While India copes with COVID-19, Aadhaar continues its function creep #SaveOurPrivacy
Tl;dr
The latest Aadhaar Good Governance Rules notified in August 2020 legitimize function creep of the Aadhaar programme by allowing Aadhaar authentication for usage of digital platforms to ensure good governance, prevention of dissipation of social welfare benefits, and enablement of innovation and the spread of knowledge. These Rules come on the heels of amendements to the Aadhaar Act in 2019 which authorized use of Aadhaar by private parties, and these amendments have been challenged before the Supreme Court for violating the judgement in K.S. Puttaswamy v. Union of India- Aadhaar 5J. The cummulative impact of the Aadhaar Amendment Act 2019 and the Aadhaar Good Governance Rules 2020 is that there remain virtually no limitations on the use of Aadhaar authentication, which had earlier been restricted by the Supreme Court to only government entities and only for receipt of benefits and subsidies funded by the Consolidated Fund of India.
Background
The Aadhaar project, which is a biometrics based national unique ID programme, was challenged before the Supreme Court of India in K.S. Puttaswamy v. Union of India in 2012 for violating individual privacy and causing exclusion. The subsequent litigation led to the question of whether the right to privacy is a fundamental right under the Indian Constitution being referred to a nine judge bench of the Supreme Court. In K.S. Puttaswamy v. Union of India- Privacy 9J (2017 10 SCC 1), this nine judge bench unanimously held the privacy is a fundamental right and any restrictions upon this right must satisfy the proportionality standard.
The constitutionality of the Aadhaar Act, 2016 was specifically addressed by a five judge bench of the Supreme Court in its subsequent judgement in K.S. Puttaswamy v. Union of India- Aadhaar 5J (2019 1 SCC 1), where the majority of judges upheld the constitutionality of the Act subject to certain limitations. Most importantly, the Supreme Court held that under Section 7 of the Aadhaar Act, an Aadhaar number cannot be mandated unless it involves seeking any subsidy, benefit or service for which the expenditure is incurred by the Consolidated Fund of India. The Court also struck down Section 57 of the Aadhaar Act to the extent it allowed use of Aadhaar authentication by private parties since it would lead to commercial exploitation of biometric and demographic information.
Despite the Supreme Court finding that use of Aadhaar authentication by private parties is a dispropotionate invasion of privacy, the government soon proposed amendments to the Aadhaar Act which would allow private parties to continue using Aadhaar to establish the identity of their users. Through the Aadhaar and Other Laws (Amendment) Act 2019, private entities were allowed to perform authentication through Aadhaar, if the Unique Identification Authority of India (UIDAI) is satisfied that it is: (i) compliant with certain standards of privacy and security, or (ii) permitted by law, or (iii) seeking authentication for a purpose specified by the central government in the interest of the State. The constitutionality of these amendments has been challenged before the Supreme Court. Legal experts have also explained that Aadhaar authentication by private parties is inconsistent with the judgement in K.S. Puttaswamy v. Union of India- Aadhaar 5J since "the majority upholds the Aadhaar Act on the premise that authentication is proportional only when used for state purposes to deliver services socio-economic benefits that are linked to human dignity" and "this analogy does not extend to private/commercial interests."
The Aadhaar Good Governance Rules, 2020
The Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2020 were notified by the central government in August 2020. The Rules allow Aadhaar authentication by “requesting entities” in the “interest of good governance, preventing leakage of public funds, promoting ease of living of residents and enabling better access to services for them” for the enlisted purposes of:
(a) usage of digital platforms to ensure good governance;
(b) prevention of dissipation of social welfare benefits; and
(c) enablement of innovation and the spread of knowledge.
As per the rules, the authentication of Aadhaar by these requesting entities shall be on a voluntary basis but past experience raises serious concerns about Aadhaar being voluntary only on paper, and not in practice. Under the Rules, the relevant ministry or the department of the central government or the state government is required to prepare a proposal with a justification for the purpose for which it is seeking Aadhaar authentication. This proposal submitted to the Central Government will then be referred to UIDAI, and if UIDAI is satisfied that the proposal fulfills the enlisted purposes, the requesting entity shall be allowed to ask for Aadhaar authentication.
