The five-judge Constitution Bench of the Supreme Court on Wednesday said that private entities, like telecom companies, banks and payment service providers cannot demand Aadhaar data from their customer. In a majority verdict, the apex court, however, held validity of Aadhaar for welfare schemes and linking with permanent account number (PAN) while filing Income Tax (I-T) returns.  

 

The Bench of Chief Justice Dipak Misra, Justice AK Sikri, Justice AM Khanwilkar, Justice DY Chandrachud and Justice Ashok Bhushan delivered their judgement on the much awaited issue of Aadhaar. Upholding Section 139AA of Income-Tax Act, the Bench said, it is mandatory quoting of Aadhaar or enrolment ID of Aadhaar application form, for filing of I-T returns and for making an application for allotment of a PAN number.

 

The Bench also said Aadhaar cannot be mandated for opening of bank accounts or for mobile connections and the notification issued by department of telecom (DoT) for making Aadhaar linking to mobile phones mandatory is unconstitutional.

 

Terming school admissions as not a benefit under Section 7 of the Aadhaar Act, the SC said it cannot be mandated for the same. "Benefits and services under Section 7 should be of the nature of welfare schemes targeted at a particular deprived community," it added.

 

In addition, CBSE (Central Board of Secondary Education), UGC (University Grants Commission) and NEET (National Eligibility cum Entrant Test) cannot make Aadhaar mandatory, the apex court ruled.

 

The Bench also stuck down Sections 33(2) and 57 of the Aadhaar(Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016.

 

The judgement has struck down Section 47 of the Act, which stated that criminal complaints for data breach can be filed only by UIDAI (Unique Identification Authority of India). The exclusion of individuals from filing complaints was held to be arbitrary.

 

Section 33(2) permits disclosure of information under Aadhaar Act, including identity and authentication information, made in the interest of national security in pursuance of a direction of an officer not below the rank of joint secretary to the Government of India specially authorised in this behalf by an order of the Central government.

 

Section 57 of the Act permits private entities to use Aadhaar information to authenticate identity of the person.

 

The judgement of Justice Sikri has read down Section 33(1) of the Act, which enables disclosure of Aadhaar information on the orders of district judge, to state that the owner of information should be given opportunity of hearing before issuing such orders.

 

Justice AK Sikri has authored judgement on behalf of himself and CJI Dipak Misra and Justice AM Khanwilkar.

 

The marathon Aadhaar hearings, the second longest in the history of the Supreme Court, after the Kesavananda Bharati case, according to Attorney General K Venugopal, concluded on 10 May 2018. 

 

Over 38 days, the finest lawyers of India have argued for and against the way Aadhaar is being implemented by the Narendra Modi government that tramples on the privacy and security of 12.5 billion people of India. 

 

This was also the first time ever that the hearings have been shared with the public, through live tweets giving argument-by-argument account on Twitter by three accounts.

The five-judge Constitution Bench of the Supreme Court will pronounce its judgement on the validity of Aadhaar on Wednesday. 

 

The Bench of Chief Justice Dipak Misra, Justice AK Sikri, Justice AM Khanwilkar, Justice DY Chandrachud and Justice Ashok Bhushan will give their judgement on the much awaited issue of Aadhaar. 

 

The marathon Aadhaar hearings, the second longest in the history of the Supreme Court, after the Kesavananda Bharati case, according to Attorney General K Venugopal, concluded on 10 May 2018. 

 

Over 38 days, the finest lawyers of India have argued for and against the way Aadhaar is being implemented by the Modi government that tramples on the privacy and security of 125 crore people of India. 

 

This is also the first time ever that the hearings have been shared with the public, through live tweets giving argument-by-argument account on Twitter by three accounts.

 

During the concluding session, senior advocates Gopal Subramaniam, Arvind Datar and KV Viswanathan concluded their rejoinders. Mr Subramaniam argued that all notifications on Section 7 of the Aadhaar Act, are in furtherance of the dignity of the individual. If that is so, there is no question of imposing conditions when dignity is an inherent and inalienable right. 

 

Mr Datar argued that proportionality test not satisfied because all data for deduplication of permanent account number (PAN) were based on 2006 data. “Only magic words like black money and terrorism cannot be thrown around. The justification of the law for proportionality cannot be a ritualistic exercise like this,” Mr Datar argued. 

