Without a doubt, in its march towards enhancing digital footprint across world's largest democracy, AADHAR project has given identity to the billions of vanished Indians searching for their identity. If statistics are to be trusted as of March 2018 this 12 digit unique ID number had already become a lifeline of more than 1.17 billion Indians taking up into its ambit almost 89.2 % of Indian population. However the so called and revered most sophisticated ID programme of the world, was eventually locked up in a spurt of as many as more than 30 challenges through myriad petitions before the Courts of Law because of its alleged broken legal framework until its fate was finally decided recently by the Honble Apex Court in September 2018.

Fatefully the Apex Court's verdict is finally out with 1448 page length detailed judgment in which AADHAR has emerged out to be victorious with 4:1 majority. AADHAR and its architecture has been held to be primarily constitutionally valid albeit with certain riders. The Court has struck /read down few provisions of the Aadhar Act which most significantly includes Section 57:: the use of the Aadhar by the private companies.

Other sections struck / read down include: 33(1), 33(2), 47, 2(d), regulation 27. On the flip side, the judgment has a silver lining too with fiery and historic dissenting judgment by maverick Justice D.Y. Chandrachud. Disagreeing with his brother judges Justice Chandrachud held that Rights of 1.2. billion citizens cannot be tested as a mere contract with the UIDAI and that Aadhar does not pass the test of the Article 14 of the Constitution. Further expanding the view on Aadhar being primarily unconstitutional he held that Aadhar violates informational privacy, self determination and data protection and consequences of not giving Aadhar number are draconian.

Thus the dissenting judgment of Justice Chandrachud forces one to analyse and revisit again the Aadhar legislation and its overall architecture and examining its Constitutionality on the touchstones of Right to Privacy and Equality and with respect to overall concept of constitutional morality. Many experts do believe that the Aadhar judgment has flaws and judgment has thrown as many questions also along with the answers which it has provided. The instant paper revolves rubric to tracing roots of Aadhar, Apex Court's Verdict, its critical analysis , analysis of passing of Aadhar as money bill inter-alia amongst several other issues. Author strongly believes that overall Aadhar project needs improvement on several fronts along with strong data protection regime.

1. Aadhar: Tracing The Roots And Concept

Going without any doubts, Aadhaar a simple Hindi word meaning Foundation bears much worth today. To say that India has become a nation obsessed with Aadhar would definitely not be an overstatement. Going conceptually, Aadhar is a nationwide personal identification scheme by which the Government of India stores some basic demographic and biometric information of residents and assigns each a random 12-digit number and a registration card called as Aadhar card.

The government hopes to eventually enroll every resident, whether or not they have citizenship. The data is collected by the Unique Identification Authority of India (UIDAI), a statutory authority established in January 2009 by the Government of India, under the jurisdiction of the Ministry of Electronics and Information Technology, following the provisions of the Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and services) Act, 2016. The primary aim of the Aadhar Project / scheme is to create an easily accessible unique digital identity for residents that is linked to various government and financial services, including bank accounts. The uniqueness is slated to be achieved by Biometrics which the project collects from the residents. Thus with Aadhar Govt. seeks to achieve the monolith identity for all the residents and move towards  One Nation , One Identity concept.

The current avatar of the UID scheme or Aadhar called as a centralised, biometrics based database / data bank took shape under the guidance of Nandan Nilekani, erstwhile head of the IT major Infosys, who took over as the first Chairperson of the UIDAI. Let us gaze through the short tale of the history of this unique ID which we all carry with us.

1999	Later the Kargil war, the Kargil Review Committee, headed by security analyst K. Subrahmanyam, was formed to study the state of national security.
2000	They submitted its report to Prime Minister Atal Bihari Vajpayee on 7 January. He proposed that citizens in villages in border region be issued identity cards on a priority basis.
2001	A Group of Ministers (GoM), headed by L. K. Advani, was formed to study the recommendations and examine possible implementation. The GoM submitted its report in May 2001. It had accepted the recommendation for an id card. The card would be first issued in border villages and then elsewhere. Then in late September 2001, the Ministry of External Affairs proposed  a mandatory national identity card. Then, the Ministry of External Affairs proposed that a mandatory national identity card is issued.
2003	In December, The Citizenship (Amendment) Bill, 2003 was introduced in the Lok Sabha by L. K. Advani. It primarily aims to provide various rights to persons of Indian origin.
2009	The UIDAI was established on 28 January after the Planning Commission of India issued a notification. On 23 June, Nandan Nilekani, the co-founder of Infosys, was appointed by the United Progressive Alliance government to head the project. He was given the newly created position of the Chairman of UIDAI which was equivalent to a Cabinet minister.
2010	In April, the logo and the brand name Aadhaar was launched by Nilekani. In May, Nilekani said he would support a legislation to protect the data held by the UIDAI. In July, UIDAI published a list 15 of agencies which were qualified to provide training to personnel to be involved in the enrollment process. It also published a list of 220 agencies which were qualified to take part in the enrollment process. In July, UIDAI published a list 15 of agencies which were qualified to provide training to personnel to be involved in the enrollment process. It also published a list of 220 agencies which were qualified to take part in the enrollment process.
2012	On 7 February, the UIDAI launched an online verification system for Aadhar numbers. Using the system banks, telecom companies, and government departments could enter an Aadhaar number and verify if the person was a resident of India. On 26 November, Prime Minister Manmohan Singh launched an Aadhaar-linked direct benefits transfer(DBT) scheme. The project aimed to eliminate leakages in the system by directly transferring the money to the bank account of the recipient.
2013	On 23 September, the Supreme Court issued an interim order saying that the government cannot deny a service to anyone who does not possess Aadhar, as it is voluntary. On 9 October, the National Payments Corporation of India launched an Aadhar-based remittance system. Using the system funds could be transferred to any Aadhaar-linked bank accounts, if only the Aadhaar number was known.
2014	In March, Nandan Nilekani resigned as the Chairman to contest in the general election on an Indian National Congress nomination. His responsibilities taken over by 1981-batch Indian Administrative Service officer Vijay Madan, who was given an extension of his term as the director-general and mission director by the government. Before elections in March, BJP national spokesperson Meenakshi Lekhi and general secretary Ananth Kumar had criticised the project for issuing Aadhaar to illegal immigrants. On 1 July, the former UIDAI Chairman Nandan Nilekani met with the Prime Minister Narendra Modi and Finance Minister Arun Jaitley to convince them of the project’s merits. On 5 July, Modi announced that his government retain the project and asked the official to look into linking the project with passports.
2015	In March, the Aadhaar-linked DigiLocker service was launched, using which Aadhaar-holders can scan and save their documents on the cloud and can share it with the government officials whenever required without any need to carry them.
2016	On 11 March, the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016, was passed in the Lok Sabha. During the Rajya Sabha debate on 16 March, Sitaram Yechury of Communist Party of India said that bill should not have been passed when the issue right to privacy was still in the Supreme Court. As of 31 March 2016, 99.9 crores (999 million) Aadhaar numbers have been issued in the project.

2. Analysis of The Apex Court's Judgement On Aadhar :: Writ Petition (Civil) No. 494 of 2012 Justice K.S. Puttaswamy (Retd.) And Another Vs. Union of India And Others

The Supreme Court finds a pragmatic middle path between the Aadhaar scheme's excesses and its benefits to the marginalized.
The Aadhaar project has survived a fierce legal challenge. Ever since a nine-judge Bench ruled unanimously last year that privacy is a fundamental right, opinion began to gain ground that the unique identification programme was vulnerable in the face of judicial scrutiny.

It was projected by sceptics, detractors and activists as an intrusion on citizens' privacy, a byword for a purported surveillance system, a grand project to harvest personal data for commercial exploitation by private parties and profiling by the state. But the government has staved off the challenge by successfully arguing that it is essentially a transformative scheme primarily aimed at reaching benefits and subsidies to the poor and the marginalised. Four of the five judges on a Constitution Bench ruled that the law enabling the implementation of the programme does not violate the right to privacy of citizens; instead, the project empowers marginalised sections and procures dignity for them along with services, benefits and subsidies by leveraging the power of technology.

2.1. Majority View

In a landmark decision given on Sept 26 2018, the five bench of the Hon'ble Apex Court of India with 4 : 1 majority upheld the Aadhaar Act, the use of the money bill route for its legislative passage and the use of mandatory Aadhaar-based identification for government welfare schemes, the expenditure for which is drawn from the Consolidated Fund of India. The Bench comprised of Justice Chandrachud, Justice Ashok Bhushan, Chief Justice Dipak Misra, Justice A M Khanwilkar and Justice J Sikri. While Chandrachud gave a historic dissenting view disagreeing with his brother judges and holding aadhar to be unconstitutional, other four judges upheld the validity of the Act. Let us analyse how the majority bench answered various tough questions raised before it.

The Supreme Court, in a majority opinion on Wednesday, upheld Aadhaar as a reasonable restriction on individual privacy that fulfils the government's legitimate aim to provide dignity to a large, marginalised population living in abject poverty.

The Constitution does not exist for a few or minority of the people of India, but We the People, the Supreme Court observed:
The majority view by Chief Justice of India Dipak Misra and Justices A.K. Sikri and A.M. Khanwilkar declared Aadhaar a document of empowerment. Anunparalleled identity proof. A document that cannot be duplicated unlike PAN, ration card, and passport.

Justice D.Y. Chandrachud wrote a sharp dissent, declaring Aadhaar unconstitutional. Justice Ashok Bhushan, in a separate opinion, concurred with the majority view, saying Aadhaar has been widely accepted. Justice Sikri said technology had become a vital tool for ensuring good governance in a social welfare state. Schemes like PDS, scholarships, mid-day meals, LPG subsidies, involve a huge amount of money and fool-proof Aadhaar helped welfare reach the poor.

• Question 1: Whether the Aadhaar project creates or has tendency to create surveillance state and is, thus, unconstitutional on this ground?
  
  Judgment: The architecture of Aadhaar as well as the provisions of the Aadhaar Act do not tend to create a surveillance state, said the majority order. According to the order, this is ensured by the manner in which the Aadhaar project operates. Drawing from representations made by the Unique Identification Authority of India and the government, the order stated:
  During the enrolment process, minimal biometric data in the form of iris and fingerprints is collected. UIDAI does not collect purpose, location or details of transaction.
  
