July 4, 2019
Mahua Moitra speaks on The Aadhaar and Other Laws (Amendment Bill), 2019
Hon’ble Chairman Sir, I rise today to oppose the Amendment to Aadhaar Bill, 2016. This Bill violates the Supreme Court judgment. It’s a complete lack of transparency; it’s a lack of public consultation and scrutiny by any Parliamentary Committee. You tabled this Bill earlier this year in spite of opposition from us. You couldn’t pass it in the Rajya Sabha and then you issued an Ordinance, in spite of there being no extraordinary circumstances whatever.
Sir, what this Bill does is strike at the very heart of the privacy of an individual and privacy of an individual’s data. This is what the Supreme Court in their 4-1 judgment also tried to talk about. There are three very problematic clauses in this amended Bill. The first is Clause 7 of the amendment to Section 4 of the parent Act. It says that you are mandating an authentication of an Aadhaar number holder for the provision of any service if required by law made by Parliament. So what are you doing? You are going and amending the parent law, which is namely the Indian Telegraph Act and the Prevention of Money Laundering.
I’m going to go through this section by section and point out where we are. Now, I’ve counted in more than 11 places of this Bill you say that ‘as specified by regulation’. But on page 15 of the amendment you say that it is a Memorandum of Delegated Legislation, where you say regulation is an administrative matter of procedure and not practicable to provide for it in the Bill itself. But this is integral to the Bill; privacy of an individual and privacy of an individual’s data. How in 11 places can you say that this is specified by regulation?
Now in Section 2, talking about an alternative virtual identity. The entire idea of Aadhaar was to set up a unique 12-digit number. If we have gone through and traversed such a long distance to come up with a unique 12-digit number, where is the question Sir, for coming up with another alternative virtual identity? Is this not another way to just bypass the Supreme Court judgment which struck down Clause 57? In 2 A(a), you are inserting a scary new clause where you say that Aadhaar ecosystem includes enrolling agencies, registrars, requesting agencies, offline verification and any other entity as may be specified by regulation. Same thing; you go back to Memorandum of Delegated Legislation, you say that this is something not practicable to put in the Bill.
Sir, we are in the Parliament, we are debating a Bill, how can I debate the Bill and be expected to give my assent for something I’m not clear about, not transparent about?
When we go to 2 P(a), you say offline verification. It is the process of verifying the identity of the Aadhaar number without authentication through such offline modes as may be specified by regulation. Again I have no transparency about what this ‘Offline Number’ is. You don’t tell me about the method of verifying it is; you say as specified by regulation, and it’s not integral to the Bill. Again this completely shrouded in mystery. Now, what does this mean? Does this mean you are handing over my Aadhaar number to some private agency, the means to authenticate my number offline?
You are seeking parliamentary assent for something which I am not clear about. Now, what if the ‘ecosystem’ fails? You have set out this Aadhaar ecosystem, what if it fails? You say there are alternative and viable means which would be specified by law. Today, I am giving up my biometric data, my most private date to a private agency. If the ecosystem fails, you are saying that three viable means to recourse, but I don’t know what they are; they have not been specified.
We come now to section 5-4 A. This is very important. You say “comply with such standards of privacy and security as may be specified by regulation”. Again, there is no standard of privacy and security today. Sir, there is no Data Protection Act. This is a classic case of the ‘cart before the horse’. You are saying that this is going to be specified, this is going to be privacy and security. In the absence of a Data Protection Act, which is what the Sri Krishna Commission report said we should do, with Justice Sikhri and the other judges also laid out that in the absence of data protection how can you ask me to give up my information to a private agency? How is this possible? This is integral to the Bill, Sir. You cannot have the cart before the horse. Give us recourse, put a viable framework in place, we will give assent, there is no problem.
When we go to section 5- 4 A (3), you are seeking authentication for such purpose as the central government in consultation with the authority and in the interest of the state. This is a very scary clause. Sir this is giving you the carte blanche to do anything, anything the Central Government, that is in the interest of the state, they can speak to the Aadhaar authority and decide.
