Mishi Choudhary

The unanimous nine-judge bench decision affirming the fundamental right of privacy under the Indian Constitution arose out of the petitions that had challenged the Aadhaar scheme. Under this scheme, the government of India collects biometric and demographic data about residents to be used for different purposes. One of the grounds of challenging the Aadhaar scheme was that it was violative of the ‘Right to Privacy’.

There was an apparent unresolved conflict between two old judgments of the court which had to be clarified by a larger bench, therefore this large bench was constituted to provide a final settlement of the question. The decisions of the Supreme Court are significant not only because they provide a final adjudication of disputes but also because in doing so they embody a declaration of law operating as a binding principle in future cases. This promotes certainty and consistency in the application of law.

Now that the Justices have created history and have provided leadership to the world, on jurisprudence over civil liberties in the digital age, the Aadhaar cases will be heard. The hearing will be by the original bench which was hearing the challenge to Aadhaar scheme in the light of a fundamental right of privacy, unless the Chief Justice decides otherwise.

Why such controversy?

Aadhar has been controversy's child since its inception, for reasons ranging from mission creep, inadequate legal safeguards, security vulnerabilities to enablement of state surveillance. What started as a voluntary scheme has been extended first stealthily and then openly, to several schemes that have de-facto become compulsory, thereby amplifying concerns about the motivation behind the scheme.

Surveillance and life-tapping

Privacy, no longer an amorphous concept, affects our autonomy. A scheme such as Aadhaar will facilitate profiling disparate pieces of information collected by different agencies and entities will help create an exhaustive profile of each citizen. Technological advancements in the networked society have made ‘life-tapping’ possible.

In contrast to the narrow scope of "phone-tapping", life-tapping is the ability to collect massive amounts of data on the locations, movements, wishes, thoughts, activities, and habits of entire populations. Life-tapping leads to ‘data-mining,’ the recognition of large-scale patterns of human behavior that allow the prediction of individual human desires and actions. Businesses use these outputs to sell advertising. Governing regimes, like the Chinese Communist Party, explicitly intend to use those results to eliminate political disagreement, to extinguish the very ideas of democracy and the rule of law through perfect political repression.

Such a scenario, already being practiced across the Himalayas or in other repressive regimes like Russia or Iran is what skeptics have been warning about. Earlier this year, a Bangalore-based company OnGrid that markets itself as a consent-based trust platform that offers verification services and background checks, put up a picture identifying random people in the crowd using their Aadhaar numbers that sparked controversy and invoked Orwellian dystopia.

Technical vulnerabilities

For those of us who study cyber security Yahoo, MySpace, Tumblr breaches, US voters database breach, US Department of Health and Human Services loss of data of 5 million individuals, Democratic National Committee hack are only a few of the instances that expose vulnerabilities of centralised databases.

Aadhaar’s database will cover the world’s second largest population. If (or when) the database is compromised, it will not be possible for people to change their passwords. Biometric data is essentially unchangeable. Whether the retinal data currently stored, or the entire human genomes that may eventually be stored there, a breach in the Aadhaar data store will disperse information crucially identifying each Indian and that cannot be modified in response to the loss. Several reports of data leakages through third parties are already trickling in.

Our society will be well-served if Aadhaar was restricted only to the six schemes as ordered by the Supreme Court in 2015 for receipt of subsidies. We should demand an architecture for Aadhaar that has a "privacy by design" that is built-in and not bolted on the top at a later stage as a ‘jugaad’. It would serve us well if we stopped seeing Aadhaar as a panacea for all problems that plague us today.

India has a lot to gain from developing our own “for-profit, pro-privacy IT for humanity”, instead of obsessing over a system, the likes of which have been rejected by democratic economies for a long time. India can not only secure its strategic economic role in the 21st-century global order by securing its own population in the way the Supreme Court judges have envisioned, but also restoring a new privacy respecting the technical environment.

The author is a technology lawyer and founder of SFLC.in