easily be traced using the IP address, which impacts upon
the privacy of the individual.
(b) From the verification log, it is possible
to locate the places of transactions by an individual in the past five years.
It is also possible through the Aadhaar database to track the current location
of an individual, even without the verification log. The architecture of
Aadhaar poses a risk of potential surveillance activities through the Aadhaar database.
Any leakage in the verification log poses an additional risk of an individual’s biometric data being
vulnerable to unauthorised exploitation by third parties.
(c) The biometric database in the CIDR is
accessible to third-party vendors providing biometric search and de-duplication
algorithms, since neither the Central Government nor UIDAI have the source code
for the deduplication technology which is at the heart of the programme. The source
code belongs to a foreign corporation. UIDAI is merely a licensee. Prior to the enactment of the
Aadhaar Act, without the consent of individual citizens, UIDAI contracted with
L-1 Identity Solutions (the foreign entity which provided the source code for
biometric storage) to provide to it any personal information related to any
resident of India. This is contrary to the basic requirement that an individual
has the right to protect herself by maintaining control over personal
information. The protection of the data of 1.2 billion citizens is a question
of national security and cannot be subjected to the mere
terms and conditions of a normal contract.
(d)Before the enactment of the Aadhaar Act,
MOUs signed between UIDAI and Registrars were not contracts within the purview
of Article 299 of the Constitution, and therefore, do not cover the acts done
by the private entities engaged by the Registrars for enrolment. Since there is
no privity of contract between UIDAI and the Enrolling agencies, the activities
of the private parties engaged in the process of enrolment before the enactment of the Aadhaar Act have
no statutory or legal backing.
(e) Under the Aadhaar architecture, UIDAI is
the sole authority which carries out all administrative, adjudicatory,
investigative, and monitoring functions of the project. While the Act confers
these functions on UIDAI, it does not place any institutional accountability
upon UIDAI to protect the database of citizens’ personal information. UIDAI
also takes no institutional responsibility for verifying whether the data
entered and stored in the CIDR is correct and authentic. The task has been delegated
to the enrolment agency or the Registrar. Verification of data being entered in
the CIDR is a highly sensitive task for which the UIDAI ought to have taken
responsibility. The Aadhaar Act is also silent on the liability of UIDAI and
its personnel in case of their non-compliance of the provisions of the Act or
the regulations.
(f) Section 47 of the Act violates citizens’
right to seek remedies. Under Section 47(1), a court can take cognizance of an
offence punishable under the Act only on a complaint made by UIDAI or any
officer or person authorised by it. Section 47 is arbitrary as it fails to
provide a mechanism to individuals to seek efficacious remedies for violation
of their right to privacy. Further, Section
23(2)(s) of the Act requires UIDAI to establish a grievance redressal
mechanism. Making the authority which is administering a project, also
responsible for providing a grievance redressal mechanism for grievances
arising from the project severely compromises the independence of the grievance
redressal body.
(g) While the Act creates a regime of criminal
offences and penalties, the absence of an independent regulatory framework
renders the Act largely ineffective in dealing with data violations. The
architecture of Aadhaar ought to have, but has failed to embody within the law
the establishment of an independent monitoring authority (with a hierarchy of
regulators), along with the broad principles for data protection. This compromise in the independence of the
grievance redressal body impacts upon the possibility and quality of justice
being delivered to citizens. In the absence of an independent regulatory and
monitoring framework which provides robust safeguards for data protection, the Aadhaar
Act cannot pass muster against a challenge on the ground of reasonableness
under Article 14.
(h) No substantive provisions, such as those
providing data minimization, have been laid down as guiding principles for the
oversight mechanism provided under Section 33(2), which permits disclosure of identity
information and authentication records in the interest of national security.
(i) Allowing private entities to use Aadhaar
numbers, under Section 57, will lead to commercial exploitation of the personal
data of individuals without consent and could also lead to individual
profiling. Profiling could be used to predict the emergence of future choices
and preferences of individuals. These preferences could also be used to influence the decision making of the
electorate in choosing candidates for electoral offices. This is contrary to
privacy protection norms. Data cannot be used for any purpose other than those
that have been approved. While developing an identification system of the
magnitude of Aadhaar, security concerns relating to the data of 1.2 billion
citizens ought to be addressed. These issues have not been dealt with by the Aadhaar
Act. By failing to protect the constitutional rights of citizens, Section 57
violates Articles 14 and 21.
