People’s RTI Versus State’s Aadhaar
Right to information is people’s right ever since Evidence Act was passed in 1872 as its Sections 74 and 76 provided access to public records on payment of copying charges. This right was constitutionalized in 1950 under Article 19(1)(a) and then legally facilitated in 2005 through Right to Information Act. While right to vote made India democratic with equal chance of exercising its choice of governors, the RTI took a step forward to empower the citizen with information. If liberty of thought is basis for expression right which included right to vote, the right to information formed foundation for free speech. People have right to know and right to information from the government. The Aadhaar Act, 2016 is exactly in juxtaposition to the RTI Act, as that gives ‘authority of Government to secure the information of the people. Interestingly, the privacy holds these two Acts in two hands in opposite directions. While the RTI of the people about state is denied practically by the PIOs of public authorities on the wrongful claim of privacy, the state’s Aadhaar law and scheme has every danger of invading the privacy of the citizen.
Misuse of Privacy clauses
With rigid mindset of babus and their agents to defy RTI Act supported by a few anti-transparency orders of judiciary, the privacy is being used as an excuse to block the information flow to people, whereas, the ‘state’ through UIDAI is sucking the demographic and biometric information of the people through high power-houses and bore wells.
Aristotle said man is a social animal. His social life demands sharing of information not hiding, except some core family related information. Marriage, social association with people and man’s relationship with the state, makes his information ‘public’ and the information of public servant, mostly should be in public domain. The balance of protecting privacy and need to publish public servant’s information related to public affairs is prescribed in RTI Act through ‘public interest’ clauses. The Supreme Court upheld this balance in its historic privacy judgment in August 2017.
Official Secret: an oxymoron
Official Secret is a self contradiction by itself. It could be even an oxymoron. If it is official how that could be personal or secret? We still are being ruled by British legacy of Official Secrets Act 1923, which leaders of Independence movement demanded to be repealed. Right to Information in theory overrides the OS Act. But enough scope was created in the exceptions for survival of Official Secrets. Official secrecy survives the RTI!
The law in general provided for presumption of civil death. If a man is unheard of for seven years, law presumes him to be dead, which of course can be rebutted by his existence. Secondly when a man converts into a different religion, he suffers civil death as far as his original religious group is concerned and the wife gets a right to relinquish him. The third way of civil death presumption is when a person renounces the world. Now the Aadhaar Act adds a fourth dimension to presumption of civil death, i.e., a person devoid of aadhaar will be denied all benefits, pension, account, certification etc. If the crematorium wants aadhaar before a dead body is allowed inside, or darshan of Lord Venkateshwara in Tirupati mandates the furnishing of Aadhaar number, or if someone wants to recommend some eminent person for Padmashree award, should necessarily quote Aadhaar, is that in consistent with the Constitutionally guaranteed freedoms?
Aadhaar in Sanskrit, Hindi and Telugu means the basis or lifeline. Niraadhaar means devoid of lifeline. Now, Aadhaar is a 12-digit number called the unique identification (UID) number that is assigned to all residents. This program is called the world's largest biometric ID system, with over 119 crore enrolled members as of 30 Nov 2017. Fear of becoming Niraadhaar was spread and enrolment touched 98 per cent. Current population of India is 135 crore and 16 crore are yet to be enrolled. It is reported that 9 crore were excluded for reasons not explained. Then, what is the fate of these 25 crore residents? Without Aadhaar, do they suffer civil death? Can any duly elected government exclude 25 crore of its population from welfare schemes simply because Unique Identification Authority of India (UIDAI) failed to enrol them?
The Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016 made it mandatory for UIDAI to assign Aadhaar, but in practice it is mandatory for citizens to enroll for Aadhaar number. As Aadhaar has been linked with every aspect of social life, lack of it means denial of that ‘social life’. It raises a doubt: are they not included in ‘we the people of India…” or excluded from application of right to life in Article 21's or Article 14’s right to equality? Will they be considered to be living, at least? They have right to life, but do they survive, without pension or ration card?
The issue involved is more serious than right to privacy; it is an issue of dignity, too. The basic right to life of people has to be decided by the Supreme Court. Though Aadhaar Act apparently, did not make it compulsory for citizen, the citizen has no choice to be out of it, as that means no access to social life, and once enrolled, no scope of opting out of it.
The flaw of the law is that there is no alternative to Aadhaar, and if UIDAI denies the enrolment for any reason, it amounts to denial of living resources for him. For any reason if citizen does not enroll, or aadhaar is denied, or cancelled after enrolled by UIDAI, that citizen does not have any means of existence and no remedy at all. Aadhaar Act did not provide a remedy for wrongful denial of Aadhaar card. The bench waited for the decision on right to privacy and the Supreme Court emphatically declared it as fundamental right and advised the Centre to pass a law. Till today, the center did not enact any law on privacy and data protection. Is it possible to decide constitutionality of Aadhaar without having such a law?