  Thus, it is purpose blind. The information collected, as aforesaid, remains in silos. Merging of silos is prohibited. The requesting agency is provided answer only in Yes' or No' about the authentication of the person concerned. The authentication process is not exposed to the internet world. There are sufficient authentication security measures taken. There is an oversight by Technology and Architecture Review Board and Security Review Committee.
  
  During authentication no information about the nature of transaction etc. is obtained. The authority has mandated use of Registered Devices for all authentication requests. Hence the three judges have held that it is very difficult to create profile of a person simply on the basis of biometric and demographic information stored in CIDR. But the order has diluted some provisions pertaining to data protection. For instance, it has directed that authentication records are not to be kept beyond a period of six months, whereas the Aadhaar Act permitted five years.
   
• Question 2: Whether the Aadhaar Act violates the right to privacy and is unconstitutional on this ground?
  Judgment: Referring to the earlier Supreme Court decision that determined privacy to be a fundamental right, the order states that any restraint on privacy must meet three tests.
  · backed by law
  · legitimate state aim
  · proportionality
  
  The existence of the Aadhaar Act and delivery of welfare benefits fulfils the first two requirements. The order noted that the third test of proportionality has also been met because:
  · the purpose of the act is to ensure deserving beneficiaries of welfare schemes are correctly identified;
  
  · it also achieves the balancing of two competing fundamental rights: right to privacy on the one hand and right to food, shelter and employment on the other.
  
  But the majority order directs that Section 7 of the Act, which says proof of Aadhaar number is necessary for receipt of certain subsidies, benefits and services, etc., would cover only those benefits for which expenditure is drawn from the Consolidated Fund of India. On that basis, CBSE, NEET, JEE, UGC, etc. cannot make the requirement of Aadhaar mandatory as they are outside the purview of Section 7 and are not backed by any law.
   
• Question 3: Whether children can be brought within the sweep of Sections 7 and 8 of the Aadhaar Act?
  Judgment: The majority order has permitted the enrollment of children under the Aadhaar Act with the consent of their parents/guardian. On turning 18, if a child wants to opt out of the Aadhaar, she will be given the option to exit. Currently that provision is absent in the act. Determining that school admission of children is neither a service nor a subsidy, the order directed that requirement of Aadhaar would not be compulsory for admission. Since under the Constitution education is a fundamental right for children of the ages 6 to 14 years, enrollment under a scheme such as Sarv Shiksha Abhiyan does not require Aadhaar as it is not a benefit. But for availing benefits of other welfare schemes Aadhaar can be made mandatory for children, subject to the consent of the parents. And though the order allows for the limited use Aadhaar, it includes an overwhelming exception. The judgment quotes We also clarify that no child shall be denied benefit of any of these schemes if, for some reasons, she is not able to produce the Aadhaar number and the benefit shall be given by verifying the identity on the basis of any other documents.
   
• Question 4: Whether several sections of the Act are unconstitutional?
  Judgment: The majority order has in many cases read down and in some, even struck down sections that the petitioners argued to be unconstitutional. The most important of which is Section 57 which permits the use of Aadhaar by private companies.
  
  Section 57 permits the use of Aadhaar number for establishing identity for any purpose, by the state or any corporate or person, pursuant to any law or contract.
  
  Judgment: The order stated that any purpose is susceptible to misuse and can only be a purpose backed by law. It also found that allowing any corporate or person to use Aadhaar for authentication, especially on the basis of a contract between the corporate and an individual, would enable commercial exploitation of private data and hence is unconstitutional. But the order is not crystal clear whether all private use of Aadhaar for authentication is unconstitutional or whether this applies only if such private use is based on a contract between a corporate and a person. This part of the provision which enables body corporate and individuals also to seek authentication, that too on the basis of a contract between the individual and such body corporate or person, would impinge upon the right to privacy of such individuals. This part of the section, thus, is declared unconstitutional.
  
  The other sections that have been read or struck down include...
  
  Section 33(1): disclosure of Aadhaar information in certain cases, such as pursuant to a court order.
  
  Judgment: The order said an individual, whose information is sought to be released, must be given the opportunity of a hearing and the right to challenge any such court order.
  Section 33(2): restricts confidentiality of Aadhaar data in cases of national security if so determined by senior government officer (joint secretary).
  
  Judgment: Any breach of confidentiality can be done only on the orders of a very senior government officer (higher than joint secretary) along with a sitting high court judge.
  Section 47: provides that only UIDAI can file a court complaint in case of violation of the act.
  
  Judgment: The section must be amended to also allow filing of such complaint by an individual/victim whose right is violated.
  
  Section 2(d): pertains to authentication record ie: the record of the time of authentication, identity of the requesting entity and the response provided by UIDAI.
  
  Judgment: The provision in the present form has been struck down but can be reframed keeping parameters laid down in order.
  
  Regulation 27: which provides archiving of data for a period of five years.
  
  Judgment: Struck down. Retention of data beyond the period of six months is impermissible.
   
• Question 5: Whether the Aadhaar Act could be passed as Money Bill' within the meaning of Article 110 of the Constitution?
  Judgment: Since the purpose of the Aadhaar Act is to create unique identification so that citizens can avail government subsidy, benefit or service, the expenditure for which would be from the Consolidated Fund of India, it can be passed as a money bill.
  
  No Mandatory Use Of Aadhaar To Open A Bank Account
  
  The order found that such mandatory provision of Aadhaar to open a bank account or maintain an existing one does not stand the test of proportionality and violates the right to privacy of a person which extends to banking details.
  
  No Mandatory Linking Of Aadhaar With Mobile Number
  The order found that since the circular issued by the Department of Telecommunications making such linkage mandatory was not backed by a law, it was illegal and unconstitutional.

It's important to note that Justices Chandrachud and Bhushan delivered separate opinions in this case. Justice Bhushan concurred with the majority view.

5. Whether Section 139AA of the Income Tax Act, 1961 is violative of right to privacy and is, therefore, unconstitutional?
Conclusion of CJI Misra and Justices Sikri and Khanwilkar (emphasis supplied)
Quote:
Validity of this provision was upheld in the case of Binoy Viswam by repelling the contentions based on Articles 14 and 19 of the Constitution. The question of privacy which, at that time, was traced to Article 21, was left open. The matter is reexamined on the touchstone of principles laid down in K.S. Puttaswamy. The matter has also been examined keeping in view that manifest arbitrariness is also a ground of challenge to the legislative enactment. Even after judging the matter in the context of permissible limits for invasion of privacy, namely:

1. the existence of a law;
2. a legitimate State interest'; and (iii) such law should pass the test of proportionality', we come to the conclusion that all these tests are satisfied.
   Unquote

2.2. Minority View : Fiery And Historic Dissent of Justice D.Y. Chandrachud

Now let us analyse the sharp, historic and singular dissenting judgment delivered by Maverick Justice Chandrachud. Many experts do believe that Chandrachud's 'brooding wisdom' on Aadhaar may be tomorrow's majority view. In writing a seminal dissenting opinion that differs greatly on the validity of Aadhaar as a money bill, the constitutionality of Section 7 of the Aadhaar Act and on whether the unique identification programme lays the ground for a surveillance state, Justice D.Y. Chandrachud has surely laid the ground for future political and judicial debate. Justice D Y Chandrachud's judgement was emphatic about the violation of the right to privacy of the Aadhaar programme Let us analyse in brief major curative aspects from his judgment on Aadhar:
. Constitutional guarantees cannot be subject to the vicissitudes of technology..... (Chandrachud J., dissenting, paragraph 269)

1. On Aadhaar as the new oil
   While data is the new oil, it still eludes the life of the average citizen. If access to welfare entitlements is tagged to unique data sets, skewed access to informational resources should not lead to perpetuating the pre-existing inequalities of access to public resources. An identification project that involves the collection of the biometric and demographic information of 1.3 billion people, creating the largest biometric identity project in the world, must be scrutinized carefully to assess its compliance with human rights.
    
2. Why Aadhaar as a money bill is a fraud on the constitution
   Introducing the Aadhaar Act as a money bill deprived the Rajya Sabha of its power to reject or amend the Bill. Since the Aadhaar Act in its current form was introduced as a Money Bill in the Lok Sabha, the Rajya Sabha had no option other than of making recommendations to the Bill. The recommendations made by the Rajya Sabha (which also included the deletion of Section 57) were rejected by the Lok Sabha.
   
   The legislative history is a clear pointer to the fact that the subsequent passage of the Bill as a Money Bill by-passed the constitutional authority of the Rajya Sabha. The Rajya Sabha was deprived of its legitimate constitutional role by the passage of the Bill as a Money Bill in the Lok Sabha. The Rajya Sabha has an important role in the making of laws. Superseding the authority of the Rajya Sabha is in conflict with the constitutional scheme and the legitimacy of democratic institutions. It constitutes a fraud on the Constitution. Passing of a Bill as a Money Bill, when it does not qualify for it, damages the delicate balance of bicameralism which is a part of the basic structure of the Constitution.The ruling party in power may not command a majority in the Rajya Sabha.
   
   But the legislative role of that legislative body cannot be obviated by legislating a Bill which is not a Money Bill as a Money Bill. That would constitute a subterfuge, something which a constitutional court cannot countenance. Differences in a democratic polity have to be resolved by dialogue and accommodation. Differences with another constitutional institution cannot be resolved by the simple expedient of ignoring it. It may be politically expedient to do so. But it is constitutionally impermissible. This debasement of a democratic institution cannot be allowed to pass. Institutions are crucial to democracy. Debasing them can only cause a peril to democratic structures.
   
   The Act thus fails to qualify as a Money Bill under Article 110 of the Constitution. Since the Act was passed as a Money Bill, even though it does not qualify to be so, the passage of the Act is an illegality. The Aadhaar Act is in violation of Article 110 and therefore is liable to be declared unconstitutional.
    
3. On UIDAI's Responsibility or Lack of It
   Under the Aadhaar architecture, UIDAI is the only authority which carries out all the functions, be it administrative, adjudicatory, investigative, or monitoring of the project. While the Act confers such major functions on UIDAI, it does not place any institutional accountability upon UIDAI to protect the database of citizens' personal information. The Act is silent on the liability of UIDAI and its personnel in case of non-compliance of the provisions of the Act or the regulations made under it.
   
