Passing Aadhaar Act as Money Bill is Fraud: Justice Chandrachud

Justice Dhananjaya Y Chandrachud, a member of the five-judge constitution bench of the Supreme Court on Aadhaar issue, on Wednesday held that the Aadhaar Act cannot be treated as a money Bill and passing it as one will be a fraud on the Constitution. He also said that since 2009, the entire Aadhaar programme suffers from constitutional infirmities and violations of fundamental rights.

"Aadhaar cannot be treated as money Bill and passing a bill as money Bill which is not a money Bill is a fraud on the Constitution," he observed in his separate judgement but minority judgement.

Commenting about the Aadhaar programme, he said, "The entire Aadhaar programme, since 2009, suffers from constitutional infirmities and violations of fundamental rights. The enactment of the Aadhaar Act does not save the Aadhaar project. The Aadhaar Act, the Rules and Regulations framed under it, and the framework prior to the enactment of the Act are unconstitutional."

Justice Chandrachud said the decision of the Lok Sabha Speaker on whether a bill can be treated as money Bill can be subjected to judicial review. "A decision of the Speaker of the Lok Sabha to declare an ordinary Bill to be a Money Bill limits the role of the Rajya Sabha, he said.

The power of the Speaker cannot be exercised arbitrarily in violation of constitutional norms and values, as it damages the essence of federal bicameralism, which is a part of the basic structure of the Constitution. Judicial review of the Speaker’s decision, on whether a Bill is a Money Bill, is therefore necessary to protect the basic structure of the Constitution," he said.

While agreeing with the majority on some points, Justice Chandrachud dissented on the main point about money Bill and the principle of proportionality of the applicability of Aadhaar.

He said, "Section 7 does not declare the expenditure incurred to be a charge on the Consolidated Fund. It only provides that in the case of such services, benefits or subsidies, Aadhaar can be made mandatory to avail of them.

Moreover, provisions other than Section 7 of the Act deal with several aspects relating to the Aadhaar numbers, like enrolment on the basis of demographic and biometric information, generation of Aadhaar numbers, obtaining the consent of individuals before collecting their individual information, creation of a statutory authority to implement and supervise the process, protection of information collected during the process, disclosure of information in certain circumstances, creation of offences and penalties for disclosure or loss of information, and the use of the Aadhaar number for 'any purpose'. All these provisions of the Aadhaar Act do not lie within the scope of sub-clauses (a) to (g) of Article 110(1).

Hence, in the alternate, even if it is held that Section 7 bears a nexus to the expenditure incurred from the Consolidated Fund of India, the other provisions of the Act fail to fall within the domain of Article 110(1). Thus, the Aadhaar Act is declared unconstitutional for failing to meet the necessary requirements to have been certified as a Money Bill under Article 110(1)."

Coming down heavily on biometric data collection and retention for Aadhaar, the Judge observed that concerns about protecting privacy must be addressed while developing a biometric system. "While citizens have privacy interests in personal or private information collected about them, the unique nature of biometric data distinguishes it from other personal data, compounding concerns regarding privacy protections safeguarding biometric information. Once a biometric system is compromised, it is compromised forever," Justice Chandrachud said.

According to Justice Chandrachud, absence of regulatory and monitoring framework leaves the law ineffective in the protection of data.

He said, "Biometric technology, which is the core of the Aadhaar programme is probabilistic in nature, leading to authentication failures. These authentication failures have led to the denial of rights and legal entitlements. The Aadhaar project has failed to account for and remedy the flaws in its framework and design which has led to serious instances of exclusion of eligible beneficiaries as demonstrated by the official figures from Government records including the Economic Survey of India 2016-17 and research studies.

“Dignity and the rights of individuals cannot be made to depend on algorithms or probabilities. Constitutional guarantees cannot be subject to the vicissitudes of technology. Denial of benefits arising out of any social security scheme, which promotes socioeconomic rights of citizens is violative of human dignity and impermissible under our constitutional scheme."

He also observed that there was a risk of surveillance of people based on data collected under the Aadhaar scheme and the data could be misused.

"From the verification log, it is possible to locate the places of transactions by an individual in the past five years. It is also possible through the Aadhaar database to track the current location of an individual, even without the verification log. The architecture of Aadhaar poses a risk of potential surveillance activities through the Aadhaar database. Any leakage in the verification log poses an additional risk of an individual’s biometric data being vulnerable to unauthorised exploitation by third parties," he added.

Pointing out that the source code for the Aadhaar database is neither owned by the government or Unique Identification Authority of India (UIDAI), Justice Chandrachud, said, "The biometric database in the Central ID Repository (CIDR) is accessible to third-party vendors providing biometric search and de-duplication algorithms, since neither the Central Government nor UIDAI have the source code for the deduplication technology which is at the heart of the programme. The source code belongs to a foreign corporation. UIDAI is merely a licensee."

Ripping apart the contracts signed by UIDAI before the Aadhaar Act, which would harm national security, Justice Chandrachud mentioned the contract signed between L-1 Identity Solutions and UIDAI. "Prior to the enactment of the Aadhaar Act, without the consent of individual citizens, UIDAI contracted with L-1 Identity Solutions (the foreign entity which provided the source code for biometric storage) to provide to it any personal information related to any resident of India. This is contrary to the basic requirement that an individual has the right to protect herself by maintaining control over personal information. The protection of the data of 1.2 billion citizens is a question of national security and cannot be subjected to the mere terms and conditions of a normal contract," he said.

