In this article, Debayan Gangopadhyay discusses the recent Aadhaar vs Right to Privacy debate. How Right to Privacy impacts Aadhaar.

Overview

With much appreciation and fame over the past month coming to the ‘Right to Privacy is a fundamental right’ judgement[1] by the Supreme Court, there still exists the issue of Aadhaar being valid or not which is still pending. Much controversy has lit upon the conflict of Aadhaar, specifically, The Aadhaar Act, 2016 and the Right to Privacy of every citizen of the country being violated through it. The problems with the Aadhaar Act, 2016 in concern to privacy are mainly comprised of two parts: firstly, Aadhaar Act making Aadhaar compulsory for every citizen and also making its compulsory linkage to other services, including PAN and phone numbers. It further makes an amendment to the Income Tax Act wherein for tax returns to be processed, one needs to link their Aadhaar number to their PAN.[2] A failure to do this could also lead to invalidity of the respective PAN. These legislations are a forced compulsion for the citizens to link their Aadhaar to these documents which is a problem as Aadhaar inherently requires a lot of personal and confidential information like biometrics, fingerprints, etc. which connects to the second issue of data security. The Aadhaar Act, 2016 allows sharing of data under the Aadhaar numbers for the purposes of “national security” which a vague and undefined term. Further, Aadhaar is applicable to commercial purposes as well and has the participation of private parties in its data access which leaves the citizens a huge risk of data leak given that there are no existing privacy laws in India. The active government wants the Aadhaar policy to continue and is gradually making Aadhaar mandatory for more documents, for eg., driving licence, which is in plan to also be mandatorily linked to Aadhaar.^[3]

This article highlights the two core issues of the Aadhaar Act, its contradictions to the right to privacy and also its further consequences and misuses which have already started coming to existence. It further mentions the unique identification program in the United States (i.e, the Social Security Number) and its comparison to Aadhaar. It reflects upon how there is a much better possible regard to privacy when it comes to legislation which the intent of providing unique identity and for national security purposes. This links to the unnecessary essentials and requirements that are constantly been brought in by the present government and how it causes fundamental problems in the society.

The Linkage Problem

The Supreme Court in March, 2017 declared that Aadhaar cannot be made mandatory for availing governments schemes and subsidies.[4] These include the PAN, Income Tax Filings, booking train tickets, etc., all of which now mandatorily require Aadhaar number for its processing. The BJP government, however, in its Financial Bill, 2017 added an amendment to the Income Tax Act, 1961. This amendment added a section[5] which makes it compulsory for citizens to link their Aadhaar numbers to their PAN for the purposes of Income Tax processes as well. The compulsory linkage further makes a PAN number invalid if not linked to the Aadhaar until a prescribed date by the Central Board of Direct Taxes (which presently is the 31^st of December, 2017).

The legislation, by making such compulsory legislation, violated the Judiciary’s decisions and observations. This was criticized by the Supreme Court as well[6] because the compulsory linking of Aadhaar to PAN and further for the purposes of Income Tax returns makes it practically mandatory for any citizen to have an Aadhaar. This is in direct contradiction with the Supreme Court’s intention to make Aadhaar voluntary. The dependence of Aadhaar on PAN and other services makes essential services and subsidies exclusive to only Aadhaar holders. A similar problem was identified by the Rajya Sabha before passing the Aadhaar Bill in 2016 where it opposed the Lok Sabha on several grounds one of them being the issue of Aadhaar being mandatory or not.[7]

This recommendation was given during the due process of the bill and was at a later stage accepted by the Lok Sabha before enactment of the bill.[8] As a result of it, there exists section 7 in the Aadhaar Act, 2016 which states that any citizen who is not assigned an Aadhaar number will be provided with alternate and viable means of identification for delivery of a service, benefit or subsidy. The mandatory linking of PAN with Aadhaar having a further validity of tax returns is a clear violation of this section as it is ultimately being made voluntarily mandatory.

The conflict was taken up in the parliament and the Minister of Information and Broadcasting replied that the citizens not having Aadhaar shall be enrolled for one and an alternative method will be provided till an Aadhaar number is assigned to her.[9] This statement directly negates the entire purpose of the optional clause in the Act. However, the Supreme Court in its judgement on the validity of Section 139AA, gave a partial satisfaction to both sides of the debate as it made the linkage compulsory only for existing Aadhaar holders.[10]

Data Security and Infringements

An Aadhaar number includes biometric information such as fingerprint and iris scan of the eyes. The identification is authenticated by matching the biometrics with the database. As Aadhaar is now made mandatory by the government for almost all services including basic services such as phone number, railway tickets, etc., this leaves out a scope for the data to be leaked and misused by state as well as non-state actors which is a clear and direct violation of the right to privacy.