What this number means?
Aadhaar neither confers citizenship nor guarantees any rights, benefits, or entitlements nor aims to replace any existing identity cards. Aadhaar is a random number, not loaded with profiling or intelligence into identity numbers that makes it insusceptible to fraud, theft and provides privacy in such perspective. The state and state bodies declared that it qualifies as a valid ID while availing various government services, like an LPG connection or subsidised ration or kerosene from PDS or benefits under NSAP or pension schemes, e-sign, digital locker, besides being a Universal Account Number (UAN) under EPFO and also for some other services, like a SIM card or opening a bank account or securing a caste certificate. The Center has declared that Aadhaar card will be mandatory for opening new bank accounts and for transactions above Rs. 50,000. All existing account holders will also have to submit their Aadhaar details by December 31, 2017, failing which accounts will be deemed invalid. A five judge bench on December 15, 2017 agreed to the Central government's decision to extend the deadline of linking of "everything", including mobile phones and bank accounts, to Aadhaar card till March 31, 2018. But SC also ordered that an Aadhaar card holder opening a new bank account will have to furnish his Aadhaar card to the bank.
Data theft or leakage
Is the biometric data of a billion people safe? It was reported by the Tribunal on January 4, 2018 that for Rs 500 an access to a billion identities on UID database is possible. It was also reported that there are one lakh illegal users of UID data, including anonymous groups created on WhatsApp. Government websites and educational institutions displayed personal information along with UID numbers in November 2017. Around 36 per cent people are excluded from PDS in Rajasthan, because they could not authenticate due to finger print failures. In Jharkhand, many starved to death because they could not link UID numbers with their ration cards. When data has already been breached what is the purpose of Data Protection Laws and Aadhaar Act?
Biometrics is known as untested technology even by the UIDAI’s own admission. Critics question the imposition of such technology on entire population exposing the citizens to tracking. RTI Act mandates the state to be transparent to its people, but most of the information is denied under privacy clause, whereas the UDI allows every individual to be profiled and tracked by state and private companies.
SC orders vs Centre’s orders
Supreme Court issued series of interim orders on various writ petitions challenging the mandatory linking of government schemes with Aadhaar. On 23 September 2013, the court issued an interim order saying that "no person should suffer for not getting Aadhaar" as the government cannot deny a service to a resident if she/he does not possess Aadhaar, as it is voluntary and not mandatory. On 11 August 2015, it ruled that "UIDAI/Aadhaar will not be used for any other purposes except PDS, kerosene and LPG distribution system". This was later amended to include Mahatma Gandhi National Rural Employment Guarantee Scheme, all types of pensions schemes, employee provident fund and the Prime Minister Jan Dhan Yojana, and made it clear that even for availing these facilities Aadhaar card will not be mandatory.
On 27 March 2017, the court affirmed that Aadhaar cannot be mandatory for availing benefits under welfare schemes, though it can be mandatory for other purposes (such as income tax filings, bank accounts etc). On June 9, 2017, it partially read down Section 139AA of the Income Tax Act that mandated an individual to link their Aadhaar for filing their Income Tax Returns. On 11 August 2015, the Supreme Court had directed the government to widely publicise in print and electronic media that Aadhaar is not mandatory for any welfare scheme.
The government went on issuing orders extending UDI mandatory for several government services. It was ordered that Aadhaar number of the applicant shall be required to be mentioned compulsorily in the application form for SC/ST, OBC, domicile, income, birth, death, surviving member, solvency, nationality certificates. In December 2012, some more orders were issued to include: registration of marriages under Hindu Marriage Act and Special Marriage Act, solemnisation of marriages and registration of various documents in the sub registrar offices. People without Aadhaar number cannot get any of these certificates, which decides their life, education and career.
Attorney General of India Mukul Rohatgi on May 2, 2017 made certain sweeping statements before the Supreme Court: “There is no absolute right over the body…. The right not to have bodily intrusion is not absolute,” … “and the life of a person can also be taken away by following a due procedure of law….There is nothing absolute in them. From the cradle to the grave, we are in a contractual relationship with the state. We don’t live in a vacuum….If you don’t want to part with anything in return for state protection and services, go and live in the Himalayas…..In the world the only way is to digitise iris and fingerprints kept for posterity. There is no other way… In a social contract, you have no right to be invisible. Forcible taking of fingerprints is not self-incrimination. The court said that 50 years ago, we will go to DNA next.”
The Supreme Court has to decide the ‘legality’ of the AGIs statements, which might have severe impact on fundamental rights of the people.
