On May 27, the Unique Identification Authority of India (UIDAI) issued a press release warning “the general public not to share photocopy of one’s Aadhaar with any organizations because it can be misused. Alternatively, a masked Aadhaar which displays only the last 4 digits of your Aadhaar number can be used for the purpose.”
Explaining the rationale behind the warning, the UIDAI said, “Only those organizations that have obtained a User License from the UIDAI can use Aadhaar for establishing the identity of a person. Unlicensed private entities like hotels or film halls are not permitted to collect or keep copies of Aadhaar card. It is an offence under the Aadhaar Act 2016. If a private entity demands to see your Aadhaar card, or seeks a photocopy of your Aadhaar card, please verify that they have valid User License from the UIDAI.” It said that the masked Aadhaar could be downloaded from the official website, and even went on to warn users against downloading Aadhaar using a public computer.
This advisory was however withdrawn on May 29, and in a new press release, the Ministry of Electronics and IT explained that the original advisory was issued “in the context of an attempt to misuse a photoshopped Aadhaar card.” It said, “However, in view of the possibility of the misinterpretation of the Press Release, the same stands withdrawn with immediate effect,” adding, “UIDAI issued Aadhaar card holders are only advised to exercise normal prudence in using and sharing their UIDAI Aadhaar numbers.”
As if to reiterate that all was well of the data and privacy protection front, it further said, “Aadhaar Identity Authentication ecosystem has provided adequate features for protecting and safeguarding the identity and privacy of the Aadhaar holder.”
But what does this flip-flop mean? Far from allaying fears, it has sparked fresh concerns about unauthorized people having access to Aadhaar data. Activists and civil society members took to Twitter to call out the government on this absurd about-turn:
After forcing everyone to distribute #aadhar photocopies liberally and compulsorily- govt wakes up to danger! Techie billionaires don’t have all knowledge @NandanNilekani See the havoc you caused by REFUSING to listen! pic.twitter.com/D63BQG3K3h
— Sucheta Dalal (@suchetadalal) May 29, 2022
Fickle gods. pic.twitter.com/wCTn0pBBZH
— PenPencilDraw (@penpencildraw) May 30, 2022
Just so I’m clear, UIDAI, when you “withdraw” your own press release that said photocopies of Aadhaar cards can be misused, are you now implying and guaranteeing that they *cannot* be misused?
Otherwise, what is it you are “withdrawing”? pic.twitter.com/Ok8NmimU5L
— Rohin Dharmakumar (@r0h1n) May 29, 2022
We have come a L-O-N-G way from RS Sharma sharing his Aadhaar number on Twitter and belligerently fighting with people online daring them ’cause harm’… to UIDAI cautioning people to not share it even with organizations because it can be *misused*. pic.twitter.com/OqHVxEw2LB
— Karthik 🇮🇳 (@beastoftraal) May 29, 2022
Aadhaar: From inclusion to surveillance?
The Aadhar card, with its Unique Identification Number, at its inception was an identity document meant to be a means for inclusion. The Act itself is called The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. But as SabrangIndia has reported previously, in many cases, the programme has led to exclusion of people who need the Public Distribution System (PDS) the most. Starvation deaths were reported from Jharkhand (17) and West Bengal (7) since September 2017, as per a survey report released by the Right to Food campaign in December 2018. In many cases, the deceased had been denied foodgrains at subsidised rates as their ration cards were not linked to Aadhaar. One elderly woman’s old age pension was held up as her bank account was not linked to Aadhaar.
Now, some if not all of these concerns were addressed by the Supreme Court judgment in the Aadhaar case, especially with respect to PDS and welfare schemes, concerns about data privacy and surveillance remain. Privacy activists and human rights groups have been raising concerns about Aadhaar’s misuse ever since the programme was introduced in India.
The biggest concerns relate to how Aadhaar is either already linked or proposed to be linked to other databases. At present one’s PAN is linked to Aadhaar, and there is a proposal to link it to Voter ID as well, in a purported bid to weed out fake voters. But this linkage also poses a great risk to voter profiling, surveillance and even possible voter suppression.
