Disproportional Proportionality: An Analysis of the Proportionality Test, Aadhaar, and Digital ID.


Shruti Trikanad



Justice Chandrachud, in his dissenting judgment in the Aadhaar case, wrote of the increasing use of the proportionality test as a “shift from the culture of authority to a culture of justification.”[1] According to him, testing the Aadhaar ID scheme against proportionality was aimed at holding the government accountable for its policy measures, rather than that of the court second-guessing the wisdom of the legislature. How the Aadhaar court fared in applying this test— especially when compared to similar cases before other courts— is a question this essay hopes to address. In this post we look at the first leg of the proportionality test to identify the legitimacy of the state’s interest in implementing their infringing measure, along with overarching issues of the burdens of proof required by the different courts.


The Aadhaar case was a good litmus test for the use of the proportionality test: the Aadhaar ID system is a popular “development” policy measure that has public backing, but is also pervasive and potentially deeply impacts privacy rights of the citizenry. However, there was much lacking in the courts’ application of the test, likely failing the high ideals the test sought to introduce. This is best highlighted by examining how other courts handled similar cases.


National biometric ID programs have recently been introduced worldwide by government measures to establish a way to reliably identify residents and provide them with services they are entitled to. However, these have come at the cost of issues of privacy, exclusion, discrimination, state power and constitutionality. The four cases explored here are the Aadhaar case in India,[2] the Huduma Namba case in Kenya,[3] the Robinson case in Jamaica,[4] and the Madhewoo case in Mauritius.[5]* These are the only cases challenging national biometric ID that have reached apex courts in their respective countries, allowing us insight into Digital ID systems and their interplay with constitutional protections.


These cases all had one thing in common: they all rested on the proportionality ­of the measure that gave rise to the digital ID system. Since the constitutional framework in the respective countries allowed violations so long as they could be reasonably justified and were proportionate in their infringing impact, the courts looked at questions of the aim of the ID program, its manner of implementation, and its potential impact on the rights of people involved.


The proportionality tests, though marginally different across the cases, largely followed that of the R v. Oakes court:[6]

1. The government must first show that the law under review has a goal that is both “pressing and substantial in a free and democratic society.”

2. The court then conducts a proportionality analysis using three sub-tests.

a. First, the provision of the law that limits a fundamental right must be rationally connected to the law’s goal. If it is arbitrary or serves no logical purpose, then it will not meet this standard.

b. Second, the provision should minimally impair the violated constitutional right. It will be constitutional only if it impairs the right as little as possible or is “within a range of reasonably supportable alternatives.”

c. Finally, the court examines the law’s proportionate effects. Even if the above steps are satisfied, the effect of the provision on constitutional rights may be too high a price to pay for the advantage the provision would provide in advancing the law’s purpose. If so, the law is unconstitutional.


In Jamaica, the court found that several features of the ID system produced disproportionate risks, and that since the state did not do enough to justify its measure or safeguard its residents, the whole system must be struck down for violating the constitution.[7] Similarly, in Kenya, although the court found that its residents’ rights can be infringed for a digital ID system, it halted the operation of the system until the Kenyan government implemented a sufficiently robust data protection legislation, and framed regulations to safeguard the data collected. They held that in its current form, the ID system was risky and not well protected, and therefore unconstitutional. The Mauritian court found that while the collection of biometric data for the purpose of an ID system was valid, its storage exposed ID holders to risks of unauthorized access especially in a centralised system, and that this disproportionality warranted a termination of the system.[8] Only in India did the court allow the Aadhaar ID system to continue despite the risks it introduced, holding that because of the safeguards governing the system and the important aim it sought to achieve, it was proportionate and constitutional.[9]


Burden of proof and rules of evidence


Before individual issues of the cases are considered, an important question to answer is the burden of proof required by the respective courts. The burden of proof is important to the success of a case, and determines which party is given the presumption of accuracy and which party is responsible for presenting evidence. Particularly where one of the parties is the state, and has an advantage in having better access to information and evidence about its own technology, this can be looked at as an unfair burden on the petitioners; certainly one that impacted the final outcome.

In the Jamaican case, the Court categorically applied a burden of proof to the case, that of preponderance of probability.[10] This, they stated, was more appropriate than the proof beyond reasonable doubt standard, since it was a matter of “reasonableness” and “democratic society”.[11] In the reasonable doubt standard, the burden of proof is met if there is greater than a 50% chance that, based on all the reasonable evidence shown, the plaintiff's claims are true and the defendant did in fact do the wrong that caused the damage. The alternative criminal law standard was rejected by the court, as it would be unduly onerous on one of the parties.[12] In the context of the ID system (especially one that is yet to be fully implemented), this means that the petitioners need not give definitive evidence of infringement or harm caused by the system to prove a violation of their rights; they only need to show the likelihood of it. However, the court also pointed out that even within this civil law standard, the degree of cogency of evidence required depends on the gravity of the matter before the court; for a violator of important fundamental rights to justify their violation, as is the case here, compelling evidence is necessary.[13]


