S.G. Vombatkere, a retired veteran army major general, a full-time concerned citizen-activist and a petitioner in the Aadhar case discusses the dangers of making Aadhar mandatory with Nehmat Kaur.
NK: What are your reflections on the privacy judgment?
SGV: The privacy judgment is a spinoff from the Aadhaar hearings, in which the validity of the scheme, i.e. different aspects of this scheme, technical, social, data security, surveillance, potential of surveillance, and coercion by government, was challenged by various petitioners. We are thankful to Justice Puttaswamy for kicking off the ball and starting the whole Aadhaar debate. Privacy is central to all these questions that have been put before the Supreme Court by various petitioners, and the judgment (“Puttaswamy judgment”, for short) has clearly brought out that Article 21 concerning the right to life and personal liberty, has been upheld unanimously and unambiguously.
The second point is that the judgment being unanimous, shows complete agreement among the nine judges on the issue of the fundamental right to privacy, with difference only in their focus.
Third, privacy is a value. It is not something that the Constitution or Government gifts to the individual. Privacy is a value that is innate with the dignity and autonomy of the person. Therefore, it is the biological person which is at the core of privacy, with the individual as the fundamental unit of the Constitution, as Dr. Ambedkar said. I pointedly use the term “biological person” because the term “person” can be extended to include corporate bodies which possess the legal fiction of personhood.
The Puttaswamy judgment provides a firm foundation for civil liberties for our country. In this judgment an important point is raised by Justice Chelameshwar, that the citizen has the right to be different and to stand up against the tide of conformity. This speaks very strongly for dissent, in that you don’t have to conform to what anyone else may say. This is a bold and courageous statement which is absolutely vital for a democracy.
The judgment has wide repercussions and is very welcome. It will need to be adjudicated in various fields whenever a matter involving privacy comes up, but the parameters have been set in the Puttaswamy judgment. In future, the judges will have to determine the scope of restrictions on the fundamental right to privacy.
NK: As a petitioner why are you opposing the Aadhaar Project?
SGV: Let us begin by noting that Aadhaar was started by the United Progressive Alliance (UPA), strongly opposed by the Bharitya Janata Party (BJP) as a useless system, and is now adopted and vigorously promoted by the same BJP. Aadhaar was a non-mandatory voluntary database meant only for authentication of biometrics and de-duplication, as was assured to us when the scheme was first proposed. However with time, Aadhaar was made a requirement for various things, thus effectively coercing people into enrolling. Unique Identification Authority of India (UIDAI) claimed that the Aadhaar system was the world’s largest e-governance project, without recognizing that due to a large public outcry on the basis of invasion of privacy, UK and Australia had already scrapped such projects. But in India, as access to information is limited, and with poor literacy, no mass movement came up to oppose Aadhaar.
“The reliability of biometrics is questionable because if authentication fails in even 1 percent of the cases, we are talking about 13 million people in our 1.3 billion population, and they will suffer because their biometric authentication would not be done.”
Further, it is known that aged persons and those who perform hard manual labour usually do not have fingerprints which can even be registered, let alone authenticated, and these persons who need services the most are likely to suffer.
The enrolment procedure of Aadhaar is seriously defective, since anybody who doesn’t have any address or any identity document can go to a so-called, not incorruptible “responsible person” appointed by the UIDAI, who will vouch for both identity and address, without documentary Proof of Identification (PoI) and Proof of Address (PoA). Based on such PoI and PoA, an illegal immigrant can obtain an Aadhaar number, go on to use this Aadhaar to obtain an Indian passport and a voter’s card, and become a full-fledged Indian citizen. Such cases have been reported.
Without saying that Aadhaar is mandatory or compulsory, the project is being pushed using sly coercion by telling people that if you don’t enrol into Aadhaar, then you won’t get this or that benefit or service. The increases in enrolment due to coercion are then touted as general public acceptance of Aadhaar, and this leads to more enrolments. But latterly, Aadhaar has been made mandatory even for rights like salaries. Thus, rather than being inclusive, Aadhaar is exclusionary in character.
Aadhaar is also being opposed on national security grounds. In present times, the probability of cyber attack either by hacking or by inserting malware into critical hardware or software systems, is very real.
“When Aadhaar’s security can be compromised by hacking, and because of the multiple links between Aadhar and various other data silos like bank accounts, IT accounts, mobile numbers, etc., just hacking into Aadhaar will be like a single-point access into various other data silos that will affect an individual’s privacy.”
It becomes a national security issue if large numbers of individuals’ biometrics and demographics are hacked or otherwise compromised. If a national database like Aadhaar’s Central Identities Data Repository (CIDR) is hacked into, then it is actually a slap on the sovereignty of our country.
Mr. Nilekani said that for Aadhaar’s CIDR, there are seven concentric barriers against hacking. Whether that is so or not, the point is that every database is safe only until it is hacked, as admitted by experts in the field. All that is required to hack in is time and motivation. A foreign State or criminal or terrorist organization can employ hackers to steal data, corrupt data, delete data, deny access, etc., and Aadhaar provides a prime target, through which multiple national infrastructure systems can be clandestinely paralysed.
According to the designers of the Aadhaar system, after the system stabilizes (I don’t know what they mean by that, but that’s what they say), it will be taken over by a privately controlled entity, and that entity will charge some amount, perhaps Rs.5 or Rs.10, from every person who uses Aadhaar for biometric authentication. This small sum multiplied many million times every day will provide a tidy income to the controlling private entity. This private entity which will own the CIDR and operate it is assured handsome profit from a system created through public investment.
