Introduction

Privacy concerns relating to the AADHAAR project have been the subject of much fiery
debate now days1. On the one hand, stands taken by the government and UIDAI on these
issues have been vague. Arguing before a bench in the Supreme Court, the Attorney General
of India has argued that Indian citizens have no constitutional right to privacy2.This is
astonishing not only because there are several interpretations of constitutional provisions and
judgements to the contrary3, but also because it contravenes conventional wisdom and best
practices in digital verification and authorisation systems4.AADHAAR is a 12 digit
individual identification number issued by the Unique Identification Authority of India
(UIDAI)5 on behalf of the Government of India. This number serves as a proof of identity
and address, anywhere in India. Any individual who is a person living in India can enrol for
AADHAAR. Each AADHAAR number will be unique to a person and will remain valid for
life. AADHAAR is easily verifiable in an online, cost-effective manner. Unique and strong
enough to eradicate the large number of duplicate and fake identities in government and
private databases. The government interprets AADHAAR card as a means of improved
governance in many areas. It is a voluntary service that every resident can avail irrespective
of current documentation.6

‘Right to Privacy is a fundamental right’ judgement 7by the Supreme Court, there still exist
the issue of AADHAAR being valid or not which is still pending.

1
NDTV. 2016a. Truth vs Hype: AADHAAR’s One Billion Challenge.
http://www.ndtv.com/video/news/truth-vs-hype/ truth-vs-hype-AADHAAR-s-one-billion-challenge-411279.
NDTV. 2016b. what should they do who don’t get ration.
http://khabar.ndtv.com/video/show/ndtv-special-ndtvindia/what-should-they-do-who-dont-get-ration-423998.
2
. On the one hand, positions taken by the government and UIDAI on these issues have been ambiguous.
Arguing before a bench in the Supreme Court, the Attorney General of India has claimed that Indian citizens
have no constitutional right to privacy (PTI, 2015).
3
Bhatia, Gautam. 2015. Sorry, Mr. Attorney-General, We Do Actually Have a Constitutional Right to Privacy.
http://thewire.in/2015/07/28/sorry-mr-attorney-general-wedo-actually-have-a-constitutional-right-to-privacy-
7398/.
Kumar, Ashwani. 2015. Privacy, a non-negotiable right.
http://www.thehindu.com/opinion/lead/privacya-nonnegotiable-right/article7519148.ece.
4
Diffie, Whitfield, & Hellman, Martin E. 1979. Privacy and Authentication: An Introduction to Cryptography.
Proceedings of the IEEE, 67(March), 397–427. http://ieeexplore.ieee.org/ stamp/stamp.
5
The AADHAAR card, when printed out, has 12 digits, but there are four Bhidden^ digits in use by the system
only. For this reason, in some cases, AADHAAR is described as having 16 digits. See UID to have 12 or 16
digits? Governance Now, April 28, 2010
Available at: http://www.governancenow.com/gov-next/egov/uid-have-12-or-16-digits
6
http://whitefieldrising.org/AADHAAR-card/
7
Justice KS Puttaswamy (Retd.) and Anr. vs Union of India and Ors., Writ Petition (civil) no. 494 of 2012,
Supreme Court of India.
“No one shall be subjected to arbitrary interference with his privacy, family, home or
correspondence, or to attacks upon his honour and reputation. Everyone has the right to the
protection of the law against such interference or attack”8.

Much controversy arose when the conflict of AADHAAR, specifically, The AADHAAR
Act, 2016 and the Right to Privacy of every citizen of the country being violated because of
it. The problems with the AADHAAR Act, 2016 in relation to privacy are mainly comprised
of two parts:

 Firstly, AADHAAR Act making AADHAAR compulsory for every citizen and also
making its compulsory linkage to other services, which includes PAN card and phone
numbers. It further makes changes to the Income Tax Act wherein for tax returns to
be processed, one need to link their AADHAAR number to their PAN.9 A failure to
do this could also lead to invalidity of the respective PAN.

These legislations are a forced obligation for the citizens to link their AADHAAR to these
documents which is a problem as AADHAAR essentially needs a lot of private and
confidential information like biometrics, fingerprints, etc. which connects to the second issue
of data security.