   Under Section 23(2)(s) of the Act, UIDAI is required to establish a grievance redressal mechanism. Making the authority administering a project, also responsible for providing for the framework to address grievances arising from the project, severely compromises the independence of the grievance redressal body. Section 47 of the Act violates the right to seek remedy. Under Section 47(1), a court can take cognizance of an offence punishable under the Act only on a complaint made by UIDAI or any officer or person authorised by it. There is no grievance redressal mechanism if any breach or offence is committed by UIDAI itself.
   
   The law must specify who is to be held accountable. The Act lacks a mechanism through which any individual can seek speedy redressal for his/her data leakage and identity theft. Compensation must be provided for any loss of data of an individual.A stringent and independent redressal mechanism and options for compensation must be incorporated in the law. Section 47 is arbitrary as it fails to provide a mechanism to individuals to seek efficacious remedies for violation of their right to privacy.
   
   Whether it is against UIDAI or a private entity, it is critical that the individual retains the right to seek compensation and justice. This would require a carefully designed structure.
    
4. Why Section 7 of Aadhaar Act is troubling
   The state as a part of its welfare obligations provides numerous benefits to school going children, including mid-day meals or scholarships, to children belonging to the marginalised segments of the society. Should the disbursal of these benefits be made to depend upon a young child obtaining an Aadhaar number or undergoing the process of authentication? The object of the state is to ensure that the benefits which it offers are being availed of by genuine students who are entitled to them.
   
   This legitimate aim can be fulfilled by adopting less intrusive measures as opposed to the mandatory enforcement of the Aadhaar scheme as the sole repository of identification. The state has failed to demonstrate that a less intrusive measure other than biometric authentication will not subserve its purposes. That the state has been able to insist on adherence to the Aadhaar scheme without exception is a result of the over breadth of Section 7. Consequently, the inclusion of benefits and services in Section 7 suffers from a patent ambiguity, vagueness and overbreadth which renders the inclusion of services and benefits arbitrary and violative of Article 14.
   
   The institution of rights places a heavy onus on the State to justify its restrictions. No right can be taken away on the whims and fancies of the State. The State has failed to justify its actions and to demonstrate why facilitating the targeted delivery of subsidies, which promote several rights such as the right to food for citizens, automatically entails a sacrifice of the right to privacy when both these rights are protected by the Constitution.
   
   One right cannot be taken away at the behest of the other especially when the State has been unable to satisfy this Court that the two rights are mutually exclusive. The State has been unable to respond to the contention of the petitioners that it has failed to consider that there were much less invasive measures that could have furthered its goals.
   
   The burden of proof on the State was to demonstrate that the right to food and other entitlements provided through the Aadhaar scheme could not have been secured without violating the fundamental rights of privacy and dignity.Section 7 suffers from overbreadth since the broad definitions of the expressions services and benefits' enable the government to regulate almost every facet of its engagement with citizens under the Aadhaar platform.
   
   If the requirement of Aadhaar is made mandatory for every benefit or service which the government provides, it is impossible to live in contemporary India without Aadhaar. The inclusion of services and benefits in Section 7 is a pre-cursor to the kind of function creep which is inconsistent with the right to informational self-determination. Section 7 is therefore arbitrary and violative of Article 14 in relation to the inclusion of services and benefits as defined.
    
5. Why telecom service providers should delete their Aadhaar-linked data
   The conflation of biometric information with SIM cards poses grave threats to individual privacy, liberty and autonomy. Having due regard to the test of proportionality which has been propounded in Puttaswamy and as elaborated in this judgment, the decision to link Aadhaar numbers with mobile SIM cards is neither valid nor constitutional.
   
   The mere existence of a legitimate state aim will not justify the disproportionate means which have been adopted in the present case. The biometric information and Aadhaar details collected by Telecom Service Providers shall be deleted forthwith and no use of the said information or details shall be made by TSPs or any agency or person or their behalf.
    
6. Why Aadhaar is unconstitutional
   Identity is necessarily a plural concept. The Constitution also recognizes a multitude of identities through the plethora of rights that it safeguardsThe technology deployed in the Aadhaar scheme reduces different constitutional identities into a single identity of a 12-digit number and infringes the right of an individual to identify herself/himself through a chosen means. Aadhaar is about identification and is an instrument which facilitates a proof of identity.
   
   It must not be allowed to obliterate constitutional identityThe entire Aadhaar programme, since 2009, suffers from constitutional infirmities and violations of fundamental rights. The enactment of the Aadhaar Act does not save the Aadhaar project. The Aadhaar Act, the Rules and Regulations framed under it, and the framework prior to the enactment of the Act are unconstitutional
    
7. Why Section 7 can't be used to justify Aadhaar Act as a money bill
   A Bill, to be a Money Bill, must contain only provisions which fall within the ambit of the matters mentioned in Article 110.Section 7 of the Act allows the Aadhaar number to be made mandatory for availing of services, benefits and subsidies for which expenditure is incurred from the Consolidated Fund of India. Under clause (e) of Article 110(1) the money bill must deal with the declaring of any expenditure to be expenditure charged on the Consolidated Fund of India (or increasing the amount of expenditure).
   
   Significantly, Section 7 does not declare the expenditure incurred on services, benefits or subsidies to be a charge on the Consolidated Fund of India. What Section 7 does is to enact a provision allowing for Aadhaar to be made mandatory, in the case of services, benefits or subsidies which are charged to the Consolidated Fund. Section 7 does not declare them to be a charge on the Consolidated Fund.
   
   It provides that in the case of services, benefits or subsidies which are already charged to the Consolidated Fund, Aadhaar can be made mandatory to avail of them.Section 7, in other words, is a provision for imposing a requirement of authentication and not declaring any expenditure to be a charge on the Consolidated Fund of India. Hence, even Section 7 is not within the ambit of Article 110(1)(e).

However, even if Section 7 were to be held to be referable to Article 110, that does not apply to the other provisions of the Act. The other provisions of the Act do not in any event fall within the ambit of Article 110(1). Introducing one provision – Section 7 – does not render the entirety of the Act a Money Bill where its other provisions travel beyond the parameters set out in Article 110.

3. Passing of Aadhar As Money Bill:: Whether A Constitutional Misdemeneour?

A significant question that required consideration in the Aadhaar judgment – KS Puttaswamy v Union of India – was whether the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 was rightly passed as a Money Bill or not since primarily the nature of the legislation is not so.

To the utter surprise of many legal experts the majority of judges held that it was indeed a Money Bill while the dissenting judgment of Chandrachud J. held to the contrary. Thus two contrary views given by equally learned judges forces one to analyse whether indeed introduction of Aadhar as a a money bill was legally correct or not.

The reconsideration and analysis of the issue is direly important as it is virtually reduces the Rajya Sabha to a nullity and will enable any Government, which has a majority in the Lok Sabha, to simply by-pass the Rajya Sabha where it may be in a minority. All that is now required is for any bill to merely contain a provision involving expenditure to be paid out of the Consolidated Fund of India.

Types of Bills
The examination of Articles 107 to 117 of the Constitution indicates the following kinds of Bills:
(i) General Bills (Art 107) (ii) Money Bills (Art 110) (iii) Appropriation Bills (Art 114)(iv) Financial Bills (Art 117)

Introduction of the Aadhaar Bill
The Aadhaar Bill was first introduced as a Money Bill in 2016. This Bill contained 59 sections of which only section 7 referred to the Consolidated Fund of India and the relevant portion of that section reads as follows:

7. Proof of Aadhaar number necessary for receipt of certain subsidies, benefits and services, etc- The Central Government or, as the case may be, the State Government may, for the purpose of establishing identity of an individual as a condition for receipt of a subsidy, benefit or service for which the expenditure is incurred from, or the receipt there from forms part of, the Consolidated Fund of India, require that such individual undergo authentication, or furnish proof of possession of Aadhaar number or in the case of an individual to whom no Aadhaar number has been assigned, such individual makes an application for enrolment.

Article 110(1) of the Constitution specifically states that a Money Bill must contain only provisions that deal with the matters enumerated therein.

The article reads as follows:
Article 110 :: Definition of Money Bills.-(1) For the purposes of this Chapter, a Bill shall be deemed to be a Money Bill if it contains only provisions dealing with all or any of the following matters, namely:

1. The imposition, abolition, remission, alteration or regulation of any tax;
2. The regulation of the borrowing of money or the giving of any guarantee by the Government of India or the amendment of the law with respect to any financial obligations undertaken or to be undertaken by the Government of India;
3. The custody of the Consolidated Fund or the Contingency Fund of India, payments of moneys into or the withdrawal from any such Fund;
4. The appropriation of money out of the Consolidated Fund of India;
5. The declaring of any expenditure to be expenditure charged on the Consolidated Fund of India or the increasing of the amount of any such expenditure;
6. The receipt of money on account of the Consolidated Fund of India or the public account of India or the custody or issue of such monies or the audit of the accounts of the Union or of a State; or
7. Any matter incidental to any of the matters specified in (a) to (f) above.

Thus on readings of aforesaid stated Section 7 and Art 110 it is clear that sec 7 refers to expenditure which is incurred from the Consolidated Fund of India but Article 110(d) covers only expenditure charged to Consolidated Fund of India. Significantly, the expenditure on the Aadhaar scheme is not charged to the Consolidated Fund of India. Article 112(3) enumerates expenditure which is charged to the Consolidated Fund of India.

It reads as follows:
(3) The following expenditure shall be expenditure charged on the Consolidated Fund of India:

1. the emoluments and allowances of the President and other expenditure relating to his office;
    
2.  the salaries and allowances of the Chairman and the Deputy Chairman of the Council of States and the Speaker and the Deputy Speaker of the House of the People;
    
3. debt charges for which the Government of India is liable including interest, sinking fund charges and redemption charges, and other expenditure relating to the raising of loans and the service and redemption of debt;
    
4. (i) the salaries, allowances and pensions payable to or in respect of Judges of the Supreme Court,
   (ii) the pensions payable to or in respect of Judges of the Federal Court,
   (iii) the pensions payable to or in respect of Judges of any High Court which exercises jurisdiction in relation to any area included in the territory of India or which at any time before the commencement of this Constitution exercises jurisdiction in relation to any area included in a Governors Province of the Dominion of India;
    
5. the salary, allowances and pension payable to or in respect of the Comptroller and Auditor General of India;
    
6. any sums required to satisfy any judgment, decree or award of any court or arbitral tribunal;
    
7. any other expenditure declared by this Constitution or by Parliament by law to be so charged.

