Pages

Friday, March 08, 2019

Constitution Bench of Supreme Court sans Justices Dipak Misra and Sikri all set to hear petitions against colourable Aadhaar Ordinance, Aadhaar Act and UID/Aadhaar scheme

Verdicts of Justices D Y Chandrachud, Sikri and Protik Prakash Banerjee reveal questionable nature of Aadhaar law and UID/Aadhaar scheme

 ‘He who has been banned is not, in fact, simply set outside the law and made indifferent to it but rather abandoned by it, that is, exposed and threatened on the threshold in which life and law, outside and inside, become indistinguishable’
- Giorgio Agamben, Italian philosopher, 1998

“The entire Aadhaar programme, since 2009, suffers from constitutional infirmities and violations of fundamental rights. The enactment of the Aadhaar Act does not save the Aadhaar project. The Aadhaar Act, the Rules and Regulations framed under it, and the framework prior to the enactment of the Act are unconstitutional.”
- Order of Justice D Y Chandrachud, Constitution Bench, Supreme Court, 26 September, 2018 (pages 1028-1048)

“The descendants of Mr. Nilekani have perfected the doublespeak of 1984 (George Orwell) if not the Yes Minister and Yes Prime Minister (Jonathan Lynn and Anthony Jay, BBC) where it appears that a given question is being answered, though no information is given.”
- Justice Protik Prakash Banerjee, Calcutta High Court, January 3, 2019

“The violations of fundamental rights resulting from the Aadhaar scheme were tested on the touchstone of proportionality. The measures adopted by the respondents fail to satisfy the test of necessity and proportionality for the following reasons:

(a) Under the Aadhaar project, requesting entities can hold the identity information of individuals, for a temporary period. It was admitted by UIDAI that AUAs may store additional information according to their requirement to secure their system. ASAs have also been permitted to store logs of authentication transactions for a specific time period. It has been admitted by UIDAI that it gets the AUA code, ASA code, unique device code and the registered device code used for authentication, and  that UIDAI would know from which device the authentication took place and through which AUA/ASA. Under the Regulations, UIDAI further stores the authentication transaction data. This is in violation of widely recognized data minimisation principles which mandate that data collectors and processors delete personal data records when the purpose for which it has been collected is fulfilled. Moreover, using the meta-data related to the transaction, the location of the authentication can easily be traced using the IP address, which impacts upon the privacy of the individual.

(b) From the verification log, it is possible to locate the places of transactions by an individual in the past five years. It is also possible through the Aadhaar database to track the current location of an individual, even without the verification log. The architecture of Aadhaar poses a risk of potential surveillance activities through the Aadhaar database. Any leakage in the verification log poses an additional risk of an individual’s biometric data being vulnerable to unauthorised exploitation by third parties.

(c) The biometric database in the CIDR is accessible to third-party vendors providing biometric search and de-duplication algorithms, since neither the Central Government nor UIDAI have the source code for the deduplication technology which is at the heart of the programme. The source code belongs to a foreign corporation. UIDAI is merely a licensee. Prior to the enactment of the Aadhaar Act, without the consent of individual citizens, UIDAI contracted with L-1 Identity Solutions (the foreign entity which provided the source code for biometric storage) to provide to it any personal information related to any resident of India. This is contrary to the basic requirement that an individual has the right to protect herself by maintaining control over personal information. The protection of the data of 1.2 billion citizens is a question of national security and cannot be subjected to the mere terms and conditions of a normal contract.

(d)Before the enactment of the Aadhaar Act, MOUs signed between UIDAI and Registrars were not contracts within the purview of Article 299 of the Constitution, and therefore, do not cover the acts done by the private entities engaged by the Registrars for enrolment. Since there is no privity of contract between UIDAI and the Enrolling agencies, the activities of the private parties engaged in the process of enrolment before the enactment of the Aadhaar Act have no statutory or legal backing.

(e) Under the Aadhaar architecture, UIDAI is the sole authority which carries out all administrative, adjudicatory, investigative, and monitoring functions of the project. While the Act confers these functions on UIDAI, it does not place any institutional accountability upon UIDAI to protect the database of citizens’ personal information. UIDAI also takes no institutional responsibility for verifying whether the data entered and stored in the CIDR is correct and authentic. The task has been delegated to the enrolment agency or the Registrar. Verification of data being entered in the CIDR is a highly sensitive task for which the UIDAI ought to have taken responsibility. The Aadhaar Act is also silent on the liability of UIDAI and its personnel in case of their non-compliance of the provisions of the Act or the regulations.

