The Aadhaar amendment and private sector access

The Lok Sabha passed the Aadhaar Amendment Bill, aiming to facilitate the continued use of Aadhaar within constraints set by the Supreme Court. The bill emphasizes voluntary use, gives statutory legitimacy to offline verification, strengthens privacy provisions, and controversially allows the private sector to regain access to Aadhaar infrastructure.

This article was first published in The Mint. You can read the original at this link.

In the most recent twist in the Aadhaar saga, the Lok Sabha passed the Aadhaar Amendment Bill last week. This development has been met with widespread criticism and allegations that the government is trying to do indirectly what the Supreme Court has prohibited it from doing directly.

The bill is clearly the government’s attempt to facilitate the continued use of the Aadhaar infrastructure within the constraints laid down by the Supreme Court. To this end—and probably inspired by a passing remark made in paragraph 367 of the majority opinion—it adds new language to Section 4 of the Aadhaar Act to make it clear that Aadhaar number holders can, of their own volition, use their Aadhaar number to authenticate themselves. This emphasis on voluntary use has been reinforced by amendments to the Indian Telegraph Act and the Prevention of Money Laundering Act that stipulate that all identity verification requirements under those statutes can be met using any one of the three different forms of identification.

The amendment bill also looks to give statutory legitimacy to the concept of offline verification, a process by which Aadhaar number holders can identify themselves using QR codes issued by the UIDAI. As this mechanism does not require access to the Aadhaar authentication infrastructure, it is hard to argue that it is inconsistent with the mandate of the Supreme Court. By giving offline verification the same level of importance as online authentication, it looks like the government is going to actively promote its widespread use.

The amendment bill has also significantly strengthened the privacy provisions of the Aadhaar Act. For instance, the revised Section 29(3) will now state that identity information can only be used for purposes informed to the individual in writing when he/she was authenticated. Section 29(4), which was previously limited to the Aadhaar number and core biometric information, is being amended to state that all demographic information and photographs collected or created under the Aadhaar Act can only be published, displayed or posted publicly for purposes that have been specified by regulations.

The most strident criticisms of the amendment bill have, however, been reserved for the manner in which it has allowed the private sector to regain access to the Aadhaar infrastructure. In its judgment, the Supreme Court had declared that the portion of Section 57 that allowed corporations and individuals to seek authentication was unconstitutional. This observation had been widely interpreted to mean that the private sector can no longer use online Aadhaar authentication.

As previously pointed out in this column, this has resulted in some unforeseen consequences. Many of the benefit schemes that depend on Aadhaar—whose continued use of the Aadhaar authentication system has been endorsed by the Supreme Court—rely on a mixed public-private infrastructure to reach the far corners of the country. If the private sector can no longer be part of this infrastructure, these Aadhaar-related benefits will no longer reach their intended beneficiaries. This cannot have been the outcome that the Supreme Court intended to achieve and it is clear that the government wants to amend the statute to allow such access to continue.

The amendment bill proposes the omission of Section 57 in its entirety. By doing this, the government is looking to set at naught all the nuanced observations of the Supreme Court about the constitutionality of certain parts of that section. But how does deleting Section 57 allow private sector access?

As it happens, authority to access the Aadhaar authentication infrastructure was never derived from Section 57 in the first place. That authority has always come from Section 8, which states that the authority must carry out authentication in response to a request submitted by a requesting entity. The term “requesting entity" has been defined extremely broadly in Section 2(u) to mean any agency or person that submits information of an individual for authentication. It, therefore, includes within its meaning private entities.

By contrast, Section 57 is an enabling provision that says that nothing in the Act should come in the way of a body corporate or other persons using an Aadhaar number to establish the identity of an individual. If it were to be deleted, it would be possible for the government to argue that a combined reading of Section 8 and Section 2(u) allows private persons to authenticate using Aadhaar.

This is the real reason why Section 57 is being omitted. It offers up a creative solution that allows the government to delete the one section on which the Supreme Court had made specific observations as to the constitutionality of private sector access, while leaving undisturbed those sections from which the true authority for the private sector’s access to the Aadhaar authentication system has been derived.

It is worth pointing out that though the omission of Section 57 constitutes a legitimate exercise of legislative authority, some might argue that this runs counter to the court’s implicit observations on the use of Aadhaar infrastructure by private parties. That said, given the contradictions inherent in the judgment, these are exactly the sort of solutions we will need to find if the public-private infrastructure, on which most of the Aadhaar-based benefits depend, is to survive.