The other provisions which create such charge are Articles 146(3), 148(6), 273(1), 275(1), 290, 291(1)(a), 293(2) and 322 of the Constitution.

Further it needs to be appreciated that no doubts Aadhaar Bill does make references to benefits, subsidies and services funded by the Consolidated Fund of India (CFI) however even a cursory reading of the bill reveals main objectives of the bill as creating a right to obtain a unique identification number and providing for a statutory apparatus to regulate the entire process. The important point to be pondered over is that mere fact of establishing the Aadhaar number as the identification mechanism for benefits and subsidies funded by the CFI does not give it the character of a money bill.

The bill merely speaks of facilitating access to unspecified subsidies and benefits rather than their creation and provision being the primary object of the legislation. Erskine May's seminal textbook, Parliamentary Practice is instructive in this respect and makes it clear that a legislation which simply makes a charge on the Consolidated Fund does not becomes a money bill if otherwise its character is not that of one. PDT Achary, former secretary general of the Lok Sabha, has expressed concern about the use of Money Bills as a means to circumvent the Rajya Sabha. He has written here and here, on what constitutes a money bill and how the attempts to pass off financial bills like the Aadhaar Bill as money bills could erode the supervisory role Rajya Sabha is supposed to play.

This is especially true in the case of a legislation like the Aadhaar Bill which has far reaching implications for individual privacy as it governs the identification system conceptualised to provide a unique and lifelong identity to residents of India dealing with both the analog and digital machinery of the state and by virtue of Section 57 of any private entities. Already over 1 billion people have been enrolled under this identification scheme, and the project has been a subject of much debate and a petition before the Supreme Court.

The project has been portrayed as both the last hope for a welfare state and surveillance infrastructure. Regardless of which of the two ends of spectrum one leans towards, it is undeniable that the law governing the Aadhaar project deserved a proper debate in the Parliament. Even those who are strong proponents of the project must accept the decision to pass it off as a money bill undermines the importance of democratic processes and is a travesty on the Constitution and a blatant abrogation of the constitutional duties of the speaker.

Now let us analyse the reasoning given by the majority for upholding the passing of Aadhar Act as money bill:

1. The Aadhaar Bill was a Money Bill as it had a substantial nexus with the appropriation of funds from the Consolidated Fund of India and was directly connected with Article 110 of the Constitution (Paragraph 411 of Justice Sikri's opinion for himself, and Misra & Khanwilkar JJ). Thus, the majority view has introduced a new concept of substantial nexus with the appropriation of funds and direct connection; and
    
2. Bhushan J., in a concurring view, held that section 7 would be covered by clauses (c) and (e) of Article 110 (1). It is further submitted that the paragraph 411 of the decision of Justice Sikri wrongly states that expenditure for the Aadhaar scheme is chargeable to the Consolidated Fund of India.

It is submitted that the view of the majority requires reconsideration for the following reasons:

1. The majority introduces a test of substantial nexus with the appropriation of funds and direct connection :: It needs to be appreciated that this will enable any future Parliament to introduce any Bill with just one provision that has a substantial nexus with the appropriation of funds and direct connection and it would pass muster as a Money Bill.
    
2. The majority has wrongly presumed that expenditure under section 7 is charged to the Consolidated Fund of India. Article 112(3) of the Constitution specifically enumerates expenditure that will be charged to the Consolidated Fund of India. Expenditure on the Aadhaar scheme is incurred from the Consolidated Fund of India and will not be covered by Articles 110(c) or 110(e). Consequently, Article 110(g) will also have no application.
    
3. It completely destroys the meaning of the word only, which is a deliberate restriction on the powers of the Lok Sabha. A Bill need not be sent to the Rajya Sabha if it is a Money Bill. All other Bills have to go to the Rajya Sabha for approval. Therefore, any Bill, which has various substantive provisions, in addition to Clause (a) to (g), cannot passed as a Money Bill.
4. The majority view does not consider the legislative history of Article 110 and how it was expressly based on the provisions of section 1(2) of the Parliament Act, 1911 passed by the United Kingdom.
5. In the Constituent Assembly Debates, the proposal to delete the word only in Article 110 was made by Ghanshyam Singh Gupta. This was specifically rejected.
    
6. The scholarly book on Parliamentary Practice' by Erskine May specifically points out that if a Money Bill contains other matters, which are not subordinate or incidental to the enumerated matters, it would not be a Money Bill. Accordingly, the Speaker of the House of Commons has rejected 1/3rd of such Bills. The Aadhaar Bill contained several provisions which were neither subordinate nor incidental to any of the enumerated matters in Article 110(1).
    
7. Indeed, the Aadhaar did not have the remotest claim to be a Money Bill as not a single clause of Article 110 applied to any of its provisions, including section 7.

The Maverick Minority View: In consonance with the spirit of the Constitution
Adopting a rebel attitude in a way; Chandrachud J. held that the Aadhaar Bill was not a Money Bill. After tracing in detail the historical reasons of Article 110, the learned Judge emphasized the significance of bicameral legislation and the importance of the Rajya Sabha as a check against the abuse of power by Lok Sabha. After discussing the provisions of the Aadhaar Act, the learned Judge also referred to the legislative history of the Aadhaar Act itself.

The provision of a unique identity was first contemplated by the National Identification Authority of India Bill, 2010 which was introduced in the Rajya Sabha on December 3, 2010. Obviously, this Bill was not a Money Bill. It also faced several objections by the Standing Committee of the Finance and this Bill lapsed because of the change in government in 2014. Although the earlier Bill did not contain a provision that was similar to section 7 of the present Aadhaar Act, it still would not make the present enactment as a Money Bill. It is submitted that the minority view of Justice Chandrachud is correct and is in consonance with the Constitutional scheme.

Judicial Review of Speaker's Certificate
Article 110(3) states that if any question arises as to whether the Bill is a Money Bill or not, the decision of the Speaker of the Lok Sabha shall be final. The question that arose was whether Article 110(3) excludes judicial review? In the cases of Mohd. Saeed Siddiqui v. State of Uttar Pradesh, and Yogendra Kumar Jaiswal v. State of Bihar, the Supreme Court had held that the certificate issued by the Speaker was final and not subject to judicial review.

These two decisions were plainly incorrect and have been rightly overruled in the Puttaswamy decision. However, there is an additional reason as to why the earlier decisions were wrong. A Bill can be introduced either in the Rajya Sabha or in the Lok Sabha. If a Bill is first introduced in the Rajya Sabha, and a question arises as to whether it is a Money Bill, Article 110(3) makes it clear that this doubt of question cannot be resolved by the Chairman or Deputy Chairman of the Rajya Sabha but will have to be referred to the Speaker of the Lok Sabha and his/her decision on this issue will be final. This is the main reason for finality; there was never any intention to place the Speaker's certificate beyond judicial review.

The Finance Act, 2016 and Tribunal Legislation

1. In the Finance Act, 2017, Part XIV contains several provisions that have made large-scale amendments to numerous statutes that have constituted Tribunals.
2. These provisions have also been challenged on the ground that they could not have been introduced in the Finance Bill. Once a Finance Bill contains provisions for other matters, which are not subordinate or incidental to the enumerated matters, it would cease to be a Money Bill. This has been the ground on which two of the three cases of the Supreme Court of Pakistan have struck down Finance Acts. These provisions of the Finance Act, 2017 will also be open to challenge because they do not satisfy the substantial nexus with the appropriation of funds and direct connection test laid down in Puttaswamy.

Conclusion
It is indeed strange that the Bills which were patently unconnected with Article 110(1)/199(1) were earlier not struck down as Money Bills; Mohd. Saeed Siddiqui and Yogendra Kumar Jaiswal cases are examples of such cases. The Supreme Court did not examine these Bills from the perspective of Article 110 or the corresponding Article 199 that applies to Money Bills in the State Legislature. The Puttaswamy case was virtually a test case of a Bill that could not be categorized as a Money Bill.It is humbly submitted that the view taken by the majority requires reconsideration as it now provides a gateway to Parliament and State Legislatures to circumvent the need for approval by the Rajya Sabha or the respective legislative Councils by clever drafting.

4. International Scenario Regarding Biometric Identification

Now let us analyse that how Aadhar like biometric and demographic based identification systems operate across some other parts of the Globe. Without a doubt Aadhaar is certainly one of its own kind when it comes to its scale as compared to any other nation across the world, but other countries across the Globe too have such government identity proofs with their own unique features. Let us analyse and compare.

1. Indonesia has national identification system/ cards namely eKTP which it started since 2006. In brief The Kartu Tanda Penduduk (literally: Resident Identity Card), commonly KTP, is an Indonesian identity card. Separate versions of this card exist for Indonesian as well as non-Indonesian residents. The card is issued upon reaching the age of 17 or upon marriage. In the case of Indonesian citizens, the card must be renewed every five years.
    
2. Similarly Malaysia has one of the oldest biometric identification systems in the world called MyKad, which was introduced in 2001.
   According to many experts while the Indonesian eKTP is benign and is not necessarily used as an identity authentication tool, the Malaysian MyKad system has penetrated into the chip-enabled card being used as the single point of identification and authentication in places like ATM kiosks, at toll booths on highways, electronic cash for micropayments and digital certificate as a public identifier. In fact, the Malaysian MyKad enrollment is apparently compulsory for citizens and the card must be carried on their person at all times - not doing so can incur heavy monetary fines and even imprisonment for up to three years, according to reports. Many opponents of Aadhar are of the view that it's not difficult to imagine a similar scenario with Aadhaar in India sometime in the future, where carrying it on your person becomes a legal necessity and having it as a central authentication tool a way of life - severely sacrificing a citizen's sense of privacy. But what's even scarier is the thought that you are not in control of your identity - that there exists a centralized database of your fingerprints and iris scans that can be used by the government and third parties without your knowledge - as opposed to all of that residing offline in a chip enabled card that you have complete control over as to when or when not to use.
    