He said, "When Aadhaar is seeded into every database, it becomes a bridge across discreet data silos, which allows anyone with access to this information to re-construct a profile of an individual’s life. This is contrary to the right to privacy and poses severe threats due to potential surveillance."

While the majority judges upheld the linking of Aadhaar with income-tax returns (ITR), Justice Chandrachud junked linking it with permanent account number (PAN) and ITR. He said, "The seeding of Aadhaar with PAN cards depends on the constitutional validity of the Aadhaar legislation itself. Section 139AA of the Income Tax Act 1962 is based on the premise that the Aadhaar Act itself is a valid legislation. Since the Aadhaar Act itself is now held to be unconstitutional for having been enacted as a Money Bill and on the touchstone of proportionality, the seeding of Aadhaar to PAN under Article 139AA does not stand independently."

Justice Chandrachud also ripped apart mandatory linking of Aadhaar with all accounts under the Prevention of Money Laundering Act (PMLA) Rules. "The 2017 amendments to the PMLA Rules fail to satisfy the test of proportionality. The imposition of a uniform requirement of linking Aadhaar numbers with all account based relationships proceeds on the presumption that all existing account holders as well as every individual who seeks to open an account in future is a potential money-launderer. No distinction has been made in the degree of imposition based on the client, the nature of the business relationship, the nature and value of the transactions or the actual possibility of terrorism and money- laundering."

"The rules also fail to make a distinction between opening an account and operating an account. Moreover, the consequences of the failure to submit an Aadhaar number are draconian. In their present form, the rules are clearly disproportionate and excessive. We clarify that this holding would not preclude the Union Government in the exercise of its rule making power and the Reserve Bank of India (RBI) as the regulator to re-design the requirements in a manner that would ensure due fulfilment of the object of preventing money-laundering, subject to compliance with the principles of proportionality as outlined in this judgment," he said.

Mobile phones have become a ubiquitous feature of the lives of people, Justice Chandrachud said, linking of Aadhaar numbers with SIM cards and the requirement of e-KYC authentication of mobile subscribers must necessarily be viewed in this light.

He said, "Mobile phones are a storehouse of personal data and reflect upon individual preferences, lifestyle and choices. The conflation of biometric information with SIM cards poses grave threats to individual privacy, liberty and autonomy. Having due regard to the test of proportionality which has been propounded in Justice Puttaswamy (judgement) and as elaborated in this judgment, the decision to link Aadhaar numbers with mobile SIM cards is neither valid nor constitutional. The mere existence of a legitimate state aim will not justify the disproportionate means, which have been adopted in the present case. The biometric information and Aadhaar details collected by telecom service providers (TSPs) shall be deleted forthwith and no use of the said information or details shall be made by TSPs or any agency or person or their behalf."

Justice Chandrachud also raised questions on contractual validity of memorandum of understanding signed by UIDAI with registrars. He opined since there was no privity of contract between UIDAI and the enrolling agencies, the activities of the private parties engaged in the process of enrolment before the enactment of the Aadhaar Act have no statutory or legal backing.

Under Section 47(1), a court can take cognizance of an offence punishable under the Act only on a complaint made by UIDAI or any officer or person authorised by it.

Terming Section 47 as arbitrary for its failure to provide a mechanism to individuals to seek efficacious remedies for violation of their right to privacy, Justice Chandrachud said, "Further, Section 23(2)(s) of the Act requires UIDAI to establish a grievance redressal mechanism. Making the authority, which is administering a project, also responsible for providing a grievance redressal mechanism for grievances arising from the project severely compromises the independence of the grievance redressal body."

"While the Act creates a regime of criminal offences and penalties, the absence of an independent regulatory framework renders the Act largely ineffective in dealing with data violations. The architecture of Aadhaar ought to have, but has failed to embody within the law the establishment of an independent monitoring authority (with a hierarchy of regulators), along with the broad principles for data protection. This compromise in the independence of the grievance redressal body impacts upon the possibility and quality of justice being delivered to citizens. In the absence of an independent regulatory and monitoring framework which provides robust safeguards for data protection, the Aadhaar Act cannot pass muster against a challenge on the ground of reasonableness under Article 14," he said.

Strongly opposing use of Aadhaar for commercial purposes, Justice Chandrachud felt this could led to exploitation of personal data of individuals without consent and individual profiling. He said, "Profiling could be used to predict the emergence of future choices and preferences of individuals. These preferences could also be used to influence the decision making of the electorate in choosing candidates for electoral offices. This is contrary to privacy protection norms. Data cannot be used for any purpose other than those that have been approved. While developing an identification system of the magnitude of Aadhaar, security concerns relating to the data of 1.2 billion citizens ought to be addressed. These issues have not been dealt with by the Aadhaar Act. By failing to protect the constitutional rights of citizens, Section 57 violates Articles 14 and 21".

According to Justice Chandrachud, Section 7 of the Aadhaar Act suffers from overbreadth since the broad definitions of the expressions ‘services and ‘benefits’ enable the government to regulate almost every facet of its engagement with citizens under the Aadhaar platform.

"If the requirement of Aadhaar is made mandatory for every benefit or service, which the government provides, it is impossible to live in contemporary India without Aadhaar. The inclusion of services and benefits in Section 7 is a pre-cursor to the kind of function creep, which is inconsistent with the right to informational self-determination. Section 7 is, therefore, arbitrary and violative of Article 14 in relation to the inclusion of services and benefits as defined," he concluded in his judgement.