Bad Rules for Good Governance

On the Unconstitutionality of the Aadhaar Good Governance Rules

Tldr

The COVID-19 pandemic has brought long-standing criticisms of Aadhaar to the fore, with reports of an Aadhaar-based facial recognition system being used in the vaccine rollout. Today, we explore why the Aadhaar Good Governance Rules are unconstitutional in how they exceed the limits of the parent Act, violate the Puttaswamy judgement and proportionality test, and are vague and non-voluntary. We have written to the Chairpersons of the Lok Sabha and Rajya Sabha Committees on Subordinate Legislation petitioning them to take up the Rules for review, in the hope that others will take up the mantle and write to the committee as well.

The Aadhaar Good Governance Rules

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act”) gives the UIDAI unfettered discretion to set the policy on issues crucial to the scope, security and ambit of Aadhaar and its uses. This broad power warrants close parliamentary scrutiny over each regulation that the UIDAI adopts, including the rules in question, which were framed by the Central Government in consultation with UIDAI.

Under sub – section (1) of section 53 and clause (aa) of sub-section (2) of section 53 of the Aadhaar Act, the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2020 were notified on 5th August, 2020t, 2016 and laid on the table of the Lok Sabha on 3rd January, 2021. Essentially, the Rules state that the Central government may allow “requesting entities” to engage in Aadhaar Based Authentication in the interest of good governance, preventing the leakage of public funds, or promoting ease of living and enabling better access to services for residents. Aadhaar authentication can be proposed for the following purposes under Rule 3(1):

1. usage of digital platforms to ensure good governance;
2. prevention of dissipation of social welfare benefits;
3. enablement of innovation and the spread of knowledge.

As per the consolidated response to certain RTIs filed by us, as of 1st April, 2021, 53 proposals from Ministries or Departments of the Central government or State governments for permission to use Aadhaar authentication under these Rules. Of these 53 proposals, 32 have been referred to the Unique Identification Authority of India under Rule 5 of the Rules, out of which 22 proposals have been accepted and 10 proposals are under examination.

What this indicates is that wide-spread Aadhaar based authentication is no longer a proposal  and is now a reality. For example, on March 3, 2020, the Ministry of Road Transport and Highways issued a notification allowing for the voluntary use of the Aadhaar number which can be used “by any individual, desirous of availing various contactless services. Alternatively, the Ministry of Health and Family Welfare has issued a notification by which it proposes to use Aadhaar authentication to generate a unique Health identifier.

The Aadhaar project has faced several criticisms since its inception; such criticisms have only heightened after its implementation, with a diverse set of actors from the Supreme Court to CAG of India to various civil society bodies questioning the use of Aadhaar based authentication. Indeed, the Economic Survey 2016-17 (para 9.67) has acknowledged the existence of severe exclusion errors due to authentication failure, with failure rates ranging from 5% in Gujarat to 37% in Rajasthan and 49% in Jharkhand! This is before considering the wide range of data security issues and privacy issues that are associated with Aadhaar, especially in the absence of an adequate data protection law. The COVID-19 pandemic has brought these concerns to the fore, with reports of an Aadhaar-based facial recognition system being used in the vaccine rollout and Aadhaar being mandatory for admission into COVID-19 wards in hospitals.

Thus, it is now critical that greater Parliamentary scrutiny into the Rules takes place.

The unconstitutional nature of the Rules

Upon analysis, several major issues with the Rules have emerged:

1. The Rules travel outside the parent legislation and exceed the limits of the Aadhaar Act: It is settled jurisprudence that the rules framed under an Act cannot travel beyond the boundaries of the Act. According to the preamble, and Section 7 of the Aadhaar Act, the Aadhaar number can be mandated as proof of authentication of identities for the receipt of certain subsidies, benefits and services, which have been funded by the Consolidated Fund of India (or the Consolidated fund of states). Thus, the objectives provided under Clause 3(1) of the Rules, must fall within these boundaries. But due to the expansive wording of these purposes, any government project could come under the ambit of these objectives, some of which will go beyond the scope of the Aadhaar Act. It must also be recalled that the Aadhaar Act was certified as a money bill, on the grounds that it was linked to welfare goods and services which were funded by the Consolidated Fund of India through Section 7. The Rules expand the ambit and scope of the Act, which would sever the connection to the Act as a Money Bill.
2. The Rules violate the Supreme Court’s Aadhaar Judgement: In Justice (Retd.) KS Puttaswamy v Union of India , a majority bench of the Supreme Court found the Aadhaar Act constitutional, but only after drawing strict lines in the sand for how Aadhaar could be used. The Court held that the government was permitted to use Aadhaar authentication for a limited set of purposes and struck down Section 57, which permitted private parties to use Aadhaar authentication, as there was a possibility of it being commercially exploited by private entities. Clause 4 of the Rules mentions that ‘requesting entities’ could be  the Ministry, Department of the Government of India or any State Government that wants to use Aadhaar for the purposes specified in the Rules. In this regard, the question to be asked is what if the ‘requesting entity’ is applying for the purpose of a public-private partnership project? In this case, it would be impossible for the private entity to not get access to the Aadhaar numbers of individuals. Additionally, the Aadhaar Amendment Act, 2019, which permits private parties access to Aadhaar numbers is pending challenge in the Supreme Court, for violating the Puttaswamy judgement.
3. The Rules are only voluntary in name: Clause 3(2) of the Rules states that the process of authentication for the purposes set out in the rules is ‘voluntary’. However, the experience with Aadhaar authentication and recent instances like the roll-out of the Covid vaccination have shown that  the Government has pushed Aadhaar so that it becomes the ‘preferred’ mode of verification and authentication. This could eventually lead it to becoming mandatory for government services, in direct violation of the Supreme Court judgement. Thus, even though it is voluntary on paper, it de-facto becomes mandatory in usage. There is also no assurance in the rules about the status of those who choose not to provide their Aadhaar numbers for authentication purposes. This can also take the form of financial compulsions. For example, at the All India Institute of Medical Sciences, the premier government hospital, a patient can get the registration charges of Rs. 100 waived off if they provide their Aadhaar ID to authenticate their identity. Such a policy significantly privileges the usage of Aadhaar and thus effectively amounts to financial coercion towards the adoption of the Health ID. For the Good Governance rules, some Ministries have stated that Aadhaar authentication is “voluntary,” as it is only required if a citizen wants to access a public service online. For example, the Ministry of Road Transport has applied for permission under the Good Governance Rules to use Aadhaar authentication for online applications for licenses/ learners’ licenses, and other related services. Through this method, Aadhaar becomes de-facto mandatory to access public services online, thus creating a barrier to the right to the internet and to public services. Additionally, technology failures plague the Aadhaar authentication system, and have already led to serious issues of exclusion from welfare benefits, which are likely to be aggravated.The linkage of Aadhaar to welfare services has caused large numbers of people to be excluded from their welfare benefits, which has caused immeasurable hardship. Increasing the use cases for Aadhaar authentication would only exacerbate this problem, and increases the risk of infringement of the right to privacy. The CEO of UIDAI had noted that in 2018 authentication failure for government services was as high as 12%. A recent J-PAL study in Jharkhand also found that Aadhaar based verification “either did not reduce errors of inclusion or leakage or did so at the cost of increased exclusion error”, with an error of between 22% and 34% of reduced disbursals. Reports of starvation deaths due to a lack of Aadhaar linkage or biometric failure have also been repeatedly highlighted.
4. The Rules are unconstitutionally vague: The Rules include vague terms like ‘good governance’, ‘social welfare benefits’, ‘innovation’, ‘spread of knowledge’, and ‘satisfied;/ These terms are not defined either in the Rules or Aadhaar Act or even the Information Technology Act, 2000, and could possibly include every government and administrative function. The rules lack guidelines which would help the administrative authorities decide the various circumstances under which the rules would become operative, or the limits to which its power could be extended. The wide discretionary power of the Rules amounts to excessive delegation, which would be illegal.
5. The Rules violate the proportionality test: The rules also fail to fulfil the test of proportionality, confirmed by the Puttaswamy judgement. In order for the Rules to be accepted, the following conditions must be met: 1) Legality or the existence of a law , 2) Need, defined in terms of a legitimate state aim, and 3) Proportionality which ensures a rational nexus between the objects and the means adopted to achieve them. The objectives of the Rules, however, are vague, and do not define the particular aim that the State intends to achieve through the Rules. Hence, they fail to fulfill the second and third conditions of the proportionality test.

Letters to the Committees

The presence of such significant issues further increases the need for Parliamentary oversight. However, a curtailed Budget session has meant that the Rules have not been debated on the floor of the house. Thus, we have written to the Chairpersons of the both the Lok Sabha and Rajya Sabha Committees on Subordinate Legislation which scrutinise subordinate legislation such as rules, regulations, and bye-laws that emerge from Acts (for example, in the past, the Lok Sabha Committee on Subordinate Legislation has provided its recommendations on the Information Technology (Intermediary Guidelines), 2011). Through our letter, we have petitioned the Committees to take up the Rules for review and test them on the grounds of constitutional principles. We hope that others will take up the mantle and write to the committee as well.

Documents

1. Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2020 (link)
2. IFF’s Letter to the Chairperson of the Lok Sabha Committee on Subordinate Legislation regarding a petition to review the Aadhaar Authentication for Good Governance Rules, 2020(link)
3. IFF’s Letter to the Chairperson of the Rajya Sabha Committee on Subordinate Legislation regarding a petition to review the Aadhaar Authentication for Good Governance Rules, 2020 (link)

This endeavour was the result of collaborative work with other organisations who assisted in drafting the petition and engaging in advocacy. We would thus like to thank Maansi Verma, the founder of Maadhyam, as well as volunteers from the Rethink Aadhaar campaign.