On 9th May, 2017, SFLC.in in association with IT for Change and Digital Empowerment Foundation, organized a panel discussion titled “Revisiting Aadhaar: Law, Tech and Beyond” at India International Centre, New Delhi. Saikat Datta, Policy Director, Centre for Internet and Society moderated the panel comprising Anivar Aravind, Founder/Director at Indic Project; Anupam Saraph, Professor and Future Designer; Prasanna S., Advocate; Shyam Divan, Senior Advocate, Supreme Court of India; Srinivas Kodali, Co-founder at Open Stats; Osama Manzar, Founder and Director, Digital Empowerment Foundation; Usha Ramanathan, Legal Researcher. The event was meant as a forum for stakeholders to discuss recent developments around Aadhaar and formulate community responses to the concerns therein.
The discussion started with a brief introduction by Mr. Prasanth Sugathan (Legal Director, SFLC.in) of SFLC.in’s work related to Aadhaar, covering among others, our catalogues of notifications making Aadhaar mandatory for various purposes, violations of the Supreme Court’s orders limiting the use of Aadhaar, and known breaches and leaks from the Aadhaar database. Mr. Saikat Datta on his opening remarks dealt with a number of interesting developments around the Aadhaar Project – such as the notification of the Aadhaar Act, Aadhaar enrolment being mandatory for availing various benefits and subsidies from the Government, and a series of incidents where individuals’ Aadhaar information was leaked from Government databases – and opened the panel for discussion.
Mr. Osama Manzar said that in the name of e-governance and automation, we have put all our data online. While this may be a great step towards digitization of data, he said it is exclusionary at the same time for anyone who lacks understanding of how technology works. Therefore, even though our focus is inclusion, we are effectively excluding people. We do not have the technological capacity and the capacity to realize that sometimes central databases do not match with biometrics and hence getting entitlements becomes difficult.
Mr. Anivar Aravind pointed out that Aadhaar is not an open source project, as none of the technological infrastructure that has been built by UIDAI so far is open for anyone to audit. The argument that Aadhaar must be saved in light of the significant financial investments already made into the project, does not hold up because Aadhaar is defective by design. Despite assurances that the Aadhaar project’s technical design has secured its database against leaks and breaches, a large number of data leaks have already been reported. Since Aadhaar is linked to centralized services such as Unified Payment Interface, Aadhaar Enabled Payment System, and Bharat Bill Payment System, these should be checked upon and regulated to protect consumer interests. Mr. Aravind said that today, the Government is asking us to trust them blindly without providing a system to audit the technical aspects of Aadhaar and the services linked to it.
Mr. Srinivas Kodali said he has been documenting issues around cyber security breaches and actively writing about them. He recalled an instance, where he had reported an early Aadhaar leak containing the information of 5-6 lakh children to the UIDAI and National Critical Information Infrastructure Protection Centre, and suggested that they do a forensic investigation into the leak, only to have no action taken. Mr. Kodali said he has been working on the scale of actual impact of Aadhaar leaks and that there is ample evidence of data leaks from Government databases. According to him, the security of the Aadhaar system is poor and prone to hacking. He also pointed out that people who built the Aadhaar system, now no longer work for the UIDAI and instead run businesses on top of the Aadhaar framework, thus creating conflict of interest.
On being asked about the Supreme Court’s response to the petitions filed against Aadhaar, Mr. Shyam Divan said that there is no accountability within the Court when it comes to how the roster is assigned. He also said that the Chief Justice of India feels there are not enough judges to spare for the 9-judge Constitution Bench, which is to examine crucial questions of law related to the citizens’ right to privacy in connection with the petitions filed against Aadhaar. Therefore, we are stuck in a difficult position and can only hope for interim relief. Mr. Divan pointed out that the judiciary needs to make its stance clear on the following issues: 1) Who does the body belong to? 2) Issues related to limited governance. 3) Right to Privacy. He added that Aadhaar is an untested technology and an instrument of oppression and exclusion. Even in the hypothetical absence of the Constitution of India, each one of us still has fundamental rights merely by virtue of being human, and these rights cannot be taken away by a project like Aadhaar.