The AADHAAR Act, 2016 allows sharing of data under the AADHAAR numbers for the
purposes of “national security” which a unclear and vague term. Further, AADHAAR is
applicable to commercial purposes as well and has the involvement of private parties in its
data access which leaves the citizens a huge risk of data leak given that there are no existing
privacy laws in India. The active government wants the AADHAAR policy to continue and is
progressively making AADHAAR mandatory for more documents, for eg. Driving licence,
which is in plan to also be mandatorily linked to AADHAAR.10

This paper highlights the two core issues of the AADHAAR Act, its contradictions to the
right to privacy and also its further consequences and misuses which have already
started coming to existence.

THE ADHAAR ACT, 2016

8
Universal Declaration of Human Rights, G.A. Res. 217A (III), U.N Doc. A/180 at 71 (1948).
9
Section 139 AA, Income Tax Act, 1961.
10
https://blog.ipleaders.in/AADHAAR-vs-right-to-privacy.
The AADHAAR Act is current statutory assistance for the AADHAAR identification
system11. The Act was updated in September, 2016 with regulations, which enhanced the
power of the Unique Identification Authority of India and gave the government of India
considerable ability to access the AADHAAR data, with broad capability to use the data for
law enforcement purposes12.Biometric data in The AADHAAR Act is defined as: “biometric
information means photograph, finger print, Iris scan, or such other biological features of an
individual as may be specified by rules”. The AADHAAR Act does not implement privacy,
nor full data protections as incorporated in the Privacy Bill of 2014 and the Group of Experts’
report, and as such, the AADHAAR Act should not be understood as a privacy law13.

As mentioned, the AADHAAR Act allows for expansive use of the identity system by the
government, including for national security purposes, and potentially external entities, subject
to the Act’s regulation14. The AADHAAR Act does not even give protections up to the level
of the Principles on Identification, a joint policy document of the World Bank Group, the
United Nations Development Programme (UNDP), and other signatories unfolding principles
of privacy and non-discrimination, among other principles.15The laws and regulations of

11
See Economic Times, Budget 2016: Full text of Finance Minister ArunJaitley’s speech regarding The
AADHAAR Act, March 1, 2016.
12
https://github.com/cis-india/uidai-docs/blob/master/UIDAI/Act%20and%20Rules/The-Gazette-of-
India_Unique-Identification-Authority-of-India-Regulations-2016_20160914.pdf
Unique Identification Authority of India Regulation, 2016, No. 13012/64/ 2016/Legal/UIDAI (No. 1 of 2016.)
the (Targeted Delivery of Financial and Other Subsidies, Benefits and Services), The Gazette of India, Sept. 12,
2016, Available at: https://github.com/cis-india/uidai-docs/blob/master/UIDAI/ Act%20and%20Rules/The-
Gazette-of-India_Unique-IdentificationAuthority-of-India-Regulations-2016_20160914.pdf For a discussion of
the government of India’s procedures on access to AADHAAR data, see legal scholar ChinmayiArun’s
commentary, ChinmayiArun, Privacy is a Fundamental Right, The Hindu, March 18, 2016, updated Sept. 6,
2016.
13
Supra.
14
The AADHAAR Act regulates government and commercial entities. See: The AADHAAR (Targeted
Delivery of Financial and Other Subsidies, Benefits, and Services) Bill, 2016,
Available at:
http://www.prsindia.org/administrator/uploads/media/AADHAAR/AADHAAR%20Bill,%202016.pdf the
definition of government use is expansive. See Clause 33. Regarding external entities, see Clause 57. BClause
57. – This clause provides that nothing contained in the proposed legislation shall prevent the use of
AADHAAR number for other purposes under law. It provides that nothing in the proposed legislation shall
prevent the use of AADHAAR number for establishing the identity of an individual for any purpose, whether by
the State or anybody corporate or person, pursuant to any law, for the time being in force, or any contract to this
effect, but he use of AADHAAR number under this clause shall be subject to the procedure and obligations
under clause 8 and Chapter VI of the proposed legislation.
15
ID4D Principles on Identification, World Bank et al.,
Available at: http://documents.worldbank.org/curated/en/213581486378184357/pdf/112614-REVISED-
PUBLIC-web-final-ID4D-IdentificationPrinciples.pdf
many nations treat a class of data as responsive and attach greater protections to the
collection, storage, usage and sharing of those types of data.16

Complaints about the AADHAAR system made to India’s High Court have majorly focused
on privacy voluntariness17.

