By P Arun:
The grand identification project in India began with much fanfare as it came into existence not through statutory law but with a notification (No. A.03011/02/2009-Adm) by the Planning Commission on 28th January 2009. The previous UPA regime failed to give it statutory life as the bill was rejected, however, the current NDA regime has taken the initiative and introduced the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 in Lok Sabha. This recently introduced Aadhaar Bill, 2016 raises some serious questions revolving around security, surveillance and constitutionality.
It is described as, “A bill to provide for, as a good governance, efficient, transparent, and targeted delivery of subsidies, benefits and services, the expenditure for which is incurred from the Consolidated Fund of India, to individuals residing in India through assigning of unique identity numbers to such individuals and for matters connected therewith or incidental thereto.”
It shows that idea behind the introduction of such a bill is to rectify the maladies of bad governance and to streamline the service delivery system in India. But the question that arises is why this bill was introduced as a money bill. Possibly because the NDA government lacks the majority in Rajya Sabha and with this it could bypass deliberation and rejection. It also raises the question of the urgency to pass such a key legislation which will have a huge impact on the lives of people in India.
In the present context, in order to avail welfare services by the state, an individual needs to get entangled in the web of surveilling technologies under the state bureaucratic apparatus. Although the Unique Identification System was introduced in 2009 with much fanfare by UPA, it lacked any legal framework. There had been an attempt to give statutory life under UPA regime. However, in 2011, the Parliamentary Standing Committee on Finance rejected the National Identification Authority of India (NIAI) Bill 2010 on the basis of privacy, feasibility, uncertainty, affordability etc. Now, under PM Modi’s regime, the requirement of its statutory existence came up due to recent Supreme Court judgments where it quashed Aadhaar as unconstitutional and turned it from being mandatory to voluntary. The major policies and services introduced especially under Modi’s regime got held up with that judgement. Hence, this bill was introduced as a money bill to get it passed soon in Lok Sabha.
From the moment of its commencement in 2009, it had increased the level of anxiety and fear in terms of its utilisation in the world’s second-most populous nation. Biometric identification is not new since it was introduced in the colonial period by the British. According to Bernard S. Cohn, it became impossible for colonisers to successfully master, manipulate, and control a state without codifying, documenting, controlling, classifying, bounding, reporting, and investigating the subjects in the colonial state. As the British were facing difficulty in controlling and distinguishing between individuals, colonisers devised fingerprinting as a means of classification and identification of individuals. From the 1850s William Herschel began experimenting with fingerprints to prevent fraud and forgery and later Francis Galton along with others led the way in creating the whole system of fingerprinting.
And it became a modern technology for personal identification developed in India under the British Raj as it was one of the largest colonies to govern. This was done particularly because the colonial rulers regarded colonial subjects as inherently mendacious. It was brought in use to systematically classify the identity of individuals in matters of contract and property law, as well as for criminal identification for which it is still being used in the modern era. In the twenty-first century, biometrics have again appeared as a strategic method to resurrect governance and boost the service delivery system.
Analysing the provisions of the Aadhaar Bill, 2016 raises serious questions. It has several important aspects which could seriously impact individual privacy and security. The uniqueness of Aadhaar lies in its identification of an individual through biometric (photograph, fingerprint, iris scan etc.) and demographic (name, date of birth, address etc.) details. It became controversial due to the question of protecting and securing such vital information from any potential misuse. Hence in Clause 30, biometric and demographic information is regarded as “electronic record,” and “sensitive personal data or information” as mentioned in the Information Technology Act, 2000. If any individual or company impersonates, intentionally discloses, transmits, copies or disseminates, damages, steals, conceals, destroys, deletes or alters, or tampers with etc. such vital information, it is to be regarded as an offence which is elaborated in Chapter VII titled ‘Offences and Penalties’ (Clause 34-47).
Under this bill, the most controversial subject of security and privacy of individuals’ electronic data is dealt with in Chapter VI of Protection of Information. If we look into the entire bill the provisions do reflect that it will ensure the security of identity information and it proposed measures do appear to be stringent. However, it has been diluted under Clause 33. This clause is nothing but a replication of the NIAI Bill, 2010 with significant additions. This new bill gives an “opportunity to a hearing” to the Unique Identification Authority of India prior to the court’s order relating to any matter of protection of information. Most importantly, an attempt has been made to bring in a procedural framework to curb unlawful surveillance by adding an Oversight Committee.
