The Aadhaar project with its enormous potential of surveillance alters the relationship between citizen and state.  It tilts the balance so steeply in favour of government that a citizen whose biometrics are controlled by the State is permanently condemned to submission

Before we get to the seductions of technology, let me talk about the seductions of literature specifically, children’s literature.  Belonging to an ancient epoch for many in this audience (the pre-Amar Chitra Katha age) is a book series featuring Curious George, a supremely cute monkey who travels by ocean liner from his home in Africa to the East Coast of the United States to reside with his friend, the Man with the Yellow Hat.  Some of you I hope have succumbed to the charms of Curious George, but for those who haven’t, one striking feature of his adventures is our hero’s interactions with technology – a space ship adventure in 1957, and more modestly--kites, bicycles, a water pump, hospital equipment – all tested and deployed in a rather unique simian way.

The author - illustrators, Hans and Margret Rey gently guide Curious George, the mischievous monkey, to a new-for-him contraption and what follows is a hilarious adventure.  Now, what might Curious George conjure up with Aadhaar?

The harnessing of new resources and the employment of new technologies inevitably disrupts the prevailing legal regime. When railroads were first laid across farm lands, sparks from the friction of locomotive wheel and rail triggered fires that destroyed farms. Judges and legislatures were required to balance the economic gains from the new technology against the loss suffered by individuals. As you recall, in that case, technology prevailed and the liability of carriers was limited by law. But as we also know from our experience with the chemical industry, the law can and does muzzle technology.  

We stand at important crossroads with respect to privacy. By ‘we’ I mean all of us collectively as a species, as a civilisation. There is little doubt that in order to harness the benefits of technology in the fields of health, public order, economic efficiency and a myriad other spheres, we will continue to voluntarily cede much of our autonomy and privacy for a notion of a better or more secure life. The real issue at this crossroads is whether in our anxiety to advance, we will surrender all of whatever little is left of the privacy we enjoy. A decade or two from now give or take a bit, will privacy be viewed as a quaint hangover of the 20th century or will it remain a core value to be fiercely protected?  Much of what we do today, and now, in terms of reining in government and private enterprise, will decide the legitimate contours of invasive technologies and pervasive government. Tomorrow is too late. 

The Aadhaar Case

The Supreme Court is currently hearing a set of public interest writ petitions challenging the Aadhaar project.  The case is slated for final disposal and I must disclose my bias in that I appear for a set of petitioners.  There is an interim direction by the Court that no person should suffer from not having an Aadhaar card and that it should not be given to illegal immigrants.  There is little to suggest that after the interim direction on 23 September 2013, the Union government or the Unique Identification Authority of India (UIDAI) have taken any proactive steps to implement the interim directions in letter or spirit. It is business as usual.

What is Aadhaar?

The UIDAI is an administrative body created by a notification issued by the Planning Commission on 28 January 2009.  UIDAI currently operates without any statutory backing, though the Government has a Bill ready to provide a statutory framework. Now that Parliament has adjourned on 18 December 2013 two days ahead of schedule, the law must wait until the next session unless an ordinance is promulgated. 

Aadhaar is the UIDAI brand and logo. The Aadhaar Number is a random, unique 12 digit number issued to each person who successfully enrols. The project cost is in excess of Rs1.50 lakh crore and though there is no specific legislative or indeed even administrative notification that permits UIDAI to use ‘biometric information’, this is the foundation of the project. 

Biometrics

Biometrics is distinctive measurable characteristics of a person that may be used to label and mark individuals.  DNA and palm prints are an example.

The biometric information being collected by UIDAI comprises: (1) facial photographs of the individual; (2) All 10 fingerprints and (3) a scan of both iris.  UIDAI seeks to create a vast data bank containing this personal information.

Biometric information of an individual is part of his or her body. Quoting Lord Goff, the Supreme Court recently recognised that every human being of adult years and sound mind has a right to determine what shall be done with his or her own body. This right to bodily integrity is so fundamental that we frequently take it for granted in the rush and tumble of big city living.      