(f) Section 47 of the Act violates citizens’ right to seek remedies. Under Section 47(1), a court can take cognizance of an offence punishable under the Act only on a complaint made by UIDAI or any officer or person authorised by it. Section 47 is arbitrary as it fails to provide a mechanism to individuals to seek efficacious remedies for violation of their right to privacy. Further, Section 23(2)(s) of the Act requires UIDAI to establish a grievance redressal mechanism. Making the authority which is administering a project, also responsible for providing a grievance redressal mechanism for grievances arising from the project severely compromises the independence of the grievance redressal body.

(g) While the Act creates a regime of criminal offences and penalties, the absence of an independent regulatory framework renders the Act largely ineffective in dealing with data violations. The architecture of Aadhaar ought to have, but has failed to embody within the law the establishment of an independent monitoring authority (with a hierarchy of regulators), along with the broad principles for data protection. This compromise in the independence of the grievance redressal body impacts upon the possibility and quality of justice being delivered to citizens. In the absence of an independent regulatory and monitoring framework which provides robust safeguards for data protection, the Aadhaar Act cannot pass muster against a challenge on the ground of reasonableness under Article 14.

(h) No substantive provisions, such as those providing data minimization, have been laid down as guiding principles for the oversight mechanism provided under Section 33(2), which permits disclosure of identity information and authentication records in the interest of national security.

(i) Allowing private entities to use Aadhaar numbers, under Section 57, will lead to commercial exploitation of the personal data of individuals without consent and could also lead to individual profiling. Profiling could be used to predict the emergence of future choices and preferences of individuals. These preferences could also be used to influence the decision making of the electorate in choosing candidates for electoral offices. This is contrary to privacy protection norms. Data cannot be used for any purpose other than those that have been approved. While developing an identification system of the magnitude of Aadhaar, security concerns relating to the data of 1.2 billion citizens ought to be addressed. These issues have not been dealt with by the Aadhaar Act. By failing to protect the constitutional rights of citizens, Section 57 violates Articles 14 and 21.

(j) Section 57 is susceptible to be applied to permit commercial exploitation of the data of individuals or to affect their behavioural patterns. Section 57 cannot pass constitutional muster. Since it is manifestly arbitrary, it suffers from overbreadth and violates Article 14.

(k) Section 7 suffers from overbreadth since the broad definitions of the expressions ‘services and ‘benefits’ enable the government to regulate almost every facet of its engagement with citizens under the Aadhaar platform. If the requirement of Aadhaar is made mandatory for every benefit or service which the government provides, it is impossible to live in contemporary India without Aadhaar. The inclusion of services and benefits in Section 7 is a pre-cursor to the kind of function creep which is inconsistent with the right to informational self-determination. Section 7 is therefore arbitrary and violative of Article 14 in relation to the inclusion of services and benefits as defined.

(l) The legitimate aim of the State can be fulfilled by adopting less intrusive measures as opposed to the mandatory enforcement of the Aadhaar scheme as the sole repository of identification. The State has failed to demonstrate that a less intrusive measure other than biometric authentication would not subserve its purposes. That the state has been able to insist on an adherence to the Aadhaar scheme without exception is a result of the overbreadth of Section 7.

(m) When Aadhaar is seeded into every database, it becomes a bridge across discreet data silos, which allows anyone with access to this information to re-construct a profile of an individual’s life. This is contrary to the right to privacy and poses severe threats due to potential surveillance.

(n) One right cannot be taken away at the behest of the other. The State has failed to satisfy this Court that the targeted delivery of subsidies which animate the right to life entails a necessary sacrifice of the right to individual autonomy, data protection and dignity when both these rights are protected by the Constitution.”
- Order of Justice D Y Chandrachud, Constitution Bench, Supreme Court, 26 September, 2018 (pages 1028-1048)

There is definitely something amiss with the Aadhaar enrolment process if important demographic information such as the name of an applicant’s father, as is the case in hand, can be falsified and even go undetected. Thus, in order to get a wider picture of the entire Aadhaar process, the regulations concerning the Aadhaar scheme could not be allowed to evade scrutiny of this Court.”
- Justice Protik Prakash Banerjee, Calcutta High Court, January 3, 2019

“The malady in the present situation is further magnified by looking as to how arbitrary could the process of verification of demographic information of an Aadhaar applicant could be.”
- Justice Protik Prakash Banerjee, Calcutta High Court, January 3, 2019

Constitutional guarantees cannot be subject to the vicissitudes of technology. Denial of benefits arising out of any social security scheme which promotes socioeconomic rights of citizens is violative of human dignity and impermissible under our constitutional scheme.
- Order of Justice D Y Chandrachud, Constitution Bench, Supreme Court, 26 September, 2018 (pages 1028-1048)

Both the Aadhaar Act and the Aadhaar Ordinance and the related e-commerce laws are deceptively engineering convergence of mass democracy and totalitarian state by creating human guinea-pigs in the “Aadhaar ecosystem”, the new concentration camps with genocidal implications. Had this been not the case government would either have shown urgency in enacting national asset and data protection law or President of India would have promulgated an Ordinance for it.  