But, under this Clause, there are two significant aspects which have far reaching consequences. Firstly, it is regarded as a bill to address the problem of identification in order to provide social security schemes to every individual. However, Clause 33 (2) says, “disclosure of information, including identity information or authentication records, made in the interest of national security,” which shows an intention to use this data for security and surveillance. It does raise the question of the merits of its use and the consequences of any misuse of such authoritative powers in the hands of the executive.
In order to protect blatant misuse, this clause lays out “an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology.” This committee would act as a channel to review any unlawful surveillance by the government. To understand the role of such committees we need to look into the legacy of surveillance provisions, i.e., Section 5 of Indian Telegraph Act 1885 and 419A of Indian Telegraph Rule 2007, as both of them had a ‘Review Committee’, while in People’s Union of Civil Liberties v. Union of India (1996), the Supreme Court had even iterated procedural guidelines. But, all of them had substantially failed to restrain its misuse which is evident from several cases from the last two decades.
In the 2009 news came out of Gujarat government’s surveillance on a woman architect; the 2010 Radia tapes controversy revealed the nexus between corporate, politics and interception; in 2013 we heard of illegal phone tapping by state agencies in Himachal Pradesh; in 2015 a clash emerged between two recently bifurcated states (Telangana and Andhra Pradesh) and phone-tapping scandal surfaced apart from the many more allegations of phone tapping by the politicians. It indicates the blatant misuse of surveillance by the state, which raises questions about the functioning of this proposed oversight committee.
Secondly, unlike the United States’ Foreign Intelligence Surveillance Court (1978) to regulate surveillance and United Kingdom’s Investigatory Powers Tribunal (2008) and Intelligence and Security Committee of Parliament to oversee and examine unlawful surveillance, India does not have any such institutional apparatus. The Supreme Court of India in 1996 PUCL judgement clearly backed off from providing any prior judicial scrutiny in matters of data privacy and unlawful surveillance. Instead, it stated that it is the central government’s role to frame laws and lay down the procedural framework to curb unlawful surveillance. Hence, the creation of any institutional apparatus lies in hands of Parliament. But Clause 33(1) says “disclosure of information, including identity information or authentication records, [can be] made pursuant to an order of a court.” Why would judiciary issue an order to the disclosure of the UID information?
In 2014, the Bombay High Court quashed and called erroneous the judgement passed by the Goa High Court to provide the CBI with biometric data of all residents enrolled in the Aadhaar programme in the state to help solve the gang-rape of a seven-year-old girl. Though in this case, the Bombay High Court had dismissed the order, this proposed bill reflects how in coming times the judiciary can order the disclosure of biometric information for criminal investigation or for reasons of national security.
Overall, this entire proposed bill reflects the interlocking of surveillance mechanisms and expansion of state powers to put its citizens under surveillance in the name of governance. Although it was launched to facilitate efficient delivery of welfare services, it also allows the state to expand its surveilling space by bringing every individual under its gaze. Post 26/11 Mumbai attack, India’s intelligence gathering and action networks were retreaded by launching NATGRID (National Intelligence Grid). It is a technical interface or central facilitation center, with an integrated facility, which aims to link databases of 21 categories (e.g. travel, income tax, driving licenses, bank account details, immigration records, telephone etc). In addition to that, it would be shared with 11 central agencies (eg. CBI, IB, R&AW, NIA etc.). It is, essentially, ‘dataveillance’ as it uses personal data systems in the investigation and monitoring of the actions or communications of an individual.
Such multiple, overlapping governing practices, with different capabilities and purposes, have empowered the Indian state with technologically-enabled surveillance. By interlocking the biometric card with the Intelligence Grid, the colossal database can be shared with various other intelligence agencies and government departments. It also serves a range of desires, including those of control, governance and security. Such interlocking reflects the strategies of governmentality by the Indian state, which are not just about efficient delivery of welfare or providing safety and security, but to keep a surveilling gaze on its population as well.
The proposed bill raises several questions, which need to be analysed deeply. Instead of disruptive discussions, this bill should be dealt with critical discussion in the Parliament before its passage. If this bill gets passed with the same provisions, it would have a drastic impact on security and privacy. Also, it is quite apparent in this bill that Aadhaar card will not confer rights, entitlement or citizenship. It is merely a unique identity for individuals.
UPDATE: The Aadhaar Bill was passed in the Lok Sabha on 11th March 2016.