By Ashit Kumar Srivastava

The Reasonable Expectation of Privacy and the Labyrinth of AADHAR and Constitutionalism

The algorithm of privacy has notably restrained the executive power of the State and considerably consolidated the idea of Constitutionalism; it goes without saying that the ever expanding horizon of privacy has worked nothing short of a panacea against all the executive acts. The most recent judgment delivered by the U.S Supreme Court in Timothy Carpenter vs. United States (2018) concretes the existence of right to privacy to an unassailable position. Wherein the U.S Supreme Court by a majority of 5 to 4 concluded that the data generated by cell phone companies cannot be used by the Government agents for tracking a person (unless backed by a warrant), as it will amount to infringement of their reasonable expectation of privacy [Cell Phones by connecting to different set of radio antenna leave ‘cell sites’, every time a cell phone connects to a cell sites it creates a time-stamped record, better known as Cell-Site Location information (CSLI), the wireless carrier (namely the service providing companies) store these data for their business purpose].

But the prudent question here to be taken account of is what India as a Nation can learn from it? Being new members of the family of countries who have recognize privacy rights, India has to fill in a big shoe of human rights jurisprudence, something which was not paid heed on before; and which might be detrimental to a nourishing growth of privacy rights in India but surely India can gallop its way to a nurturing jurisprudence of its own. We need to understand that privacy rights give a great leverage to human rights jurisprudence all across the globe by becoming a halo of ring around several activities; it gnaws into the panoptic of the State’s intervention and buys a new shackle for the Leviathan.

But the right to privacy for India is still is a new essence of a rising moon, growing beautiful day-by-day as the moon becomes full, however, just like the moon the privacy rights in India have their own spots, the biggest crater being the Aadhar issue. The Aadhar issue is not only a question of informational self-determination but is also a question of Constitutionalism. To what extent the government can control the information of an individual and if so, to what extent it can protect it from falling in the hand of a third party. This and many more questions like these keep the legal field fertile with innumerable possibilities.       

THE AADHAR LABYRINTH AND CARPENTER’S RULING

On day 18th of the Aadhar hearing in Supreme Court of India, senior advocate Anand Gover (representing petitioner Thomas Mathews) made an intriguing submission, under which he argued that the information submitted to UIDAI under Aadhar scheme is not secure and the State government have time and again used the Aadhar information for PDS (Public Distribution System) the revelation doesn’t stops here, the petitioner also argues that the software used by UIDAI for the collection of data, processing of it was made by an U.S Corporation by the name of L1 Identity solutions Operating Co. Private Ltd. Under a contract with the Union government in 2010 leaving a ton of data with them for a period of 7 years Further on day 36th of the Aadhar hearing, Advocate Shyam Divan submitted his argument, laying on the emphasis on the expert report submitted by Manindra Agarwal from IIT (dated 4th March 2018) the report said, “that leakage of the verification log from the UIDAI or any third party working for UIDAI can lead to forged identities and revealing of location. It may even result in leakage of location data, that is, the location of the places where the transactions were carried out.”  

Keeping the fragility of informational security in mind, we need to go back to the Carpenter’s ruling, The American Jurisprudence pertaining to privacy affirmatively beliefs that any information voluntarily given by the individual to any platform (be it bank, telephone co., etc.) will not be regarded as private [as per the ruling of U.S vs. Miller (1976) and Smith vs. Maryland (1979)] which means any organization, per se, government can buy that information or compel the corporation to give that information (Under the Patriot Act, 2001 The US Government can compel a corporation to give access to their data) from that platform and use it against the individual. This was a serious threat to the modern day digital world which is well recognized in the Carpenter Judgment, wherein, Justice Roberts elaborately denounced the prior practice of third party immunity from accessing the information, given by the individual under a staunch belief that the information won’t be accessed by anyone except the service provider. Justice Roberts firmly believed that something like a cell phone which is a rudimentary necessity of a daily life cannot allowed to be made a substance of investigative tool, further, the individual never consented in sharing his data with a third party, therefore it will be a blatant violation of his privacy right.

Similarly, on the same line lays the fundamentals of Aadhar Act, 2016, UIDAI Ceo Dr. Ajay Bhushan Pandey in his submission before Supreme Court had solemnly affirmed that the information collected by the UIDAI is fully secured and is not accessible by any third party, but the very fact that a Foreign Biometric Service Provider (L1 Identity Solutions Operating Co. Pvt. Ltd.) was contracted to develop the software and substantial information was keyed with them for a period of 7 years breaks the plausibility of his claim. Seen from the perspective of the Carpenter’s ruling this is a blatant violation of privacy rights of 120 Crore people of India who enrolled themselves under the stern belief that their information is save in the vaults of the State.         

Being a developing nation, it was a historical step by the Indian Supreme Court to recognize ‘Right to Privacy’ has a fundamental right, in a country where still 4.5 % of the population still lies below the poverty line, of all the socio-economic downfalls, pervading inequality. The Supreme Court of India, the crusader to justice, chose to ratify privacy rights prior to all other discontents. However, the real brunt doesn’t lie in recognizing a new right but rather it is in recognizing every aspect of the right which if not guarded can lead to infringement of the core right recognized. The Aadhar issue has all the makings of a Cambridge-Analytica fiasco, not only is the state involved in it but it seems like the state has given its implicit consent for the abuse of the information.        

Sources:

The Government of India Hired Foreign Corporations to Act as “Biometric Service Providers”

Ashit Kumar Srivastava (AKS) is an Assistant Professor of Law at National Law University, Odisha who did his masters in Constitutional Law from Rajiv Gandhi National University of Law, Patiala (2016-17)

Featured Image: Business Today