THE BIOMETRIC BIG BROTHER “AADHAAR” AND THE CONTROVERSY TODAY

“Study after study has shown that human behavior changes when we know we’re being watched. Under observation, we act less free, which means we effectively *are* less free.” 

― Edward Snowden

ABSTRACT

The instant article contains a brief detail on the Aadhaar Card controversy and the linkage with the bank accounts and mobile phone and remedies available to the consumer if they are swindled out of their life savings due to illegitimate transactions, scams and the recovery mechanism therein.

If you are a citizen of India or a vivid user of the Social Networking Sites like Twitter and Facebook and essentially not been living under a rock for the past few months, you would or rather should be confused as to how does another other identity card namely Aadhaar has for a lack of a better word ‘SCREWED’ your life. From the linkages to the bank accounts to ration shops and from birth certificate to death certificate, it seems like the only identity card ever made which should replace every other card. However, sadly that’s not the case.

LET’S UNDERSTAND WHAT EXACTLY IS AADHAAR CARD/NUMBER?

As per The Aadhaar (Targeted Delivery Of Financial And Other Subsidies, Benefits And Services) Act, 2016 (‘Act’), an holder of Aadhaar is essentially a person who has been issued a unique identification number i.e. Aadhaar number under the act[i]. However, the Aadhaar number or the authentication thereof shall not, by itself, confer any right of, or be proof of, citizenship or domicile in respect of an Aadhaar number holder[ii]. Yes, you read that right the act emphatically states that the Aadhaar Card/ Number by itself doesn’t confer any right of, or be proof of, citizenship or domicile.

In fact, the most harped about feature of the Central and State government is that without registering for Aadhaar Card/ Number, the citizens of India won’t be allowed to obtain subsidy, benefit or service for which the expenditure is incurred from, or the receipt therefrom forms part of, the Consolidated Fund of India[iii]. However, the proviso to Section 7 of the Act is emphatically clear that if an Aadhaar Number is not assigned to an individual, the individual shall be offered alternate and viable means of identification for delivery of the subsidy, benefit or service, thereby essentially clarifying two important aspects, one that Aadhaar, per say, is not an absolute form of identification and is subject to other identity verifications for domicile or citizenship purposes. However, the governmental department and/or the ration shops don’t agree with this position, since they have ‘instructions’[iv].

This brings an interesting observation as to why such ‘hue and cry’ for registration and linkages to everything that any person would own. Moreover, a perusal of the Act would reveal, that unless otherwise provided under this Act, the requesting entity needs to obtain the consent of an individual before collecting his identity information for the purposes of authentication in such manner as may be specified by regulations[v].

Be that as it may, the ‘golden nugget’ summary of the Act is in Chapter-VI of the Act, which talks about the protection of information of the individuals. This is the troublesome issue, at least, for the citizens including the author both as a citizen of India and as an advocate. The author could narrate practical scenarios where such information had been compromised and the police refuse to act on it, let alone file a First Information Report, (‘FIR’), and the information which was wrongly collected and misused let to cheating the client of the author of his entire savings[vi].

LINKAGE OF AADHAAR WITH THE TELECOM PROVIDER

“As per Government's directive, it is mandatory to link Aadhaar card with your mobile number” or “Your services are being discontinued. Kindly, contact the nearest service center to link your Aadhaar card with your mobile number to enjoy uninterrupted service.” These kinds of messages followed by phone calls have been irritating each and every one of us of late.

The basis of which is in a circulated dated 23.03.2017 issued by the government, seeking all telecoms service providers to conduct an Aadhaar based re-verification of all existing pre-paid and post-paid mobile connections and further directs them to complete this exercise not later than 06.02.2018. However, the basis of circular as per the government through the Department of Telecommunications (‘DOT’) is the directions passed by the Hon'ble Supreme Court of India[vii]. However, the observation in the matter cannot be construed as direction of the apex court to re-verify data of the consumers, specially when the Act itself is clear that the Aadhaar Card or number is furtherance of other identification and specifically when the Act itself bars it to be a form of domicile or citizenship proof, how does the present exercise of re-verification have any effect or pass the test of law as mandated by the Telecom Regulatory Authority of India (‘TRAI’).

