As the marathon battle over Aadhaar reaches its culmination, of which the final hearings alone span 38 days over a 4-month period, the Supreme Court is now deliberating on its constitutionality. During the course of the hearings, the Supreme Court expressed concerns with several features of Aadhaar while also expressing support for other features, such as preventing the dissipation of social welfare benefits. The final outcome of the case, thus, is hard to predict, though at the very least, key issues like exclusion can be expected to be dealt with.
Throughout the hearings, the petitioners argued vehemently against Aadhaar, and the State argued with equal force to justify it. The State has been approaching the entire Aadhaar project with a single focus, to establish a mandatory, nationwide digital identity system. This determined focus has resulted in a recurrent theme brought out during the hearings: A lack of responsibility with which the Aadhaar scheme has been implemented.
Issues with a large-scale digital identity system
A system of such a large scale, for a country like India with over a billion people, naturally, will be plagued with problems. A reasonable approach, then, would be to constantly work towards resolving the issues faced at multiple levels of the Aadhaar ecosystem, be it to deal with exclusion at the ground level or security hacks and leaks of Aadhaar and related data from various sources. Instead, what has actually been seen is a determined push to make Aadhaar mandatory while resorting to complete denial whenever issues with Aadhaar are brought up.
Issues with the legislative backing to Aadhaar
To roll out a process like Aadhaar, one with large-scale implications for people’s rights, the first responsibility of the State is to uphold the rule of law — to ensure legislative backing. Yet, Aadhaar was rolled out under an administrative order without any such backing. Thereafter, the Aadhaar Act was enacted in violation of a Supreme Court order directing that Aadhaar be kept voluntary and in violation of constitutional processes by passing it as a money bill.
Each of these are an issue before the Supreme Court. The Court has questioned, among other things, the lack of informed consent while collecting biometrics prior to 2016, whether the 2016 Act can justify the lack of such safeguards through retrospective validation under Section 59, and further whether a Section like 57, which allows Aadhaar to be made mandatory by anyone, could have any place in a money bill.
Rules and notifications on the use of Aadhaar
In addition to the Section 57 issue, which questions all notifications issued thereunder, the same issue can be seen with the rules and notifications behind the uses of Aadhaar. A key factor that came out in the final hearings was that of the State finally admitting that mandatory Aadhaar-SIM linking had never been directed by the Supreme Court in the Lokniti Foundation case. The order was misinterpreted and people were told that what was, in reality, a governmental decision to mandate Aadhaar-SIM linking, was a Supreme Court order.
Still further, the petitioners in the case pointed to the contradiction between the amended Prevention of Money Laundering Act 2002 (PMLA) rules mandating Aadhaar to open a new bank account and the (former) RBI rules allowing 6 KYC documents to open a bank account. Thereafter, during the pendency of this case, the new RBI notification mandating Aadhaar-based eKYC was issued. The impropriety of doing so was, in fact, also pointed out to the Court by the petitioners.
Lack of verification during Aadhaar enrolment
The Unique Identification Authority of India (UIDAI) made a presentation in the Supreme Court which was designed to instil a sense of trust and security with Aadhaar, its systems and processes. However, certain facts revealed over the course of the presentation led to the opposite result. The questionnaire, for instance, revealed that no verification was done of the people enrolling with Aadhaar — be it of the 182 days residence requirement, or a check on whether they are illegal immigrants or not (official answers of the UIDAI are here). Enrolment is solely done on the strength of the documents provided, and the residence requirement is established through a mere declaration on the enrolment form.
These points lend weight to the petitioner’s argument that Aadhaar is but a self-declaration form of identification and a matching service where biometrics provided at the time of enrolment are matched to those provided at the time of authentication. Aadhaar, clearly, only ensures this ‘matching’ of biometrics, but otherwise does not take any responsibility for the identity of the person. Such an unverified identity system can hardly be, as Aadhaar is advertised to be — the most ‘trusted’ and ‘secure’ digital identity.
Several other factors were brought to light with the enrolment process itself, be it with the involvement of private persons, the lack of monitoring of such persons and the resultant blacklisting of 49,000 enrollers and related data breaches. The spike of Aadhaar-related leaks, hacks and scams are also just another factor, all of which the State is refusing to take responsibility for, asserting only the security of the biometric information stored in the CIDR.
Aadhaar-based exclusion during use of Aadhaar
While considering the issues arising with the use of Aadhaar, Aadhaar-based exclusion is the most obvious issue, an issue the Supreme Court has clearly expressed its concerns with, terming it as a violation of the right to equality. Despite the several media reports of Aadhaar-based exclusion, including exclusion-based deaths, and further, despite affidavits filed before the Supreme Court in this case itself, the State has continued to deny Aadhaar-based exclusion on the grounds that the law provides for exception-handling mechanisms (Section 7), and that not one person has filed a complaint before the UIDAI.
A very simple example of the authentication issues faced by people, which leads to exclusion, was given by Justice DY Chandrachud, among the judges hearing the case, who cited a personal example where his mother, who suffers from Alzheimer’s, had to have a bank officer come over every month for authentication, for her to get her pension. Aadhaar-based denial of services was also brought to the Court’s notice, whether a school child would be denied admission for lack of Aadhaar, or a pregnant woman would be denied admission to a hospital for delivery.
When you think of the millions of Indians facing similar issues, the gravity of the problem, even if it is 1 percent failure in authentication rates, hits home. So when the UIDAI mentioned in its presentation before the Supreme Court that the authentication failure rate is 6 percent for fingerprint authentication, it means that 3.6 crore authentication attempts (individual transactions) have failed. Despite all these factors, the denial of exclusion through quoting laws and the repeated statement that ‘no one is being denied due to Aadhaar’, is only evidence of the State’s failure to responsibly implement Aadhaar or take on responsibility for its shortcomings; to ensure that no person suffers on account of this new scheme.
Laudable purpose behind Aadhaar doesn’t justify irresponsible implementation
Over the course of the hearing, several such factors pointing to the lack of responsibility with the implementation of Aadhaar were brought out. To justify all of these shortcomings, the State’s main assertion is the "highly laudable" and "essential purpose" behind Aadhaar — to ensure the targeted delivery of benefits, subsidies and services of the State. Emphasis was further laid on the time, effort and investment (to the tune of Rs 9,000 crores) which had gone into Aadhaar.
The issue is that no matter how laudable the objective of the State, the State’s job doesn’t end there. The State needs to ensure that the setup of the system to achieve this objective, and thereafter the impact of this system, are legal, proportional and those intended. Where the system does not work for the people’s benefit, the State has the further responsibility of updating, reviewing, redoing, or even doing away with such a project. The State is not serving its people if it sets up a system for their benefit and then pushes ahead with it regardless of its actual effects on them. This is thus, among the many questions that the Supreme Court will have to deliberate on.
The author is a lawyer and author specializing in technology laws. She is also a certified information privacy professional.