3. Is Aadhaar similar to Social Security Number in the USA? In one word - No
   Primarily the Social Security Number (SSN) is a tool to ascertain the income of any American individual and calculate the amount of social security credit they're entitled to - based on their individual financial health. The US issues SSNs only to its citizens and doesn't collect any biometric data of the individuals that are enrolled in the scheme. Aadhaar, on the other hand, is an identity authentical tool with biometric markers to ascertain an individual's identity. Thus SSN is a dumb number that's attached to an individual's profile in a company or US government agency's database whereas Aadhaar is a tool for authenticating a person's identity.
    
4. Position of Biometric identification in Western Democracies
   One obvious question which captures everybody's mind is that if Aadhaar is such a wonderful technology platform, why are the most technologically advanced countries not scrambling to adopt it or similar structures for their people?

In many of the other highly-developed societies in Europe and North America - and in the view of many computer scientists and policy-makers who study and advocate for policy in this area - using single number identity systems for everything is simply not a good idea. In 2010, the United Kingdom abandoned a similar scheme of a national identity card linked to biometric information. Israel has a smart card identification system with no fingerprints where data is not stored in any centralised database but stays only on the card. The US has no such nationwide, all-encompassing program and only two states - California and Colorado have fingerprint driving license applications.

Biometric information is collected by most of these countries only for visitors but not for their own citizens. Connecting bank accounts and voter registration to biometrics is a trend seen only in China, some countries in Africa, Venezuela, Iraq and the Philippines. Biometric information is collected by most countries only for visitors but not for their own citizens. Many policy experts concur that Centralised government-controlled databases of biometric and genomic data create high levels of social risk.

Any compromise of such a database is essentially irreversible for a whole human lifetime: no one can change their genetic data or fingerprints in response to a leak. Any declaration by a government that its database will never be compromised is inherently far-fetched. No government can argue that its flood prevention or public health system will never fail under the pressure of weather or disease.

The goal of policy is risk management, not perfect risk-prevention. Many experts strongly believe that In the case of Aadhaar, we have seen no adoption of traditional security measures well regarded in the industry to fix exploits, bugs or vulnerabilities. What we have seen is a lot of shooting the messenger and attractive marketing to hard sell the benefits of Aadhaar while underplaying privacy and security issues. Misuse of the database for state surveillance and targeted coercion is also unpreventable.

Anyone committing her data to such a system is betting for her lifetime that her government will never become totalitarian or even strongly anti-democratic, lest she be subjected to forms of oppression she cannot possibly evade. These are not merely theoretical concerns of Luddites or anti-innovation activists but already being perfected by countries like China.

The Xinjiang region of China, which has long been subject to tight controls and surveillance has seen vast collection of DNA samples, fingerprints, iris scans and blood types of people aged 12 to 65. This information is then linked to residents' hukou, or household registration cards.

This system limits people's access to educational institutions, medical and housing benefits. Combined with facial recognition software, CCTV cameras and a biometric database, the unprecedented level of control being attained is being presented as an example of the great technological strides the country is making. The fact that Aadhaar has expanded beyond its original goals and that comprehensive surveillance profiles of citizens are already being offered by companies, confirms the fears about misuse of data for surveillance. At the same time the risks of catastrophic failure are difficult to manage in a centralised single-number system and the problems of ordinary operation are non-trivial as well.

If an ordinary retail transaction is verified by "secure" authentication over a single-number system for instance, the seller need only surreptitiously retain both the number and the confirming biometric data in order to be able to seamlessly forge future transactions. An inexpensive thumbprint reader meant for a market vegetable vendor, for example, can be inexpensively modified to remember all the thumbprints it scans.

Several thousands of instances where beneficiaries have been denied benefits like pension and food assistance because of failed authentication are being reported everyday from different parts of India. To several entrepreneurs eying "data-based innovation", these are merely "teething problems" of a system that once matured will reduce all kinds of identity fraud and weed out corruption. But to several others, it is a matter of daily survival and deprivation of subsidized food and rations that was the original intent of this scheme.

For these reasons, European and North American technologists and policy-makers prefer solutions that treat identity as a probabilistic - based on or adapted to a theory of probability – quantity. In their decentralized approaches, multiple data sources and forms of identification are overlapped to get as high a probability of correct identification as necessary.

This means not relying on only one form to confirm a person's identity and allowing for different forms to be used to enable diversification of risk that comes from having one centralised structure. The court had ruled through interim orders passed earlier that Aadhaar registration cannot be made generally mandatory, yet it has before it numerous petitions concerning large numbers of social services for which Aadhaar registration has been made mandatory. We are all waiting for this powerful court speaking for the world's largest democracy on issues now coming to the fore in all societies.

5. Why The Judgement Deserves Applause?

The Aadhar judgment is undoubtedly a significant one with the five-judge bench delivering a 1,448-page judgment more than seven years after the first legal challenge was issued against the scheme. The judgment is indeed laudable and deserves to be applauded for on several fronts. Following the second-longest hearing in the history of the Indian judiciary, the judgment has saved the Aadhar platform although with multiple cuts and wounds.

The judgment indeed is special in a way since no doubts Aadhar has survived and has been upheld by the Court but on a closer note we realize that the position is not that simple. On several instances the Court has not shied away from reprimanding the government on its patent illegality and unfair conduct, thus making citizens rights and welfare of the people epicenter of democracy. Let us analyse benefits derived from the judgment and why the judgment needs to be appreciated:

1. End to coercion by the Private Players and Government
   One of the definite achievement of the judgment is that it has put a full stop over the coercion and pressure tactics by the government and various other private players for linking the Aadhar number with various services. The Court by clearly laying down what needs to be linked and what not has provided enormous relief to the common man and ended the daily confusion scenario and ruckus which was prevailing within the Aadhar and digital identity dynamics. Lets see what now needs to be linked and what not.
    
2. End To Use By Private Players
   The second most significant achievement through judgment is scrapping up of Section 57 of Aadhaar Act permitting private entities to use Aadhaar data for verification purposes struck down as unconstitutional. This basically means that no company or private entity can anymore seek Aadhaar details. Commercial banks, e-wallets (such as Paytm, Mobikwik, etc.) and payments bank can no longer insist on Know Your Customer (KYC) verification using Aadhaar.
   
   The telecom service providers too cannot seek Aadhaar details for verification purposes. This is significant in the wake of increasing cases of financial crime, especially due to Aadhaar's expanding tentacles in the telecom and other cellular and payment related sectors. One such recent incident was the way Airtel's payment bank routed approximately Rs. 190 crores to its payment bank accounts, wherein some accounts were opened and force-seeded with Aadhaar without the informed consent of the customers. There was a lot of speculation about the corporate use of Aadhaar as it was seen to be opening up doors for data mining, data misuse and profit making.
    
3. Striking down of section 47 of the Act: Recourse open to Courts for redressal of grievances
   Another achievement of the judgment is that Section 47 of the Aadhar Act has been struck down by the Apex Court which allowed only the Unique Identification Authority of India to go to court for any offence under the act. Section 47 of the Act was in violation of the citizens right to seek remedies. Under Section 47(1), a court can take cognizance of an offence punishable under the Act only on a complaint made by UIDAI or any officer or person authorised by it. Thus Section 47 was arbitrary as it failed to provide a mechanism to individuals to seek efficacious remedies for violation of their right to privacy. Thus before the verdict citizens were robbed of their agency. Now, people whose data has been leaked or stolen, or people who are denied benefits can go to court. Further even those whose biometric authentication fails can approach the judiciary.
    
4. Opportunity of Hearing :: Restoration of Principles of Natural Justice
   The court has further amended the Section 33(1) of the Act thereby again upholding the principles of the natural justice. The Court has declared that if information of Aadhar holder is sought to be released then in such a case he / she must be given the opportunity of a hearing and further also the right to challenge any such court order. No doubt India's Apex Court has time and again held that principles of natural justice are divine and sacrosanct and cannot be taken away. This judgment again reinforces the importance of the principles of the natural justice in a way. Further Section 33(2) has been amended as: Any breach of confidentiality can be done only on the orders of a very senior government officer (higher than joint secretary) along with a sitting high court judge. This amendment further would bring out more transparency and accountability.
    
5. Alternatives to be provided in case Biometric Identification fails
   Most importantly the judgment has removed some of the previously implicit requirements prevalent in the system, stating that no one can be denied benefits for want of an Aadhaar card. If their biometric authentication fails, then the government cannot deny them the benefit on account of that. It will have to provide them an alternative.
    
6. 118 crore beneficiaries win the battle
   By holding Section 7 of Aadhaar Act, the Supreme Court has ensured that the Union government's Direct Benefit Transfer (DBT) scheme stays unaffected. The DBT transfers subsidies directly to the people through their bank accounts. Till March 2017, Rs 1,82,671.36 crore has been disbursed to 35.7 crore beneficiaries. Between the FY14, when the DBT scheme was launched by NDA, and FY18, close to Rs 3.7 lakh crore had been transferred to its beneficiaries, through Aadhaar Payment Bridges (APB).
    
7. Direct transfer eliminates corruption
   The judgment of Supreme Court, therefore, while ensuring that the most deserving and economically deprived don't get hurt, made sure that the transparency in the government scheme stays. As DBT, with Aadhaar as its key, transfers money directly to the beneficiary, eliminating middlemen and duplicate beneficiaries, and hence corruption.
   Between the FY14, when the DBT scheme was launched by NDA, and FY18, close to Rs 3.7 lakh crore had been transferred to its beneficiaries.
   Aadhaar, due to its unique property, serves as a natural financial address for sending payments to accounts of beneficiaries through the Aadhaar Payments Bridge (APB). Justice Sikri, while reading out the judgment stressed on the uniqueness of Aadhaar and said, An individual can manipulate the system having multiple PAN cards, passports etc. A person can't have multiple biometric information and therefore Aadhaar is unique. Aadhaar can't be duplicated. It is a unique identity verification.
    
8. Option of Judicial Review:
   This view was backed by Justice D Y Chandrachaud-the sole dissenting judge—who called the passage of the Aadhaar Act in Parliament a fraud on the Constitution, reiterating that Sumitra Mahajan's decision to introduce it as a money bill be subject to judicial review. While Justice Chandrachaud conceded that living without Aadhaar was now impossible, the fears of invasion of privacy, all-pervasive state control and exclusion were issues that the judgment refused to settle.
   