Procedure Adopted By UIDAI

The procedure adopted by UIDAI is so casual that it borders on irresponsible.  Briefly, the entire process at the field level is in the hands of private enterprises known as enrollers who operate freely without any government supervision. The threshold qualifications for an enrolment agency are so low that not one of them is a recognisable name.  They comprise an assortment of, trusts, societies, proprietary concerns, partnerships and what have you. The biometric information of each enrolee – that set of valuable parameters that we ought to most fiercely guard – is spirited out by filling out a form. The biometrics are initially stored and collected in private hands before it is transmitted to the UIDAI Central ID Repository (CIDR) via memory stick or courier or by direct uploading. The UIDAI has no privity with the enrolling agencies. The loose framework of relationships linking UIDAI to the collection of biometric data is through MOUs with state governments or departments known as registrars. It is these registrars who engage private sector enrolment agencies.

Upon receiving the biometric information the process of de-duplication is undertaken to ensure that the same individual is not issued two UID numbers. The de-duplication exercise is carried out by: (i) Accenture; (ii) Mahindra Satyam & Morpho joint venture; and (iii) L1-identity Solutions. Your biometrics are handled by entities of alien origin with no particular affection for Indian Constitutional values.    

The Aadhaar verification system works through the internet. The service provider – say a bank or LPG cylinder supplier reads your finger print on a small device. The biometric identification is confirmed against the data stored by the UIDAI in its central depository and a confirmation is issued in real time that this person, indeed, is he or she whom she claims to be. UIDAI expects that a forest of applications will rapidly develop which employ Aadhaar as the gatekeeper.  There are scores of gates visible and invisible, that we walk through every day. A fingerprint confirmation to unlock the gate may include unlocking a mobile device; opening the front door to a flat, opening the front gate to the building, unlocking a car door, starting a motor car, withdrawing money from an ATM, paying a cab driver by an Aadhaar enabled debit to a bank account, entering an airport, boarding an aircraft, recognising a face at an airport, entering the University campus or a hostel -- to name just a few gate ways that I passed through this morning. This, again, is no longer the realm of science fiction but is so ‘yesterday’ for technology geeks. It is a matter of time before biometric verification invades every moment of our existence. Unless...  We stop this invasion now.  

The Itinerant Indian

To illustrate the impact of Aadhaar let me take a hypothetical individual-- manic in her travel habits and who, unlike the poor sod on the Clapham omnibus, is able to compress some of the more significant milestones in life into a relatively short frame. 

Recently wedded, she presents herself to register her marriage at the Registration office at New Delhi. She is turned away since she doesn’t have an Aadhaar number, which the Delhi government has by an order made mandatory. Being a conscientious objector, rather than gift her biometrics to the Union government, she travels to Jharkhand to register her marriage. To her horror, she discovers that the state of Jharkhand too has made the Aadhaar number mandatory for the registration of marriages.

Returning to Delhi, she seeks to register a lease for her residential premises but discovers an unyielding sub-registrar who will not register her lease without Aadhaar.

She then applies for an LPG connection and a ration card on behalf of her parent, who resides in this magnificent city, Bangalore. The state of Karnakata will not grant an LPG connection or a ration card unless her parent parts with the biometrics and secures an Aadhaar number.

Moving to Kerala, she finds that she cannot secure admission for her children to a school or a college without them being finger printed and an Aadhaar number issued. Schools and colleges in Himachal Pradesh too insist on Aadhaar numbers before granting admission. Scholarships and fellowship are beyond the reach of her children because they must have an Aadhaar number according to the University Grants Commission (UGC).

Were our protagonist to teach in Maharashtra, she would have to have an Aadhaar number to draw salary and were she elevated as a Judge of the High Court at Bombay, she would discover on her desk a circular issued by the Prothonotary and Senior Master (quite possibly the grandest designation ever conceived for the job of Registrar). The Prothonotary directs that Judges will not receive salaries unless they have an Aadhaar number.