(j) Section 57 is susceptible to be applied to
permit commercial exploitation of the data of individuals or to affect their
behavioural patterns. Section 57 cannot pass constitutional muster. Since it is
manifestly arbitrary, it suffers from overbreadth and violates Article 14.
(k) Section 7 suffers from overbreadth since
the broad definitions of the expressions ‘services and ‘benefits’ enable the
government to regulate almost every facet of its engagement with citizens under
the Aadhaar platform. If the requirement of Aadhaar is made mandatory for every
benefit or service which the government provides, it is impossible to live in
contemporary India without Aadhaar. The inclusion of services and benefits in Section 7 is a pre-cursor to the
kind of function creep which is inconsistent with the right to informational
self-determination. Section 7 is therefore arbitrary and violative of Article
14 in relation to the inclusion of services and benefits as defined.
(l) The legitimate aim of the State can be
fulfilled by adopting less intrusive measures as opposed to the mandatory
enforcement of the Aadhaar scheme as the sole repository of identification. The
State has failed to demonstrate that a less intrusive measure other than
biometric authentication would not subserve its purposes. That the state has been able to insist on an adherence to the
Aadhaar scheme without exception is a result of the overbreadth of Section 7.
(m) When Aadhaar is seeded into every
database, it becomes a bridge across discreet data silos, which allows anyone
with access to this information to re-construct a profile of an individual’s
life. This is contrary to the right to privacy and poses severe threats due to
potential surveillance.
(n) One right cannot be taken away at the
behest of the other. The State has failed to satisfy this Court that the
targeted delivery of subsidies which animate the right to life entails a
necessary sacrifice of the right to individual autonomy, data protection and
dignity when both these rights are protected by the Constitution.”
- Order of Justice D Y Chandrachud, Constitution Bench, Supreme Court, 26
September, 2018 (pages 1028-1048)
“There is definitely something amiss with the Aadhaar enrolment process
if important demographic information such as the name of an applicant’s father,
as is the case in hand, can be falsified and even go undetected. Thus, in order
to get a wider picture of the entire Aadhaar process, the regulations
concerning the Aadhaar scheme could not be allowed to evade scrutiny of this
Court.”
- Justice Protik Prakash Banerjee, Calcutta High Court, January 3, 2019
“The
malady in the present situation is further magnified by looking as to how
arbitrary could the process of verification of demographic information of an
Aadhaar applicant could be.”
- Justice Protik Prakash Banerjee, Calcutta High Court, January 3, 2019
Constitutional guarantees cannot be subject to
the vicissitudes of technology. Denial of benefits arising out of any social security
scheme which promotes socioeconomic rights of citizens is violative of human
dignity and impermissible under our constitutional scheme.
- Order of Justice D Y Chandrachud, Constitution Bench, Supreme Court, 26
September, 2018 (pages 1028-1048)
Both the Aadhaar Act and the
Aadhaar Ordinance and the related e-commerce laws are deceptively engineering convergence
of mass democracy and totalitarian state by creating human guinea-pigs in the “Aadhaar
ecosystem”, the new concentration camps with genocidal implications. Had this
been not the case government would either have shown urgency in enacting national
asset and data protection law or President of India would have promulgated an
Ordinance for it.
Having failed to get Aadhaar
and Other Laws (Amendment) Bill, 2018 passed by Rajya Sabha, ahead of the Election
Commission’s imminent announcement for the 17th Lok Sabha elections, President of
India promulgated the 12 page long Aadhaar and
other laws (Amendment) Ordinance 2019 on March 2, 2019 under Article 123 of
the Constitution to make amendments to the Aadhaar Act 2016, Prevention of
Money Laundering Act 2005 & Indian Telegraph Act 1885. Notably, Supreme
Court has established that ordinance is subject to judicial review. In the case
of, Krishna Kumar Singh v State of Bihar, 7-Judge Constitution Bench of the Supreme
Court, Justice D. Y. Chandrachud has held that the Ordinance making power does
not constitute the President or the Governor into a parallel source of law
making or an independent legislative authority.