   The inescapable conclusion is that the court in the Aadhaar judgment, despite pointing out several of the government's wrongs, has, in the larger principle of judicial restraint and grace, condoned those wrongs. The least that the government can do is to be humble and grateful to the court for that close escape and not indulge in gleeful celebrations of having won some major victory. It is, perhaps, useful to remind that the Aadhaar Act and the Aadhaar project were under the lens — not the petitioners. If the question is whether the project came out unscathed, the answer is an unequivocal no.

6. Analysis of The Loopholes In The Apex Courts Judgement : What The Judgment Failed To Deliver

No doubt the judgment on Aadhar is really a marvel and deserves applause and commendation on many fronts. However on a deeper analysis many experts are of viewpoint that the Court has failed to address major concerns surrounding Aadhar. Rather many experts concur that judgment is flawed in many aspects and has posed many new questions as well. No doubt Court was right in pointing out that  we cannot put baby out of the water  but one needs to appreciate that problems of minority too deserve equal attention and importance in democracy. Let us very humbly examine the major issues on which the judgment accordingly to many experts is flawed and needs to be revisited.

1. Mandatory Vs. Voluntary Debate And Making An Exit From Aadhar

As we are aware that India had started a unique programme called Aadhaar way back in 2009.What initially started as a voluntary scheme got legal sanction for the first time in March 2016, when the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016 was passed. However, Aadhaar was still considered to be primarily voluntary in nature. However, after that, the government started changing its course midway and began to connect various services to Aadhaar. Aadhaar soon started becoming mandatory. After this on mandatory and voluntary debate the majority bench of the SC laid clearly that:
We may record here that (Aadhaar) enrolment is of voluntary nature. However, it becomes compulsory for those who seeks to receive any subsidy, benefit or service under the welfare scheme of the government expenditure whereof is to be met from the Consolidated Fund of India. Further linkage of PAN and Aadhar has been upheld by the Court.

Thus in view of the aforesaid, first major loophole arises. On one hand the Court has always maintained that Aadhar or any sort of biometric identification process has to be purely voluntary. It has to be based upon informed consent but the Court at the same time took a self contradictory view and made Aadhar PAN linkage mandatory and valid. Further for receiving LPG subsidy which is mostly taken by all the residents / citizens the Aadhar no doubt is mandatory.

Thus in a way SC has indirectly hinted towards / made Aadhar mandatory only. That means only those who do not get government benefits nor need a PAN card do not need Aadhaar. Those who enrolled for Aadhaar before the passing of the Aadhaar Act, 2016, can choose to exit the programme. But it is not clear if someone who got the Aadhaar number later can do the same or not.

2. Whether The Judgment Ignored Exclusion Drastically?

Aadhaar doesn't work. Supreme Court's judgment cannot change this reality by denying the facts
Its failure to respect and take into account the affidavits filed by the poor, the disabled and the elderly describing their hardships is a travesty of justice.

Second major loophole is problem of exclusion which has been ignored by the Court. Many analysts are of the opinion that Aadhaar has also become a major reason for the exclusion of citizens to the basic government provided amenities. Though such exclusions are in no way targeted or deliberate, but loopholes in the Aadhaar system often create such scenarios.
How much exclusion is real exclusion?

The Supreme Court's judgment, adhering to government-furnished numbers has asserted that 97.6% of the population was now been biometrically verified via Aadhaar, and thus argued that shelving the Aadhaar project now would lead to neglecting the benefits currently provided to almost the entire populace. On this basis, an outcome in favour of petitioners against Aadhaar was therefore untenable.

However, as Reetika Khera writes, the claimed benefits of eliminating corruption and ensuring welfare access to all do not stand up to scrutiny as government-touted numbers of apparent savings are in fact legal dues being denied to the recipients. Focusing on the Mahatma Gandhi National Rural Employment Guarantee Act (MGNREGA), public distribution systems (PDS) and social security pensions (SSP), Khera shows that a rushed implementation without understanding the problems at hand has led to further pain for the disadvantaged, especially when prevalent systems of welfare disbursement were showing increasing efficiency.

Less than 5% of MGNREGA work in government records was not confirmed by respondents. As with the PDS, the decline in wage corruption predates Aadhaar-integration. This suggests that contrary to government rhetoric, there are other methods of reducing corruption in these programmes. In MGNREGA, the dramatic reduction in wage corruption is because of separation of the implementing agency (like the panchayat) and the payment agency (banks and post offices).

Even with payments into accounts, wage corruption can continue. It can take three forms: extortion (forcibly taking wages once labourers have withdrawn it from their account), collusion (workers allow corrupt functionaries use their job card and account to inflate work on muster rolls and sharing embezzled funds with them) and deception (operating the workers' account without their knowledge).

Denying facts
In June 2015, Laxmi Devi from Rajasthan submitted an affidavit to the Supreme Court in connection with this case. She explained how she had been denied work under the rural employment guarantee scheme solely because she did not have Aadhaar. In October 2015, Ajeet Kumar from Delhi filed an affidavit saying he had been denied a ration card because his children did not have Aadhaar. The court received hundreds of such affidavits detailing how people had been denied entitlements for lack of Aadhaar. But instead of relying on sworn affidavits from multiple people, the majority judgement relied on a powerpoint presentation given by the Unique Identification Authority of India, the agency that runs the Aadhaar project.

A study commissioned by the Andhra Pradesh government and submitted to the apex court examined why a number of beneficiaries did not take their rations upon the introduction of point of sale machines. It found the primary reason was the failure of fingerprint authentication. At least 19 people have reportedly starved to death after Aadhaar-related problems prevented them from getting their subsidised rations.

The majority judgement denies these facts placed before it, calling them unproven, while simultaneously holding that the rights of a minority are inconsequential compared to the benefits Aadhaar supposedly provides a majority. The entire aim behind launching this programme is the inclusion' of the deserving persons who need to get such benefits, the ruling states. When it is serving much larger purpose by reaching hundreds of millions of deserving persons, it cannot be crucified on the unproven plea of exclusion of some.

Denying these facts cannot alter the reality that is lived by the elderly person who cannot walk to a ration shop to put her fingerprints on a machine, or whom the machine won't recognise. The reality is that Aadhaar does not work.

During the Aadhaar registration process, individuals are required to authenticate their fingerprints and iris on a machine that determines their identity. This sole identity gives them access to their entitlements. The verification process for instance in the case of public distribution system (PDS) also requires electricity, internet and connectivity for accessing the centralised database, in addition to the fact that biometric details of an individual should match during availing of services.

In case the fingerprints fail to match at the time of availing of facilities like ration, a person may be denied the same. Absolute faith on the biometric system is based on a misplaced assumption that human body parts do not age. Testing by International Biometric Group highlights that over time, many biometric systems are prone to incorrectly rejecting a substantial percentage of users. Verifying a user immediately after enrolment is not highly challenging to biometric systems. However, after six weeks, testing shows that some systems' error rates increase ten-fold.

Similarly, it is mandatory to link Aadhaar number to the registry number in the public distribution database, otherwise amenities provided by the government stands cancelled. Many such incidents where individuals were denied welfare or pension services have come to limelight, especially people suffering from leprosy, engaged in manual labour and those who are genetically predisposed to not having fingerprints. There were reports that alternate means of identification are being done to accommodate the ones who lack proper biometrics.

Like facial recognitions or iris scanners. However, it is still not clear how such alternatives are being operationalised. For instance, leprosy patients are now being exempted from linking Aadhaar card. But then question arises, can all verification facilities vouch to have in place the required technical infrastructure that allows other means of verification? If yes, then what are they? Even if it is a process of offline verification, same has not been clearly laid down.

Another issue that came to the forefront was that of ghost or fake ration cards. Many a time the link between Aadhaar number and the ration card could not be validated. In such scenarios, the individual was denied basic amenities. Government claimed successfully tracing fake ration cards but many a time there were genuine cases of exclusion passed off as savings due to Aadhaar. This has also led to cases of death due to starvation. Corrective measures in this regard are yet to take course.

When talking about corruption the quantity fraud is not being factored in. Quantity fraud translates that a person may be forced to sign on something that he/she might not have received of the same quantity that the person is entitled to. However, one cannot also ignore the fact that in many places Aadhaar has actually replaced the middlemen.

3. What Will Happen To Data Already Collected By Banks /Telcos/Fintec Companies And Other Private Entities?

Another major loophole in the judgment is that though while the majority judgment says authentication records are not to be kept for more than six months, compared with five years earlier, it does not talk about what is to be done with data already collected.

However, Chandrachud said, "The biometric information and Aadhaar details collected by Telecom Service Providers shall be deleted forthwith and no use of the said information or details shall be made by TSPs or any agency or person or their behalf."

Further the apex court, in its judgement, did not address how this massive exercise should be carried out. Neither did it name any agency responsible to ensure this process of invalidation, which, by all accounts, will be a very complex task given the widespread use of Aadhaar identification. As for the government, it is yet to crystalise a solution to the problem.

4. No Clarity On Voluntary Right To Use Aadhar?

What about the people who have Only Aadhar as their proof of identity. It is not quite clear at this point if a telco or a bank can accept the 12-digit Aadhaar number for authentication when a customer chooses that as her identification. Some believe one reason why the judgment did not explicitly talk about that could be that it would have provided companies a loophole to seek Aadhaar data on the pretext of speeding up their service. However the judgment has left this question unclear which has now been used by the NDA govt to back the aadhar amendment bill for voluntary usage of Aadhar.

5. No Efficeient Grievance Redressal System

Another major loophole in the judgment is that Court failed to appreciate that under the Aadhaar architecture, UIDAI is the only authority which carries out all the functions, be it administrative, adjudicatory, investigative, or monitoring of the project. While the Act confers such major functions on UIDAI, it does not place any institutional accountability upon UIDAI to protect the database of citizens' personal information.

The Act is silent on the liability of UIDAI and its personnel in case of non-compliance of the provisions of the Act or the regulations made under it. Under Section 23(2)(s) of the Act, UIDAI is required to establish a grievance redressal mechanism. Making the authority administering a project, also responsible for providing for the framework to address grievances arising from the project, severely compromises the independence of the grievance redressal body.

Section 47 of the Act violates the right to seek remedy. Under Section 47(1), a court can take cognizance of an offence punishable under the Act only on a complaint made by UIDAI or any officer or person authorised by it. There is no grievance redressal mechanism if any breach or offence is committed by UIDAI itself. The law must specify who is to be held accountable. The Act lacks a mechanism through which any individual can seek speedy redressal for his/her data leakage and identity theft.