The Aadhaar Act provides for a section[11] which allows the personal information stored under Aadhaar to be shared for the purposes of “national security”. This section was also opposed by the Rajya Sabha recommending an amendment which uses the term “public emergency” or “in the interest of public safety” as it makes the exception more justifiable. The term “national security” is an arbitrary term which can be misinterpreted and misused by government officials.[12] The recommendation was however rejected and as a result, the original term is still in use.

Further, the Aadhaar also risks and compromises privacy of the citizens in terms of non-state actors as well. For starters, the enrolment agencies of Aadhaar number are handled and controlled by private operators. The private operators, therefore, get the data of the citizens for the purpose of uploading it in the government database. There can be a possible misuse of such data and as now, as the Aadhaar is linked to use several government subsidies and services, there increases the chance of misusing the information in order to avail those services. Also, there is another concern in respect to the involvement of private actors in the Aadhaar process. Former Justice K.S. Puttaswamy, who is also the petitioner in the case against Aadhaar in the Supreme Court, during an earlier interview, talked about how it is easy for anyone to get an Aadhaar card as “the enrolment centres are run by private operators so anyone can walk in and get one. This means that [undocumented] immigrants can get one too and that’s a clear security threat. Part of the political will for this project stems from this motivation because obviously they [undocumented] immigrants are also a vote bank for some.”[13]

The issue of data security also applies to the private companies which require Aadhaar as a mandatory part of the procedure for their services. This includes service provider companies, banks, and other private players who have access to the citizen’s biometric information. Such case has in fact occurred after the enactment of the Aadhaar Act. A recent incident happened where it was reported that a website called “magicapk” leaked data of existing Reliance Jio Customers (a service which has over 100 million users and requires Aadhaar number as a part of their procedure).[14] This was confirmed by the Reliance Jio Infocomm Ltd. as it filed a complaint alleging “unlawful access to its systems”.[15]

Another incident occurred, where the digital identities of more than a million citizens got compromised due to a security gitch in the Jharkhand’s old age pension scheme which revealed information like Name, Aadhaar Number, bank account details, etc.[16] These kind of glitches and errors show the lack of data security in the country and the risk of the existence of a database which contains citizens’ highly confidential and private information.

Comparison to Social Security Number

The United States of America runs a similar unique identification programme like that of Aadhaar called the Social Security Number (SSN). However, its specifications are internally different from that of Aadhaar. The SSN provides every citizen of the US with a unique number which requires only an ID proof. The unique number is stored independently and is matched to the name only in case of security purposes. Further, the SSN is restricted only to the federal agencies of the US and is prohibited from usage in the commercial and private areas.[17] The SSN is a much better format of a unique identification process in terms of data security. The United States have over the years, tried to restrict the use of SSN only to federal agencies[18] as it is only for the purpose of identification which is in contrast to the Indian government’s constant efforts for increasing its usage.

Conclusion

The Aadhaar Act has deep-rooted issues attached to it when it comes to breach of security and ultimately privacy. There are other alternatives to implement Aadhaar which might make it a justified, clean and a clear programme. Digital India is now being more and more promoted and implemented in the country than ever before, which is also a given of the government. Lack of stringent privacy laws like that in the US provides a leeway for misuse and inefficiency in implementation of data security. The government’s stance and defence in the matter is always focussed towards the objective of evasion of corruption by implementing linkage of unique identification to PAN, Income Tax matters, banks, etc. to avoid crimes such as tax frauds. Howsoever, the objective is of crucial importance, the privacy of citizens is of supreme importance as privacy is now a fundamental right in India.

Further, the motive of the government to eradicate corruption becomes an irony when corruption occurs in the Aadhaar procedure itself as due to the urgent necessity of having an Aadhaar number (result of the measures of the government) and slow pace of enrolment, citizens are forced to bribe operators in the enrolment centres.[19] Well-structured programmes like the SSN with the only purpose of identification provides a better framework for privacy implementation in the country. There needs to be an efficient and unbiased model of the unique identification programme for it to serve both the purposes of identification as well as privacy because the latter is not liable to be traded as fundamental rights directly link to the status of democracy in a country.

