The Aadhaar Bill Is Yet Another Legislation That Leaves Too Much Power With The Government At The Centre

Like many legislations passed in India, Aadhaar is excessively transfers law-making power to the government at the centre, and its appointed bureaucrats. Pallava Bagla / Corbis

On 11 March 2016, the Lok Sabha passed the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefit & Services) Bill, 2016. The legislation, introduced by the finance minister Arun Jaitley on 3 March 2016, is aimed at creating a legal framework to govern the aadhaar number scheme that was introduced by the UPA Government in 2010 as a means to create a unique identity for each resident. The uniqueness of the identity lies in the belief that the biometric data, such as fingerprints and iris scans required, to obtain the identification, are near-impossible to replicate, and would ensure that no single person is able to acquire multiple aadhaar numbers. At the time the project was conceived by the Planning Commission in 2006 the aadhaar number was projected as a foolproof remedy to plug leakages in the distribution of subsidies. A central government agency, the Unique Identification Authority of India (UIDAI) was set up to manage the collection of data, its verification and the issuing of aadhaar numbers. With time, the possible uses of UIDAI multiplied manifold, with several states demanding aadhaar number as proof for such as registration of land, or marriages.

Politically, the aadhaar project has been attacked by both the ideological right and left. The right accused the project of compromising national security by not requiring potential applicants to submit citizenship proof. This may, critics claimed, give illegal immigrants the opportunity to get a valid government-approved identity card, which would then allow them access to a wide range of government services. During the election campaign against Nandan Nilekani, the first chairperson of the UIDAI (Nilekani resigned in 2014, three days after joining the Congress), his opponent for the Bangalore South seat, Ananth Kumar of the Bharatiya Janata Party, had slammed the project. “If you illegally enter other countries, you are shot at or put in jail. But if anyone illegally enters India, he is given citizenship. This is the contribution of Aadhaar,” Kumar said. “Half of Assam is occupied by Bangladeshis. Aadhaar is the biggest fraud in the country.” Civil society activists on the left expressed serious concerns regarding the privacy implications of the project—that collecting personal data was an invasion of privacy, and subject to the danger of misuse—as well as the viability of the technology, since it had never been validated on a scale of a billion people. The privacy issue led to public interest litigation before the Supreme Court. The present Aadhaar Bill is a direct result of that litigation—it created uncertainty over the use of the aadhaar number, which the government was counting on as the key component of its Jan-Dhan-Aadhaar-Mobile (JAM) platform of governance. However, in its current form, the bill, like many legislations passed by the Indian parliament, is plagued with the problem of excessively transferring the power of law-making back into the hands of the government at the centre, and its appointed bureaucrats.

The Aadhaar Bill is based primarily on the former United Progressive Alliance government’s draft National Identification Authority of India Bill, 2010, which was rejected in 2011 by a parliamentary standing committee headed by the BJP leader Yashwant Sinha. Although the National Democratic Alliance government’s version of the bill was introduced with the intent of primarily putting to rest the privacy issues raised before the Supreme Court, the legislation takes care to completely omit the use of the word “privacy” in the bill. It does, however, incorporate certain safeguards to protect the “confidentiality” of the information collected and stored by the UIDAI. This change is noteworthy: there is a key legal distinction between both terms. Confidentiality is usually the result of a mutual contract, while privacy is the political right to be left alone. The omission of the term “privacy,” from the Aadhaar Bill is telling in the post-Snowden era, especially in a country like India where the national security establishment has adopted mass surveillance programs like the Centralised Monitoring System with almost no safeguards in place to prevent an abuse of power: it bolsters the fear that the government is not keen on defining a privacy right which could be used as a precedent in the future.

