News APP

NewsApp (Free)

Read news as it happens
Download NewsApp

Available on  gplay

This article was first published 6 years ago
Rediff.com  » News » Right to privacy is deeply linked to national security

Right to privacy is deeply linked to national security

By Gopal Krishna
October 26, 2017 11:18 IST
Get Rediff News in your Inbox:

Admittedly, EVMs too have a UID number and any convergence of data can make the secret ballot system a party of history, warns Dr Gopal Krishna in the 5th part of his series against Aadhaar.   

Illustration: Dominic Xavier/Rediff.com.

In his 266-page order as part of the 9-Judge Constitution Bench of the Supreme Court, Justice Dr D Y Chandrachud records how this case came before the Bench.

“A Bench of three judges of this court, while considering the constitutional challenge to the Aadhaar card scheme of the Union government, noted in its order dated 11 August 2015 that the norms for and compilation of demographic biometric data by government was questioned on the ground that it violates the right to privacy.

 

“The attorney general for India urged that the existence of a fundamental right of privacy is in doubt…. in the submission of the attorney general, contained observations that the Indian Constitution does not specifically protect the right to privacy.”

This was the third Constitution Bench in the Central Identities Data Repository (CIDR) of biometric Unique Identification (UID)/Aadhaar numbers case which was set up by Chief Justice of India.

In its August 2015 order, the 3-judge bench comprising Justices J Chelameswar, S A Bobde and Nagappan opined that in order to give a quietus to the kind of controversy, it is better that the jurisprudential correctness of right to privacy as a fundamental right is authoritatively decided by a Bench of appropriate strength.

Following which on July 18, 2017, the Constitution Bench was set up by the 44th Chief Justice Jagdish Singh Khehar after almost three years of the order of the Justice Chelameswar Bench, after ignoring the October 15, 2015, order by the 43rd Chief Justice H L Dattu headed 5-Judge Constitution Bench that said, "Since there is some urgency in the matter, we request the learned Chief Justice of India to constitute a Bench for final hearing of these matters at the earliest" for more than two years, and after the arrival and departure of and after almost six years of the filing of the case by Justice K S Puttaswamy (retd) accompanied by some two dozen cases.

Prior to this another 5-Judge Bench was constituted which recommended setting up of this 9-Judge Bench.

Justice Dr Chandrachud authored the order on his own behalf and on behalf of Chief Justice Jagdish Singh Khehar and Justices R K Agrawal and S Abdul Nazeer. His order takes note of the decision in Thalappalam Service Cooperative Bank Limited v State of Kerala (2013), by a Bench of Justices  K.S. Radhakrishnan and A.K. Sikri of the Supreme Court which recorded, “The Privacy Bill 2011 to provide for the right to privacy to citizens of India and to regulate the collection, maintenance and dissemination of their personal information and for penalisation for violation of such rights and matters connected therewith, is pending….

“Recognising the fact that the right to privacy is a sacrosanct facet of Article 21 of the Constitution, the legislation has put a lot of safeguards to protect the rights under Section 8(j), as already indicated.”

The government is attempting to change the goalpost now by talking about the proposal of “draft data protection bill” to ignore the existing right to privacy bill.

His order takes cognisance of the fact that it was only during the course of the hearing of these proceedings that the Union government brought to light an office memorandum dated July 31, 2017, by which it has constituted a committee to “suggest a draft data protection bill.”

Justice Dr Chandrachud observes, “Since the government has initiated the process of reviewing the entire area of data protection, it would be appropriate to leave the matter for expert determination so that a robust regime for the protection of data is put into place. We expect that the Union government shall follow up on its decision by taking all necessary and proper steps.”

He concludes his order saying, “Since the Union government has informed the court that it has constituted a committee chaired by Hon’ble Shri Justice B N Srikrishna, former judge of this court, for that purpose, the matter shall be dealt with  appropriately by the Union government having due regard to what has been set out in this judgment.”

