Right to Privacy: What the judgment means for Aadhaar, its constitutionality

Also, the very idea of a boundless general purpose identification database is constitutionally suspect following the unequivocal declaration of privacy as a fundamental right, and the drawing up of the conditions of restricting that right in as narrow a manner as the judgment has done.

Written by Prasanna S | Updated: August 25, 2017 10:47 am
aadhaar card, nios, nios exam date Whether the Aadhaar Act should have been, and could have been, passed as a Money Bill, bypassing Rajya Sabha

A NINE-judge Bench of the Supreme Court is rare; a unanimous decision by such a Bench, rarer. Thursday’s decision is historic not only because it has ruled that privacy is a fundamental right, but also because it has deepened our understanding of fundamental rights as inalienable inherent rights in every human being. What impact will the verdict have on the Aadhaar case, which provided the context for this important moment in Indian constitutional history?

Portions of the judgment that deal with data protection and privacy say that any collection of personal information that would impact privacy must have a law to back it. A corollary to this proposition is that all actions of the Unique Identification Authority of India (UIDAI) prior to the coming into force of the 2016 Aadhaar Act are of suspect constitutionality. A further question arises on what can be done about such data that was collected without a legal basis.

Also, the very idea of a boundless general purpose identification database is constitutionally suspect following the unequivocal declaration of privacy as a fundamental right, and the drawing up of the conditions of restricting that right in as narrow a manner as the judgment has done. This ruling has opened up the field for more concrete challenges to various architectural and implementational aspects of Aadhaar, and its impact on privacy — such as the mandatory collection of biometric data, deployment of private players for collection of information, online authentication and the extent of authentication data storage, and the possibility of data convergence and profiling as a result of Aadhaar-seeding of various databases.

Apart from these issues linked directly with the right to privacy, there are a number of other issues on the Aadhaar project that the court is yet to hear and decide. Some of these, not necessarily in order of importance, are:

* Whether the Aadhaar Act should have been, and could have been, passed as a Money Bill, bypassing Rajya Sabha;
* The issue of Section 7 of the Aadhaar Act that empowers governments to make Aadhaar mandatory for subsidies, services and benefits drawn directly from the Consolidated Fund of India being an unconscionable bargain, and whether the state can specify conditions that infringe on people’s fundamental rights such as privacy and bodily integrity to enable them to access their legal rights and entitlements;
* The issue of decisionmaking on substantive questions such as identity through untested, unreliable technology that irreversibly tilts the scales of control in favour of the state and away from the control of the citizen;
* Above all, the issue of the fundamental nature of the relationship between the state and the citizen in creating a national biometric database with identity reduced to a mere number, and the right to identity being supplanted with the power to identify by the state.

Following the resolution of the question of whether the right to privacy is a fundamental right, the decks are now clear for a smaller Bench of the Supreme Court to hear and decide on these questions at the earliest, keeping in mind that this is litigation that began almost six years ago.

…And what are its implications for privacy in tech use?

Information technology is not only punctuating, but is virtually taking over our lives today. Technology has made many hitherto impossible things possible, many improbable things certain, many processes so advanced that they are “indistinguishable from magic”, as sci-fi writer Arthur C Clarke put it. The methods by which a person’s legal rights may be infringed have undergone similar transformation. Infringements of privacy by state and non-state actors is a real danger of our times, and it required strong articulation as a fundamental right by the nation’s highest constitutional court.

Besides privacy, other legal problems, too, arise from the widespread use of technology. Take the increasing use of technology and algorithms for decisionmaking — the use of proprietary biometric matching algorithms to determine substantive legal status of identity in Aadhaar is one example.

Can a state authority delegate essential decisionmaking that determines and affects the rights of other parties to the device of technology? If so, what would be the parameters to make sure it is just, and not arbitrary? Merely because it is technology, would there be a legal presumption against arbitrariness? Would such a presumption be rebuttable or irrebuttable? If rebuttable, how can one go about rebutting such a presumption? Can it be presumed to be non-discriminatory? There are instances, for example, where facial recognition algorithms appear to work better for Caucasian faces than for coloured faces.

Given the asymmetry of information on the working of the technology — where, in most cases, the algorithm developer and the technology provider know more about the working of the technical system than the person whose interests are affected by it — on whom should the burden of proof lie if questions of arbitrariness or discrimination are raised in the working of the algorithm? If technology-assisted decisionmaking must be provably non-arbitrary and non-discriminatory, what is the standard of proof that is acceptable for various applications?

