S.G.VOMBATKERE | 26 SEPTEMBER, 2018
Aadhaar Judgement: Devil Is In the (Details And) Implementation
A first impression by one of the petitioners
The September 26, 2018, judgment [”Judgment” hereinafter] of the 5-Judge bench of the Supreme Court of India (SCI) on the batch of 27 petitions clubbed under “Puttaswamy”, challenging UIDAI’s Aadhaar scheme on various grounds runs to 1,448 pages.
This first impression is necessarily based upon a cursory reading of the document and the words spoken in Court by the Judges, as reported in the electronic media. The Judgment is split into three “parts”, namely, a judgment jointly by three judges (Dipak Misra, CJI., A.K.Sikri, J. & A.M.Khanwilkar, J.) which becomes the majority judgment, and two independent judgments (D.Y.Chandrachud, J. and A.Bhushan, J.).
In coming days there will surely be a spate of arguments as to the “correct” import of the 1,448 pages, with varying and possibly conflicting interpretations. Even when the differences in opinion are resolved, it is possible even at this very preliminary stage to point out some of the issues concerning the implementation of the intentions and directions of the Judgment. This is because the Judgment cannot possibly deal with the details of implementation, and in any case the Aadhaar system had infirmities, some of which were based upon poor implementation, mis-implementation or non-implementation of its provisions.
At first sight, there are some points (P) in the Judgment which appear to be clear. However, questions (Q) concerning their implementation arise in some of the points. They are:
# P: The Aadhaar Act passed as a money bill is valid (is not unconstitutional), but the Lok Sabha Speaker’s decision concerning passing a money bill is justiciable.
# P: Aadhaar can be used only in programs for which benefits provided are based upon funds drawn from the Consolidated Fund of India (CFI). Q: Which benefits are provided from CFI funds need to be explicitly ascertained. Agencies providing benefits from other public fund sources need to be held responsible to irretrievably delete Aadhaar biometric/demographic data already captured, along with the links already established with other databases.
# P: Aadhaar cannot be used for enrolment, examinations etc., by entities like UGC, CBSE & NEET, and children who attain majority (18-years age) may choose to opt out of the Aadhaar system. Q: When a child attains majority, how does he/she “opt out” of Aadhaar, what is the meaning of “opt out”, and what confirmation from whom does he/she receive as confirmation of having opted out. What happens to data already held with these entities?
# P: Aadhaar authentication records can be retained for only six months. Q: Which entity will check the date of acquisition of data, keep track of elapsing of six months and ensure irretrievable deletion of data? What action will be taken and by whom, in case of default?
# P: Aadhaar cannot be demanded for opening bank accounts or obtaining mobile phone SIMs. Q: What governs the handling of data already captured by banks and mobile service providers, along with the links already established with other databases? Who ensures irretrievable deletion of data, and how?
# P: Private parties/agencies cannot have access to Aadhaar data. Q: What governs the handling of data already captured, along with the links already established with other databases? Who ensures irretrievable deletion of data, and how?
# P: Documents other than Aadhaar can also serve as proof of identity. Q: Where software demands Aadhaar number, the software needs to be amended to make entry of Aadhaar number optional, or entirely remove the data field for Aadhaar number. Which agency will ensure that software is amended so as not to deny services?
# P: Minimal data is to be collected. Q: What exactly does “minimal data” mean?
# P: Linking of Income Tax Department’s permanent account number (PAN) with Aadhaar is permissible. Q: Henceforth, obtaining PAN will need Aadhaar number. Will taxable entities already possessing PAN need to obtain Aadhaar? Will taxable entities need to compulsorily quote Aadhaar number for filing IT Returns?
In general, the issues of “opt out”, irretrievable deletion of data, security of databases, protection of privacy, and accountability of controlling agencies and officials, are unclear. Finally, the threat to national security due to creation of the UIDAI’s Aadhaar database (the CIDR) by foreign biometric service providers (BSPs) appears to have been explained to the satisfaction of the 5-Judge bench by the assurance that even though the source code is with the foreign entity, the data in the server rooms is secure as the software operates automatically, the biometric data is stored offline, and there is no opportunity available to the BSP to extract data as they have no access to it.
In sum, for the present, the “devil is in the details” of implementation of the Judgment, howsoever it is understood or interpreted by whomsoever.
With a clearly dissenting judgment by D.Y.Chandrachud, J., and a “in-broad-agreement-with-the-majority-judgment” by A.Bhushan, J., the Judgment has skilfully steered a course between
# Not condemning the violation of SCI’s Interim Order of 2015 that no person should be denied a benefit solely on the basis of not possessing Aadhaar,
# The fait accompli presented by Government of India / UIDAI in using essentially coercive methods to ensure large-scale enrolment, and claiming high enrolment (over 95% of a 1.25 billion population) as evidence of public acceptance of Aadhaar, and # Accepting Aadhaar as constitutional with conditions and exceptions.
(Concerning Aadhaar, Major General S.G.Vombatkere is Petitioner No.1 before the Supreme Court of India in WP 829/2013, WP 220/2015 & WP 797/2016, and Petitioner before the High Court of Karnataka in WP 18444/2017 and WP 36940/2018).