A nine-member bench of the Supreme Court today gave a unanimous verdict that Right to Privacy is a fundamental right, giving a huge setback to the government’s Aadhaar policy. Post this judgment, a five-judge bench of the apex court will now test the validity of Aadhaar from the aspect of privacy as a Fundamental Right.
The Supreme Court stated that Right to Privacy is intrinsic to Right to Life granted under Article 21 of the Constitution. Thus, it overruled the eight-judge bench judgment in the MP Sharma case and six-judge bench judgment in Kharak Singh case, both of which had ruled that privacy is not a Fundamental Right.
The ruling is based on an array of petitions that challenge the mandatory use of Aadhaar. Petitioners say that enforcing the use of Aadhaar, which assigns a unique 12-digit ID to every citizen, is an infringement of privacy. They also stressed that the Aadhaar database was originally presented as a purely voluntary programme that offered to provide every Indian with an identity card. However, the current government has been moving in the direction to make biometric-based Aadhaar mandatory for availing various benefits under various social welfare schemes.
The Chief Justice JS Khehar-headed Constitution bench comprised Justices J Chelameswar, S A Bobde, R K Agrawal, R F Nariman, A M Sapre, D Y Chandrachud, S K Kaul and S Abdul Nazeer. It had reserved its verdict on August 2 after hearing arguments for six days over a period of three weeks.
Aadhaar Versus Privacy: The Implications Of The Supreme Court Judgement
As the nine-judge bench has upheld the right to privacy as a fundamental right, it means that any law passed by the government cannot infringe upon the reasonable restrictions on a citizen’s right to privacy.
However, the bench will not decide the fate of Aadhaar in terms of its validity, but only on the nature and status of the right to privacy under the Constitution. The judgement, though, is a blow to the government’s Aadhaar policy as the Centre will now have to convince the Supreme Court that forcing millions of Indians to give a sample of their fingerprints and iris scans does not constitute a violation of privacy.
Mishi Choudhary, President and Legal Director SFLC.in, a donor supported legal services organisation, hailed the decision and stated, “This is a milestone in a large history across the world on understanding of the right to privacy. The largest democracy in the world has now spoken on the question which we all face because 20th century constitutions, let alone earlier constitutions, did not tend to speak of right to privacy and they certainly didn’t speak of it in terms which allowed its application to the needs of human beings in the 21st century networked society. The Indian SC has taken an enormous step which is going to be looked upon by societies of law around the world with enormous importance.”
The Supreme Court judgment affects the rights and lives of all 134 Cr Indians as the Aadhaar database links iris scans and fingerprints of more than a billion people. The 12-digit identity number is linked to a citizen’s biometric details and has become mandatory for availing government services, such as filing Income Tax Returns, booking train tickets on the IRCTC, opening a bank account and more. The Unique Identification Authority of India (UIDAI), the agency that governs Aadhaar, has repeatedly said that its data is secure. The UIDAI had further stated that privacy was not a fundamental right and there were sufficient safeguards to protect data collected from the people.
However, the government’s ability to keep this data secure or maybe even misuse it has become a worrisome question after the recent data leaks. In April 2017, some of the Aadhaar details of 1.4 Mn registered users were made public on the Jharkhand Directorate of Social Security. These details included sensitive information such as names, addresses, bank account details and Aadhaar numbers.
What was more surprising was that the government officials could not take corrective action after more than 24 hours when the breach was reported. In May, security researchers discovered that the Aadhaar information of as many as 135 Mn people had leaked online.
Even more recently, Qarth Technologies co-founder Abhinav Srivastava was arrested by Bengaluru’s Central Crime Branch on charges of Aadhaar data theft last week. According to the complaint, Srivastava illegally accessed UIDAI data through an “Aadhaar e-KYC verification” mobile app that he developed himself. As per recent reports, Srivastava gave a six-hour step-by-step demo to sleuths of how he managed to hack into the Aadhaar website. In his demonstration, Abhinav Srivastava said that he took advantage of the lack of Hypertext Transfer Protocol Secure (HTTPS) in the URL of the Aadhaar website. Another report claims that Abhinav used shortcuts to access data from various websites that used Aadhaar data.
Saket Modi, founder of Lucideus Technologies, an outfit that has worked closely with the Indian government to ensure the feasibility and safety of the Aadhaar system had stated in an earlier interaction with Inc42 that Aadhaar is an open API system. But, security wise, it is close to one of the top standard security systems.
However in this month itself, another breach has come to light. A Punjab government entity had published the Aadhaar details of 20,100 citizens on its official website. These details include Aadhaar numbers, user names and their father’s name.
These leaks and the perceived lack of the country’s cyber security standards have raised questions about linking of such information to the Aadhaar number that can put private and sensitive information at risk for crimes such as identity theft, hacking and more. More so, questions have also been raised about the efficiency with which this data has been collected and the government’s decision to link it to various social welfare schemes which could deprive many from availing these benefits because of faulty data.
Vickram Crishna, Board Member SFLC.in and one of the petitioners in the right to privacy case also reiterates the same when he says that this unequivocally puts to rest any further attempts to create mechanisms for intrusion into the personal lives of people in India.
Vickram states, “Very importantly, it trashes the state position that the poverty stricken portion of the population is less than human, and unable to appreciate or deserve freedom and liberty, the position that has been repeatedly cited in defence of inefficient and incompetent governance.”
Though the Supreme Court’s decision to uphold the right to privacy is a landmark move, yet it still does not settle the questions and security concerns surrounding Aadhaar. Aadhaar will have to be tested against that recognised right – a test that will take place through hearings by another five-member bench of the Supreme Court. The bench will hear several petitions challenging the validity of the Act. One should also remember the verdict does not comment on whether the government’s demand for Aadhaar to be linked to all financial transactions amounts to an infringement of privacy. Until then, Aadhaar remains as it is.
Nevertheless, the Supreme Court’s decision on privacy is a setback to the Centre, which seemed to be ignoring the importance of upholding the privacy of billions of Indians just to justify and protect Aadhaar.