Aadhaar, when it was set up, it was meant to provide services to the poor, it was never meant to get data. The idea of Aadhaar was not to get acquisition but was a means to give services to the poor distributives. We are Consulted Fund of India. This is also extremely important to give subsidy and other things to the Consolidated Fund of India. What has the Aadhaar become now? Aadhaar has become a way to get information for private entities, my bank which is contracted to me, my telecom providers who have no business getting my private information. This proves agencies today are using this as a means to extract data. It’s original idea for the poor to get subsidies is completely turned on its head.
In the Sri Krishna Commission Report, Justice Sri Krishna had recommended that the Aadhaar authority is anonymous with no Government interference. This clause 5 -4 A(3) completely flies in the face of that recommendation, because it says that the Central Government in consultation with the authority in the interest if the state can do anything.
We come to Section 7. The Supreme Court judgement said the Aadhaar must be used to provide services to the Consolidated Fund of India and Section 57 which with any contract, any corporate basically anything private was struck down. They said for any other purpose we would strike it down. Section 57 as a whole was struck down. This particular Bill it seems to me is not even hiding the fact, it’s absolutely open in its objective, which is to bypass the striking down of Section 57 and to allow private entities, telecom providers, banks to get access to our biometric information. The bank account is not coming from the Consolidated Fund of India, telecom providers have nothing to do with the territory of India, and you’re amending the PMLA.
What is the PMLA? Prevention of Money Laundering Act. It means if you have a problem, if you have been flagged as somebody who is of ‘interest’ – you may be a money launderer, you may have an account in the Cayman Islands – the PMLA can be used. In this case, every law-abiding citizen is assumed to be a money launderer. Sir, this is reverse onus. It flies in the face of any proportionality, of anything of law. If you are assumed to be a money-launderer, all of us law-abiding citizens must give our biometric data. Let us be flagged. If I have five or six Swiss bank accounts and you want my data, have it by all means. You have the right to do it. You cannot expect law-abiding to give up data. You are changing the very substratum of the judgement, the substratum of the concept of privacy in our Constitution.
When we go to clause 7(8A) says that every offline verification-seeking entity shall inform the individual undergoing offline verification – in the case of a child, his parent or guardian – the following details, and which must be written and must be fair. Sir, we are dealing with a country where the majority of the people are poor, where the majority of people are not informed, where people get a Jio card and give up their Aadhaar number because the former is giving them free data – they have no idea even of what they are giving up. In such a case, which entity is going it give it in writing and which person receiving it is going to understand that they are getting? The government is meant to look out for the interests of the poor, the government is not there to help private agencies in getting information from them.
The most important thing here is, the majority Supreme Court judgement said, in section 12, that a secretary should be associated with a judicial officer in the interest of national security. It used the term ‘preferably’. But in the Bill you have deleted it. My personal biometric information is being disclosed in the interest of national security, so obviously extra measures should be taken. When the Supreme Court has said a judicial officer should be there, why have you deleted that clause?
Clause 16 is again very scary. When you are introducing a concept, which is that an offline verification-seeking entity, you are creating an alternative identity. Why should I give an alternative identity in the hands of private individuals? This is interfering with my relationship with my bank. You are forcing me to give my biometrics by law to a bank or a telecom agency.
Then we go to section 37 and 38 of the principal Act, which deal with penalties which are available to the authorities for unauthorised access to the Central Data Repository (CDR). I am the person, it is my data. Why are sections 37 and 38 not applicable to me? Why should I not have recourse to the law when my data gets hacked from the CDR? How come the authority has recourse and I as an individual don’t? I have the first right over it, and yet I don’t have access. What is this?
You are now amending in section 24 The Telegraph Act. You are saying that you can use a passport and ‘any other document notified by the Central Government which will get notified.’ As of today, there is no notification. Only 5 per cent of Indians have passports. So you not notified the other documents, only 5 per cent have passports – so you either give Aadhaar or give passports. What does this mean? You are forcing people to give Aadhaar.
Next is clause 25. You are inserting a new section, 11A, to PMLA which allows banking companies to conduct Aadhaar-based authentication and offline verification. So by amending the parent Act, you are changing the very substratum of the judgement. You are trying to bypass the judgement as well as the right to privacy, which is entitled to us in the Constitution.
We urge you that in the absence of that, please open it to public consultation and please have closer scrutiny by referring it to a Standing Committee. This is what I would request you.