SC upholds Aadhaar validity, but with modifications: Full case timeline

The following is the chronology of events leading up to the Supreme Court on Wednesday declaring the Centre's flagship Aadhaar scheme as constitutionally valid although it struck down some provisions including the linking of the biometric ID with bank accounts, mobile phones and school admissions:
* Jan 2009: Planning Commission notification on UIDAI.
* 2010-2011: National Identification Authority of India Bill, 2010 introduced.
* Nov 2012: Retired Justice K S Puttaswamy and others file PILs in SC challenging validity of Aadhaar.
* Nov 2013: SC orders all states and Union Territories be impleaded as respondents.
* Mar 3, 2016: Aadhaar Bill, 2016 introduced in Lok Sabha; later passed as Money Bill.
* May 2017: Former Union minister and Congress leader Jairam Ramesh moves SC challenging the Centre's decision to treat Aadhaar Bill as a Money Bill.

ALSO READ: Mammoth task to audit, erase Aadhaar data with private firms: Experts
* Aug 24, 2017: SC nine-judge bench rules that right to privacy is a fundamental right.
* Dec 15: SC extends deadline for mandatory linking of Aadhaar with various services and welfare schemes till March 31, 2018.
* Jan 17, 2018: SC five-judge bench begins hearing Aadhaar case.
* Jan 25: SC asks Chhattisgarh HC to modify in 10 days its order directing all trial courts in the state to mandatorily accept copies of Aadhaar card for releasing an accused on bail.
ALSO READ: SC verdict on Aadhaar 'a good judgement', gives relief to citizens: Experts
* Feb 19: Delhi BJP leader Ashwini Kumar Upadhyay seeks direction to EC to take appropriate steps to implement an 'Aadhaar based election voting system'.
* Feb 21: SC says the alleged defect that citizens' biometric details under the Aadhaar scheme were being collected without any law, could be cured by subsequently bringing a statute.
* Mar 7: SC says Aadhaar number not mandatory for enrolment of students in all India exams.
* Mar 13: SC extends March 31 deadline of Aadhaar linking till it gives its order.
* Mar 22: UIDAI CEO says breaking the Aadhaar encryption may take "more than the age of the universe for the fastest computer on earth".
ALSO READ: Over 210.8 million PAN cards linked with Aadhaar till now, reveals data
* Mar 28: Social activist Reshma Prasad seeks direction to the Centre to create a separate third gender category option on PAN cards for transgenders.
* Apr 3: Centre tells SC Aadhaar law is just, fair & reasonable.
* Apr 17: SC raises concerns that there is a threat of Aadhaar data misuse.
* Apr 25: SC questions Centre on mandatory seeding of Aadhaar with mobile.
* May 10: SC reserves verdict.
ALSO READ: SC declares Aadhaar constitutionally valid, strikes down some provisions
* Sep 26: SC upholds constitutional validity of Aadhaar but strikes down certain provisions including its linking with bank accounts, mobile phones and school admissions.

UIDAI number popped up in your contacts? Google owns up to putting it there

Even as the Aadhaar-issuing authority UIDAI said on Friday that it has not asked any phone maker or telecom service provider to include its toll-free number on mobile phones, search engine giant and Android-maker Google said that the number was inserted by the platform in the automatic setup wizard on phones back in 2014.
Google said that the emergency number 112 and the UIDAI number got "inadvertently coded" in the Indian version of Android and have remained there since.
"Since the numbers get listed on a user's contacts list these get transferred accordingly to the contacts on any new device," a Google spokesperson said.
"We are sorry for any concern that this might have caused, and would like to assure everyone that this is not a situation of an unauthorised access of their Android devices," the statement said, adding that the company will work to get the numbers removed in the upcoming release of its software, which will be made available to handset makers.
ALSO READ: How did Aadhaar helpline sneak into your mobile? UIDAI says it has no role
Google's response came as a relief for the social media community, which was in a frenzy over the mystery of the UIDAI's helpline number 1800-300-1947 being found in people's contacts list on most Android devices. As people questioned the Aadhaar-authority over the protocol followed for inserting the number, UIDAI denied these charges.
Telecom operators' body COAI, too, said none of its members had pre-loaded any unknown numbers on any mobile phone.
The Unique Identification Authority of India (UIDAI) said the number 1800-300-1947 appearing in the contact list of Android phones is an "outdated and invalid" helpline number.
Defending itself after drawing flak on social media over the default inclusion of the number in mobile phone contact lists, the Aadhaar-issuing body said in a statement, "...the said 18003001947 is not a valid UIDAI toll-free number and some vested interests are trying to create unwarranted confusion in the public."
The UIDAI's valid toll-free number is 1947, which is functional for more than last two years, it said.
"UIDAI has reiterated that it has not asked or advised anyone including any telecom service providers or mobile manufacturers or Android to include 18003001947 or 1947 in the default list of public service numbers," the statement added.