None of this is a gloomy imagination of tomorrow. It is the present. As we debate surveillance, the reality is that in several parts of the country you cannot get your child admitted in school or college, get your marriage registered, buy or lease a property, secure a scholarship, receive your salary, obtain subsidies for LPG or a scholarship unless you first gift your biometrics to the UIDAI.

For all intents and purposes, the creeping civil disabilities that visit an individual who does not surrender her biometrics are already so nasty that we live in what by some measures may qualify as a police state. We are certainly at the cusp of morphing into a police state (with thank God – only half decent policing.) 

Extrapolating ever so slightly, the Union government is creating one huge data bank of every individual’s fingerprints, facial image and iris scan.  As we speak, UIDAI is fingerprinting our future prime ministers, chief justices, leaders, decision-makers and far more sinister, each and every citizen and indeed resident of India.

Aadhaar is garrotting civil rights and civil liberties.

Heads of Challenge

To give you a flavour of the contest in the Supreme Court, here are some of the grounds on which the Aadhaar project is assailed:

(i)  The UID project is destructive of limited government which is built into the Constitutional scheme and is part of the Basic Structure of the Constitution of India. Limited government is transgressed by breaching bounds of personal autonomy guaranteed to every person under the Constitution. There is no statute to back the impugned project but even if there were one, the statute would be ultra vires the Constitution.       

(ii)  The Constitution balances the functioning of the state against individual freedoms and rights. Whenever the state seeks to impinge upon fundamental rights, its actions must be backed by statute and not mere executive fiat. Here, the action under the impugned project of collecting personal biometric information without statutory backing is ultra vires even where an individual "voluntarily" agrees to part with biometric information.

(iii)    The project is also ultra vires because there is no statutory guidance (a) on who can collect biometric information; (b) on how the information is to be collected; (c) on how the biometric information is to be stored; (d) on how throughout the chain beginning with the acquisition of biometric data to its storage and usage, this data is to be protected; (e) on who can use the data; (f) on when the data can be used.

(iv)    The project is also ultra vires because under the constitutional scheme any action by the State that could potentially impinge on an individual's freedom must be backed by statute.

(v)   The procedure adopted by the Respondents is arbitrary and violative of Article 21 because:

(a) There is no informed consent;
(b) Individuals are not told about crucial aspects such as potential misuse of the information, the absence of any statutory protection, the commercial value of the information;
(c) Private parties collect biometric information without safeguards;
(d) The enrolment is based on a flawed introducer system and verifier system; and
(e) There is no government security of stored data;  
 
(vi)    The project as implemented coerces individuals to part with biometrics.
 
(vii)    The project violates the right to privacy.

(viii)    The project is arbitrary and illegal inasmuch as it allows private dominion over biometrics without governmental control thereby compromising personal security and national security.

(ix)     Assuming the Constitution permits the state to collect and store biometric data of all residents, the Constitutional scheme requires that dominion over biometrics of Indian citizens and residents is a core, non delegable function of the state that cannot be privatised.
 
(x)    The impugned project enables surveillance of individuals, and thereby violates Articles 14 and 21.

(xi)    The impugned project as implemented violates the right to human dignity which is a facet of Article 21.

(xii)    The impugned project compromises citizenship.

(xiii)    The failure to provide an 'opt out' option violates individual autonomy and dignity guaranteed under Article 21.

(xiv)    The foundation of the project i.e. biometrics is an unreliable and untested technology. Moreover, biometric exceptions severely erode reliability.

(xv)    Public funds are being channelled to private enterprises without sufficient validation and study that biometric verification works.
 

Governmental Justifications

There are plenty of governmental justifications. First, government claims that each of us has a right to an identity and this is all that the Aadhaar project does. Second, Aadhaar when linked to credits into a bank account will prevent the huge leakages that undermine social welfare spending. Third, UIDAI expects a range of applications and technologies to evolve about the Aadhaar platform that will dramatically improve our daily lives and be supremely convenient to both businesses and consumers. Aadhaar is ‘Post its’ + cell phones on steroids. A world without the joys and benefits of Aadhaar will be unimaginable just a few years from now. 

