Privacy Activist Usha Ramanathan On How Aadhaar Has Taken Over Our Lives

It is one year since five judges of the Supreme Court heard and decided on the legality and constitutionality of the UID project. The majority said that the UID can be used in the disbursement of benefits, services and subsidies when the money is coming from Consolidated Fund of India and must be in the nature of “welfare schemes of the government whereby government is doling out such benefits which are targeted at a particular deprived class”.

Their scope, the majority said, “is not to be unduly expanded thereby widening the net of aadhaar”. And they allowed the mandating of the UID for filing IT returns.

The court categorically rejected the use of the UID number by banks and mobile companies. It “does not meet the test of proportionality and is also violative of right to privacy of a person”, the court said, while striking down the use of the number use in banking. And, even the majority was quite clear that the part of section 57 of the Aadhaar Act which allowed private companies and individuals “to seek authentication is… unconstitutional.”

For the latest news and more, follow HuffPost India on Twitter, Facebook, and subscribe to our newsletter.

What has happened since?

The driving force behind the UID project is corporate interest. The JAM trinity – of Jan Dhan (bank accounts), UID (Aadhaar) and Mobile is the structure of which the UID is a necessary part. Without the bank and mobile linkage, the project would lose its steam. And if private companies could not leverage the project to create business for them, that would be the death of the project.

The dream sold to the state is of surveillance, control over people and the inversion of transparency which the RTI introduced. For the bureaucrat, it has been disintermediation, that is to say, no meeting of citizens except as mediated by the system.

The restraint on private companies using the UID database got business interests into a panic. The government swung into action, and brought in, first, a bill to let the UID be used, generally, but more specifically by banks and mobile companies.

The bill lapsed, the government did the extraordinary act of bringing the bill in as an Ordinance, and then, along with the 27 other bills that were passed into law with hardly any discussion and no reference to a parliamentary committee where it could be discussed, it became law.

Coercion, the denuding of consent and the deliberate destruction of privacy have continued unabated. The numbers enrolling have grown, and now that the number has become universal and ubiquitous, the focus has shifted. It is now about data, and the data economy. The report of the Srikrishna Committee, which was set up as a last ditch effort before the nine judge bench deciding the privacy case, was on how `to unlock the data economy’.

By the time the Economic Survey 2018-19 was written, personal data was no longer personal; it was being recast as a ‘public good’. “The private sector,” it said, “may be granted select databases for commercial use. Consistent with the notion of data as a public good, there is no reason to preclude commercial use of this data for profit.”

A committee has been set up to see how non-personal data – and this includes personal information, but which is considered to be anonymised, or to be ‘community data’, terms that hide more than they explain - can be put to commercial use. The Prime Minister, in his recent visit to the US, invites investors enticing them with the large amounts of data available here, that which he calls the ‘new gold’.

Every day brings attempts to increase the data bases where the UID will reside: someone goes to court asking for the linking of the voter ID with the UID, and he goes to court, again, seeking the linking of immovable property with the UID. Someone else asks a high court to link social media accounts with the UID.

A teacher goes to the Madras High Court against the Aadhaar enabled biometric attendance introduced in her school, and a High Court judge treats her to a diatribe before dismissing her petition. The 2018 judgment is hardly referred to either in court, or while making public policy. Again, it is the disregard of the law that is striking; just like it was when the government simply ignored interim orders between 2013 and 2018.

Reports say that GSTN has ‘approved’ the use of the UID number for GST registration. This is plainly contrary to the law and the judgment. The income tax department is working at ‘sharing’ the tax returns with the GSTN.

Ajay Bhushan Pandey is the head of the UIDAI, head of the GSTN and the Revenue Secretary: many hats sheltering one thought.

NATGRID (National Intelligence Grid) is an agency set up almost simultaneously with the UIDAI and which links 10 intelligence agencies with 21 data providing organisations including air and train travel, telecom, tax, banking and immigration. Officials say that the NATGRID data base had a pool of mobile numbers, vehicle numbers, passport numbers, aadhaar numbers, arms licences, bank accounts, travel details and social media accounts.

NATGRID has expressed its keenness to link social media accounts to a central data base. When it asked the aviation ministry and DGCA to give it data on domestic passengers on certain routes, it was understood that the data will be shared with the intelligence agencies that include RAW, IB, CBDT, Financial Intelligence Unit, Enforcement Directorate, Director General of GST Intelligence, among others, and ‘also be shared with any other agency of government’.

In December 2018, the government notified 10 agencies which would mount surveillance on all electronic communication, Internet activity, and computers, including through interception and, taken to court, the government says that it considers this ‘proportionate interference’.

Fingerprints have not worked, iris has not taken off, and now facial recognition is being introduced everywhere we turn. Video authentication is being mooted. DNA data basing is currently waiting in the wings in Parliament.

These possibilities of surveillance are too tempting to resist, it would seem. The Home Minister now wonders why, with the census exercise in 2021, we cannot have “just one card for all utilities like Aadhaar, passport, bank account, driving licence, voter card”. The reason has been provided in the privacy judgment, and in even the majority judgment.

And, in the dissenting judgment of Justice Chandrachud, is another reason on why the UID data base is already a danger: “Neither the Central Government nor the UIDAI,” he found, “have the source code for the de-duplication technology which is at the heart of the programme. The source code belongs to a foreign corporation. UIDAI is merely a licensee……The protection of data of 1.2 billion citizens is a question of national security and cannot be indemnified by a contract.”

Why is the government not more aware than it seems to be of the national security implications of such projects?

A Jamaican court confronting a similar project in their country found consonance with Justice Chandrachud on ‘the dangers of a state or anyone having control over one’s personal information”, and the threat of the ‘surveillance state’ as real.

This month brought the news that ‘almost entire population of Ecuador has online data leaked’. Three visually challenged persons were dropped from a pension scheme, first because they couldn’t produce a disability certificate, and then because they were unable to enroll in the UID system; the day after the report in the papers they had the pension restored.

There is still no acknowledgment of the starvation deaths and the many episodes of exclusion, and the problems are merely fading into silence. Edward Snowden’s book is out, where he tells us that the American security establishment is very interested in data from around the world, and we are still not listening.