However, unless a definitive order is not given by the Hon'ble High Court or the Hon'ble Supreme Court of India in this regard, this exercise and the irritation caused is inevitable but there are two fresh petitions filed in the Hon'ble Supreme Court of India to challenge the same, so all we can do is wait and watch the outcome of those petitions[viii].

AADHAAR LINKAGE TO PAN

Recently, the Hon'ble Supreme Court of India has in the matter of Binoy Viswam v. Union of India[ix] has laid down the following ratio :-

1. We hold that the Parliament was fully competent to enact Section 139AA of the Act and its authority to make this law was not diluted by the orders of this Court.
2. We do not find any conflict between the provisions of Aadhaar Act and Section 139AA of the Income Tax Act inasmuch as when interpreted harmoniously, they operate in distinct fields.
3. Section 139AA of the Act is not discriminatory nor it offends equality clause enshrined in Article 14 of the Constitution.
4. Section 139AA is also not violative of Article 19(1)(g) of the Constitution insofar as it mandates giving of Aadhaar enrolment number for applying PAN cards in the income tax returns or notified Aadhaar enrolment number to the designated authorities. Further, proviso to sub-section (2) thereof has to be read down to mean that it would operate only prospective.
5. The validity of the provision upheld in the aforesaid manner is subject to passing the muster of Article 21 of the Constitution, which is the issue before the Constitution Bench in Writ Petition (Civil) No. 494 of 2012 and other connected matters. Till then, there shall remain a partial stay on the operation of proviso to sub-section (2) of Section 139AA of the Act, as described above.

(Emphasis Supplied)

In light of the point 4, it is again clear that the scope of the case was restricted to the Pan linkage and has no relation to the other ongoing linkages in any manner. It is also pertinent to mention that the recent judgment delivered by the constitutional bench of the Hon'ble Supreme Court of India[x] also recognizes the notion of ‘Information Privacy’, which effectively means (including, but not limited) the right to prevent disclosure of information about oneself, unless compelled by the procedure established by law and the same is technically contrary to the Act itself[xi]. To give it more context Justice R.F Nariman has in the Indian context stated about Information Privacy, “Informational privacy which does not deal with a person’s body but deals with a person’s mind, and therefore recognizes that an individual may have control over the dissemination of material that is personal to him. Unauthorised use of such information may, therefore lead to infringement of this right”

(Emphasis Supplied)

In light of the above and the controversy around the linkage and the damaging impact thereto which is dreading factor of the outrage itself, is primarily that if the Aadhaar details are linked with the mobile, banking services and any other services. The compromise access to one of these would directly and adversely impact the remaining, a threat which has merit. To subdue this threat and the primary purpose of writing the present article is that the public at large need to know about the below mentioned two schemes issued by the Reserve Bank of India, (‘RBI’), which are quintessential for recovery of their hard earned monies and to protect them from scams etc., which may happen due to such linkages or otherwise.

AMENDMENT TO THE BANKING OMBUDSMAN SCHEME 2006

The RBI has widened the scope of its Banking Ombudsman Scheme 2006, (‘The Scheme’) to include, interalia, deficiencies arising out of the sale of insurance/ mutual fund/ other third-party investment products by banks. Under the amended Scheme, a customer would also be able to lodge a complaint against the bank for its non-adherence to RBI instructions with regard to Mobile Banking/ Electronic Banking services in India.

The pecuniary jurisdiction of the Banking Ombudsman to pass an Award has been increased from existing rupees one million to rupees two million (i.e. from 10 Lacs to 20 Lacs). Compensation not exceeding rupees hundred thousand can also be awarded by the Banking Ombudsman to the complainant for loss of time, expenses incurred as also, harassment and mental anguish suffered by the complainant.