 

“Aadhaar e-KYC is fatally dumbing down existing KYC norms and is contrary to claims, actually making money laundering easier. So more ease for money launderers and more hassles for bona fide account operators, with a threat of account freeze! All this is colourable exercise of power. To collect the personal sensitive data of 120 crore people compulsorily in the name of and disguise of all these magic words like terrorism and black money,” he charged.

 

Meanwhile, in August this year, Unique Identification Authority of India (UIDAI) has issued an advisory asking people to refrain from sharing their Aadhaar numbers with anyone or anywhere as this is against the law.

 

This follows the fiasco when RS Sharma chairman of Telecom Regulatory Authority of India (TRAI), shared publicly his Aadhaar number and challenged to reveal his personal details. 

 

In a series of tweets, UIDAI, the authority assigned to tag every resident with a number, says, “People are advised to refrain from publicly putting their Aadhaar numbers on internet and social media and posing challenges to others. Such activities are uncalled for and should be refrained as these are not in accordance with the law.” (Read: Shaken Up by TRAI Chief’s Challenge, UIDAI says Don’t Share Aadhaar Number with Anyone; it’s Illegal!)

 

Before that in May 2018, India Post Payments Bank (IPPB) offered its account-holders an option to de-link Aadhaar number. This probably was the first instance where a government-owned entity is offering a choice to customers on Aadhaar. The Payments Bank also allows customer to open savings bank account without Aadhaar. (Read: India Post Payments Bank allows de-linking of Aadhaar from account)

 

According to Bar & Bench, the first petition challenging Aadhaar was filed as far back as in 2012. After a long journey in the Supreme Court, which saw several new petitions, a number of different Benches, a landmark judgment by a nine-Judge Bench and a number of deadline extensions for linking of Aadhaar, the hearing in the case concluded in May 2018.

 

Moneylife has been among the earliest publications to take a strong stand against this identification system. In fact, as far back as nine years ago, when discussions happened in small e-mail groups that our managing editor participated in. (Read: Moneylife's Fight Against Aadhaar Goes Back to 2010, and It Continues)

 

A software patch, freely available for as little as Rs2,500, allows unauthorised persons, based anywhere in the world, to generate Aadhaar numbers at will, and is still in widespread use, says a report from HuffPost India. 

 

A three month-long investigation by HuffPost India reveals that authenticity of data stored in the controversial Aadhaar identity database, which contains biometrics and personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enrol new Aadhaar users.  

 

In the report, Rachna Khaira, Aman Sethi and Gopal Sathe, say, HuffPost India is in possession of the patch. It was analysed by three internationally reputed experts, and two Indian analysts, one of whom sought anonymity as he works at a state-funded university. The experts, after analysing the patch, confirmed that Unique Identification Authority of India (UIDAI)’s Aadhaar software is hacked and ID database is compromised. 

 

The experts said that the vulnerability is intrinsic to a technology choice made at the inception of the Aadhaar programme, which means that fixing it and other future threats would require altering Aadhaar's fundamental structure. 

 

"Whomever created the patch was highly motivated to compromise Aadhaar," said Gustaf Björksten, Chief Technologist at Access Now, a global technology policy and advocacy group, and one of the experts who analysed the patch at HuffPost India's request.

 

"There are probably many individuals and entities, criminal, political, domestic and foreign, that would derive enough benefit from this compromise of Aadhaar to make the investment in creating the patch worthwhile," Björksten said. "To have any hope of securing Aadhaar, the system design would have to be radically changed."

 

Bengaluru-based cyber security analyst and software developer Anand Venkatanarayanan, who also analysed the software for HuffPost India and shared his findings with the National Critical Information Infrastructure Protection Centre (NCIIPC), told the portal that the patch was assembled by grafting code from older versions of the Aadhaar enrolment software—which had fewer security features— on to newer versions of the software.

 

NCIIPC, is the nodal agency responsible for Aadhaar security.

 

Venkatanarayanan's findings were confirmed by Dan Wallach, professor of computer science, and electrical and computer engineering, at Rice University in Houston, Texas.