 Analysis of UIDAI measures

The Unique Identification Authority of India (UIDAI)18 is responsible for providing the basic
identification and authentication services. It provides a unique AADHAAR number to each
citizen and maintains their biometric and demographic data in a Central Identities Data
Repository (CIDR). The UIDAI controls the CIDR and provides identification and
authentication services19.

The UIDAI does acknowledge the possibility of breach of privacy that can arise due to the
use of a single identifier across multiple domains and recommends that the AUAs
(Authentication User Agency) should use only domain specific identifiers in their dealings
with people20. This however does not fully tone downs the risks and the possibility of leakage
of the AADHAAR number from an AUA, either from the database, or during “Know Your
Customer” (KYC) processes, or even during providing services, cannot be ruled out.
Particularly, there appear to be no standard safeguards or even guidelines, either technical or
legal, on how the AADHAAR number should be maintained and used by various AUAs in a
cryptographically secure way. Additionally, since the AADHAAR number is supposed to be

16
Section 3 in the Information Technology (Reasonable Security Practices and Procedures and Sensitive
Personal Data or Information) Rules, 2011. Available at: https://indiankanoon.org/doc/101774797
From the Act: 3 Sensitive personal data or information.- Sensitive personal data or information of a person
means such personal information which consists of information relating to: (i) password; (ii) financial
information such as Bank account or credit card or debit card or other payment instrument details; (iii) physical,
physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi)
Biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing
service; and (viii) any of the information received under above clauses by body corporate for processing, stored
or processed under lawful contract or otherwise: Provided that, any information that is freely available or
accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time
being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.
17
Supreme Court of India, Writ Petition (Civil) No. 494 of 2012.
http://www.worldprivacyforum.org/wpcontent/uploads/2015/08/SupremeCourtofIndiaAADHAAR_August11_2
015.pdf
18
UIDAI. 2016a. Authentication Overview https://uidai.gov.in/auth.html
19
UIDAI. 2016b. Operating Model Overview. https://uidai.gov.in/authentication-2/operation-model.html
20
UIDAI. 2011. AADHAAR Security Policy & Framework for UIDAI Authentication (Version 1.0).
http://uidai.gov.in/images/authDoc/d3_4_security_policy_framework_v1.pdf
valid for life21, it cannot easily be revoked in case of an identity theft or if the AADHAAR
number is misused in any other way.

Issue Shortcomings in UIDAI measures Key recommendations

 Biometric and demographic  Demarcate identity

Authentication
data are public; hence, can be verification and
without consent
used without consent authentication.
 Strengthen legal and
policy frameworks.

 Unidirectional linking from  Unidirectional linking

Identification without
AUA specific local ids to from AADHAAR id to
consent using
AADHAAR id. AUA-specific ids.
AADHAAR number
 No guidelines on safe  Cryptographically
maintenance of AADHAAR embed AADHAAR id
numbers by AUAs. into AUA-specific ids
 Vulnerable to correlation of making correlation
identity across domains. impossible.

 Inadequate protection against  Separate administrative

Unlawful access of
insider attacks on CIDR data
CIDR data leading to
 CIDR data encrypted but the
profiling.
decryption keys reside in
CIDR
 UIDAI human managers can
have access to decryption
keys.
control for online audit
and key management
 Legal framework for the
above
 Only hashes of
Biometric data must be
stored on servers.
 Manual inspection of
CIDR data must not be
possible
 Only pre-approved and

21
UIDAI. 2016b. Operating Model Overview.
https://uidai.gov.in/authentication-2/operation-model.html
 audited computer
programs with tamper-
proof guarantees should
access CIDR data
 All investigations and
analyses only with prior
audit and approval
through pre-approved
computer programs
 Tamper proof
guarantees for field
devices
 Adopt modern tools
from computer science
to implement the above
protections.

 CONTROVERSY RAGED AROUND THE SCHEME:

UID is what started as an idea of biometric identity cards in India in the wake of the increased
terrorist activity. In a report, the consulting agency that was suppose to determine the
feasibility of the biometric card for border communities suggested that the identity cards
could be implemented to the whole county22. Now the government is trying to implement the
new UID scheme by camouflaging it as a developmental agenda. But this scheme has faced a
lot of opposition and criticism. This section of the paper deals with the privacy issues related
to the implementation of UID Scheme.

