Asheeta Regidi

Aadhaar and its alleged surveillance capabilities has been a major subject of dispute among those for and against Aadhaar. In yesterday’s Twitter Q&A session, the UIDAI yet against insisted that Aadhaar is nothing but a tool for identification. Technical experts, on the other hand, have long since been asserting the surveillance capabilities of Aadhaar, and this has now taken the form of affidavits before the Supreme Court in the ongoing Aadhaar case. The Bench, however, expressed some apprehensions as to the extent to which they could go into highly technical details of the Aadhaar system. Moreover, as per the Bench, every technology is capable of misuse, so shouldn’t the real solution lie in suitable laws.

However, looking at even express surveillance technologies, their very installation is subject to multiple procedural safeguards. Privacy violations through surveillance have never been taken lightly, by the law or the Courts. Aadhaar, if it is a surveillance technology, in effect negates all of these safeguards developed over the years, and creates a nation-wide, pre-built surveillance system, which is capable of privacy violations way beyond what the boundaries of a law can protect. The real dangers of Aadhaar are defined by what it actually is, and not solely by the purpose for which the law has established it. It is thus essential that the Supreme Court thoroughly evaluates the technology behind the Aadhaar system. If Aadhaar is indeed fundamentally a surveillance technology, as alleged, then its potential for privacy violations is much larger.

The psychological impact of surveillance

Consider the case of US vs Jones, where a GPS device installed in a suspect’s car was ruled to be a violation of his privacy. In Kharak Singh vs State of UP, Justice Subba Rao spoke of the psychological impact of surveillance on a person. The US vs Jones judgment, Justice Sotomayor, similarly describes the precise, comprehensive nature of a person’s profile that could be derived from GPS monitoring in general and the data derived from it. This includes, for example, trips to “the psychiatrist, the plastic surgeon, the abortion clinic, the AIDS treatment center, the strip club, the criminal defense attorney, the by-the-hour motel, the union meeting, the mosque, synagogue or church, the gay bar and on and on…”. Looking at the Indian context, with issues like racism, political associations, sexual orientation, medical conditions, all being highly sensitive issues, brings to light the effect as noted in this case, that ‘awareness that the government may be watching chills associational and expressive freedoms’.

Assuming that Aadhaar is a surveillance technology, as alleged, an analogy may be drawn with the installation of a GPS device. Aadhaar, then, would be a case where the GPS is being installed in the name of, say, identifying the owner of the car, instead of expressly stating that it is for the purpose of surveillance. Just because the law, on paper, installs the GPS for the purpose of identification, doesn’t stop GPS data from creating a data trail that allows the tracking of a person, and there is nothing to stop the GPS data from being used as a surveillance technology in the future.

The technical affidavits presented in the Aadhaar case, for instance, argue that each electronic device has a unique ID, and when it is linked with the CIDR, it is assigned another unique ID. Together, these create a unique digital path allowing real and non-real time tracking of transactions, time and location of Indian residents.

Looking at the impact of the surveillance potential of Aadhaar, the petitioners further argue that the Aadhaar system ties every citizen to an ‘electronic leash’, designed to track transactions across the digital life of a citizen. They argue that the profiling of citizens, their movements and their habits will allow the State to silently influence their behavior, and also stifle dissent and influence political decision making. They also argue that several state governments have already started building such profiles of residents.

Having a state installed surveillance system

The impact of state surveillance of a person, however, is not in issue in this case. The issue is whether an identification technology, which the law prohibits from using as a surveillance device, can have the same limiting impact. It again comes down to the technology behind Aadhaar, and the extent of the surveillance capabilities of that technology.

Going back to the Aadhaar GPS analogy, the fact is, the psychological impact of a GPS device in your car, does not change based on whether or not the device is actually being used as a surveillance device. If it is a surveillance device, its very presence in your car, the fact that it is a state installed device, and the fact that it could be collecting your data at any and all points of time, can have the same chilling effect on a person’s freedom. This can lead to people avoiding places that they would normally freely visit. People may even choose to opt out of driving and walk instead. Except that id a system like Aadhaar is a surveillance system, you wouldn’t even have such a choice.