Identification of Prisoner’s Act

Your biometrics is yours and yours alone. The government can have no claim over them, any more than it can claim your body. Of course, there are narrow exceptions.

Illustratively, the Identification of Prisoner’s Act, 1920 recognises the right of a person to protect his or her finger impressions. This short Act comprising 8 sections requires persons convicted of offences punishable with rigorous imprisonment for a term of one year or more to allow his measurements and photograph to be taken by a police officer.  A measurement may also be taken when a person is arrested in connection with such an offence. A magistrate may order a person to give finger impressions or a photograph for the purposes of investigations.

Resistance is deemed to be an offence under Section 186 of the IPC (Obstructing a public servant in the discharge of his duty). Where a person is not a repeat offender, his photographs (negatives and copies) and all measurements are required to be destroyed when he is released without trial or discharged or acquitted. 

This pre-constitutional regime, which gave limited rights to the state, is now being turned on its head with wholesale trawling of fingerprints through an administrative scheme with no statutory protection to individuals. 

The Aadhaar project, in the absence of any statutory framework or privacy statute is a monstrous invasion of individual rights. It destroys the foundational principle of limited government which is a fundamental attribute of our written constitution. The constitution not only draws lines amongst different organs of the state but it also draws a line between what a state can legitimately do and what is beyond its sphere. Creating a vast data bank of biometrics that potentially can be used against an individual is an enormous and systemic invasion of privacy that appears to fall outside the legitimate sphere of limited government.

Conclusions

In an Aadhaar enabled world, the continuous verification at by the CIDR translates into real time tracking. By coercing individuals into parting with their biometrics at pain of withdrawing essential civil rights, willy-nilly, we usher in a police state. The Aadhaar project, in my view, destroys the social contract that underlies the Indian Constitution. If there is a moral theory on which our Constitution rests, it is the theory that there are limits to state power and there are certain boundaries that the state cannot transgress, no matter how great the perceived benefit. Indian citizens have moral rights against the state and against each other. The right to be left alone, the right to be silent, the right to be anonymous are aspects of individual liberty that are slip siding away due to technologies that most of us can barely comprehend. 

The right to privacy, in my view, is a right that must be taken seriously and while a post Aadhaar world is not necessarily Dystopia, it is certainly a land where reclaiming a personal space where one can be completely alone, will be well nigh impossible. 

Aadhaar is wrong because it compromises the bodily integrity of each of us by snatching away an intimate aspect of our physical identity. It is wrong because it is no part of the business of the Government of India to create a vast data bank of biometrics that can be used and abused against Indians. The Aadhaar project with its enormous potential of surveillance alters the relationship between citizen and state.  It tilts the balance so steeply in favour of government that a citizen whose biometrics is controlled by the state is permanently condemned to submission. Her tastes, her habits, her routines, her provocations are all known or can be known by the State. A central bank of biometric data robs individuals of dignity assured by the Preamble to the Constitution. It also gives an inordinate amount of power to those in government controlling the levers of power against every outsider. The Constitution of India has a morality (which occasionally our Justices fail to discern) but which I believe prohibits an Orwellian state.
 

Returning to Curious George -- what would Curious George do with Aadhaar? Given his mischievous streak, he would probably plant your finger prints at places you have never visited.  And so, Rahul Gandhi may be shown to have visited an RSS shakha and another presumptive Prime Minister may have a trail of fingerprints proving daily visits to the neighbourhood mosque.   Would Curious George have a blast?  Not so. The real tragedy is that all of Curious George’s diversions and antics were played out at a time when he was magnificently alone and unsupervised. Unnoticed by the Man is the Yellow Hat, or the Zoo keeper, or the Museum attendant. Free to play his pranks. The space and the freedom to do mischief, to provoke, to instigate, or indeed to be idle will no longer remain. Not for Curious George and not for us. That is the price or Aadhaar.  

This article is derived from a talk delivered by Adv Shyam Divan at the 7th NLSIR Symposium at National Law School, Bangalore on 21 December 2013
 

(Shyam Divan is a Senior Advocate, practicing in the Supreme Court of India)