Is Aadhaar Constitutional? Supreme Court’s Verdict On Aadhaar
Supreme Court’s Verdict on Aadhaar.
SC has recently upheld the constitutional validity of the Aadhaar Act.
• Supreme Court (SC) has upheld the Aadhaar (Targeted delivery of financial and other subsidies, benefits and services) Act, 2016 as legitimate ‘reasonable restriction’ on the individual’s right to privacy.
• In 2017 in K S Puttaswamy judgement, SC had upheld that Right to privacy is a fundamental right and a part of Right to life under Article 21 of Indian Constitution.
Key Points of the Verdict:
• Section 2(d) Read Down of Aadhaar Act:
- government authorities cannot store metadata of transactions
- authorities can store data for only 6 months and not 5 years as legislated.
• Section 33(1) of the original Aadhaar Act enabled disclosure of aadhaar information on the orders of District Judge.
- This provision was read down in the verdict to state that the owner of information should be given opportunity of hearing before issuing such orders.
• Section 33(2) permitted disclosure of information under Aaadhar act, including identity and authentication information, made in the interest of national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India.
- The judgement held that now an officer above the Joint Secretary rank should first consult with a judicial officer, possibly a High Court judge, and both should decide whether information need to be disclosed in the national interest.
• Section 47 of the Act, which stated that criminal complaints for data breach can be filed only by UIDAI.
- After the judgement this section was struck down allowing individual to file complaint in case of theft of Aadhaar data.
• Section 57 of the Act permitted private entities to use Aadhaar information to authenticate identity of the person.
- The judgment of the supreme court revoked this section disallowing private bodies like telecom companies and private banks from using Aadhaar for verification purpose.
• As regards enrolment of children, it was held that they should be given an option to exit the scheme on attaining majority.
- School admissions cannot be based on Aadhaar. CBSE cannot insist on Aadhaar for examinations
- Aadhar is not necessary for children aged between six and 14 under the Sarva Shiksha Abhiyan as right to education is a fundamental right
- Permission of parents and guardians is must before enrolling children into Aadhaar.
• The judgment also stated that there was no impropriety in Aadhaar Act being introduced as a money bill.
• The Supreme Court upheld the mandatory use of Aadhaar for securing government benefits under PDS, MNREGA, LPG.
• Court has also upheld mandatory linking of Aadhaar with PAN for Income Tax purpose also.
• Supreme court has asked Central Government to frame law on data protection.
• Directed government to prevent issuance of Aadhaar to illegal migrants.
Implications of Judgement:
- Aadhaar can now be used only for aspects directly related to welfare benefits, subsidies and money spent from the Consolidated Fund of India.
- Private entities cannot use or make Aadhaar mandatory for their services. This is likely to assuage fears that biometric or personal information could be used for commercial gains by private entities.
- Allays fears of people on disclosure of their data on grounds of national security or even use of data for other purposes (like investigation of crime) other than subsidies and welfare of the people.
- No person can be denied any government benefits on grounds of Aadhaar. If authentication fails, the government has to provide substantial alternatives.
- It will allow individuals to file complaint in case of theft of Aadhaar data unlike earlier when only UIDAI could file complaints. Thus, it empowers people to seek remedy.
- This decision may have an impact on digital banks, NBFCs, mobile companies and others who rely heavily on Aadhaar based eKYC verification and eSign for digital signature of documents.
- Approval of governments move to pass Aadhaar Act as money bill by the court could be used by the government to bypass Rajya Sabha by introducing important bills as money bill. (Justice Chandrachud dissented with the majority opinion and held that passing Aadhaar as a money bill was unconstitutional).
Other Concerns related to the Judgement:
• Ambiguity about existing details with private companies: By Striking off section 33 and 57, court has upheld ‘Right to Privacy’, but, there is still apprehensions over the fact as to what happens to the existing private details in the servers of the companies before the judgment.
• Data security issues related to Aadhaar data have not been addressed as there is absence of a data security law.
• Welfare Schemes: Critics are not satisfied with the verdict about Aadhaar being mandatory for welfare schemes in light of basic necessities such as ration being denied due to nonavailability of Aadhaar.
• Further, several reports informed starvation deaths in Jharkhand, massive malnutrition and related deaths of children in Maharashtra, Madhya Pradesh, Chhattisgarh and tribal areas.
According to Article 110, a Bill shall be deemed to be a Money Bill if it contains only provisions dealing with all or any of the following matters, namely:
i. The imposition, abolition, remission, alteration or regulation of any tax.
ii. The regulation of the borrowing of money or the giving of any guarantee by the Government of India, or the amendment of the law with respect to any financial obligations undertaken or to be undertaken by the Government of India.
iii. The custody of the Consolidated Fund or the Contingency Fund of India, the payment of moneys into or the withdrawal of moneys from any such Fund.
iv. The appropriation of moneys out of the Consolidated Fund of India.
v. The declaring of any expenditure to be expenditure charged on the Consolidated Fund of India or the increasing of the amount of any such expenditure.
• Money Bills can be introduced only in Lok Sabha on the prior permission of the President. Once money bills are passed by the Lok Sabha, it is sent to the Rajya Sabha. The Rajya Sabha cannot amend money bills but can recommend amendments, which can be accepted or rejected by the Lok Sabha.
• The Speaker of the Lok Sabha certifies a bill as money bill before sending to the upper house. The decision of the Speaker is binding on both the houses. However, it is also subject to judicial review by the court of law.
• The President when presented with a money bill can do the following:
- Assent to the bill, or
- Withhold assent to the bill
- But he cannot return a Money bill for the reconsideration of the houses.
The Fundamental Rights available to citizens are qualified and not absolute, as the State can impose reasonable restrictions on them. The reasonableness of the restrictions is subject to jurisdiction of the courts.