It defies comprehension as to how something which has been accorded due space as part of the premise of the order does not find place in its inference and conclusion. 

Having taken note of the existence of Privacy Bill 2011 which is pending with the government, Justice Dr Chandrachud also takes note of the proposal of “draft data protection bill” which came as an afterthought amidst massive loss of face to the government.

It appears that he has reposed a touching faith in the benign submission of the Union government which can deal with UID/Aadhaar matters appropriately without inquiring about the fate of Privacy Bill 2011.

Such manoeuvres of the government are grossly procedural, formalistic and insincere. The proposal of “draft data protection bill” and the Privacy Bill is akin to putting a cart before the horse. It is akin to putting a Trojan horse of the battle of Troy mentioned in Homer’s epic Odyssey before the court. Homer alludes thrice to the Trojan horse even in Iliad towards the end.

The court’s order missed the opportunity of looking at the composition of the “draft data protection bill” committee, which has given birth to gnawing misgivings. Trojan horses appear harmless, but are, in fact, malicious and deeply destructive.  

The court’s order does not factor in the fact that this committee was announced as part of the arguments of the Union government to ensure that the court does not end up declaring the right to privacy as a fundamental right. The submissions of the government clearly and unequivocally demonstrate this questionable motive.

The terms of reference (ToR) of the Committee does not pay heed to the verdict of the court’s 9-Judge Constitution Bench as it was set up hurriedly ahead of the verdict to outwit the Court.

The ToR pertains to the “study of various issues relating to data protection in India” and “to make specific suggestions for consideration of the central government on principles to be considered for data protection in India and suggest a draft data protection bill” after personal sensitive data of the residents of India has contractually been handed over to foreign transnational companies like Accenture, Mongo DB, Safran Group and Ernst & Young for up to seven years only. 

MongoDB (formerly called 10gen) is a technology company from the US and a NoSQL database startup. In 2012 it raised funding from the CIA-backed In-Q-Tel, an independent non-profit venture backed by the CIA and other U.S. intelligence agencies. This company is a Palo Alto and Manhattan-based database software provider in the $30 billion relational database market.

Relational databases commenced in the 1970s when computers were moving away from punch cards (that facilitated the Holocaust in Germany using census data) to terminals. UIDAI’s relationship with MongoDB (extracted from "huMONGOus," meaning"extremely large") remains under cloud. It is apparent that UIDAI has compromised vital data of Indians by such tie-ups.

In response to a question as to the names of UIDAI officials who met MongoDB’s CEO during all the meetings, the UIDAI said, “DDG Tech Centre and ADG IT-II, Tech Centre” met him.

In reply to the query about the copy of the full contract signed between UIDAI and MongoDB, and/or any of its previous or successor names / titles / agents, UIDAI and IBM, UIDAI and Oracle and UIDAI and In-Q-Tel, the UIDAI has written, “No contract signed” between UIDAI and MongoDB, and/or any of its previous or successor names / titles / agents and “No contract signed” between UIDAI and IBM.

With regard to the query about contract between UIDAI and Oracle, UIDAI has stated, “Production support for MySQL is provided by Oracle; not contact signed.” 

This reply reveals that UIDAI is engaging companies like Oracle and others without signing any contract. As to contract agreement between UIDAI and In-Q-Tel, UIDAI has written “No contract signed” between them. Oracle too is also in the business of ‘cloudifying’ database that seems to have the potential to turn governments into puppets at least as far as control over database is concerned. 

In response to the query about “the country of registration of above listed companies and the names and profile of the persons as the Board of Directors”, UIDAI has given an evasive reply stating, “No Information is known”. The RTI reply is dated February 14, 2014, by UIDAI but it was received on February 21, 2014, by Speedpost.

The reply states that the point-wise response to the RTI application was given by the Tech Centre, Bangalore, UIDAI. It has not been explained as to what transpired at the meeting of UIDAI officials like DDG Tech Centre and ADG IT-II, Tech Centre, Bangalore, with Max Schireson, CEO of MongoDB.