Even if we were to assume that technology may not be used as the final word, and it may only be technology-assisted human decisionmaking in the matter of, say, criminal sentencing where a predictive algorithm is used to determine the appropriate sentence, what would be the legal principles in dealing with the bias that such technical assistance provides to the final deciding authority?

This is by no means an exhaustive list.

It must be remembered that technology gives a sense of benevolent determinism to many of our life’s problems, which may, however, turn out to be false. As methods of incursion into our rights become more sophisticated, so should our means of asserting those rights and warding off the incursions.

Thursday’s landmark Supreme Court judgment has broadly drawn the parameters for technology-related state action that impacts privacy rights. However, jurisprudence in relation to other rights and other kinds of incursions will similarly need to develop to answer questions of the kind mentioned above.

For all the latest Explained News, download Indian Express App

  1. R
    Reader
    Nov 9, 2017 at 1:42 pm
    The biometrics-based Aadhaar program is inherently flawed. Biometrics can be easily lifted by external means, there is no need to hack the system. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can CLONE your fingerprints and iris images without your knowledge, and the same can be used for authentication. That is why advanced countries like the US, UK, etc. did not implement such a self-destructive biometrics-based system. If the biometric details of a person are COMPROMISED ONCE, then even a new Aadhaar card will not help the person concerned. This is NOT like blocking an ATM card and taking a new one.
    (0)(0)
    Reply
    1. R
      Reader
      Nov 9, 2017 at 1:41 pm
      UK’s Biometric ID Database was dismantled. Why the United Kingdom's biometrics-linked National Identi-ty Card project to create a centralized register of sensitive information about residents similar to Aadhaar was scrapped in 2010?? The reasons were the massive threat posed to the privacy of people, the possibility of a surveillance state, the dangers of maintaining such a huge centralized repository of personal information and the purposes it could be used for, the dangers of such a centralized database being hacked, and the unreliability of such large-scale biometric verification processes. The Aadhaar program was designed in 2009 by mainly considering the 'Identi-ty Cards Act 2006' of UK, but the UK stopped that project in 2010, whereas India continued with the biometrics-based program. We must think why the United Kingdom abandoned their project and destroyed the data collected. (Google: 'Identi-ty Cards Act 2006' and 'Identi-ty Documents Act 2010' )
      (0)(0)
      Reply
      1. R
        Reader
        Nov 9, 2017 at 1:41 pm
        The US Social Security Number (SSN) card has NO BIOMETRIC DETAILS, no photograph, no physical description and no birth date. All it does is confirm that a particular number has been issued to a particular name. Instead, a driving license or state ID card is used as an identification for adults. The US government DOES NOT collect the biometric details of its own citizens for the purpose of issuing Social Security Number. The US collects the fingerprints of only those citizens who are involved in any criminal activity (it has nothing to do with SSN), and the citizens of other countries who come to the US.
        (0)(0)
        Reply
        1. R
          Reader
          Oct 9, 2017 at 7:39 am
          A centralized and inter-linked biometric database like Aadhaar will lead to profiling and self-censorship, endangering freedom. Personal data gathered under the Aadhaar program is prone to misuse and surveillance. Aadhaar project has created a vulnerability to identi-ty fraud, even identi-ty theft. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of impersonation, especially online and banking fraud. Centralized databases can be hacked. Biometrics can be cloned, copied and reused. Thus, BIOMETRICS CAN BE FAKED. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can clone your fingerprints and iris images without your knowledge, and the same can be used for authentication. If the Aadhaar scheme is NOT STOPPED by the Supreme Court, the biometric features of Indians will soon be cloned, misused, and even traded.
          (0)(0)
          Reply
          1. R
            Reader
            Oct 1, 2017 at 10:42 am
            A centralized and inter-linked biometric database like Aadhaar will lead to profiling and self-censorship, endangering freedom. Personal data gathered under the Aadhaar program is prone to misuse and surveillance. A centralized and interlinked database can lead to commercial abuse. Aadhaar project has created a vulnerability to identi-ty fraud, even identi-ty theft. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of impersonation, especially online and banking fraud. Centralized databases can be hacked. Biometrics can be cloned, copied and reused. Thus, biometrics can be faked. High-resolution cameras can capture fingerprints and iris information from a distance. You can change your password if it is compromised. But if someone gets a copy of your biometric data, which can be used for authentication, what would you do?
            (0)(0)
            Reply
            1. Load More Comments