The three-judge Bench led by Justice J. Chelameswar gave an interim order on 23 September
2013 saying that “AADHAAR Card is voluntary and not mandatory” leaving the decision

22
SheetalAsrani-Dann, ‘the Right to Privacy in the Era of Smart Governance: Concerns Raised By the
Introduction of Biometric-Enabled National ID Cards in India’, the Journal of India Law Institute, (2005) 53-
95.
completely on the citizens if they wanted to register under the scheme or not. However on
11th August 2015, the Supreme Court ordered the government that an AADHAAR card will
not be used for any other purpose except other than the PDS Scheme, particularly for
distribution of food grains and cooking items. It was also used for the LPG distribution
scheme. The Court also said that AADHAAR card should not be used for any other purpose,
except if it is instructed by a court for the purpose of criminal investigation23

It is argued by Attorney General MukulRohatgi that right to privacy is not a fundamental

right but just an extension of judicial interpretation under Section 21 while defending the
constitutional validity of the AADHAAR card. He cited a 1954 judgment24in which the eight-
judge bench held that there is no such thing as a fundamental privacy right also requested the
9 judge bench to examine the issue. Hence the petitions are pending before the court related
to the controversy of the AADHAAR25 all of which is related to the ongoing case of K.
Puttaswamy v. Union of India26.

There is a lack of clarity on the issue as there were many smaller bench judgments during the
1990s which held that right to privacy can be sometimes interpreted as a fundamental right in
India.

 RIGHT TO PRIVACY AND CONSTITUTION

As there being no explicit reference to a Right to Privacy in the Constitution, the right to
privacy needs to be understood on the basis of the decisional jurisprudence developed by the
constitutional courts in India.

The development of the right to privacy in India could be traced from the case of M.P.
Sharma & Others v. Satish Chandra & Others27, in which Supreme Court held that the
Indian constitution does not conceive the right to privacy while determining the contours of
search and surveillance by the police. Honourable Supreme Court held that
23
http://www.thehindu.com/news/national/AADHAAR-shall-remain-optional-supreme-court/article7525976.ece
24
M.P. Sharma vs Satish Chandra.
25
P (C) No. 439 of 2012 titled S. Raju v. Govt. of India and Ors.
PIL No. 10 of 2012 titled VickramCrishna and Others v. UIDAI and Ors.
P. No. 833 of 2013 titled Aruna Roy &Anr. v. Union of India
P. No. 829 of 2013 titled S.G. Vombatkere&Anr v. Union of India &Ors.
Petition(s) for Special Leave to Appeal (Crl) No(s).2524/2014 titled Unique Identification Authority of India &
Another v. Central Bureau of Investigation.
26
WP (C) 494 of 2012
27
1954 S.C.R. 1077
 “When the Constitution makers have thought fit not to subject [search and seizures] to
Constitutional limitations by recognition of a fundamental right to privacy, analogous to the
American Fourth Amendment, we have no justification to import it, into a totally different
fundamental right.”

In the case of Kharak Singh v. the State of U.P28majority concluded that the Constitution
contained no explicit guarantee of a "right to privacy", but read the right to personal liberty to
include a right to dignity. In a minority judgment in this case, Justice Subba Rao held that:

“It is true our Constitution does not expressly declare a right to privacy as a fundamental
right but the said right is an essential ingredient of personal liberty”

This case, especially Justice Subba Rao’s observations, later paved the way for the
embellishment on the right to privacy using Article 21.

But in the case Govind vs. State of M.P.29 , the Supreme Court took a view point which
represents a paradigm shift in perspective from their earlier rulings In this case Court
observed that a number of fundamental rights of citizens can be described as contributing to
the right to privacy but the right to privacy will have to go through a process of case-by-case
development. This case is important since it marks the beginning of a trend in the higher
judiciary to regard the right to privacy as not being absolute but subject to restriction on the
basis of compelling public interest. This non-absoluteness became the defining feature of this
right.

The Govind case turned out to be a landmark case with the Supreme Court reiterating the
right to privacy in subsequent cases. In the R. Rajagopal v. State of T.N.30, Supreme Court
speaking through Jeevan Reddy, J. observed that:

"The right to privacy is implicit in the right to life and liberty guaranteed to the citizens of
this country by Article 21.”

Right to privacy was upheld again by the Supreme Court in Ram Jethmalani v. U.O.I.31
Delivered by Justices P. Sathasivam and H.L. Gokhale, it read:

28
A.I.R. 1963 S.C. 129.
29
A.I.R. 1975 S.C. 1378.
30
1994 S.C.C. (6) 632.
 “Right to privacy is an integral part of right to life. This is a cherished constitutional value,
and it is important that human beings be allowed domains of freedom that are free of public
scrutiny unless they act in an unlawful manner.”