According to the Supreme Court a restriction imposed on the exercise of freedom guaranteed under Article 19 is reasonable only if it strikes a proper balance between the Rights of the Individual and those of the Society. It has given the following conditions for determining the reasonableness of the restrictions.
• Restrictions must not be arbitrary or excessive, going beyond the requirements of interests of general public
• Just balance between the restrictions imposed and social control envisaged.
• Prevailing social values as also social needs which are intended to be satisfied by the restrictions.
• There must be direct and proximate connection between the restrictions imposed and the object sought to be achieved by the Act.
The Supreme Court in Gopalan Case ruled that Right to life and personal liberty under Article 21 can be deprived by a law that is reasonable, fair and just.
Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016
• Aadhaar is a 12-digit unique identity number that can be obtained by residents of India, based on their biometric and demographic data.
• The data is collected by the Unique Identification Authority of India (UIDAI), a statutory authority, under Ministry of Electronics and Information Technology.
Powers of UIDAI (Section 23)
UIDAI may frame rules including:
• The process of collecting information,
• Verification of information,
• Individual access to information,
• Sharing and disclosure of information,
• Alteration of information,
• Request and response for authentication,
• Defining use of Aadhaar numbers,
• Defining privacy and security processes,
• Specifying processes relating to data management, security protocols and other technology safeguards under this Act
• Establishing redressal mechanisms.
Benefits from Aadhaar Act:
• Reducing inclusion and exclusion errors: Direct Benefit Transfer of LPG through Jan Dhan Aadhaar Mobile (JAM) trinity saved Rs. 90000 crores by eliminating fake and duplicate beneficiaries.
- Economic Survey 2015-16, notes that about Rs 1,00,000 crore from the total subsidy bill is being “unevenly distributed” to the better-off population due to flawed targeting of the assistance. This amount accounted for about 40% of the total subsidies.
• Minimum government-maximum governance: Aadhaar reduces the paperwork for identification, cuts bureaucratic red tape, easier access to benefits for vulnerable sections.
• Reduces cost of identification: Under “One Nation-One IdentityOne Aadhaar”, which reduces duplicity of efforts by authorities.
• Good Governance increases transparency and accountability to citizens through use of ICT, fosters effective socioeconomic development.
• Section 7 of the Aadhaar Act: It states that Central or State Governments can make possession of an Aadhaar number or Aadhaar authentication mandatory for receipt of subsidies, benefits or services funded out of the Consolidated Fund of India.
- At the same time, the section also states that those individuals who have not been assigned an Aadhaar number, shall be enrolled for Aadhaar and offered an alternate and viable means of identification for receipt of subsidy, benefit or service till the 12-digit biometric number is assigned to them.
• Security Provisions: There are security provisions already present in the Aadhar which rule out any possibility of surveillance by the State, such as:
- Authentication of Aadhar is done by UIDAI which replies in positive or negative to any authentication request. The Aadhar data of the person is not stored anywhere in the internet in this process.
- The nature or location of the transaction or the purpose for which authentication is needed is not asked during the authentication process.
- Only registered devices are allowed to carry on the authentication work of Aadhar.
- Moreover, as per the provisions of Sections 27 and 28, a person’s Aadhaar can be cancelled or deactivated if multiple Aadhaars have been issued, or there are discrepancies in the biometric data or supporting documents.
- Recently UIDAI has also announced a phased roll-out of face recognition in order to strengthen security framework for Aadhaar.
Concerns with Aadhaar:
• Data Protection: As cases of data breaches such as Wannacry ransomware attack, cyber theft from Bangladesh Central Bank are on rise, legitimate concerns over Aadhaar data protection system remain.
- For example, in June 2018, a Hyderabad-based mobile SIM card distributor had forged Aadhaar details for activating thousands of SIMs.
Measures taken to Strengthen Security of Aadhaar
• UIDAI has established two large-scale data Centers to ensure complete security of data and applications,
• UIDAI conducts regular audits by reputed third party agencies to keep its systems and processes up to date.
• Selection of Technology: Aadhaar platform is built mostly on open source technologies, with propriety technologies being used only where necessary. This is done so that no private contractors may sell/steal the data.
• Encryption of Data: Uses highest available public key cryptography encryption (PKI-2048 and AES-256) with each data record having a built-in mechanism to detect any tampering.
• Creation of Virtual ID (VID): This can be used as a substitute of the 12 digit Aadhaar number.
- VID is a temporary 16-digit random number which acts as temporary authentication code. Thus the need of sharing the original Aadhaar number is eliminated.
- At any given time, there will be only one valid VID.
• India’s Unique Identification project is the world’s largest biometrics-based identity programme. As per the Government’s submission, Aadhaar fails only 0.232% of the times. Thus our efforts must be geared towards removing any loopholes and making the Aadhar infallible.
• Draft Data Protection Bill, 2018: Soliciting ideas, concerns and aspirations of wider social community with all critical stakeholders, bill must be promulgated as soon as possible.
• Critical Information Infrastructure (CII): National cybersecurity policy 2013 envisages creation and protection of critical information infrastructure. Aadhaar database must be listed as CII.
• Updating of IT Act 2000: IT Act 2000 is insufficient to deal with privacy concerns, cyber war, identity theft etc. and hence need to be updated.
• Public Awareness: Generating public awareness about importance of mobile-laptop-app security, norms of permissions and consent, and overall digital literacy is crucial. Pradhan Mantri Digital shakhsharta abhiyan (PMDISHA) needs to be implemented properly.
• A Social Security number (SSN) is a 9-digit number that the U.S. government issues to all U.S. citizens and eligible U.S. residents who apply for one.
- According to the earnings of a person, their mandatory contribution towards social security is determined and deducted from their incomes.
1,910 total views, 309 views today