Recently, over 500 entities such as civil rights groups including Association for Democratic Reforms (ADR), Peoples’ Union of Civil Liberties (PUCL), Adivasi Women’s Network, Chetna Andolan, etc.; as well as groups working to defend digital freedoms and rights, such as Rethink Aadhaar, Article 21 Trust, the Internet Freedom Foundation (IFF), and the Free Software Movement of India, as well as activists, journalist and educators including CJP secretary Teesta Setalvad signed a statement calling the move to link Aadhaar with Voter ID “ill-thought, ill logical and unnecessary”.
The statement says that the signatories “are deeply concerned that this will almost certainly lead to mass disenfranchisement, could increase voter fraud, given the mass discrepancies in the Aadhaar database, and could violate people’s right to privacy by enabling voter profiling through the linkage of data sets.” It further elaborates, “India currently has no data protection law, and the current personal data protection bill has wide exceptions for the government. Any attempts to link Aadhaar to the voter IDs, would lead to demographic information which has been linked to Aadhaar, being linked to the voter database. This creates the possibilities for disenfranchisement based on identity, of increased surveillance, and targeted advertisements and commercial exploitation of private sensitive data.”
A key reason cited is the violation of privacy and secrecy of vote. If the revelations of the Cambridge Analytica scandal where Facebook data of millions of users was used to allegedly rig the US elections in favour of Donald Trump by micro-targeting voters with false news is anything to go by, imagine the ramifications if it was demographic data of millions of Indians sourced from the Aadhaar database…
SC judgment on Aadhaar
In September 2018, the Supreme Court upheld Aadhaar’s constitutional validity. The Aadhaar case that was heard for a record 38 days by a bench comprising Chief Justice Dipak Misra, Justice DY Chandrachud, Justice AK Sikri, Justice AM Khanwikar and Justice A Bhushan delivered the verdict months after reserving judgment in May. There were three separate judgments from Justice Sikri, Justice Bhushan and Justice Chandrachud. CJI and Justice Khanwilkar did not pronounce a separate judgment but concurred with Justice Sikri. Justice Bhushan’s judgment was also in line with that of Justice Sikri. But Justice Chandrachud wrote a dissenting judgment.
However, in a partial victory for privacy activists, controversial sections such as those dealing with the national security exception and private players demanding Aadhaar data, were struck down. Section 33(2) of the Aadhaar Act that dealt with the National Security exception was struck down. This section permitted disclosure of information, including identity and authentication information, made in the interest of national security. Justice Sikri has also read down Section 33 (1) that enables disclosure of Aadhaar information on order of a District Judge. Now the owner of the information should be given opportunity of hearing before issuing such orders.
Additionally, Section 57 of the Aadhaar Act, that permitted private entities to use Aadhaar information to authenticate the identity of a person, was also held unconstitutional. Therefore, no private company can either demand Aadhaar information or make it mandatory for providing services. Aadhaar would not be required for opening a bank account or for getting a mobile phone connection.
Section 47 that allowed only the UIDAI to file criminal complaints in case of data breach has also been struck down. It has been held that exclusion of individuals from filing complaints was arbitrary.
Justice Chandrachud’s dissenting judgment
Justice DY Chandrachud wrote the lone dissenting judgment saying Aadhaar is liable to be declared as unconstitutional. “Violation of fundamental rights under the Aadhaar scheme fails on the touchstone of tests of proportionality,” he said. “Constitutional guarantees cannot be compromised by vicissitudes of technology,” he noted in a strongly worded dissenting judgment.
Justice Chandrachud also expressed his apprehensions about the misuse of data for profiling saying, “Biometrically enhanced identity information, combined with demographic data such as address, age and gender, among other data, when used in increasingly large, automated systems creates profound changes in societies, particularly in regard to data protection, privacy, and security. Biometrics are at the very heart of identification systems. There are numerous instances in history where the persecution of groups of civilians on the basis of race, ethnicity and religion was facilitated through the use of identification systems. There is hence an alarming need to ensure that the on-going development of identification systems be carefully monitored, while taking into account lessons learnt from history.”
It is this part that sends a shiver down the spine, given how Aadhaar data can possibly be used for voter profiling, targeting and even subsequent gerrymandering if Aadhaar is linked with Voter ID.