Most recently in the case of Justice K.S. Puttaswamy v. U.O.I32a scheme promulgated by the
Government of India popularly known as “AADHAAR Card Scheme” was under attack on
various counts. One of the grounds of attack on the scheme is that the very collection of such
biometric data is in violation of the “right to privacy”. The question before the court was (i)
whether there is any “right to privacy” guaranteed under our Constitution? (ii) If such a right
exists, what is the source and what are the contours of such a right as there is no express
provision in the Constitution adumbrating the right to privacy?.

The court reconsidered the entire jurisprudence from M.P. Sharma to PUCL and found that
there is divergence of opinion. M.P. Sharma and Kharak Singh were decided by eight and six
judge bench respectively but after case laws were rendered by smaller bench of two or three
judges. Finally the honourable court concluded “the cases on hand raise far reaching
questions of importance involving interpretation of the Constitution…” and referred the case
to a larger bench.

Therefore, the perusal of abovementioned case law would clearly establish that the right to
privacy is very much a part of the fundamental rights under the Constitution of India.

INFRINGEMENT OF INDIVIDUAL'S RIGHT TO PRIVACY

AND DIGNITY

1. RIGHT TO PRIVACY INFRINGED:

There are many dimensions to privacy, including the privacy of a person, privacy of
communications, territorial privacy and privacy of personal data33. Privacy of the person
concerns the privacy of body, and its integrity and freedom of not being infringed upon.
Privacy of communications deals with the freedom to have communications by any means
without being infringed upon by surveillance, telephone tapping etc. Identity and

31
(2011) 8 S.C.C. 34
32
Writ Petition Civil No. 494 of 2012.
33
Human Rights, ‘Privacy and Human Rights’, (Privacy International, 19 December 2010).
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-559458 accessed on 12 June 2016..
informational privacy or data privacy deals with the protection of information, especially
complex information.

It is important to note that the main privacy concerns brought by the UID project are:
territorial and data privacy. Territorial privacy addresses freedom from infringement into
national and official spaces by the way of surveillance. UID poses risk to the privacy of an
individual which is valuable and now dispersed among public domain at large which will
drop into one point of convergence through the UID.Assortmentand identification based on
biometric information could be understood as a breach of one’s territorial privacy and one’s
data privacy. Claims provided through UID number will provide efficient access to
developmental projects and facilities, should be observed with suspicion, because when
sensitive information of this nature is placed in the control of the state, it gives enormous
power to the state. Sitaram Yechury, general secretary of the Communist Party of India, in an
interview said that apart from violating the personal liberty of the individual it can also lead
to profiling34.

2. VIOLATIVE OF SELF-ESTEEM OF AN INDIVIDUAL:

UID give enormous power to the state to surveillance every decision made by a human in
India, impact the lives of the citizen, and also may lead to the implementation of hidden
agendas. This could lead to a position where an individuals’ autonomy, which is a well-
enshrined concept in human rights philosophy by the great philosophers such as Emanuel
Kant35, could be severely compromised. This has been referred to as “functional creep”,
which constitutes the development of the ambit of usage of a particular system from its initial
limit.

The UN Charter and the Universal Declaration of Human Rights both emphasize that the
greatest aspect of human rights is the acknowledgment of dignity of human beings 36. UID
project approaches to risk of surveillance, and breach of privacy which clearly disrupts
dignity of human which curtails the freedom of choice which was being able to made by the
individual, by placing individuals continuously under the threat of intrusive surveillance by
the state, and the public domain. In the case that an individual’s UID number is manipulated,

34
Sitaram Yechury, ‘Sitaram Yechury’s Challenge’, The Indian Express (Lucknow, May 1 2015) 6.
35
Immanuel Kant, The Moral Law: Groundwork Of The Metaphysic Of Morals, (Oxford Press, 2005) 42.
36
Christopher McCrudden, ‘Human dignity and judicial interpretation of human rights’ (2008) EJIL Vol. 19 No.
4, 655-724.
used by someone else fraudulently, or a technical problem occurs, the individual will be a
fictional entity before the state, having no value, as all the benefits and rights could be
claimed only through the UID.