It is inexplicable as to why there is obsession with ensuring benefits for private/NGO sector using citizens’ personal sensitive information.

This reply merits a probe by a high powered parliamentary committee or a Supreme Court constituted committee.

The proceedings on record make it abundantly clear that the office memorandum dated July 31, 2017, was issued under the signature of Rakesh Maheshwari, group coordinator, Cyber Law and Unique Identification Authority of India (UIDAI), ministry of electronics and information technology ahead of the court verdict as part of their argument underling that right to privacy is not a fundamental right. 

It is not surprising that the ToR of the committee has failed to encompass all aspects of privacy and data protection in the era of e-commerce, drones, Google maps, Facebook, Twitter, smartphones, Ola-isation and Uber-isation in the aftermath of revelations by Edward Snowden, Chelsea Manning and Wikileaks.

It is significant that such revelations have found mention the verdict of the court saying, “Edward Snowden shocked the world with his disclosures about global surveillance.” 

It is equally significant that Parliamentary Standing Committee on Information Technology that examined the work of department of electronics and information technology, now called  MeitY, also asked about the surveillance by National Security Agency of the US.

It desired to know the department’s stand on the issue of surveillance by the US and interception of data sent through e-mails in its Twenty-seventh Report.

The committee was perturbed by the government’s unpardonable callousness towards the security ramifications of storing UID/Aadhaar data on cloud and the failure to enact a legal framework for right to privacy.

The tenure of Nandan Nilekani as the first chairman of Unique Identification Authority of India commenced in July 2009 and ended in March 2014 as a member of the Indian National Congress but the promised right to privacy bill did not see the light of the day.

The tenure of V S Madan, second chairman of UIDAI, too commenced and ended without the enactment of the right to privacy bill.

The tenure of J Satyanarayana as the third chairman too has not been able to do anything about it.

It is apparent that the government is attempting to change the goalpost now by talking about the proposal of “draft data protection bill” to ignore the existing right to privacy bill.

It is noteworthy that the government has admitted before Parliamentary Standing Committee on Finance that examined the issue of UID/Aadhaar numbers may involve certain issues, such as (a) security and confidentiality of information, imposition of obligation of disclosure of information so collected in certain cases, (b) impersonation by certain individuals at the time of enrolment for issue of unique identification numbers, (c) unauthorised access to the Central Identities Data Repository (CIDR), (d) manipulation of biometric information.

The Parliamentary Committee observed, “There is no law at present on privacy, and data protection”. The government told the committee that “collection of information without a privacy law in place does not violate the right to privacy of the individual.”

The committee recommended that legislation on UID/Aadhaar would be appropriate “only after passing the legislation on privacy, and data protection so as to ensure that there is no conflict between these laws.”

The parliamentary committee recorded what the Philippines supreme court said in a similar context. It said, ‘The data may be gathered for gainful and useful government purposes; but the existence of this vast reservoir of personal information constitutes a covert invitation to misuse, a temptation that may be too great for some of our authorities to resist.’

It is noteworthy that the National Informatics Centre had pointed out that the issues relating to privacy and security of UID data, in case the data is not hosted in a government data centre requires consideration.

But UIDAI opined that the hosting of data in a private data centre does not necessarily lead to a violation of privacy or security. Appropriate contractual arrangement shall be put in place with the data centre space provider to ensure security and privacy of the data. This reply was given in the Rajya Sabha and is reproduced in the committee’s report. 

The parliamentary committee recorded the findings of the Report on UK’s Identity Project by London School of Economics stating that ‘…..identity systems may create a range of new and unforeseen problems……the risk of failure in the current proposals is therefore magnified to the point where the scheme should be regarded as a potential danger to the public interest and to the legal rights of individuals’.

Taking cognisance of this report the United Kingdom shelved its identity cards project for a number of reasons, which included: (a) huge cost involved and possible cost overruns; (b) too complex; (c) untested, unreliable and unsafe technology; (d) possibility of risk to the safety and security of citizens; and (e) requirement of high standard security measures, which would result in escalating the estimated operational costs.