Mr. Anupam Saraph said that the design flaws in Aadhaar start at the assumption that it is a database that identifies millions, which is false. There is no authority to certify proof of identity and address in Aadhaar. Unlike passport, driving license, ration card and other identification documents, there is no verification of Aadhaar details, except by private entities that we have no knowledge of. Also, registrars have the power to retain our data. There is no mechanism within the Aadhaar database to distinguish between citizens-non-citizens, terrorists and innocent citizens. He compared Aadhaar to acquiring AIDS; because it attacks its own citizens by lacking the ability to differentiate between aliens and non-aliens and denying individuals their rights and benefits. Further, he pointed out that recently, a minister admitted that 34,000 Aadhaar enrolment agencies had been blacklisted for indulging in malpractices. On an average, the data shows that thirty thousand enrolments are done by one enrolling agency. On multiplying thirty thousand by thirty four thousand, we get 1.2 billion which is almost the entire database. Therefore an audit is imperative to verify all the data held in the Aadhaar database. Mr. Saraph also mentioned that since the data collected by these rogue agencies is questionable, Aadhaar is a huge threat to national security and should have been shut down long ago. He suggested that we should take a leaf out of the British Parliament that repealed the Identity Cards Act, 2006 and the National identity Register that contained the biometrics and personal details of millions of card holders was publicly destroyed. Mr. Saraph said that we need to pass a legislation that debars Aadhaar in the interest of national security.
Mr. Prasanna S, pointed out that the Government has been coming up with contradictory narratives in an attempt to challenge the maintainability of the petitions filed against Aadhaar. Initially, when the project was challenged, they argued that the petitions were delayed and suffer from latches, but on the other hand, they also said that the petitions were premature as the Parliament had not passed the Bill then. They say Aadhaar is both voluntary and mandatory. On being questioned about authentication failure and leaks, the Government says these are teething problems, while they defend the project saying it is a fait accompli. He also elaborated on the new projects that are being built with Aadhaar as its foundation. Terming Aadhaar an evidence-collecting mechanism rather than a unique identity scheme, Mr. Prasanna said the project has been a systematic attack on consent since its inception. He highlighted that irrespective of whether we value consent or not, there are rights that need to be protected by the State. Quoting the jurist and philosopher Ronal Dworkin, he said rights give the law a claim to respect, and that without rights, law is just brutality.
Dr. Usha Ramanathan explained that Aadhaar is an “identification” project and not a “unique identity” project. It was brought into the Government by the private sector, therefore there are private ambitions floating out of it, so the government is satisfying a double-agenda. She said that the meaning of rights and restrictions have interchanged in these times. Over the years, restrictions have become more fundamental and the Government is shifting from rights to a governance framework. She was also of the view that individuals need to care more about the Aadhaar project and the manner in which it is being implemented. She highlighted the importance of civil disobedience and the need to learn a common humanity. She emphasized that blind obedience is the worst thing in a democracy – people should be encouraged to interrogate and question. She said that freedom cannot be compartmentalized, and that we need to take responsibility for everyone.
A number of interesting questions were asked and remarks were made by the audience, a notable few of which were:
Can Aadhaar enable the government to track down activists? Mr. Srinivas Kodali answered that while the Aadhaar system is certainly capable of being used to profile individuals, he doesn’t believe the UIDAI is actively doing so. However, the large scale collection personal information by private players for Aadhaar authentication etc. is still cause for concern, he said. Dr. Ramanathan added that with Aadhaar’s linkage to all kinds of essential activities and services, and with the Government reserving the right to disable Aadhaar cards, it is very easy for the Government to target activists and other dissenting voices through Aadhaar, should they wish to do so.
A petition has been filed in the Supreme Court challenging the money bill aspect of the Aadhaar Act. Will the court ever look into it? Mr. Shyam Divan answered that any reasonable person who looks at the Aadhaar Act will know its not a money bill. He said that he is hopeful the court will look into this aspect and not hide behind the argument that the Lok Sabha speaker’s call is final. It is the judiciary that is the final authority on this. Mr. Divan also remarked that the Aadhaar project is an architecture for hundred percent mass surveillance over the lifetime of Indian citizens. It is going to affect peoples’ political and social choices, and must therefore be challenged.
Is there any way to deactivate / cancel an Aadhaar number? To this, Mr. Prasanna suggested that Section 23 of the Aadhaar Act, which empowers the UIDAI to omit/deactivate Aadhaar numbers, may be invoked to request the UIDAI to deactivate an Aadhaar number. He made it clear however, that Section 23 merely reserves this broad power for the UIDAI and in no way creates an obligation to honor such requests.
The judiciary is unable to contain the massive violation of interim orders and the manner in which the project is being implemented. What does the common citizen do? Mr. Divan answered that we have to be optimistic and keep fighting – we must not give up hope. Mr. Anupam Saraph mentioned that if the court does not give a favourable judgment, then individuals have to start interpreting what civil disobedience means to them.