3. BIOMETRICS- UNVERIFIED TECHNOLOGY:

 NO DEVELOPED COUNTRY HAS ACCEPTED BIOMETRIC IDENTITY:

None of the countries in this developed world has accepted biometric identity even as
developing countries are encouraged to adopt it.

The George W. Bush administration considered a biometric database when it enacted the
Real ID Act in 2005. But it realised the impracticalities of the project, depending upon
biometric constancy and accurateness across the strip of population, and so shelved it.

In Australia, after the abandonment of the access cards it started again after the prolonged
break of 2 years i.e. because of protests about the privacy concerns, identity and disclosure of
information. In the U.K., when the David Cameron government jettisoned the biometric ID
project, authority stated this was implemented because the government was the retainer of the
people and not their master, and that the project would constitute “intrusive bullying”.

4. MISAPPLICATION OF THE TERM NATIONAL SECURITY:

The 2016 Bill permits“data sharing agreements “according to which bureaucrats can decide
when and under what circumstances the information ought to be shared in the “national
interest”. Hence partaking of the peculiar information of AADHAAR with national security
organisations is dangerous perception which led to the major misapplication as individuals
with recorded biological infirmities scan be subjected to many sorts of attacks.

INTERNATIONAL OBLIGATION

In the 20th century, governments that recognised no private sphere of thought, expression,
and action outside their reach and the ruling party’s reach were called “totalitarian”37. Aware
that such governments are antithetical to freedom, the world’s democracies were willing to

37
Sitaram Yechury, CPI(M) General Secretary and Rajya Sabha Member, as quoted in an interview in Frontline
India, Database for a totalitarian state, April 2017.
Available at : http://www.frontline.in/cover-story/database-for-a-totalitarian-
state/article9629101.ece?homepage=true
sacrifice millions of their citizens’ lives in the Second World War to defeat them militarily.
The self-governing constitutions that rose on the ashes of European totalitarianism explicitly
recognised the integrity of a private sphere that governments may not invade, as the U.S.
Constitution’s Bill of Rights, as interpreted by its Supreme Court, has also done. The post-
Independence Indian Constitution does this as well.38

In particular, the Indian Supreme Court is likely to find itself asking Government of India
about what in Indian and U.S. law is called the “doctrine of unconstitutional conditions”.
Supreme Court of India and U.S. have held that the government cannot impose any condition
receipt of public benefits on breach of fundamental rights but this will be in loud
contradiction this week by the counsel for Centre for Civil Society, when he told the bench
that “a person who has a right to privacy should be allowed to waive it for greater benefit.”

India is a member to the United Nation's International Covenant on Civil and Political Rights.
Article 17 of the Covenant states that “no one shall be subjected to arbitrary or unlawful
interference with his privacy, family, home or correspondence, nor to unlawful attacks on his
honour and reputation. Everyone has the right to the protection of the law against such
interference and attacks.” India ratified the Covenant on March 27, 1979. The instrument of
sanction contains reservations to some of the other provisions of the Covenant, but not to
Article 17. This is a treaty obligation enforceable internationally through the Human Rights
Committee set up by the Covenant.

Pros for AADHAAR:

The core purpose of AADHAAR Act is to introduce method of identification in mandate to

provide services, subsidies and other beneficial benefits to each individual of the country
therefore efficiency of AADHAAR to the extent claimed in preventing leakages in social
welfare schemes has been questioned39, the advantages of computerisation and reliably

38
http://www.thehindu.com/opinion/columns/AADHAAR-and-the-right-to-privacy/article10165734.ece
39
Khera, Reetika. 2011. The UID Project and Welfare Schemes. Economic and Political Weekly, Vol. 46(Issue
No. 09).
Khera, Reetika. 2013. Lessons from the East Godavari pilot.
http://www.thehindu.com/opinion/lead/lessons-fromthe-east-godavari-pilot/article4603273.ece.
[Online; posted 11-April-2013].
Khera, Reetika. 2015. Five Myths about AADHAAR.
http://www.outlookindia.com/website/story/five-mythsabout-AADHAAR/295364.
[Online; posted 18-September-2015]
Zhong, Raymond. 2016. Is the Indian Government Saving as Much as It Says on Gas Subsidies?
maintaining eligibility and distribution records in digital forms are well
accepted40.AADHAAR is permeating to all public services and it is being obligatory as a
processfor number of crucial procedures including filing income tax, applying for a PAN card
and even availing jobs under MNREGA. So, AADHAAR card and number provide us with
national identification and social benefits, and protect us from corruption and tax evasion.