For example, the petitioners in the Aadhaar case argue that every basic facility, like bank accounts, ration, pension, school admissions, and so on, are linked to the Aadhaar system. If an Aadhaar number is deactivated, they argue, it would make access to all these basic facilities impossible, thus making living in society very difficult. Opting out of the Aadhaar system to avoid surveillance, would also have the same effect.

Legal limitations cannot prevent violations

Even limitations imposed under the law would not prevent the violations that could be possible with such a system. Misuse of a limited surveillance capability like that through telephone tapping was evident in the PUCL case. To allow the installation of a nation-wide surveillance system would make its misuse that much easier, despite any applicable laws. Consider the controversial executive order which enables surveillance by the NSA in the US, which requires ‘full consideration’ to be given to the ‘rights of US persons’. Based on Snowden’s revelations, clearly, no consideration was given to these rights.

A new law can easily permit NSA like surveillance

Moreover, if Aadhaar is fundamentally a surveillance technology, then to use it as such, all it would take is for a new law permitting the surveillance. In the Aadhaar-PAN judgment, for instance, the Supreme Court clarified that there was nothing to prevent Aadhaar, an identification technology, to be used voluntarily for the purpose of receiving subsidies under the Aadhaar Act, and mandatorily for a different purpose like preventing black money under the Income Tax Act.

It is equally possible, thus, that a new law allows the mandatory use of Aadhaar technology, to conduct surveillance for the purpose of preventing terrorism. Consider, again, the executive order enabling NSA surveillance. This, for instance, allows ‘all means’ to be used to ‘develop intelligence information’. A similar law could easily permit the use of the pre-built surveillance system to be used expressly for surveillance. (Do note here that the Supreme Court is yet to hear the Aadhaar PAN case with respect to whether the linkage violates the fundamental right to privacy).

Circumventing procedural safeguards

The U.S. v. Jones case, dealt with a known surveillance device, established expressly for the purpose of surveillance, and under a surveillance law. The fact that procedures established such as place and time of installation, time for which the surveillance is conducted were not strictly followed, were all major issues, despite there being a search warrant. The PUCL case, similarly, prescribed several procedural safeguards to prevent the misuse of telephone tapping laws.

An important difference is that these cases dealt with surveillance technology that was installed without the person’s knowledge. The issue of the impact of surveillance, in general, was raised in the U.S. v. Jones case but left unaddressed. The issue of whether a surveillance technology installed with the person’s knowledge but for a purpose other than surveillance, has the same impact on privacy is also unaddressed.

Nevertheless, the cautious nature with which surveillance technologies are been treated, whether through laws or the courts, is a recognition of the inherently violative nature of a surveillance technology. In some places, like the US and Australia, the law punishes the ‘installation or use’ of a surveillance device, indicating that the very installation of such a device is punishable. Establishing a nation-wide surveillance technology, under the pretext of an authentication technology, does not change the fact that it is the same inherently violative technology. The only effect is that this method effectively circumvents every one of the several safeguards prescribed over the years for the installation of a surveillance technology.

The least invasive violation of privacy

Whether or not Aadhaar is a surveillance technology will have a major impact in assessing the extent to which it violates, and in future could violate, the right to privacy. It is true that even a fundamental right is subject to restrictions, and it can be legally invaded within the boundaries of the law. But even in such a case, surely the least invasive violation must be preferred.

A need for an identification technology does not justify the set up of a nation wide surveillance system. Something as inherently violative as surveillance technology calls for the Court’s intervention at its very establishment. It is thus crucial that the Supreme Court go into the technicalities of the technology behind the Aadhaar system and assess the extent of its surveillance potential.

Read our past coverage of the on-going Aadhaar Supreme court hearing:

Lack of governmental ownership of CIDR’s source code can have serious consequences

Will State give citizens rights only if they agree to be tracked forever, asks lawyer Shyam Divan

Coalition for Aadhaar: A collective of private companies wants to ensure that Aadhaar ID and related services continue to be offered

The author is lawyer and author specializing in technology laws. She is also a certified information privacy professional.