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:  

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA 

References

[1] Justice KS Puttaswamy (Retd.) and Anr. vs Union of India and Ors., Writ Petition (civil) no. 494 of 2012, Supreme Court of India.

[2] Section 139 AA, Income Tax Act, 1961.

[3] Kiran Rathee , Govt plans to link driving licence with Aadhaar, Business Standard (Sept 16 2017, 01:31 IST ), http://www.business-standard.com/article/economy-policy/govt-plans-to-link-driving-licence-with-aadhaar-117091600042_1.html

[4] Legal Correspondent, Supreme Court counters push for Aadhaar, The Hindu (Apr 7 2017, 13:57 IST), http://www.thehindu.com/news/national/aadhaar-cannot-be-mandatory-for-welfare-schemes-supreme-court/article17671381.ece.

[5] See 2.

[6] First Post Staff, SC blasts centre over making Aadhaar mandatory, First Post (Apr 21 2017, 12:34 IST), http://www.firstpost.com/india/supreme-court-blasts-centre-over-making-aadhaar-mandatory-says-it-was-supposed-to-be-optional-3396326.html.

[7] IANS, Rajya Sabha returns Aadhaar bill to Lok Sabha with amendments, The Hindustan Times (Mar 16 2016, 18:38 IST), http://www.hindustantimes.com/india/rajya-sabha-returns-aadhaar-bill-to-lok-sabha-with-amendments/story-uCVCaTLOVVyOVwrHqEuOSI.html.

[8] Express News Service, Aadhaar bill is through after Opposition scores a few brownie points, The Indian Express (Mar 17 2016, 04:47 IST), http://indianexpress.com/article/india/india-news-india/rajya-sabha-returns-Aadhaar-bill-to-lok-sabha-with-oppn-amendments.

[9] Aman Sharma, “Is Aadhaar voluntarily mandatory now?”, The Economic Times (Aug 4 2016, 01:37 IST), https://blogs.economictimes.indiatimes.com/et-commentary/is-aadhaar-voluntarily-mandatory-now/

[10] V. Shivshankar, Supreme Court Upholds Law to Link Aadhaar with PAN, Grants partial stay on Penal consequences, The Wire, (Jun 10 2017). https://thewire.in/145800/sc-upholds-law-link-aadhaar-pan-grants-partial-stay/

[11] Section 33, The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016

[12] See 7.

[13] Deepa Kurup, ‘Aadhaar infringes on our fundamental right to privacy’, The Hindu (Sept 30 2013, 00:08 IST), http://www.thehindu.com/opinion/interview/aadhaar-infringes-on-our-fundamental-right-to-privacy/article5182765.ece

[14] S. Aadeetya, This Website Has Leaked Details of Reliance Jio Users in India, The Quint (May 10 2017, 11:41 IST), https://www.thequint.com/tech-and-auto/tech-news/reliance-jio-user-data-leak-india

[15] Reuters, Reliance Jio does a U-turn, admits to data leak in police complaint, Business Standard (Jul 23 2017, 09:27 IST), http://www.business-standard.com/article/companies/reliance-jio-does-a-u-turn-admits-to-data-leak-in-police-complaint-117071300193_1.html

[16] Aman Sethi, Samarth Bansal, and Sourav Roy, Details of over a million Aadhaar numbers published on Jharkhand govt website, The Hindustan Times (Jul 19 2017, 11:04 IST), http://www.hindustantimes.com/india-news/in-massive-data-breach-over-a-million-aadhaar-numbers-published-on-jharkhand-govt-website/story-EeFlScg5Dn5neLyBzrkw1I.html

[17] Your Social Security Number and Card, Social Security Administration, Govt. of the USA, https://www.ssa.gov/pubs/EN-05-10002.pdf

[18] Gail Hillebrand, State laws restricting private use of Social Security numbers, Consumers’ Union (June 2008), http://consumersunion.org/news/state-laws-restricting-private-use-of-social-security-numbers/

[19] Rabiya Bashir, Aadhaar Enrollment: How Necessity becomes Mother of Corruption, The Kashmir Monitor (Sep 30 2017), https://www.kashmirmonitor.in/Details/133261/Aadhaar-enrollmenthow-necessity-becomes-mother-of-corruption