No right to complain
When Aadhaar Act 2016 mandates enrolling, it should have a remedy against refusal to enrol, removal from enrolment, and non-enrolment. Surprisingly, an individual cannot even complain under this law. UIDAI alone was given authority to complain. “Courts cannot take cognizance of any offence punishable under the Act, unless a complaint is made by the UID authority, or a person authorised by it.” This may present a conflict of interest as under the Act, the UID authority is responsible for the security and confidentiality of identity information and authentication of records. The Act does not have any provision to deal with when members or employees of the UID authority are responsible for a security breach, and where the a uthority refuses to enrol or it fails to enrol due to technical error.
Non-verification of residence
The law that was passed in 2016 says only a resident (having 182 days of residence in preceding year) can be enrolled. The enrolment started long ago after UIDAI was established in 2009, when there was neither law, nor a feasibility report, and without verification of ‘residence’ criterion. Can the 2016 Act validate retrospectively the enrolment without any evidence of residence?
Plethora of writs were filed raising basic issues—do we have fundamental right to privacy? If so, whether mandatory sharing of personal and biometric information for Aadhaar would violate it? First question was answered in affirmative creating a Constitutional jurisprudence by nine-judge member bench of Supreme Court on August 24, 2017. The Constitutional Bench of SC is scheduled to start hearing of bunch of petitions to examine validity of Aadhaar Act and mandatory linking. The court has to consider many vital issues like privacy, surveillance, exclusion from welfare benefits. There is merit in criticism that despite the interim orders of apex court, the government went on coercing the people to enrol by creating a fear that they might get isolated and excluded from social life. Anxiety of disassociation was looming large among all sections of the people. They feared that without Aadhaar they will be Niraadhaar— loosing the earth under their feet, rather the civil death!
In Goa, on CBI’s request, a local court directed UIDAI to share fingerprint database to compare and find the culprit in the rape of a school girl. UIADI appealed to High Court, which ordered forensic lab to study the technological capability of such a huge exercise. It reached Supreme Court, wherein UIDAI contended that false positive chance will be too high and sharing is undesirable. SC, on 24th March 2014, restrained Central government and UIDAI from sharing data with any third party or agency whether government or private, without the consent of the Aadhaar-holder in writing. This is a significant order. On 16th March 2015, SC reiterated its 2013 direction not to make Aadhaar mandatory.
Aadhaar law has many more flaws. It gives UIDAI authority to pass regulations, and add more biometrics in addition to fingerprints and iris. The Act does not prevent authority from requiring the collection of DNA as biometric information. Act allows the authority to decide the period of preservation. This raises an apprehension that the long time preservation of records might lead to misuse.
An individual holder of Aadhaar number also was not given right to access to his own biometric record (S 28). According to Section 57, ‘any corporate or person’ can use this database, decreed in a section that carries the sub-heading ‘Act not to prevent use of Aadhaar number for other purposes under law’. It is subject to any law or contract. It does not explain the contract between whom. As per Section 6, the UIDAI may require holder to update demographic and biometric information from time to time. If residence or mobile number changes, the citizen has to submit his biometric data again. Section 29(2) says identity information other than core biometric information may be shared. But it shall not be used for any purpose other than that specified to the individual. Sub-clause (b) says it cannot be disclosed further, except with the prior consent of the individual. It is a safeguard. But law does not provide citizen with remedy for breach of this safeguard.
The government claimed that Aadhaar serves effectively in de-duplication, prevents fraud of multiple cards and has already saved huge public fund.
The issues before apex court are:
- Whether a citizen has a right of choice, i.e, right to refuse to give biometric data? Can state coerce a citizen to part with the personal and biometric data? Is it not violation of fundamental right of privacy under Part III (as per declaration in Puttaswamy judgment) and right against self incrimination guaranteed specifically under Article 20(3)?
- Why a citizen should not have a right of choice to be out of Aadhaar net?
- Is it not breach of privacy of a billion people if their name, photo, address, gender, date of birth, parent’s names, etc are exposed to and by anonymous sellers?
- How can Centre go ahead with Aadhaar Act without having comprehensive legislation on right to privacy and reasonable restrictions on it?
The Aadhaar project started as registering residents, who are numbered without verifying residence criterion: they are now numbers or consumers, an easy fodder for market whose forces can break, leak and steal the data and people have pinned their hopes on the apex court for justice. But what can anybody do without a clear mandate in the form of law on privacy and data protection?Professor Madabhushi Sridhar is a Columnist, Media Law Researcher and Central Information Commissioner.
(based on the presentation of the author at the seminar on RTI, Privacy and Aadhaar at Pune, on 10th February 2018)
Views expressed are personal and not those of his office.