Having failed to get Aadhaar and Other Laws (Amendment) Bill, 2018 passed by Rajya Sabha, ahead of the Election Commission’s imminent announcement for the 17th Lok Sabha elections, President of India promulgated the 12 page long Aadhaar and other laws (Amendment) Ordinance 2019 on March 2, 2019 under Article 123 of the Constitution to make amendments to the Aadhaar Act 2016, Prevention of Money Laundering Act 2005 & Indian Telegraph Act 1885. Notably, Supreme Court has established that ordinance is subject to judicial review. In the case of, Krishna Kumar Singh v State of Bihar, 7-Judge Constitution Bench of the Supreme Court, Justice D. Y. Chandrachud has held that the Ordinance making power does not constitute the President or the Governor into a parallel source of law making or an independent legislative authority.

Contrary to the directions of Supreme Court, the Aadhaar Ordinance has been promulgated in the aftermath of the order of the 5-Judge Constitution Bench of the Supreme Court dated September 26, 2018 authored by Justice A K Sikri (now retired) with the concurrence of three judges in pursuance of the 547 page long unanimous verdict of 9-Judge Constitution Bench of the Supreme Court authored by Justice Dr D.Y. Chandrachud with the concurrence of eight judges in the case regarding constitutional validity of UID/Aadhaar scheme and Aadhaar Act. In his glorious dissenting order, Justice Chandrachud expressed is strong disagreement with Justice Sikri’s order. He has pronounced the scheme and the Aadhaar law a totally unconstitutional.

In the meanwhile, as of March 8, 2019, Supreme Court’s website now refers to the Bench of Justices J Chelameswar, S.A. Bobde, C. Nagappan as the Bench which heard Justice KS Puttaswamy (Retd.) v. Union of India case, the UID/Aadhaar case. The website shows orders by 3-Judge Bench, 9-Judge Bench and 5-Judge Bench. It was the order of this very Justice Chelameswar headed 3-Judge Bench which had referred the case to the Constitution Bench. Justice Chelameswar, the presiding judge of the 3-Judge Bench was part of the 9-Judge Bench constituted by Chief Justice Jagdish Singh Khehar as well but not of the 5-Judge Bench constituted by Chief Justice Dipak Misra.

Disregarding Supreme Court’s majority order has expressly struck down the mandatory use of the UID/Aadhaar database as “unconstitutional”, Aadhaar Ordinance has been promulgated.  At page 434 (of the 567 page long majority order of the Constitution Bench of the Supreme Court), it is stated that UID/Aadhaar “is only an enabling provision which entitles Aadhaar number holder to take the help of Aadhaar for the purpose of establishing his/her identity” in a voluntary way.

ordinances may only be issued where there is a situation of `constitutional necessity’ (see Krishna Kumar Singh v. State of Bihar (2017) 3 SCC 1), and giving private companies access to the UID system cannot qualify as constitutional necessity.  It does, however, encourage private entities to collect, and use, the aadhaar number and attendant elements – except only biometric authentication, spreading the number into a range of data bases.

Both the majority order and minority order authored by Justice A K Sikri and Dr. Justice D.Y. Chandrachud respectively raised questions about the constitutionality of the Act. Now in a 25 page long judgment dated January 3, 2019 in Debashis Nandy v. Union of India, Justice Protik Prakash Banerjee of Calcutta High Court has raised serious questions about the Aadhaar Act and UID/Aadhaar scheme and has underlined that Unique Identification Authority of India (UIDAI) and its scheme is “cheating millions in the country who hold their Aadhaar as a concomitant to their identity.”