National security has been compromised because the CIDR creation and data security design was contracted out to U.S corporates like L-1 Identity Solutions Inc. and Accenture Services Pvt. Ltd., which have intimate links with U.S intelligence agencies. So ab initio, we have provided them with backdoors. We must not forget that USA’s Patriot Act states that companies incorporated in USA are bound to hand over data acquired or administered by their foreign subsidiaries in the course of their business, when called upon to do so. Thus, India’s national sovereignty may have already been compromised.
Proof that Aadhaar system is weak in terms of data security is that Government has set up the Justice Srikrishna Committee to review data protection frameworks and draft a law in that regard. If the data was as secure as UIDAI has claimed, there would have been no need for a Justice Srikrishna Committee at all.
There are some questions on data security that need to be answered: What is the security of the biometric and demographic data which has been acquired before the Aadhaar Act 2016, and after 2016 but before the Justice Srikrishna Committee? Is there criminality of negligence on the part of the persons who designed and administered the UIDAI’s Aadhaar system?
NK: What is the difference between giving biometrics to a foreign country for visa and giving it your own country’s Government?
SGV: When I give my biometrics to a foreign country, it is because I want to travel abroad, if those are the rules in that country. It is purely voluntary and if I don’t want to give that information, I don’t go to that country. I accept that risk for the privilege of visiting that country. The situation is entirely different when I give my biometrics to my own government. Giving biometrics to my government is opening myself up for surveillance and invasion of privacy. Further, it is not just that giving biometrics to government is compromising my privacy, but the process of doing so is also problematic. My biometrics can be misappropriated by individuals for illegal purposes, and they can also be planted in some other place to falsely incriminate me. As you know, biometrics can be lifted, by using Fevicol, or by high definition photography as happened with a German minister.
We also have Bharat Interface for Money (BHIM) now which allows me direct access to my bank account with my fingerprint. Now if my fingerprint is lifted, I would have lost my identity permanently. With credit card and debit card, I can change the pin, but in BHIM, I can’t. Basically, it is the biometrics that cannot be taken back.
NK: Should Aadhaar be dissolved entirely or salvaged with changes and amendments?
SGV: Aadhaar was conceived as a national project to cover the entire population, and implemented with no parliamentary debate or public consultation, and with assurances of voluntariness. The Parliamentary Standing Committee on Finance that was headed then by Mr. Yashwant Sinha, studied the Aadhaar system, and opined that it was a faulty scheme that deserved to be reviewed, if not scrapped. That is the gravity of the matter.
The other thing is that even Mr. Narendra Modi, before he became Prime Minister, openly rubbished it and did so quite strongly, but it turns out that he has since changed his mind because he aggressively promotes it now. The core issue in the Aadhaar project comes out to be data privacy and an individual’s control over his/her biometrics and other data. This overrides all the implementation problems in the technical and social issues that are there in the system, and even if these problems are overcome, the privacy issue will always remain.
In the Army we have two ways of categorizing defective equipment; “beyond local repair” means that it cannot be repaired locally but it is still repairable with better facilities; “beyond economic repair”, as the name suggests, it is not worth spending money to repair it.
“In this view, I would say that Aadhaar is beyond economic repair, and the system should be junked. If privacy as a fundamental right is to be upheld, the Aadhaar system has to go.”
There may be reasonable restrictions that the Attorney General may argue, but I don’t think will carry weight with the Supreme Court when they hear it.
But in case the Aadhaar system is not thrown out completely because so much money has now been invested in it – the same argument was given in the case of the Narmada dams – that is, if it has to be retained, then the persons who are enrolled into Aadhaar should be given the option to de-enroll or opt-out with assurance from the UIDAI Aadhaar system that their names and data has been deleted from the CIDR, and from the various linked or seeded data silos.
NK: What should be the key features of the data protection bill being drafted by the Committee headed by Justice Srikrisha?
SGV: Among others, it should definitely have these two key features: One, protect individual’s privacy, and two, define the scope of reasonable restrictions on Fundamental Rights.
NK: Do you have any other comments?
SGV: The coercive imposition of Aadhaar is leading to an Orwellian state of affairs. This is because of the progress of neoliberalism imposed through corporate influence on successive governments. We have Content Management System (CMS) and National Intelligence Grid (NATGRID) as surveillance systems, and NATGRID integrates 20 national databases for intelligence purposes. They are our own national intelligence agencies and we must trust them, but only so far as it doesn’t impinge on individual privacy.
Privacy as a fundamental right, like other fundamental rights, is not absolute. It is subject to reasonable restrictions. A reasonable restriction on privacy rights could be to permit government security agencies to keep a watch over terrorism suspects or other criminals. But keeping a general watch (untargeted surveillance) on all citizens invades their privacy, and this cannot be a general practice in any democracy. Besides, this includes the implicit, demeaning assumption that all citizens are criminals until proven otherwise. National security can and must be assured without invading general individual privacy.
Finally, I believe that UIDAI’s Aadhaar project has the unfortunate potential to effectively turn our country into a police state, because untargeted surveillance impacts on the private, civic, social, economic and political life of citizens. But besides Aadhaar, there are three other projects, all in various stages of implementation, which have the potential to irretrievably change the character of the sovereign, democratic Indian Republic that we know. One, interlinking rivers is a series of mega-projects of dam-canal systems on India’s major rivers that impinge on environment and have huge economic, social and political ramifications, including impacting federalism in the country. Two, genetic modification (also known as recombinant DNA technology) for food crops impinges irreversibly on food security and public health. And three, nuclear energy has environmental and social issues which impinge directly on public health and safety, with very long-term radiation risks to future generations. The factors common to all these four are
- None of them have been debated in the Parliament
- They involve entry of multi-national corporations into governance and policy-making along with humongous public debt
- They are both the cause and the effect of centralization of political power, and
- Persons who question these mega-projects, are labelled anti-development, anti-national, etc., and many of these persons have been unfairly and wrongly targeted by state or central governments in various ways.