Contrary
to the directions of Supreme Court, the Aadhaar Ordinance has been promulgated in
the aftermath of the order
of the 5-Judge Constitution Bench of the Supreme Court dated September 26, 2018
authored by Justice A K Sikri (now retired) with the concurrence of three
judges in pursuance of the 547
page long unanimous verdict of 9-Judge Constitution Bench of the Supreme Court
authored by Justice Dr D.Y. Chandrachud with the concurrence of eight judges in
the case regarding constitutional validity of UID/Aadhaar scheme and Aadhaar
Act. In
his glorious dissenting order, Justice Chandrachud expressed is strong
disagreement with Justice Sikri’s order. He has pronounced the scheme and the
Aadhaar law a totally unconstitutional.
In
the meanwhile, as of March 8, 2019, Supreme Court’s website now refers to the Bench
of Justices J Chelameswar, S.A. Bobde, C. Nagappan as the Bench which heard Justice
KS Puttaswamy (Retd.) v. Union of India case, the UID/Aadhaar case. The website
shows orders by 3-Judge Bench, 9-Judge Bench and 5-Judge Bench. It was the order of this very Justice
Chelameswar headed 3-Judge Bench which had referred the case to the Constitution
Bench. Justice Chelameswar, the presiding judge of the 3-Judge Bench was part
of the 9-Judge Bench constituted by Chief Justice Jagdish Singh Khehar as well but
not of the 5-Judge Bench constituted by Chief Justice Dipak Misra.
Disregarding Supreme
Court’s majority order has expressly struck down the mandatory use of the UID/Aadhaar
database as “unconstitutional”, Aadhaar Ordinance has been promulgated. At page 434 (of the 567 page long majority order
of the Constitution Bench of the Supreme Court), it is stated that UID/Aadhaar “is
only an enabling provision which entitles Aadhaar number holder to take the
help of Aadhaar for the purpose of establishing his/her identity” in a voluntary
way.
ordinances may
only be issued where there is a situation of `constitutional necessity’ (see
Krishna Kumar Singh v. State of Bihar (2017) 3 SCC 1), and giving private
companies access to the UID system cannot qualify as constitutional necessity. It does, however, encourage private entities
to collect, and use, the aadhaar number and attendant elements – except only
biometric authentication, spreading the number into a range of data bases.
Both the majority order and
minority order authored by Justice A K Sikri and Dr. Justice D.Y. Chandrachud respectively
raised questions about the constitutionality of the Act. Now in a 25 page long judgment dated January 3, 2019 in Debashis Nandy v. Union of India, Justice Protik Prakash Banerjee
of Calcutta High Court has raised serious questions about the Aadhaar Act and UID/Aadhaar scheme and has
underlined that Unique Identification Authority of India (UIDAI) and its scheme
is “cheating millions in the country who hold their Aadhaar as a concomitant to
their identity.”
Justice Banerjee has
recorded in the judgement that “The Learned Additional Solicitor General (Kuashik
Chanda) alongwith Mr. Mukherjee (Rabi Prosad Mookherjee for Union of India)), submitted
that no authentication is made of any material which is declared by an
applicant for Aadhar card in his application.” It is well known that the “UIDAI
is mandated to issue 12-digit Unique Identification Number called Aadhaar to
the residents based on demographic and biometric information submitted by them
to the UIDAI at the time of their enrolment into the Aadhaar scheme.” He has
underscored that “Aadhaar is not the only means to identification and the question
of identification of a person based on which a civil dispute would be decided
do not solely rests with his/her Aadhaar identification” in the light of the
Supreme Court’s decision.