Compensation must be provided for any loss of data of an individual.A stringent and independent redressal mechanism and options for compensation must be incorporated in the law. Section 47 is arbitrary as it fails to provide a mechanism to individuals to seek efficacious remedies for violation of their right to privacy. Whether it is against UIDAI or a private entity, it is critical that the individual retains the right to seek compensation and justice. This would require a carefully designed structure.

6. How Safe My Aadhar Data Is : How Far Security And Privacy Issues Looked In Detail By Courts?

Aadhaar data
For Aadhaar, data collection by unknown and unaccountable entities began well over a year before the UIDAI was even formally set up.
Another major flaw arises in view of the fact that Court failed to appreciate the technical issues put forth before it regarding safety and security of the data handled by the UIDAI. The court merely was satisfied by the presentation shown to it by the UIDAI itself and ignored views of the several other experts.Many experts are of viewpoint that, much of the actual damage to the data collected by the UIDAI has already been done. And the damage is of the kind and magnitude that can't be undone by any court order.

The Unique Identification Authority of India (UIDAI), the authority established on July 21, 2016 by the Government of India, under the Ministry of Electronics and Information Technology, has already collected the biometric records of 1.171 billion Indians. And the UIDAI has been notoriously opaque about how and where the data has been stored and has refused to provide any means of publicly auditing the security of that data. Even in 2015, concerned with violation of privacy and civil liberties, the Supreme Court had warned the government that citizen's biometric data must not be handed over to anyone presumably meaning any non-government agency.

But technically, this amounted to nothing since the Aadhaar project was, from the very beginning, a project led and implemented by private parties. The project's chief evangelist was Indian IT czar-turned-lawmaker, Nandan Nilekani. And under his aegis, the UIDAI outsourced the data collection job to innumerable private parties spawning a swarm of countless agencies and sub-agencies. There were no audits, no capability or background check or any other form of standardised vendor approval process.

The harvesting of fingerprints and iris scans was an ad-hoc process carried out by innumerable small software customisation firms, resellers, labour-contracting agencies and even cyber cafes and photocopy shops. Sub-agents were allotted small clusters of homes and they set out with print scanners, laptops and cyclostyle forms, collecting biometric data from anyone willing to walk up and give it.

All this data traversed multiple layers of storage- from end-point to the central data warehouse- and all of it was done without any encryption. During the entire process, there were no clear statements from the government about where the data was going or to what end it would be used and the initial collection was fuelled by rumours and panic. In fact, data collection by unknown and unaccountable entities began well over a year before the UIDAI was even formally set up.

The servers could well be outside of India's borders and, thereby, outside the jurisdiction of Indian courts. Besides, there are no publicly available audits or records of how many times and by whom the data has been accessed or how many times it has been replicated.

The recent Wikileaks report that speaks of the CIA, DHS and other American agencies accessing Indians' biometric data, lends credence to the possibility of the data having been replicated offshore.

Further with a detailed ecosystem developing around Aadhaar, cybersecurity has become the biggest casualty. Each passing week draws attention to tremendous loopholes concerning cybersecurity in the Aadhaar ecosystem. In the past one year, we have seen numerous FIRs being filed by the Unique Identification Authority of India (UIDAI) concerning breaches in the Aadhaar ecosystem. However, the recent case reported by The Tribune of significant leakage of sensitive Aadhaar data is far more dangerous in its ramifications. This is the first time that we have seen massive leakage of Aadhaar numbers in such a huge magnitude.

This has itself cast a big shadow on the security procedures in the Aadhaar ecosystem.Today, with massive breaches of cybersecurity emerging, it is extremely clear that the Aadhaar ecosystem is not at all safe. More and more cybersecurity breaches are now being disclosed with each passing day. There is no denying the fact that Aadhaar is no normal information, but it is personally identifiable data, as well as being sensitive personal data. In fact, the Aadhaar ecosystem can be classified as India's critical information infrastructure.

Any breach of the Aadhaar data is not a normal breach but constitutes a breach into India's critical information infrastructure, which has the potential of prejudicially impacting the sovereignty, security and integrity of the nation, apart from impacting the confidence and trust of a huge chunk of its citizens in a detrimental manner. Further, as per the Supreme Court's landmark judgment in the case of Justice Puttaswami vs Union of India, the right to privacy is now an integral part of our fundamental right to life under Article 21 of the Constitution. In such a scenario, any breach of information on the Aadhaar ecosystem will prejudicially impact not just the privacy of an individual, but it will also have a bearing upon the citizen's enjoyment of other fundamental rights.

7. Uncertainity Over Newly Launced Masked Aadhar / Virtual Aadhar Id's

Another aspect that has not been clearly brought out is the credibility of alternate procedures of verification. What if they are more cumbersome for people who do not have an Aadhaar card? Convenience over security would definitely be a dilemma.

However, government has started taking stringent measures to ensure security. For instance, masking Aadhaar number while authenticating for a third party. This is done by generating Aadhaar Virtual ID, a 16-digit random number, which is mapped to a person's real Aadhaar number and can be used whenever authentication or KYC services are performed. It remains to be seen how many people would actually adopt the Virtual ID or understand its significance.

8. Risks of Survelliance / Coorelation Across Domains

Upholding the passage of the Aadhaar Act as a Money Bill, the Supreme Court said neither were individuals profiled nor their movements traced when Aadhaar was used to avail government benefits under Section 7 of the Aadhaar Act of 2016.

The statute only sought minimal biometric information, and this did not amount to invasion of privacy. Countering the argument that the Aadhaar regime would facilitate the birth of a surveillance state, Justice Sikri wrote that Aadhaar exhibited no such tendencies. Authentication transactions through Aadhaar did not ask for the purpose, nature or location of the transaction. Besides, information was collected in silos and their merging was prohibited.

The authentication process was not expanded to the Internet. The collection of personal data and its authentication was done through registered devices. The Authority did not get any information related to the IP address or the GPS location from where authentication was performed.

The Aadhaar structure makes it very difficult to create the profile of a person, Justice Sikri reasoned. However as we have seen the Supreme Court quashed or read down several provisions in the Aadhaar Act in order to de-fang any possibility of the state misusing data.

For one, the court held that authentication records should not be retained for more than six months. It declared the archiving of records for five years as bad in law. It also prohibited the creation of a metabase for transactions.

But does just by doing aforesaid risks of surveillance / profiling of individuals would come to an end? Increasingly, with Aadhaar, the authority can mean not just government agencies but also private entities-- for instance, Microsoft recently launched a version of Skype for India with Aadhaar authentication embedded within. Earlier, last year, and even now, Reliance Jio subscriptions required Aadhaar authentication of customers: that's right, Reliance was pulling in Aadhaar data to confirm whether the fingerprints of a person waiting in line for the Jio SIM card matched with his or her Aadhaar card or not.

The US SSN was strictly meant for use by government agencies, but its abuse by the private sector has been identified as a crucial link for the rising number of identity thefts in America. Ultimately, there are federal and state-level laws in the US that restrict the use of SSN across different government databases as a marker to identify a person's identity. Aadhaar, on the other hand, has been spearheaded by the government as a token across databases to identify someone within the country, to the extent where they leave a trail of transactions - in the bank, while booking an airline ticket, train ticket, buying a SIM card, and more.

Lastly, where the US firmly decided against encapsulating its citizens' biometric profile to the Social Security Number cards back in 2007, Aadhaar's use and proliferation is only going to increase in the days and months to come, as the government is pushing hard for its adoption across different central and private database systems.

Correlation of identities across domains: It may become possible to track an individual's activities across multiple domains of service (AUAs) using their global Aadhaar IDs which are valid across these domains. This would lead to identification without consent.

Illegal tracking of individuals: Individuals may be tracked or put under surveillance without proper authorisation or legal sanction using the authentication and identification records and trails in the Aadhaar database, or in one or more AUA's databases. Such records will typically also contain information on the precise location, time, and context of the authentication or identification and the services availed.

Identification without consent using Aadhaar data: There may be unauthorised use of biometrics to illegally identify people. Such violations may include identifying people by inappropriate matching of fingerprint or iris scans or facial photographs stored in the Aadhaar database, or using the demographic data to identify people without their consent and beyond legal provisions.

7. Architecture Under Weave: Attempt To Assuage And Soothen

Aftermath the SC verdict many industries have been impacted and a lot of changes have undergone in Aadhar sphere. Rather we can say changes are still undergoing and will shortly become a reality with passing of the Aadhar amendment bill by Rajya Sabha recently.The impact was palpable since Aadhar no doubt was single digital identity available with Indians. Let us analyse the impact and changes.

1. Impact on Fintech Companies
While affirming the constitutional validity of Aadhaar, the Apex court had said Aadhaar can only be used for welfare schemes and for delivering state subsidies. It had barred private companies from using Aadhaar data for authenticating customers. Fintech players, especially online lenders in the personal and consumer loans segment, are facing the pinch and increase in their operational costs in business following the Supreme Court order that prevents private companies from seeking Aadhaar data for e-KYC and e-signatures.

Following the apex court's order, the National Payments Corporation of India (NPCI), an umbrella organisation for all retail payments in the country, has suspended both e-KYC (know your customer) and e-signature-based National Automated Clearing House (NACH) for enterprises to collect recurring payments from customers digitally.

Under the e-NACH system, a customer was able to authenticate a payment process with a one-time password (OTP), making it cost-effective for companies and easy for consumers as it did not require any paper work. Players in the lending space feel that while business loans will not get hit in the short term, those that provide small loans to consumers will now have to do a re-think of their business model. Industry experts are also of the view that while bigger players will be able to sustain a hit on their profitability, many small players are likely to shut shop or get acquired.

Rohit Lohia, founder of online lender Cointribe, told Business Line:
Consumer/personal loans will see lot of stress as these kind of loans are needed on an urgent basis. So, if the players can't process the loans urgently, consumers will opt out of the platform. Besides, these are very small-ticket loans, and with paper-based verification and clearance, the business becomes very unviable as costs will increase drastically.

According to an industry expert who spoke on condition of anonymity, the move will force private sector companies to move from an online authentication model to an offline one, which would be both expensive and time consuming than the former model.