However, while national security and privacy are both important issues, the issue most likely to affect the poor and vulnerable is actually the language of the Aadhaar Bill, which, like the NIAI Bill, liberally delegates crucial law-making powers back to the UIDAI. This problem is not unique to this legislation, and is merely reflective of a larger problem in Indian law-making. In an ideal democracy, the parliament enacts legislation, the executive implements it, and the judiciary adjudicates disputes. Each arm of the state is meant to act as a check on the powers of the other, with the parliament—the most powerful of the three— being directly elected by the people. But in reality, the separation of powers between each arm of the state is not clearly defined. The executive, along with its adjuicatory powers, usually exercises some law-making powers as well. In a healthy democracy, the challenge is to maintain just the right balance between these different arms. In India, though most legislation is eventually enacted by parliament, it is first drafted by the executive, resulting in a tendency to draft laws that tilt the balance of power in its favour. This is most often done through the instrument of delegated legislation: bills introduced in Parliament contain provisions that allow the executive to draft “rules” or “regulations” for implementing the overall policy of the legislation, which the executive can draft after it has passed. When the bills are enacted into law by parliament, then, the government at the centre is allowed to exercise a law-making power of a substantial nature. While some form of delegation of rule-making power to agencies is legal, necessary, and perhaps even welcome, legislators in parliament need to be wary of it, because the bureaucracy that makes up the executive typically avoids strict accountability measures, making life difficult for the common citizen.

The gravity of this problem can be easily illustrated. For instance, the Right to Information Act, 2005 delegated some powers to individual public authorities to make rules for the implementation of the Act. This power included the mode of submitting an application and the fee to be paid with it. The registries of several high courts, which deal with the administrative side of the judiciary, used this rule-making power to fix the application fee as high as Rs 500, which is 50 times the fee prescribed by the central government in its own rules for each of its ministries The government of Uttar Pradesh has recently been in the news for proposing amendments to its RTI rules that impose a 500-word limit on RTI applications and do away with the requirement to publicly display the names of officers responsible for them. The centre is in the process of circulating these amendments amongst all states to solicit views of their governments—a move that activists have interpreted as setting the ground for amending the centre’s own RTI rules. Another example of delegated legislation is the Information Technology (Intermediaries Guidelines) Rules, 2011, for which the parliament delegated the rule-making power to the government as allowed under Section 79 of the Information Technology Act of 2001. The rules were meant to be provide a list of conditions that internet intermediaries were required to follow in order to not be held liable for the unlawful actions of their users. The government’s draft rules required users to take down even blasphemous content, despite blasphemy not being an offence under Indian law. These examples of delegated legislation, some of which are technically legal, end up frustrating the purpose of the law. The devil in the law making process, then, lies in the rules.

Despite the critical importance of the aadhaar number to all residents of India, especially the poor, as well as the several doubts raised over the accuracy of the technology, the government has not provided for a grievance redressal system in the bill. It included no provision for cases where a person has been denied an aadhaar number or has run into authentication issues, depriving them of access to a subsidy or service. A system of this scale would likely require an independent nation-wide, taluk-level grievance redressal mechanism, but the Aadhaar Bill, 2016 does not even hint at such a mechanism. Instead, Clause 23(2)(s) of the Aadhaar Bill delegates the entire process of setting up grievance redressal mechanisms to the UIDAI. It is not good policy to leave such a vital function to the very agency that is responsible for the administration of the project.

There are several other powers which the Bill delegates to the UIDAI. The list includes critical definitions in the Bill, such as biometric information, which is currently defined in the Bill to include photographs, fingerprints, iris scans or “any other such biological attributes of an individual as may be specified by regulations.” This essentially means that the UIDAI may at any time in the future change the scope of biometric information to include other biological attributes, and could do so without parliamentary approval. The same story is repeated with the definition of “demographic information,” which currently includes criteria such as name, date of birth, and address. This leaves the door open for the UIDAI to amend this definition to widen the definition in the future although, currently, the definition clearly prevents the UIDAI from requesting certain information, such as race, religion, caste etc. The proof or evidence required to establish the authenticity of “demographic information” is going to be of critical importance in determining whether the homeless and the migrant labourers without identity documents get an aadhaar number. The UIDAI has special procedures to deal with such cases but as exposed by the news website Cobrapost in a sting operation, these procedures have been abused by corrupt lower-rung officials to procure aadhaar numbers for illegal immigrants. The parliament must accurately define “demographic information” and clearly specify the proof to be submitted in order to be granted an aadhaar number.

Similar clarity is also necessary for Clause 5, which requires the UIDAI to take “special measures to issue Aadhaar number to women, children, senior citizens, persons with disability, unskilled and unorganised workers, nomadic tribes or to such other persons who do not have any permanent dwelling house and such other categories of individuals a may be specified by regulations.” There is, however, not a morsel of information in the Bill about the nature of such special measures, although the the UIDAI website claims to have a system in place to handle such situation. It is alarming that the parliament has not debated these issues, but has instead signed away these powers to an executive authority.

