Mains Paper 2: Governance| Government policies and interventions for development in various sectors and issues arising out of their design and implementation.
From UPSC perspective, the following things are important:
Prelims level: Basics aspects of Aadhar.
Mains level: The newscard critically analyses the issues wrt Aadhaar and Other Laws (Amendment) Bill, 2018, in a brief manner.
- The Aadhaar Amendment Bill was pushed through the Lok Sabha— without any debate and no discussion.
Analysis of the proposed Aadhar Amendment Bill and how it can be interpreted in light of the recent SC judgment
- Alternative virtual identity
- Along with the 12-digit Aadhaar enrolment number, an “alternative virtual identity” generated by the UIDAI has been added when the “requesting entity” asks for verification.
- Area of concern: The rules of what a “virtual identity” would be or how it would be used, or even who can use it are not defined.
- Children can opt out
- Section 3A introduced in the Amendment allows a person who was enroled in the Aadhaar system as a child to file an application to cancel their Aadhaar enrolment within six months of turning 18.
Area of concern: While the provision allows a child to opt out of Aadhaar on turning 18 years of age, Aadhaar will still be required for those who want to avail any benefit or subsidy from the government. Further, there is no provision to allow an adult to request cancellation of their Aadhaar enrolment.
- Offline verification
- Instead of a biometric authentication of Aadhaar number, offline verification using the Aadhaar number has been introduced.
Area of concern:
- Section 4 clause 4 of the Amendment Bill includes the term “an entity” which can be permitted by the UIDAI to perform Aadhaar authentication.
- Activists and lawyers also point out that “an entity” in this clause can include private companies if the government permits them to authenticate Aadhaar. The earlier provision for allowing private entities to conduct Aadhaar authentication had been struck down by the Supreme Court.
- Aadhaar as purely voluntary for KYC under the Telegraph Act and under PMLA for Banking and financial services
- Even though the Supreme Court struck down mandatory Aadhaar linking for KYC of mobile phone connections, and under PMLA for Bank accounts, the Aadhaar amendment specifies that customers can choose Aadhaar authentication, offline verification or their passport or any other form of identification that is allowed by the government.
- The amendment proposed for the PMLA also recognises that “other reporting entities” that are not banks — i.e., financial institutions — cannot ask for Aadhaar authentication but can use offline verification or other forms of ID.
Area of concern
- The amendment under PMLA is also slightly unclear since it allows banks to conduct Aadhaar authentication in addition to other forms of identity, which goes against the SC verdict that allowed Aadhaar authentication only for access to government subsidies and services. Also, private banks would come under the definition of “banking services”.
- Further, the PMLA provision says that “other reporting entities” could also be given access to Aadhaar authentication if they comply with privacy and security standards.
- This is an area of concern since it could be used to allow private service providers to access Aadhaar authentication.
- Civil penalties
- The Bill also introduces civil penalties for violating Aadhaar norms and illegal access to data under chapter 6A added by the Amendment Act.
- The proposed Section 33A says that a civil penalty of up to one crore rupees may be imposed on an entity for violating Aadhaar norms. Also, for each additional violation by the same entity, an additional penalty of up to 10 lakh rupees per day may be imposed if violation of the rules continues.
- The inquiry for such violation will be conducted by a Joint Secretary or higher level officer appointed by the UIDAI.
Area of concern
- Any person whose identity has been compromised cannot file a civil complaint — only the UIDAI can initiate a complaint about the violation, and the inquiry will be conducted by the UIDAI appointed official.
- Appeals can be filed before the Telecom Disputes Settlement and Appellate Tribunal by the entity on whom the fine has been imposed. However, only the UIDAI can file an appeal if the adjudicating officer takes a decision in favour of the entity.
- Also, no complaint can be filed before a civil court. Only the Supreme Court can hear appeals against the order of the Tribunal.
- Enhancement of criminal penalties.
- Criminal complaints can be filed by a person whose identity has been violated. Under Section 38 and 39, which prescribed punishment for corrupting data or accessing the central data repository, or for denying services, the punishment has been enhanced from a maximum of three years to a maximum jail term of 10 years. Under Section 42, punishment has been enhanced from a maximum of one year to a maximum of three years.
- Also, in what will come as a relief to activists, the amendment in section 47 proposes to allow a person whose identity is violated to approach a criminal court to file a complaint under sections 34 (impersonation), section 35 (appropriation of identity to change information), 36 (unlawful collection of Aadhaar data), 37 (disclosure of identity related information), section 40 (using identity information for other purpose) and 41 (violation by enrolling agency).
Area of concern:
- All these offences are bailable and carry a jail term of a maximum of three years. Activists had raised concerns about the danger of identity theft and violations. Stricter penalties have been imposed only under sections 38 and 39, for unauthorised access or leaking or distribution of data from the central data repository.
- Complaints under 38 and 39 can only be made by the UIDAI.
- Surveillance and national security
- Disclosure of Aadhaar data under section 33(1), including authentication of records, can now be done only on the orders of a high court judge. The Aadhaar Act had given the power to a district judge to pass such orders.
- Also, for disclosure on court orders, both the UIDAI and the person whose data is being disclosed will now be given the opportunity for a hearing. Also, the court cannot order disclosure of core biometric information.
- Under section 33(2), where the government could order disclosure of Aadhaar data and records “for national security”, the official required to sign off on such a request is now a secretary-level officer, higher than the previous provision of a joint secretary level official.
Area of concern:
- The Supreme Court had specifically struck down section 33(2) that allowed for disclosure of identity “for national security” and had said there has to be “involvement of a judicial officer, preferably a High Court judge” before such an order could be passed.
- This suggestion has been ignored.
- The national security provision also does not allow for any hearing from the UIDAI or the person concerned. It also does not include the provision to protect core biometrics, as has been specified under 33(1).
- Any entity that conducts offline verification of Aadhaar cannot conduct online authentication. The collection, storage or use of Aadhaar number or biometric data cannot be done by an entity that conducts offline verification.
Area of concern:
- Since the “offline verification” has been introduced by the amendment, how this will actually be conducted is not clear.