By Sneha Sanyal , fourth-year student (5-year B.A.LL.B.), National Institute University, Bhopal
Biometric ID cards create identity on the basis of an individual’s physical traits which cannot be altered. They can be both ‘functional’ which target a specific purpose/service like healthcare or they can be ‘foundational’ and provide a database that can be later on used for multiple purposes.[1] India’s ambitious foundational ID program ‘Aadhaar’ is the world’s largest biometric ID system with more than 1.2 billion Unique IDs. India had previously used biometric information to establish identity on a small scale for reasons ranging from social benefit to national security.[2] The nationwide enrollment began in 2010 and within 106 days had created one million Unique Identity Numbers (UID).[3]
In 2012, a writ petition[4] was filed by retd. Justice K.S. Puttaswamy claiming that “Aadhaar” was violative of the fundamental right under article 21[5] as it infringes the right to privacy which was a facet of the right to life and personal liberty. The respondents in return, stated that right to privacy was not a fundamental right as per previous legal precedents. The Apex Court formed a 9 judge bench and unanimously declared right to privacy as a fundamental right rising from article 14, article 19 and article 21 but upheld the legality of ‘Aadhaar’ although clarifying that any benefits due to a citizen cannot be denied merely because they cannot produce an Aadhaar.
In 2016, The Aadhaar (Targeted Delivery of Financial & Other Subsidies, Benefits & Services) Bill, 2016 was introduced and passed in the Lok Sabha as a money Bill under Art. 109. It was alleged that the bill, apart from being wrongfully passed as a money bill, lacked any concern for privacy. Numerous contentions were raised against it –
(i) collection of data along with linking it to daily activities like banking and healthcare ‘construct or de-construct a person’. It could be create a similar system of mass surveillance and profiling as revealed by Edward Snowden. Also, leaving room for adding further biological attributes like DNA collection could pose a threat of ethnic and racial cleansing.
(ii) A member also cited a report of 20,000 fake Aadhaar cards in a state and raised the question of possibility of manipulation of the centralized data by outside contractors who are responsible for collecting personal information.
(iii) Lastly, the vagueness of the term ‘national security’ and the release of biometric information on such an event taking place, according to the provisions of the bill was emphasized on.
The Aadhaar bill was passed within 3 hours of debate as a money bill in the Lok Sabha. Thereafter, the bill was rejected by Rajya Sabha with numerous recommendations but was passed by the Lok Sabha via a voice vote without incorporating any recommendations. The Apex Court looked into the issue again and ruled that Aadhaar was constitutional. It stated that there was a balance between the expected benefits and the possible threats to the fundamental right to privacy.
[6] On the topic of surveillance, the court opined that during enrollment process “less biometric data in the form of iris and fingerprints is collected” and UIDAI “does not collect purpose, location or details of the transaction”. Thus the possibility of a surveillance state does not arise from the manner of operation.
Additionally, UIDAI had mandated usage of only registered devices which encodes the biometric information within the device using a key. This also excludes any possibility of the utilization of stored biometric or the replay of biometrics collected from another source. Additionally, information collected from authentication is not stored by the authorization agencies. The court did strike down ‘Section 57’ of the act as unconstitutional which allowed private entities to use aadhaar for verification purposes.
Though the majority upheld the notion that Aadhaar does not enable a surveillance state, in his minority opinion Justice Chandrachud opined that the architecture of aadhaar enabled possibility of surveillance by tracking transaction data of people over five years (brought down to six months later) via the verification log. Additionally, it can track a person’s location even without the verification log. Secondly, by bypassing the basic structure of constitution of bicameralism the state has committed a ‘fraud on the constitution’. Lastly, due to its exclusionary nature, rejection of benefits arising from social security rights amounts to violation of human dignity and biometric authentication failure results in denial of rights and lawful entitlements. In 2019, an amendment Bill was passed by both the houses to bring in more transparency to some of the contended provisions of the previous act.
Internationally, Biometric IDs have received mixed reviews. In 2017, Jamaica passed the NIRA Act establishing an entity to create, own, operate and manage a civil identification database to register legal residents and citizens.[7] NIRA mandated collection of biometric information from all residents for the purposes of preventing and eliminating crime, facilitation of identification, streamlining of delivery of benefits and reducing corruption amongst others. Difference between Aadhaar and NIRA was that it was mandatory to enroll, failing which legal sanctions would be imposed, biometric information included blood samples and formal access to third party data seekers. In 2019, Supreme Court of Jamaica, following the dissenting opinion of Justice Chandrachud, declared the act unconstitutional.[8]
On the other hand Kartu Tanda Penduduk (Indonesian Identity Card) was issued in 2006[9] to document the burgeoning population.[10] e-KTP contains iris and fingerprint apart from other demographic data in electronic form. KTP can also be used as a base document for other identities. Even Malaysia has made its biometric ID card, MyKad a single gateway for a plethora of services and entitlements.
Therefore, Biometric IDs need to balance transparency & privacy with optimum efficiency before it can be doled out to deal with public policy issues.
Endnotes
[1] Alan Gelb and Anna Diofasi Metz, Identification Revolution: Can digital ID be harnessed for Development? Brookings Institution Press, Center for Global development 1, 34 (2018).
[2] SHANKKAR AIYAR, AADHAAR: A BIOMETRIC HISTORY (Westlands Publications Ltd. 2017). [3] Supra Note 1. [4] Writ petition (civil) 494 of 2012.
[5] “No person shall be deprived of his life or personal liberty except according to procedure established by law”, INDIA CONST. art. 21.
[6] Namita Vishwanath and Savithram Ramesh, India: The Supreme Court’s Aadhar Judgement and the right to Privacy, MONDAQ (Aug. 1, 2020 8.30 PM), http://www.mondaq.com/india/x/744522/Data+Protection+Privacy/The+Supreme+Courts+Aadhaar+Judgement+And+The+Right+To+Privacy
[7] Office of Prime Minister, Jamaica, White Paper on National Identification System Policy (Aug. 1, 2020 8.30 PM), https://opm.gov.jm/wp-content/uploads/2017/02/NIDS-Policy-October2016.pdf [8] See Supra Note 4 ¶349 [9] Jayesh Shinde, How does Aadhaar compare with other ID systems in the world & how to secure its leaky database, INDIATIMES (Jul. 31, 2020 9.00 PM) https://www.indiatimes.com/technology/news/how-does-Aadhaar-compare-with-other-id-systems-in-the-world-how-to-secure-its-leaky-database-276972.html [10] Amendment to law number 23 of 2006 on population administration, art.1 (10), 2013 (Indonesia).