ALSO READ: Don't display Aadhaar number publicly, says UIDAI after Trai chief's dare
Joining the debate over the UIDAI number being auto-saved on mobile phones, industry body COAI on Friday said: "The inclusion of a certain unknown number in the phonebooks of various mobile handsets is not from any telecom service provider." The Cellular Operators Association of India (COAI) represents the voice of large telecom operators in the country, including Bharti Airtel, Vodafone, Idea Cellular and Reliance Jio.
When contacted, Indian Cellular Association (ICA) National President Pankaj Mohindroo told PTI that the industry body had "not got any mandate from anyone to put any such number".
The industry body represents mobile phone brands and large and small handset manufacturers.
The appearance of the number on smartphones had caused a social media furore, as users expressed concerns over how the helpline number had snuck into their smartphone contact list. #UIDAI was trending on the micro-blogging site as the Twitterati sought to unravel the mystery, and questioned the "breach of privacy".
On Thursday, a French security expert, who goes under the pseudonym Elliot Alderson and describes himself as the "worst nightmare" of the UIDAI, had tweeted, "Hi @UIDAI, Many people, with different provider, with and without an #Aadhaar card, with and without the mAadhaar app installed, noticed that your phone number is predefined in their contact list by default and so without their knowledge. Can you explain why?" Alderson, in one of his latest tweets, said, "Ask to yourself: What is the interest for Indian phone manufacturers to add the @UIDAI number by default?."
A vigilante hacker who uses the handle @fs0c131y on Twitter, Alderson was vocal during the recent Aadhaar dare thrown by Trai chief R S Sharma and has, in the past, also revealed purported flaws in the Aadhaar system.
The UIDAI controversy -- the second in the last one week -- comes at a time when the Supreme Court has reserved its judgement on a clutch of petitions challenging the constitutional validity of the Aadhaar Act.
Also, with the public and private sectors collecting and using personal data on an unprecedented scale and for various purposes, instances of unregulated and arbitrary use, especially that of personal data, have raised concerns about the privacy and autonomy of an individual.
Over the last one year, there have been umpteen reports of personal information being allegedly compromised with increasing use of biometric identifier Aadhaar in an array of services.

UIDAI restores Airtel's authorisation for Aadhaar-based eKYC, with riders

The UIDAI has restored telecom operator Bharti Airtel's authorisation to conduct Aadhaar-based verification of its mobile subscribers subject to specific conditions, sources said.
The company will have to submit quarterly reports on compliance with Aadhaar Act and adhere to directions issued by the Unique Identification Authority of India (UIDAI) from time to time.
Sources privy to the decision told PTI that the suspension on Airtel Payments Bank's eKYC licence has not been lifted.
The telecom service provider Airtel - whose eKYC licence has been conditionally restored - will be required to submit quarterly compliance reports "till further orders" and the UIDAI "reserves its rights to verify such reports on its own or through an auditor appointed by the authority", one of the person familiar with the development said.
Airtel did not offer any immediate comments on the issue.
Both Airtel and Airtel Payments bank came under fire late last year after the Sunil Mittal-led firm allegedly opened payments bank accounts of its mobile subscribers without seeking their "informed consent", and LPG subsidy worth crores was deposited into these accounts.
In a strong action in December, the government and the UIDAI temporarily barred the company from conducting Aadhaar-based SIM verification of mobile customers and e-KYC of payments bank clients.
It later allowed Bharti Airtel to use Aadhaar for re-verification of its mobile customers for a fixed duration, with stiff riders attached. However, with the latest move, the UIDAI has now conditionally restored the eKYC licence key of Bharti Airtel.
Sources said the UIDAI wanted to ensure that Airtel customers do not face any inconvenience. Additionally, the Aadhaar-issuing body has taken note of regular compliance updates provided by Airtel and Airtel Payments Bank. UIDAI observed that Airtel complied with "critical issues", the source said.
The order has also takes note of audit report of Department of Telecommunications (DoT) that was received by UIDAI on March 7.
"This report has been duly examined by the UIDAI. As per the DoT audit report, it was noted that, at present, the processes and applications used for mobile customer's re-verification and new acquisition are in compliance to DoT's instructions," the source pointed out.
The development comes at a time when the deadline for linking bank accounts and mobile numbers with Aadhaar has already been extended indefinitely, till the five-judge constitution bench delivers its judgement on a bunch of petitions challenging the validity of the biometric scheme and its enabling law.