The application form and the guidelines for submission of a proposal under the Rules mandate that the proposal should contain a “brief description of the initiative or scheme highlighting the benefit that would accrue from its implementation”. It further states that such benefits should be relatable to the specified purposes, for example, “by facilitating participation, accountability, transparency, responsiveness, efficiency, effectiveness, equity, inclusion etc. which reduce or eliminate transaction costs, or promote ease of living of residents or enable better access to services for them.” It also requires that the justification of the purpose should be brought out clearly, and the proposal should explain the “ecosystem and the processes involved in the achievement or delivery of the benefit.”
A Free for All Privacy Nightmare
The purposes for requesting Aadhaar authentication under the Aadhaar Good Governance Rules, 2020 are extremely vague and broad, and any government service can potentially fall within their scope. There are no parameters laid down for the UIDAI to determine whether Aadhaar authentication is 'necessary,' especially since the purposes themselves are so ambiguously wide and pale in comparison to the seriousness of the fundamental right to privacy. Therefore, in the absence of strict guidelines, all and sundry purposes can be sought to be justified. For example, the first chairman of the UIDAI has already expressed his views on the benefits of Aadhaar authentication for distribution of COVID-19 vaccines.
Allowing such authentication runs the risk of being directly in the teeth of the Supreme Court judgment in K.S. Puttaswamy v. Union of India- Aadhaar 5J wherein it was categorically held that Aadhaar enrolment can be mandated only for receipt of "any subsidy, benefit or service under the welfare scheme of the government expenditure whereof is to be met from the Consolidated Fund of India." It should also be noted that when read together with the amendments to the Aadhaar Act in 2019, the Aadhaar Good Governance Rules 2020 create a risk of use of Aadhaar authentication by private parties for wide ranging purposes since Section 4(4) of the Aadhaar Act now allows any "requesting entity" to seek permission for Aadhaar authentication from UIDAI. Rule 3 of the Aadhaar Good Governance Rules requires proposals for Aadhaar authentication by requesting entities to be submitted by the government ministries or departments but there is no pre-condition that the requesting entity on whose behalf Aadhaar authentication is being sought should also be a government entity.
The dependence on Aadhaar authentication to prevent dissipation of benefits has led to the exclusion of many people who are the rightful beneficiaries of these entitlements, and such exclusion is counterproductive if the goal is improving access to government services. A study conducted by the Abdul Latif Jameel Poverty Action Lab in Jharkhand found that at least 88% of the ration cards that were cancelled, were in fact genuine claims. There have also been several instances of people facing practical difficulties in getting Aadhaar numbers and accessing welfare schemes because of lack of awareness, lack of infrastructure, immobility due to illness etc.
From the very inception of Aadhaar, the government has claimed that its biometric authentication technology helps prevent identity fraud and ensures that benefits only go to the deserving. However, as economists have pointed out, there is no reliable evidence backing claims of widespread identity fraud and Aadhaar's ability to plug these leakages. Further, an RTI query revealed that 99.97 percent of people who enrolled for an Aadhaar number did it on the basis of existing identification documents, so lack of identification documents is clearly not the main cause of exclusion from welfare programmes.
To conclude, as Rethink Aadhaar has incisively noted in this excellent post, the Aadhaar Good Governance Rules 2020 are just old wine in a new bottle. The purpose of subordinate legislation is to be more operationally specific, by clarifying ambiguities. However, the Rules come across as an attempt to sidestep the Supreme Court judgement in K.S. Puttaswamy v. Union of India Aadhaar-5J by expanding the scope of the Aadhaar project through the trappings of vague rules and guidelines.
Important Documents
- Aadhaar Good Governance Rules, 2020 (link)
- Aadhaar Amendment Act, 2019 (link)
- Aadhaar Act, 2016 (link)
#SaveOurPrivacy
#BanTheScan