Notably, at the outset, the government, Wipro Ltd and UIDAI had cited the United Kingdom’s identity cards project as an example for the CIDR of the UID/Aadhaar number scheme.

Notably, too, Wipro Ltd had submitted a 14-page long document titled ‘Strategic Vision: Unique Identification of Residents’ to the processes committee of the Planning Commission.

Its vision statement reads: ‘Creating a unique identification system of all residents in the country for efficient, transparent, reliable and effective delivery of various welfare and private services to the common person.’ 

It is inexplicable as to why there is obsession with ensuring benefits for private/NGO sector using citizens’ personal sensitive information. 

Meanwhile, the use of electoral database mentioned in Wipro’s document remains part of the agenda. A confidential document of UIDAI titled ‘Creating a unique identity number for every resident in India’, leaked by Wikileaks on November 13, 2009, revealed, ‘It is likely that this number will then persist as the key identifier through the individual’s various life events, such as joining school, immunizations, voting etc.’

Wipro’s document envisaged the close linkage that the UIDAI would have to the electoral database. This paves way for all-round surveillance adversely impacting political rights of present and future generations and making right to have civil rights extinct.

It also has the potential to hijack India’s democratic system by converging CIDR with electoral database, and EVMs. Admittedly, EVMs too have a UID Number. Such convergence can make the secret ballot system a party of history.   

After the UK abandoned its’ biometric identification based identity project Wipro Ltd and others have maintained a deafening silence. Besides being a consultant of the Planning Commission for preparing the vision document on UID of Residents, Wipro Ltd has also been among the companies were awarded contracts by UIDAI.


Part 1: Right to Privacy and the Bhagavad Gita
Part 2: How Aadhaar promotes a digital caste system
Part 3: Aadhaar is against Arthashastra, Hadith and Bible
Part 4: Aadhaar Act contravenes right to life and personal liberty


In such a scenario, the composition, of the Committee on “draft data protection bill” has been crafted in such a manner that it is packed with personalities who have consistently been found to be on the wrong side of the constitutional position. 

These personalities representing their institutions include current members of the committee, namely, CEO of UIDAI Dr Ajay Bhushan Pandey; National Cyber Security Coordinator Gulshan Rai; Additional Secretary in MeitY, Dr Ajay Kumar; IIT Raipur director, Prof Rajat Moona; IIM Indore director, Prof Rishikesha T Krishnan; DSCI’s Rama Vedasree; Research director of Vidhi Centre for Legal Policy, Arghya Sengupta; and secretary, department of telecommunications, Aruna Sundararajan.

The position of these members has been contrary to constitutionally recognised right to privacy as the fundamental right for over four decades.

There is not even an iota of confidence in most of members of the “draft data protection bill” committee because their role in misleading the court about the constitutional position on right to privacy is now a matter of record.

Fortunately, the court could see through their role which was not in the public interest. Despite this, Justice Chandrachud’s order gives enormous benefit of the doubt to the government by inferring that the government and its committee can deal with the UID/Aadhaar matter appropriately. 

There appears to be incoherence in first taking cognisance of “an era of ubiquitous dataveillance, or the systematic monitoring of citizen’s communications or actions through the use of information technology”, and then letting the government do these very activities by promising a post-dated cheque which may or may not get encashed in terms of a data protection law.

There is inconsistency in recognising the age of “big data” or the collection of data sets which are “marked by their exhaustive scope and the permanency of collection”, which entails ‘profiling’ by automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements, but choosing not to give immediate relief to residents of India including judicial officers.

Such profiling can result in discrimination based on religion, ethnicity and caste and allowing the government to do so under its assumption that the right to privacy is not a fundamental right. This can pave the way for a Holocaust-like situation witnessed in Nazi Germany using pre-Nazi census data which had profiled the Jews.  