Critics of Aadhaar say they have been harassed, put under surveillance

Researchers and journalists who have identified loopholes in India’s massive national identity card project have said they have been slapped with criminal cases or harassed by government agencies because of their work.
Last month, the Unique Identification Authority of India (UIDAI), the semi-government body responsible for the national identity project, called Aadhaar, or “Basis”, filed a criminal case against the Tribune newspaper for publishing a story that said access to the card’s database could be bought for Rs 500 ($7.82).
Reuters spoke to eight additional researchers, activists and journalists who have complained of being harassed after writing about Aadhaar. They said UIDAI and other government agencies were extremely sensitive to criticism of the Aadhaar programme.
Aadhaar is a biometric identification card that is becoming integral to the digitisation of India’s economy, with over 1.1 billion users and the world’s biggest database.
Indians have been asked to furnish their Aadhaar numbers for a host of transactions including accessing bank accounts, paying taxes, receiving subsidies, acquiring a mobile number, settling a property deal and registering a marriage.
The Tribune said one of its reporters purchased access to a portal that could provide data linked to any Aadhaar cardholder.
The UIDAI complaint, filed with the police cyber cell in the capital, New Delhi, accused the newspaper, the reporter, and others of cheating by impersonation, forgery and unauthorised access to a computer network.
Media associations sharply criticised the action - the Editors Guild of India said UIDAI’s move was “clearly meant to browbeat a journalist whose story was of great public interest. It is unfair, unjustified and a direct attack on the freedom of the press.”
In response, the agency said “an impression was being created in media that UIDAI is targeting the media or whistleblowers or shooting the messenger.”
“That is not at all true. It is for the act of unauthorised access, criminal proceedings have been launched,” it said in a statement.
Osama Manzar, the director of the Digital Empowerment Foundation, a New Delhi-based NGO, called the government’s prickliness “a clear sign that rather than it wanting to learn how to make Aadhaar a tool of empowerment, it actually wants to use it as a coercive tool of disempowerment”.
DATA LEAKAGE
Last May, the Centre for Internet and Society (CIS), an independent Indian advocacy group, published a report that government websites had inadvertently leaked several million identification numbers from the project.
UIDAI sent the CIS a legal notice within days, said Srinivas Kodali, one of the authors of the report.
The notice alleged that some of the data cited in the report would only be available if the site had been accessed illegally. The UIDAI wrote that the people involved had to be “brought to justice.”
According to Kodali, two more notices followed, addressed to the group’s directors and two researchers, containing more accusations. “They said it was a criminal conspiracy, and demanded that we send individual responses,” he said.
CIS then received questions about its funding from the home ministry section that grants NGOs permission to receive foreign funding, said a source in the group who saw the letter. CIS viewed this as a threat to its funding, the source said.
CIS declined to comment on the notices or on the questions about funding.
UIDAI did not reply to multiple e-mails seeking comment on the accusations about CIS and similar complaints by other activists and journalists, and officials could not be reached by phone.
Officials at the Ministry of Information Technology that supervises UIDAI were unreachable by phone.
In a column in the Economic Times newspaper in January, Ajay Pandey, the head of the UIDAI, wrote: “The data of all Aadhaar holders is safe and secure. One should not believe rumours or claims made on its so-called ‘breach’.”
R. S. Sharma, the head of India’s telecom regulatory body, said there was an “orchestrated campaign” against Aadhaar as it was against the interests of those who operated in the shadow economy with fictitious names, or were skimming off subsidies.
“It is going to clean up many systems,” Sharma told a television channel last month. “That’s probably one of the reasons why people realise that this is now becoming too difficult or too dangerous for them.”
“THAT TRIP TO TURKEY?”
A Bangalore researcher who contributed to the CIS report said scrutiny by police and government officials was a common occurrence, but harassment was stepped up after it was published.
“Sometimes people from the police station visit you. Other times from the Home Ministry. It was intimidating,” the researcher said.
The person, who asked not to be named for fear of reprisal, said police officers asked questions like “How was that trip to Turkey?',” to make it clear the subjects were under surveillance.
When Sameer Kochhar, a social scientist and author of books on Aadhaar, demonstrated how the system’s biometrics safeguards could be bypassed last year, UIDAI filed a police report in New Delhi, a person familiar with the matter said.
Subsequently, Kochhar received at least three notices from the Delhi Police alleging that he had violated 14 sections under three separate laws, the person said.
Kochhar’s lawyer and Delhi Police officials declined to comment.
Critics have warned Aadhaar could be used as an instrument of state surveillance while data security and privacy regulations are still to be framed.
Former central bank governor Raghuram Rajan said last month that the government needed to prove it would protect the privacy of Aadhaar.
“I do think that we have to assure the public that their data is safe,” Rajan said. “All these reports about easy availability of data are worrying and we have to ensure security. We cannot just say trust us, trust us, it’s all secure.”