1. The practise of biometrics is expected to give a unique identity to every individual in

India. Wrong/fake recipients have been a major issue with many schemes which
benefits public.

2. A problem in reaching benefits to poor and marginalized residents is that they often
lack the identification documents they need to receive. And also it provides the direct
benefits to residents without the heavy costs associated today with benefits
distribution.

3. In Telangana, AADHAAR numbers were linked to ration cards to remove duplicate

and illegal ration cards.

4. The National Institute of Public Finance and Policy published a paper that found that
the benefits of the AADHAAR project will surpass the costs. As per the analysis, by
2020-21 the total benefit would be Rs 25,100 crore in contradiction of the total
expenditure.

Thus it may be tremendously insightful to be able to correlate education levels, family

incomes and nutrition across the entire population; or disease spread with income and
education. More generally, it may enable carrying out econometric analysis, epidemiological
studies, automatic discovery of latent topics and causal relationships across multiple domains
of the economy41. Indeed, extending the scope of AADHAAR from just being an

http: //blogs.wsj.com/indiarealtime/2016/03/21/is-the-indiangovernment-saving-as-much-as-it-says-on-gas-
subsidies/.
40
Masiero, Silvia. 2015. PDS computerisation: What other states can learn from Kerala.
http://www.ideasforindia.in/ article.aspx? Article id=1474.
Khera, Reetika. 2013. Lessons from the East Godavari pilot.
http://www.thehindu.com/opinion/lead/lessons-fromthe-east-godavari-pilot/article4603273.ece
41
UN Global Pulse. 2012 (May). Big Data for Development: Challenges and Opportunities.
http://www.unglobalpulse.org/sites/default/files/BigDataforDevelopment-UNGlobalPulseMay2012.pdf
UN Global Pulse. 2016 (August). Data for Development: Challenges and Opportunities.
http://www.unglobalpulse.org/.
Jennifer McNabb, David Timmons, Jae Song, & Puckett, Carolyn. 2009. Uses of Administrative Data at the
Social Security Administration. Social Security Bulletin, 16.
https://www.ssa.gov/policy/docs/ssb/v69n1/v69n1p75.html
Einav, Liran, & Levin, Jonathan. 2014. Economics in the age of big data. Science, 346(6210).
identification and authentication system for social welfare schemes to a system which
generates large scale data and facilitates automated analysis and planning, can potentially
lead to far reaching benefits.

Cons for AADHAAR:

When the AADHAAR was first implemented, most of the concerns related to it were
regarding the infringement of right to privacy of Indian citizens, the security of the composed
biometric data, and the legality of making AADHAAR mandatory.
At the same time, apart from the concerns of loss of privacy and civil liberties, the
AADHAAR project has attracted considerable criticism for causing significant disruptions
and exclusions in social welfare schemes42 both due to careless deployment and uncertainties
in biometric matching.

1. The major and understandable concerns are data security and privacy. In Indian
context, there is a huge question over the accuracy of biometrics. Due to geographic
and socio-economic reasons, the thumb impression and iris of a large portion of the
Indian population who are involved in casual labour get altered or damaged. Every
aspect of the data base will be accessed by the authority under national security. That
would mean, there is a possible breach of privacy which is a pre-condition for civil
liberty.

2. Information related to individuals are incalculable for various entities, and considered
to be high price over the data of individuals that raises the fear of possible breaches of
confidentiality and mass surveillance. Most of the databases will be accessible to the
government under the national security clause. Hence there is a potential breach of
privacy which is a pre-condition for civil liberty.

http://science.sciencemag.org/content/346/6210/1243089
Einav, Liran, & Levin, Jonathan D. 2013 (May). The Data Revolution and Economic Analysis. Working Paper
19035. National Bureau of Economic Research.
http://www.nber.org/papers/w19035
42
Johari, Aarefa. 2016. In drought-hit Saurashtra, poor internet network can often mean no food rations.
http://scroll.in/article/810683/in-drought-hit-saurashtra-no-internet-can-often-mean-no-food-rations
NDTV. 2016a. Truth vs Hype: AADHAAR’s One Billion Challenge.
http://www.ndtv.com/video/news/truth-vs-hype/truth-vs-hype-AADHAAR-s-one-billion-challenge-411279
Dreze, Jean. 2016. ´ The AADHAAR coup.
http://www.thehindu.com/opinion/lead/jean-dreze-on-AADHAAR-mass-surveillance-data-
collection/article8352912.ece
 3. If one looks at the ease with which imposters can take out AADHAAR card printouts
for impersonation purposes, it occurs to one that the most commonsensical solution to
prevent this fraud is to ensure the secrecy of the AADHAAR data. This provision has
been strictly outlined in Section 29 of the AADHAAR Act, 2016 therefore just a
meek Google search will disclose search results containing hundreds of AADHAAR
numbers and names within the span of a single click. Due to which the risk of security
is at peak.