Justice Banerjee has recorded in the judgement that “The Learned Additional Solicitor General (Kuashik Chanda) alongwith Mr. Mukherjee (Rabi Prosad Mookherjee for Union of India)), submitted that no authentication is made of any material which is declared by an applicant for Aadhar card in his application.” It is well known that the “UIDAI is mandated to issue 12-digit Unique Identification Number called Aadhaar to the residents based on demographic and biometric information submitted by them to the UIDAI at the time of their enrolment into the Aadhaar scheme.” He has underscored that “Aadhaar is not the only means to identification and the question of identification of a person based on which a civil dispute would be decided do not solely rests with his/her Aadhaar identification” in the light of the Supreme Court’s decision.

Calcutta High Court’s verdict records that “Aadhaar (Enrolment and Update) Regulations, 2016 dated September 12, 2016 and issued under the authority of the Chief Executive Authority, UIDAI. Rule 10 of the aforesaid regulation lays down guidelines for submission and verification of information of individuals seeking enrolment. Sub-rule 5 of Rule 10 states that the verification of the enrolment data shall be as provided in Schedule III of the aforesaid regulation. Thus, it becomes necessary to understand the verification process in accordance with the aforesaid schedule.” Schedule III makes provision for recording of “Verification of enrolment information”. It observes that “The demographic information under the head “parent/guardian” and the fields “father’s/mother’s/husband’s/wife’s name” are shown to be in Schedule III of the Regulations, but optional in case of regulations. There is no verification required to be done in case of adults for father, husband or guardian. Which means, whatever an applicant says his father’s name is, the respondent no. 2 shall gullibly accept it as gospel truth.” The respondent no. 2 is UIDAI.

Arbitrariness is rampant in the entire UID/Aadhaar scheme. Section 2 (n) of Aadhaar Act, 2016 defines ‘identity information’. It states that “identity information” in respect of an individual, includes his Aadhaar number, his biometric information and his demographic information” This definition squarely lays down that information, both demographic as well as biometric, establishes the identity of an Aadhaar card holder. Therefore, information collected from an individual during the Aadhaar application process could not be treated with such disparity which would allow even false demographic information to pass under the scanner of the UIDAI without even being sufficiently verified.

Unlike Justice Dr Chandrachud’s order, the order of Justice Protik Prakash Banerjee, Calcutta High Court has erred in his observation with regard to his assumption about the uniqueness of biometric information and duplication of UID/Aadhaar based identification. Justice Banerjee forgot to record his views on two differing orders authored in Justice Dr Chandrachud’s order and Justice Sikri in the matter of UID/Aadhaar and Aadhaar Act. He may have to rectify these aspects of his order on some occasion.

The Constitution Bench comprising Chief Justice of India Dipak Misra and Justices Sikri, A.M. Khanwilkar, Dr Chandrachud and Ashok Bhushan.  Out of these five judges presiding judge Justice Misra retired on October 2, 2018 and Justice Sikri who retired on March 6, 2019. Now the composition of the Constitution Bench has changed. Notably, the tenure of only one judge out of the original 3-Judge Bench of Justices J Chelameswar, S. A. Bobde and C. Nagappan that heard the UID/Aadhaar case and referred it to Constitution Bench survives. Justice Bobde is now the second senior most judge of the Court. He was also part of the 9-Judge Bench that decided the aspect of fundamental right to privacy in the UID/Aadhaar case. Judicial discipline creates compelling logic for his inclusion in the Constitution Bench which has to hear some five petitions challenging the majority order authored by Justice Sikri. Imtiyaz Ali Palsaniya, the fifth petitioner has challenged the controversial Section 139AA of the Income-tax Act, which made mandatory linking of Aadhaar with permanent account number (PAN). The other four petitioners are: Beghar Foundation, MG Devasahayam, Mathew Thomas and Jairam Ramesh.

Besides these cases, as a consequence of the Aadhaar Ordinance, the 5-Judge Constitution Bench is under logical compulsion to subject this colourable legislation to judicial review because having failed in direct legislation, the government is legislating indirectly. Like Aadhaar Act, this Aadhaar Ordinance is an exercise in manifest breach of limits imposed on the government by the Constitution at the behest of anonymous foreign and domestic donors with military connections. Both the Act and the Ordinance establishes a biopolitical paradigm with repellent geopolitical consequences paving the way for the return of the Concentration Camp abandoning the original political relation between the Citizens and the State wherein natural rule of law is suspended. 

Dr Gopal Krishna


The author is convener Citizens Forum for Civil Liberties (CFCL). CFCL is research and advocacy forum focused on surveillance, UID/Aadhaar and DNA profiling technologies since 2010. He had appeared before the Parliamentary Standing on Finance that examined and trashed the Aadhaar Bill, 2010. He is also the editor of www.toxicswatch.org. Twitter:@krishna1715  

No comments:

Post a Comment