The Aadhaar Ordinance: Overruling The Supreme Court
In its final verdict on the Aadhaar matter, the majority opinion, which otherwise upheld the constitutional validity of the project, had struck down Section 57 as unconstitutional. Section 57 is the section that allowed private entities including mobile phone companies and banks to demand Aadhaar for identity verification.
The Supreme Court had good reasons to strike down Section 57. It was partly because it was the only way for it to be able to justify the passage of the Aadhaar Act as a ‘Money Bill’. A Money Bill requires that an Act pertain solely to the Consolidated Fund of India. The access that Section 57 of the Aadhaar Act provided to the private sector, would have made it hard for the Aadhaar Act to stand as a Money Bill. It is another matter that Justice DY Chandrachud, the dissenting judge, felt that even if Section 57 is removed, the Aadhaar Act does not qualify as a Money Bill and had termed this as ‘a fraud on the Constitution’. More importantly, the judges were concerned about the vagueness of purpose, and unbridled access, for private entities under that section.
In the winter session of Parliament, the government sought to reinstate the provisions of this section through the Aadhaar and other Laws (Amendment Bill) which modified provisions in the Prevention of Money Laundering Act and the Telegraph Act, along with the Aadhaar Act. This was passed by the Lok Sabha and lapsed because the Rajya Sabha could not take it up. They have now been promulgated as an ordinance by the government. If the intent of the lapsed Bill is to go by, the ordinance will allow ‘voluntary’ use of Aadhaar number for authentication for KYC purposes.
Why is the government in such a hurry to reinstate provisions that were struck down as unconstitutional by the majority opinion of the Supreme Court?
This question is especially pertinent if one goes by the narrative around Aadhaar built up by successive governments – viz, Aadhaar is an enabler of welfare, essential for the realisation of the right to life. This has repeatedly been challenged as misinformed and indeed accepted as such by Justice Chandrachud. If indeed Aadhaar is all about welfare delivery, how does it matter that access to the Aadhaar platform was shutdown by the Supreme Court?
The truth is that Aadhaar is not really about welfare. Instead, it has everything to do with facilitating businesses that thrive on mining our personal data.
Even while the existence of Aadhaar was under challenge in the Supreme Court, many businesses including fintech companies, invested heavily counting on continued access. When it appeared that the court was examining the matter with an open mind, some of them petitioned the court as well. Soon after the verdict was delivered in September 2018, audio recordings, reported in January 2019, show that such vested interests were lobbying the government to restore their access to Aadhaar. It is worth reminding ourselves that several of these industry interests—Vinod Khosla, Sanjay Jain, Sharad Sharma, etc.—are people who had worked as ‘volunteers’ for UIDAI, setting up the Aadhaar platform within government.
One legitimate question that arises is, what is the problem if some businesses can benefit from the Aadhaar platform? The worries associated with such easy access to our personal information—using Aadhaar for eKYC provides access to our demographic information as well as our photographs—can perhaps be best understood by looking at the Equifax data breach of 2017.
Many proponents of Aadhaar, at least in the past, have likened Aadhaar to the U.S. social security number. In fact, it is not really like the SSN, but to the extent that it is increasingly getting linked to our financial information—bank accounts included—Aadhaar may become like the SSN. This ever-expanding reach of the Aadhaar number (starting with welfare delivery only, to banking, income tax returns, etc.) is what has been called ‘function creep’.
If all our personal information is linked to a unique number, which cannot be changed, such as Aadhaar, we should be aware of the personal harms that result from data breaches. In mid-2017, the personal data—including possibly their name, address, SSN, driver’s license, etc.—of nearly half of the U.S. population was compromised by Equifax. It has thereby exposed them to phishing attacks and identity fraud forever, potentially allowing bank accounts, credit cards to be opened in their names. Further, Equifax has never been held accountable in any meaningful way for such breaches. The 2017 data breach was not the first by Equifax.
All this sounds very similar to what we have seen with Aadhaar and UIDAI, the authority charged with its administration. Data leaks and the potential harm from them are routinely denied. One defence that is often put forward is that the data never leaked from the UIDAI.
What matters, however, for someone whose data has been compromised is not where the leak happened from, but that it happened.
If your house has been burgled, you don’t care if the thief came in through the window or the door.
Making it possible for more private entities to ask for Aadhaar, to store our data, and making the linking of Aadhaar compulsory in various databases only magnifies the vulnerabilities. In the absence of any data protection law, in a society with low digital and legal literacy, such access is suicidal. In the light of these dangers, the Supreme Court had provided a strong protection to citizens by striking down Section 57.
In fact, in its verdict, the Court directed the UIDAI and government to bring in further amendments to provide better recourse for citizens whose data may be compromised or who may have other grievances. Instead, the ordinance increases the power of the UIDAI without much to ensure its accountability. Where directions have been incorporated, they remain inadequate.
I have argued elsewhere that the Aadhaar project is a marriage of state and corporate power, consolidating and centralising control in their hands. The substance of the Aadhaar ordinance and the manner in which it has been promulgated confirms those fears.
Reetika Khera is associate professor (economics and public systems group) at the Indian Institute of Management, Ahmedabad. Her edited book, ‘Dissent on Aadhaar: Big Data meets Big Brother’, was recently published by Orient BlackSwan.
The views expressed here are those of the author and do not necessarily represent the views of Bloomberg Quint or its editorial team.