Calcutta High Court’s
verdict records that “Aadhaar (Enrolment and Update) Regulations, 2016 dated
September 12, 2016 and issued under the authority of the Chief Executive
Authority, UIDAI. Rule 10 of the aforesaid regulation lays down guidelines for submission
and verification of information of individuals seeking enrolment. Sub-rule 5 of
Rule 10 states that the verification of the enrolment data shall be as provided
in Schedule III of the aforesaid regulation. Thus, it becomes
necessary to understand the verification process in accordance with the
aforesaid schedule.” Schedule III makes provision for recording of “Verification
of enrolment information”. It observes that “The demographic information under
the head “parent/guardian” and the fields “father’s/mother’s/husband’s/wife’s
name” are shown to be in Schedule III of the Regulations, but optional in case
of regulations. There is no verification required to be done in case of adults
for father, husband or guardian. Which means, whatever an applicant says his father’s
name is, the respondent no. 2 shall gullibly accept it as gospel truth.” The respondent
no. 2 is UIDAI.
Arbitrariness is rampant in
the entire UID/Aadhaar scheme. Section 2 (n) of Aadhaar Act, 2016 defines
‘identity information’. It states that “identity information” in respect of an
individual, includes his Aadhaar number, his biometric information and his
demographic information” This definition squarely lays down that information,
both demographic as well as biometric, establishes the identity of an Aadhaar card
holder. Therefore, information collected from an individual during the Aadhaar
application process could not be treated with such disparity which would allow
even false demographic information to pass under the scanner of the UIDAI without
even being sufficiently verified.
Unlike
Justice Dr Chandrachud’s order, the order of Justice
Protik Prakash Banerjee, Calcutta High Court has erred in his observation with
regard to his assumption about the uniqueness of biometric information and
duplication of UID/Aadhaar based identification. Justice Banerjee forgot to record
his views on two differing orders authored in Justice Dr Chandrachud’s
order and Justice Sikri in the matter of UID/Aadhaar and Aadhaar Act. He may
have to rectify these aspects of his order on some occasion.
The Constitution Bench
comprising Chief Justice of India Dipak Misra and Justices Sikri, A.M.
Khanwilkar, Dr Chandrachud and Ashok Bhushan. Out of these five judges presiding judge
Justice Misra retired on October 2, 2018 and Justice Sikri who retired on March
6, 2019. Now the composition of the Constitution Bench has changed. Notably,
the tenure of only one judge out of the original 3-Judge Bench of Justices J
Chelameswar, S. A. Bobde and C. Nagappan
that heard the UID/Aadhaar case and referred it to Constitution Bench survives.
Justice Bobde is now the second senior most judge of the Court. He was also
part of the 9-Judge Bench that decided the aspect of fundamental right to
privacy in the UID/Aadhaar case. Judicial discipline creates compelling logic
for his inclusion in the Constitution Bench which has to hear some five
petitions challenging the majority order authored by Justice Sikri. Imtiyaz Ali
Palsaniya, the fifth petitioner has challenged the controversial Section 139AA
of the Income-tax Act, which made mandatory linking of Aadhaar with permanent
account number (PAN). The other four petitioners are: Beghar Foundation, MG
Devasahayam, Mathew Thomas and Jairam Ramesh.
Besides these cases, as a
consequence of the Aadhaar Ordinance, the 5-Judge Constitution Bench is under
logical compulsion to subject this colourable legislation to judicial review because
having failed in direct legislation, the government is legislating indirectly. Like
Aadhaar Act, this Aadhaar Ordinance is an exercise in manifest breach of limits
imposed on the government by the Constitution at the behest of anonymous foreign
and domestic donors with military connections. Both the Act and the Ordinance establishes
a biopolitical paradigm with repellent geopolitical consequences paving the way
for the return of the Concentration Camp abandoning the original political
relation between the Citizens and the State wherein natural rule of law is
suspended.
Dr Gopal Krishna
The author is convener Citizens Forum for Civil Liberties (CFCL). CFCL is research and advocacy forum focused on surveillance, UID/Aadhaar and DNA profiling technologies since 2010. He had appeared before the Parliamentary Standing on Finance that examined and trashed the Aadhaar Bill, 2010. He is also the editor of www.toxicswatch.org. Twitter:@krishna1715
Post a Comment