It could increase the cost of authentication from Rs15 per person, which is the current cost of e-KYC verification, to ₹100 per person for a physical KYC, the person added. In the offline model of authentication, telecom companies have to collect paper forms with signature, photographs, ship to verification centre and call up the customer to cross-verify submitted details, which ideally takes around 24-36 hours to verify a customer.

In order to ensure smooth discontinuation...there are certain requirements which are there under the Aadhaar regulations...so the companies are in the best position to know what exactly is needed and they can submit their plan by 15 October.

If any additional requirements are to be done from the UIDAI's side, we will tell them after receipt of their plan, UIDAI chief executive officer Ajay Bhushan Pandey told PTI. Other than telecom operators, fintech companies selling loans, mutual funds and insurance, digital payments companies and payment banks have been severely impacted with the apex court's judgement last week.

2. Impact on Telecom Sector
Linking of mobile connections with Aadhaar had been made mandatory by a circular dated March 23, 2017, by the Department of Telecommunications. This requirement was not only in respect of those individuals who would be becoming mobile subscribers, but applied to existing subscribers as well. The Court held that circular lacks the backing of a law and also fails to meet the requirement of proportionality.

The Court thus held the Circular mandating the linking of Aadhaar with mobile connections to be unconstitutional. On one hand, this will make it easier for mobile users to secure new connections as also to continue using the existing connections. This move is likely to attract new customers and retain the existing ones. However, on the other hand, the physical authentication process may be time-consuming and may affect the volume of new connections.

3. Impact on Startups
Striking down parts of Section 57 of the Aadhaar Act imply that private companies would not be able to ask for Aadhaar authentication. The judgment will have a huge impact on startups that depend on the efficiency and speed of online transactions. The delayed and cumbersome process of authentication might discourage users to avail such services.

It remains to be seen as to how the Aadhaar Act will be amended to address these practical problems keeping the spirit of the judgment intact. If the Parliament decides to come up with a new legislation to overcome certain parts of the judgment, such move is likely to be hotly contested. Even if enacted, the law will be subject to judicial scrutiny.

4. Impact on Banks
The Indian Banks Association (IBA), the industry body representing banks and financial institutions, has written to the Reserve Bank of India (RBI) seeking revised KYC (know your customer) guidelines following the recent Supreme Court verdict on Aadhaar. The banks are worried about the impact on business due to the lack of clarity following the ruling. In a letter dated October 10, seen by BusinessLine, the IBA said the Supreme Court order has far-reaching implications for the industry and for banking operations.

For example, the IBA's letter pointed out, Rule 9 of the Prevention of Money Laundering Rules mandates linking of Aadhaar number with bank accounts, has been struck down, but the RBI's 2013 circular mentions Aadhaar among the list of documents acceptable as proof of identity.

One other concern for the IBA relates to the direct benefit transfer (DBT) scheme. It said that deleting Aadhaar from the database will impact DBT, and that proper guidelines should be issued in consultation with the National Payments Corporation of India, the nodal agency for all payment networks. If the customer specifically requests for deletion of Aadhar, it is proposed that the Bank will delink the Aadhar from the customer's profile...consequently disbursal of benefits by the government agencies under DBT scheme into designated bank accounts may be impacted, the letter stated.

The IBA said there is a need for the RBI to clarify the status and that the earlier law should prevail. Doing away with the Aadhaar requirement may have a significant impact on the Government's financial inclusion and digital initiatives such as BHIM, Aadhaar-enabled Payment System and e-KYC based products, among others, which are primarily based on Aadhaar-enabled platforms, the association said. Banks may be allowed to continue these services till revised guidelines are announced, the IBA said.

5. Masked Aadhar Card: Privacy proof version of the card
Having faced flak over privacy issues, the Unique Identification Authority of India (UIDAI) has been exploring ways to further strengthen its systems. A step in this direction is masked Aadhaar' ID. Masked Aadhaar is an offline verification system that can be used by the holder without revealing his/her 12-digit number or giving biometric details for services. It can be dowloaded from UIDAI website and has only your name, address, photo and virtual ID.

Privacy-proof version
The masked Aadhaar is available to 122 crore people as it can be downloaded by the Aadhaar holder from our website or at any Aadhaar centre. This is privacy-proof, digitally signed and cannot be manipulated, Ajay Bhushan Pandey, Chief Executive Officer, UIDAI said.

You have option to use masked Aadhaar in place of any other ID. Also, for people who do not want to share date of birth, there is the option to mask even that, he added.

For instance, it can be used as identification at airports and on trains for ticket verification, linking mobile number or tourist places in India where you are asked to show proof at times. In case an agency refuses to accept the masked ID, Pandey said, UIDAI is the issuer of the masked Aadhaar ID and we are saying that one should have no problem in accepting it. If some agency doesn't accept it, then people can raise questions.

6. Offline eKYC routes
Aadhaar, unlike other identity documents, can be trusted only if it is validated online. It is easy to create a document that looks like Aadhaar with different numbers. Only with online verification of the Aadhaar number on the UIDAI website can you ensure that the card is genuine. Aadhaar was conceived to make online digital verification of identity possible; but no longer serves this purpose except for availing Govt. benefits, after the Supreme Court verdict. In addition, UIDAI received a lot of feedback about people being denied their basic rights due to Aadhaar authentication failure due to various factors including network connectivity and authentication failure.

Initially, UIDAI tried to solve this problem by mandating exception handling mechanisms by service providers, which was not fruitful. UIDAI, then produced a workaround to this problem in the form of an offline verification mechanism - digitally signing the contents of Aadhaar card / password protected XML file. Any person seeking to verify the authenticity of a card/file can scan it using software that verifies the digital signature. (The Aadhaar card is sometimes referred to as the Aadhaar letter, because it is delivered to the individual as a postal letter with a tear-away card portion.)

Offline usage of Aadhaar can be accomplished by two means:

• Via the QR code on Aadhaar card & E-Aadhaar PDF
• By downloading Offline Aadhaar file (a password protected ZIP file containing an XML file) from UIDAI's website

After Section 57 was struck down by the Supreme Court, UIDAI has been extensively promoting the first approach using the QR code on the Aadhaar card, while the coverage for second solution is limited, possibly because of the difficulty in use.

We have given the date as October 15 for exit plan under Aadhaar Regulations, by when (we believe) they would have brought in alternative systems of KYC services and comply with the orders of the court so that they are not in contempt, Ajay Bhushan Pandey, Chief Executive Officer, UIDAI told BusinessLine.

Pandey explained, Now the court has clarified service providers cannot do biometric authentication without mandate of law. And this is why we are saying now there are options without Aadhaar Authentication like E-Aadhaar, QR code and masked Aadhaar card for offline verification which happens without hitting the UIDAI server.

People should have a choice. They can give some other valid KYC document such as Voter ID and replace their Aadhaar eKYC. If you unilaterally delete someone's Aadhaar eKYC data without replacing it with other valid KYC, the phone and bank account may get deactivated because these services require some KYC, Pandey pointed out.

After telecom, the UIDAI is also studying other sectors and will ensure compliance with the Court order at UIDAI's end for smooth transition as early as possible. Other sector regulators too need to implement the court's order without disrupting services to the people, Pandey said.

Conclusion
In conclusion it can certainly be said that indeed Aadhar is a digital identity riddled with several predicaments and perils and it certainly has a long way to go before becoming effective digital identity. The Government soon will have to find a viable and effective solution to Aadhar for protecting the welfare of the general public.

No doubt Aadhar case was one of the first constitutional cases where the Supreme Court of India was called upon to examine the interaction of law, technology and welfare with the poor and marginalised. However it is regretful that Court's failed to understand, respect and take into account the hundreds of affidavits submitted by the poor, the disabled and the elderly describing the hardships they face because of Aadhaar and thus this in a way constitutes is a travesty of justice.

Nevertheless Aadhar has given Indians their digital identity which is laudable. Further it needs to be appreciated that Biometrics via Aadhaar is an untested territory. Biometrics as a foundation for Aadhaar, without addressing the security concerns raised by people, paves the way for more doubts and fear. Securing identity systems is particularly challenging as the number of data breaches across the world are on the rise.

Identity data in the modern world and particularly as governments come to require it so much more often, becomes the key to perpetrate fraud and undertake surveillance. Adequate norms thus need to be laid down from collection to retention of biometric data, in addition to formulating strong data protection and privacy laws.

In the last it can be said that Aadhaar could become a one stop solution if implemented in a more accommodative manner. One understands that longterm benefits of Aadhaar actually outweighs many concerns. However, the government needs to work towards plugging the loopholes and taking prompt action in addressing the genuine concerns and grievances of the people.

References:

1. Gopal Krishna , Defying Fundamental Rights with Impunity, Economic and Political Weekly, Vol. 52, Issue No. 12, 25 Mar, 2017, available at, https://www.epw.in/journal/2017/12/web-exclusives/defying-fundamental-rights-impunity.html
2. Justice Puttaswamy (Retd.) and Anr. v Union of India and Ors., available at (https://www.supremecourtofindia.nic.in/supremecourt/2012/35071/35071_2012_Judgement_26-Sep-2018.pdf)
3. What Supreme Court's Aadhaar verdict means for you: 10 points, Live Mint , 26 Sept , 2018 , available at :https://www.livemint.com/Companies/cpSHu1fjQ1WvOP8vMi27aL/What-Supreme-Courts-Aadhaar-verdict-means-for-you-10-point.html
4. The Aadhaar/ PAN Judgement, Indian Constitutional Law and Philosophy Blog, available at :https://indconlawphil.wordpress.com/2017/06/09/the-aadhaarpan-judgment/.
5. Aadhaar: What are the pending cases before the Supreme Court, Indian Express, May 31, 2017, available at http://indianexpress.com/article/india/aadhaar-what-are-the-pending-cases-before-the-supreme-court/.
6. UIDAI achieves 111 crore mark on Aadhaar generation; Unique identity covers over 99 percent adult residents of India, Press Information Bureau, January 27, 2017.
7. M.S. Sriram, Moving beyond Aadhaar : Identity for Inclusion, Economic and Political Weekly, Vol. 49 , Issue No. 28 , 12 July , 20147, available at, https://www.epw.in/journal/2014/28/special-articles/identity-inclusion.html

Written By: Deeksha Chaudhary, Assistant Manager (Law) , Indian Oil Corporation Ltd.