Justice Chandrachud’s order is remarkable for tracing the origin of the right to privacy to Greek philosopher Aristotle who recognised “a confidential zone on behalf of the citizen”.

He recalled how William Blackstone, in his Commentaries on the Laws of England (1765), spoke of a “natural liberty” which was in his view, “absolute rights which were vested in the individual by the immutable laws of nature. These absolute rights were divided into rights of personal security, personal liberty and property. The right of personal security involved a legal and uninterrupted enjoyment of life, limbs, body, health and reputation by an individual.”

He traces the individual’s absolute right to independence in John Stuart Mill’s essay, On Liberty (1859), wherein it is asserted that “In the part which merely concerns himself, his independence is, of right, absolute. Over himself, over his own body and mind, the individual is sovereign” and notes how in the “struggle between liberty and authority”, Mill posited the recognition of civil rights such as the individual right to privacy to rein in the tyranny of the majority.

He underlines the absoluteness of individual’s right by citing Thomas Cooley saying, “the right of one’s person may be said to be a right of complete immunity; the right to be alone,” in his Treatise on the Law of Torts (1888).

He recalls the verdict of State of Maharashtra v Madhukar Narayan Mardikar (1991) wherein the court held that “Even a woman of easy virtue is entitled to privacy and no one can invade her privacy as and when he likes…. Therefore, merely because she is a woman of easy virtue, her evidence cannot be thrown overboard.”

The proposal of “draft data protection bill” and the Privacy Bill is akin to putting a cart before the horse. It is akin to putting a Trojan horse before the court.

Justice Chandrachud cites the decision of the UK Supreme Court in R v The Commissioner of Police of the Metropolis (2011) wherein it was held that the police force's policy of retaining DNA evidence in the absence of 'exceptional circumstances' was unlawful and a violation of Article 8 of the European Convention on Human Rights.

Lord Dyson, on behalf of the majority, held that: “It is important that, in such an important and sensitive area as the retention of biometric data by the police, the court reflects its decision by making a formal order to declare what it considers to be the true legal position.”

As per Section 2 (g) of Aadhaar Act 2016, “biometric information” means photograph, fingerprint, Iris scan, or any other biological attributes specified by regulations. Thus, it clearly includes biological attributes like voice print and DNA.

This decision of the UK supreme court creates a compelling logic for scrapping of the Aadhaar Act which illegitimately legalises indiscriminate collection of biometric information of the whole nation comprising present and future generations of citizens including present and future soldiers, Presidents, prime ministers, national security advisors, chief ministers, legislators, security officials and judges.

Therefore, the right to privacy is deeply connected with national security.   

Justice Chandrachud refers to the decision the by the Canadian supreme court in Her Majesty, The Queen v Brandon Roy Dyment (1988) wherein a doctor collected a sample of blood from the wound of a patient for medical purposes but gave it to a police officer.

The court held that the seizing of blood taken for medical purposes was a violation of law and observed that “the restraints imposed on government to pry into the lives of the citizen go to the essence of a democratic state.” 

The court found that the blood sample, collected by the doctor was meant for medical purposes only. JusticeLaForest wrote on the importance of consent and held that “the use of a person's body without his consent to obtain information about him, invades an area of personal privacy essential to the maintenance of his human dignity.” 

This decision implies that biometric information collected for identification from residents of India is meant for identification only and not for any purpose. As a consequence, it constitutes a violation of law by UIDAI.

In his decision Justice Chandrachud has cited the majority decision in United States v Jones (2012) delivered by Justice Scalia applying the trespass test. It was held that the government’s physical intrusion onto the defendant's car for the purpose of obtaining information constituted trespass and therefore a “search”.

It was held unanimously that installing a Global Positioning System tracking device on a vehicle and using the device to monitor the vehicle's movements constituted search.

Justice Sonia Sotomayor agreed with Justice Alito’s concurrence that “physical intrusion is now unnecessary to many forms of surveillance”, and held that “[i]n cases of electronic or other novel modes of surveillance that do not depend upon a physical invasion on property, the majority opinion’s trespassory test may provide little guidance”.