Regarding the process of “authentication” itself, Clause 8 states that the UIDAI “shall perform authentication of the Aadhaar number of an Aadhaar number holder submitted by any requesting entity, in relation to his biometric information or demographic information, subject to such conditions and on payment of such fees and in such manner as may be specified by regulations.” The method of authentication and the fee payable for such authentication are critical functions which lie at the heart of the aadhaar project. Currently as per the UIDAI website, authentication can take place in 5 different ways: by matching the aadhaar number and demographic attributes of a resident; by allowing the requesting authority to send a One-Time Password (OTP) to a resident’s mobile number and the email ID listed for them in the UIDAI database; by using either a fingerprint or iris scan; by using a two-factor authentication offering OTP along with one of the biometrics measures; and to combine OTP, fingerprint and iris. But the authentication processes—and the requirement of a mobile phone—are not evident from a simple reading of the Aadhaar Bill. One of the uses of the aadhaar number is its use as a platform for delivery of subsidies to the poor, but if the authentication process selected (by the service or subsidy provider) requires an OTP to be sent to a mobile phone, it could exclude people without mobile phones.

Excessive delegation also makes its way to Clause 7, which allows the central and state governments to decide the subsidies, benefits or services that might make indentification with an aadhaar number mandatory. The provision limits these services to those funded either by the Consolidated Fund of India (CFI), or whose revenue is deposited with the CFI. The CFI is basically the bank account of the Union of India, covering everything from income tax filings to the issuance of voter ID cards by the Election Commission (EC). Last year, the EC carried out a large-scale exercise telling voters that their voter ID cards had to be linked to the aadhaar card failing which, their vote would not be valid. The Chief Minister of Telangana had enthusiastically declared that his state would use the Aadhaar number project to delete 15 lakh bogus voters on the electoral rolls. After a political backlash and intervention from the Supreme Court, the EC rolled backthe program. The power to declare which services require the Aadhaar number for authentication is too awesome a power to be handed over to the central government in the form of a blank cheque; the parliament should require that all subsidies and services be approved by it before the legislation is enacted.

Usually, when any executive authority misuses its legislative power the public and the Opposition would have the option of breathing fire down the neck of the elected minister who oversees the delegatee’s exercise of legislative power. The spectacle of scathing parliamentary debates and biting editorials is sometimes enough to force a minister to act out of fear of a backlash from his or her constituents. While bureaucrats often term such actions as political interference, the voters would likely call it democratic accountability. In the UPA regime, it was such pressure on elected representatives that halted the bureaucracy from bringing ridiculous amendments to the RTI Rules, 2005. The Aadhaar Bill, like its predecessor, the NIAI Bill, is drafted to completely exclude elected representatives from supervision of the UIDAI. The fourth chapter of the Bill proposes a structure for appointing professionals to the posts of the UIDAI chairperson and members. These appointees then have a fixed term of three years, followed by an entitlement to reappointment for a further 3 years. It is difficult for the central government to remove such persons. Such provisions are aimed at ensuring the independence of the chairperson from judicial interference. While it makes complete sense to bestow such lofty provisions of independence on institutions such as the judiciary, tribunals or regulators, there is no logic for bestowing this degree of independence on an authority that is going to be responsible for core governance functions such as the aadhaar scheme.

In all fairness, there is a provision in Clause 50 of the bill that allows the central government the power to issue directions to the UIDAI. But it is doubtful that this provision will be enough to compensate for the lack of direct and daily political oversight of an elected representative, as has often been the case in our Westminister system of democracy.

The NIAI Bill included a safeguard which required the appointment of an Identity Review Committee—in consultation with the Leader of Opposition—to “ascertain the extent and pattern of usage of the aadhaar numbers across the country” and prepare a report for the central government, which would then be tabled before Parliament. Such a report would have likely been based on an independent, critical appraisal of the UIDAI and would have provided a measure of transparency on the workings of the UIDAI. For reasons best known to Jaitley, the provision of the Identity Review Committee has been deleted from the bill introduced by him in Parliament.

It is unlikely the UPA sitting in opposition is going to raise any of the above objections during the voting in Parliament for the simple reason that the government’s version of the Bill is largely based on their draft from 2010. With the aadhaar number very likely to be linked to voter identities, the victims of any possible fiasco with the manner of allocation of aadhaar numbers are likely to not only be without access to PDS rations, but to also find themselves disenfranchised.