The Reserve Bank has released a Notification dated June 16, 2017, amending the Banking Ombudsman Scheme 2006. The amended Scheme shall come into force on July 1, 2017, and is active as on date.

However, the most interesting point under the regulation is point n., 

“Non-adherence to the instructions of Reserve Bank with regard to Mobile Banking / Electronic Banking service in India by the bank on any of the following:

I. delay or failure to effect online payment / Fund Transfer,

II. unauthorized electronic payment / Fund Transfer”

The procedure for complaints settled by the agreement under the Scheme has also been revised. The appeal has now been allowed for the complaints closed under Clause 13 (c) of the existing Scheme relating to rejection which was not available earlier.

LIMITING LIABILITY OF CUSTOMERS IN UNAUTHORISED ELECTRONIC BANKING TRANSACTIONS

Interestingly, another circular of the RBI has gone unnoticed i.e. Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions[xii]. This circular till date is the answer for every consumer nightmare if they will have, already had and/or probably would have post its notification. This circular looks at two types of transactions: -

1. Remote/ online payment transactions (transactions that do not require physical payment instruments to be presented at the point of transactions e.g. internet banking, mobile banking, card not present (CNP) transactions), Pre-paid Payment Instruments (PPI), and
2. Face-to-face/ proximity payment transactions (transactions which require the physical payment instrument such as a card or mobile phone to be present at the point of transaction e.g. ATM, POS, etc.)

Limited Liability of a Customer

Zero Liability of a Customer

A customer’s entitlement to zero liability shall arise where the unauthorized transaction occurs in the following events:

1. Contributory fraud/ negligence/ deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer).
2. Third party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction.

Limited Liability of a Customer

A customer shall be liable for the loss occurring due to unauthorized transactions in the following cases:

1. In cases where the loss is due to negligence by a customer, such as where he has shared the payment credentials, the customer will bear the entire loss until he reports the unauthorised transaction to the bank. Any loss occurring after the reporting of the unauthorised transaction shall be borne by the bank.
3. In cases where the responsibility for the unauthorised electronic banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and when there is a delay (of four to seven working days after receiving the communication from the bank) on the part of the customer in notifying the bank of such a transaction, the per transaction liability of the customer shall be limited to the transaction value or the amount mentioned in Table 1, whichever is lower.

Table 1

MAXIMUM LIABILITY OF A CUSTOMER

Further, if the delay in reporting is beyond seven working days, the customer liability shall be determined as per the bank’s Board approved the policy. Banks shall provide the details of their policy in regard to customers’ liability formulated in pursuance of these directions at the time of opening the accounts. Banks shall also display their approved policy in public domain for wider dissemination. The existing customers must also be individually informed about the bank’s policy.

Overall liability of the customer in third-party breaches, as detailed above, where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, is summarized in Table 2:

Table 2

SUMMARY OF CUSTOMERS LIABILITY

THE REVERSAL TIMELINES FOR A ZERO LIABILITY / LIMITED LIABILITY OF CUSTOMER

On being notified by the customer, the bank shall create (shadow reversal i.e. reverse and mark a lien on such amount) the amount involved in the unauthorised electronic transaction to the customer’s account within 10 (ten) working days from the date of such notification by the customer (without waiting for settlement of insurance claim, if any). The notification also notes that the Banks have discretionary powers to decide waiver off customer liability in case of unauthorized electronic banking even in cases of customer negligence. So, a right nudge or push with the right people in the banks would help in effective and speedier redressal of issues.

It is pertinent to note, that contravention of this nature is also covered under the Information Technology Act, 2000 (‘ITA’) as a form of redressal, under Section 43 read with Section 66, where anyone can file a case before the Adjudicating Officer for the said offence, whereas the Appellate Forum is still in limbo and is set to be merged with the TDSAT soon[xiii]. Therefore, these two remedies are in all likelihood an addition to the existing remedy under the Information Technology Act, wherein people can choose to go to the Banking Ombudsman rather than the Adjudicating Officer.