It was observed that “the net result is that GPS monitoring -- by making available at a relatively low cost such a substantial quantum of intimate information about any person whom the government, in its unfettered discretion, chooses to track” -- may “alter the relationship between citizen and government in a way that is inimical to democratic society”.

Justice Sotomayor concluded saying, “I] doubt that people would accept without complaint the warrantless disclosure to the government of a list of every web site they had visited [or phone numbers dialled]”.

This decision too is quite relevant for the UID/Aadhaar case because CIDR is warrantless disclosure to the government and private agencies of every transaction done by residents and citizens of India and it unambiguously alters the relationship between citizen and government in a way that is inimical to democratic society.

It is germane to recollect the submission of Dr Usha Ramanathan, a noted jurist, before the Parliamentary Standing Committee on Finance that examined the UID/Aadhaar Bill and the project.

Its report records her post-evidence reply wherein she said, “The production of a number accompanied by the use of methods such as fingerprinting and iris scanning is even more invasive than is permitted to be applied to alleged offenders. Article 20 (3) of the Constitution of India provides protection against compulsory extraction of personal information. Denying services, and rights, to persons because they are unwilling to part with the information in a manner that is more than likely to result in convergence and commodification of their personal information, surveillance, profiling, tagging and tracking is compulsory extraction that clearly reduces the constitutional rights of an ordinary citizen to less than that of an alleged offender.”

Biometric profiling based CIDR of UID/Aadhaar number is like a prisoner identification number assigned by governments apparently under external influence.

Although the order of Justice Chandrachud recalls Ronald Dworkin’s seminal work Taking Rights Seriously, stating, “If the government does not take rights seriously, then it does not take law seriously either”, his order misses the opportunity of taking the government to task for its colossal and unpardonable failure in not taking citizens’ fundamental right to privacy seriously.

It ends up trusting a government which did not enact a right to privacy law which he himself has recorded, to act appropriately.

The UID/Aadhaar case has the privilege of encountering seven Chief Justices so far, beginning with the 39th Chief Justice Altamas Kabir, Justice P Sathasivam, Justice Rajendra Mal Lodha, Justice H L Dattu, Justice T S Thakur and Justice Khehar, to the 45th Chief Justice Dipak Misra, even as violation of constitutionally protected fundamental right to privacy has become a norm.

In days to come the court is likely to see through the real purpose of proposal of “draft data protection bill” committee amidst the possibility of civilian and non-civilian applications of UID/Aadhaar being bulldozed by commercial entities in order to store and read biometric and DNA script of present and future Indian citizens in the aftermath of the sequencing of Human Genome for epigenetics, vested interest of pharmaceutical industry, big data entities, social control technology companies and inhuman aspects of inheritance, eugenics and genetic determinism.

It will surely deliberate on ramifications of CIDR of UID/Aadhaar for India’s position on e-commerce, computing cloud, cyber jurisdiction, high computing capacity, artificial intelligence, mathematical algorithms, and analytics which have the potential to make digital colonisation fool-proof through data colonisation in what is being called the Fourth Revolution by the World Economic Forum (WEF).

Notably, WEF has launched a Global Redesign Initiative to make nation-states appear like medieval residues or to make them redundant.

The court will surely be wary of the promoters and supporters of data colonisation and appear more loyal to WEF than to India’s supreme interest.   

It is hoped that when the court hears the matter in the first week of November, it will complete the unfinished task of declaring Aadhaar Act as an arbitrary and unconstitutional legislation because it was enacted prior to the enactment of right to privacy law despite categorical parliamentary recommendation.

Dr Gopal Krishna is a public policy and law researcher, convener of Citizens Forum for Civil Liberties (CFCL) and editor of www.toxicswatch.org.

Get Rediff News in your Inbox:
Gopal Krishna
 
CHINESE CHALLENGE - 2022

CHINESE CHALLENGE