Penn Calendar Penn A-Z School of Arts and Sciences University of Pennsylvania

Aadhaar After Privacy

Madhav Khosla & Ananth Padmanabhan
October 23, 2017

The Supreme Court of India’s recent verdict (Justice Puttaswamy v Union of India) affirming the right to privacy has been followed by a frenetic state effort to link multiple identification numbers and welfare programs with the nation’s controversial biometric program, Aadhaar. This attempt to present a fait accompli of sorts when the constitutional challenge to Aadhaar comes up for hearing is not a new development; the linking between Aadhaar and Permanent Account N​umbers used for taxation purposes is a case in point. Yet, the Court’s privacy verdict has put both linking and enrollment efforts on overdrive. Even private actors have stepped on the accelerator, and not a day goes by without mails and messages from banks and telecom companies asking customers to link their Aadhaar number with their bank accounts and mobile numbers, respectively. But amidst all this bustle, what are Aadhaar’s realistic chances of survival post-Puttaswamy?

One might begin to answer this by exploring the exceptions to the right to privacy that the verdict recognizes. There are, as others have noted, enough exceptions in Justice Chandrachud’s verdict to facilitate data mining and open data platforms for good governance. Importantly, however, such applications hinge on data anonymization—the keeping out of personalized details that help identify specific individuals forming part of the big data set—for their constitutional acceptability. While the benefits of big data may be immense in terms of offering policy guidance and informing policy choices, the presence of legal safeguards that protect the privacy of individuals will be critical in assessing their validity.

On this point, the Government of India will turn to the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, for its support. The statute does indeed contain provisions to combat fears of excessive surveillance, including Section 28 of this Act which places responsibility on the Unique Identification Authority of India (UIDAI) to ensure the security of identity information and authentication records of individuals. Despite such provisions, however, the fear of a digital panopticon is real for the simple reason that desirous individuals need not necessarily approach the UIDAI to form a complete picture of the various services availed by a citizen. The authentication records also exist in the multiple government offices, ration shops, and other service centres from where welfare benefits are disbursed to citizens. In fact, the data leakages ailing Aadhaar have all occurred thus far from similar end-points where personnel in charge of our data have little training and even lesser interest in keeping such authentication records confidential. The data leakages, in fact, are telling not only because they challenge the mantra that the program is technologically safe, and not only because they simply represent a state program that contains flaws and operates below expectations in practice, but because the nature and upshot of the leakages calls into question the safeguards on which the legitimacy of the program rests.

Furthermore, the UIDAI’s role poses serious institutional and rule of law concerns. On one hand, it is the custodian of the Central Identities Data Repository. On the other hand, it is also the data regulator. As the custodian of data, it decides the level of access to Aadhaar data needed for purposes of authentication and the authentication agencies contracted to do so. It receives service fees for permitting private bodies to conduct such authentication, thereby aligning its incentives in the direction of widespread access to Aadhaar data for authentication purposes. But as a regulator, it is tasked with deciding on how to deal with data breaches. Thus, we have a body that has minimal incentive to report or act upon data breaches because a vulnerable database architecture does not bode well for either its financial or power incentives as a data custodian. Any breach is, plainly put, a challenge to its authority.

These design flaws are serious and may well jeopardize the Aadhaar project. To overcome them, the State could potentially rely on another important exception contained in the Chandrachud verdict, preventing the diversion of scarce public resources to undeserving impostors. This has, in some ways, been the central justification for relying on biometric data for identification and authentication purposes, and without which none of the privacy worries may have arisen in the first place. This is so because biometrics cannot be altered unlike the passwords we set for web applications. At the same time, recent technological advances have made them easily replicable from photographs and even mirror reflections. Ominous as it sounds, we all are walking repositories of highly vulnerable and immutable passwords which hold the key to our national identities and state-subsidised benefits. Therefore, whether such deeply private information can be relied on to prevent scarce public resources from dissipation will depend, in the final analysis, on the checks that are put in place when furthering what Justice Chandrachud has classified as a legitimate state interest.

Some of these checks are found in the Justice Chandrachud’s opinion itself, while other judges have also weighed in on how we might best balance the right to privacy with permissible exceptions. A first requisite is the existence of a law governing the deprivation of privacy interests. This is an important requirement because a great many enrollments were carried out between 2011-16, prior to the enactment of the Aadhaar Act. If the Supreme Court bench hearing the Aadhaar challenge were to take this seriously, coupled with the impermissibility of a waiver of fundamental rights as per an earlier pronouncement of the Court in Basheshar Nath v Commr. Of Income Tax, millions of Aadhaar enrollments may have to be annulled. The other important check arises from how far the State could go even when there is a law in place that furthers a legitimate state interest. In Justice Chandrachud’s view, the means adopted by the legislature must be “proportional to the object and needs sought to be fulfilled by the law.” Justice Chelameswar acknowledges the possibility of certain privacy claims that deserve the strictest scrutiny. Statutory inroads upon such claims can be made only when there is a “compelling State interest” and a “narrow tailoring” of the law to achieve the objective. Considering the use of biometric information as part of Aadhaar, and the complete absence of any volition on the citizen’s part in deciding whether, and towards which schemes, she must part with such information, there is a strong case for this stricter standard to be applied when evaluating its legality.

This brings us to a final matter, namely the role of consent-based architecture in protecting the private authentication solutions built on the citizen database (for example, Aadhaar facilitated frenetic customer on-boarding when Reliance Jio launched last year). The verdict is unclear on what consent means for this part of the Aadhaar vision. Justice Chandrachud places emphasis on the role of consent in the shaping of privacy but identifies other principles, including transparency, regarding data transfer and use, and non-discrimination, as critical for a robust data protection regime. The consent principle also misses the forest for the trees, as it places the onus on individuals acting within the bounded rationality of their lives to decide on issues of larger systemic risk. Private authentication opens up manifold additional concerns, including the threat of enhanced end-point security vulnerabilities in the system. Hopefully, the Supreme Court shall rely on Justice Chandrachud’s diktat to refrain from utilizing citizen data for extraneous purposes outside the realm of legitimate state interest, and place an embargo on the private authentication agenda. Both the state and private actors have come together nicely in the Aadhaar vision; the Supreme Court might be the only place left for the individual to go.

Madhav Khosla is a Junior Fellow at the Harvard Society of Fellows.
Ananth Padmanabhan is a Fellow at Carnegie India.


India in Transition (IiT) is published by the Center for the Advanced Study of India (CASI) of the University of Pennsylvania. All viewpoints, positions, and conclusions expressed in IiT are solely those of the author(s) and not specifically those of CASI.

© 2017 Center for the Advanced Study of India and the Trustees of the University of Pennsylvania. All rights reserved.