4. Stating AADHAAR is the proof of someone’s identity the mere possession of a

physical AADHAAR card is not validation of the fact that it belongs to the person
carrying it. This is because AADHAAR has no special security features like
holograms embedded into its design, and multiple simple black-and-white card
printouts of the card are acceptable as the original AADHAAR card and because of
non-implementation of this very crucial provision of the Act, any imposter with a
genuine citizen’s name and AADHAAR number can take such a printout and enter
high-security zones therefore presently there been abundant bogus AADHAAR cars.

SUGGESTION

The widespreadcorruption is evident in every sector and main aim of the AADHAAR
scheme sought to achieve and find out the necessary middle path so that this scheme can be
implemented. This section provides chief measures that need to be taken in tackling the
issues raised by AADHAAR could be summed up as follows:

1. Need to protect citizen information

 India is rapidly becoming a digital economy and nation of billion cell phones and yet
we have antiquated laws for data protection and privacy. Problems of ID theft, fraud
and misrepresentation are real concerns.
 Ascertaining citizens for providing various services, preserving security and crime-
related surveillance and performing governance functions, all involve the collection of
information. In current years it shows the technological developments and
 administrative challenges, several national programmes and it also applied through
information technology platforms, using high-tech data collected from citizens.
 With more and more transactions being done over the Internet, such information is
vulnerable to theft and misuse and it is imperative that any system of data collection
should feature in privacy risks and include procedures and systems to protect citizen
information.

2. What the should government do.

 Instead of arguing that privacy is not a fundamental right, it should assure the citizens
that it has the technology and systems to protect the data collected.
 It should assure the citizens of India that it will do everything possible to prevent
unauthorised disclosure of or access to such data and recognise all dimensions of the
right to privacy and address concerns about data safety, and fortification from
unofficial interception, surveillance and bodily privacy.
 The data controller should he held responsible for the collection, processing and use
to which data are placed.

3. As an alternative to the collection of biometric information few experts have

suggested shifting to smart cards.

 Biometrics allows for identification of citizens even when they don’t want to be
identified. Smart cards which require pins on the other hand require the citizen’s
conscious cooperation during the identification process.
 Once smart cards are disposed nobody can use them to identify. Consent is baked
into the design of the technology.
 If the UIDAI adopts smart cards, then the data base led to destruction as in UK
government did in 2010. This would completely eliminate the risk of foreign
government, criminals and terrorists using the breached biometric database to
remotely, covertly and non-consensually identify Indians.
 Smart cards based on open standards allow for decentralized authentication by
multiple entities and therefore eliminates the need for a centralized transaction
database.
The right to privacy is not specifically referenced in the Constitution but it is considered as
‘penumbral right’ under the Constitution i.e. a right that has been declared by the Supreme
Court as implicit to the Fundamental Right to Life and Liberty43. In addition various statue
contain provision, which either implicitly or explicitly preserves this right.

Conclusion:

In considering India’s AADHAAR database and its lack of adequate protections of privacy
and autonomy, what stands out the most is the field of choices that have to be made to protect
privacy rights, freedom of choice, and how the timing of making the right choices appears to
matter a great deal. India’s AADHAAR deployment put technical deployment before policy
development, and continued to do so.

Hence the above discussion regarding right to privacy and dignity with respect to UID clearly
shows that the UID, if carried into practice, would discount the right to privacy and dignity
guaranteed under the Constitution, and would cause sombre implications upon the freedom
and choices of the Indian citizen. The UID could also lead to a situation of increased state
surveillance, causing an invasion of the right to privacy, and in turn affecting the dignity of
individuals. The action taken up by the government of India able to set to a marked lack of
protective regulatory controls for the AADHAAR program, which has in turn ensued in
profound mission creep and a loss of autonomy.

43
R. Rajagopal v. State of T.N. 1994 S.C.C. (6) 632.