In contrast, this thorough investigation was entirely missing in the Aadhaar case. The Indian Supreme court even went so far as to reject evidence supporting proof of exclusionary harms caused by the mandatory use of Aadhaar, as it was disputed by the respondents, and they had no means to definitively determine its accuracy.[14] The court claimed it could not invalidate a legislation on the basis of material whose credibility was not tested. Thus, by failing to articulate an evidentiary burden about factual questions, or articulating what would happen in case of factual uncertainty, the court overlooked a crucial aspect of its case— one that eventually (and arbitrarily) favoured the State. This would patently fail the test identified by the Jamaican court, as it does impose an unusually high burden on the petitioners to prove potential harm caused by the ID system. This is more cause for concern in the context of a Digital ID system, as while immediate harm is not obvious, its consequences compound over time. The court was inconsistent even in the standard it imposed on the government; it relied on key evidence presented by the chief administrator of the Aadhaar system that was not even placed on affidavit,[15] and therefore would not normally be accepted as evidence.



State interests, evidence, and legitimacy


The very first step in determining the proportionality of a state measure is identifying the state interest or goal, and evaluating its legitimacy. In all of the four cases analysed, the courts applied a variation of the proportionality test that required an analysis of not just whether the goal or state interest was legitimate but also if it was of sufficient importance (in a democratic society) to be infringing on constitutional rights.[16] For this test to be satisfied, the state has to show that the goal was important for the society it is operating in, and it is aimed at tackling some identified problem. For instance, in R v. Oakes, the court stated that the objective must “relate to concerns which are pressing and substantial,” so that concerns that are trivial to a democratic society are not met with rights-infringing measures.[17] The court, in this case, was deciding on the constitutionality of a narcotics law aimed at criminalising drug trafficking,[18] and concluded a legitimate state aim on the basis of government evidence showing the increase of drug trafficking in the state,[19] along with evidence of success in other countries that adopted similar criminalization measures to tackle it.[20]


In the Aadhaar case, the primary aim in establishing Aadhaar, as identified by the court, was to address fraud and leakages in the welfare system, and ensure the state fulfils its duty of delivering welfare to all eligible citizens.[21] There was no doubt that such an aim is important and non-trivial by itself, but its legitimacy was disputed because of the overbroad categorisation of this as a problem arising from the lack of “unique identities”. The petitioners claimed that the state was unable to show that the leakages in the welfare system were due to identity fraud, as opposed to eligibility and quantity frauds (which the petitioners claimed comprised the majority of such leakages).[22] The court was, however, unmoved by this, and did not engage in this challenge, simply holding that the state aim of providing “unique” identity via technology to ensure welfare reached eligible beneficiaries was aimed at enhancing citizens’ rights to food and dignity, and was therefore legitimate.


In contrast, the Jamaican court interpreted the test strictly, and struck down every aspect of the ID system that was not well justified by a legitimate state aim. For instance, they held that the aim of providing reliable identification to residents was not sufficiently proven by the white paper describing its need submitted by the Attorney General as evidence, and that in the absence of authentic sources and statistics showing the requirement of the ID system, the state aim would not pass the test.[23] They also struck down the provisions that made the system mandatory, allowed third party access, discriminated against residents etc because the state could not tender justifiable aims for introducing them.[24] In Mauritius and Kenya, the courts found that the state aims of providing secure identity systems were legitimate. In the Mauritius court, the state was able to show that the specific problem aiming to be addressed was that of identity fraud that occurred rampantly in the old system, due to people registering several times for the same ID. They also held that the respondents were able to show why the use of fingerprints were essential, and this evidence was not challenged by the petitioners. Once again, this differs widely from the Aadhaar case, where the respondents did not show why the use of biometrics was indispensable in their state aim, even though it was a key contention of the petitioners.

Closely connected to this step is the rational nexus test, where arguably the Aadhaar bench once again diluted its application. In R v. Oakes, the “rational connection” was interpreted to require that the means chosen were “carefully designed” to minimize problems of “over inclusion.”[25] The offending law there was Section 8 of the Narcotic Control Act, which put a reverse burden on anybody found with possession of a narcotic, to prove that they did not possess with intention of trafficking. The court determined the unconstitutionality of this provision at this stage,[26] and held that Section 8 was clearly over-inclusive as it would include in its scope even people found with possession of small/negligible amounts of narcotics.[27] This, in turn, could lead to results in certain cases that are not rational or fair, especially considering the seriousness of the offence in question.[28]


The Aadhaar case had similar facts, with the petitioners showing evidence to support their claim that the introduction of Aadhaar was not likely to address the state aim (that of reducing fraud in welfare delivery) in any substantial way, and would in fact lead to exclusions and further obstacles in the welfare delivery system. However— and herein lies a key error whose impact we will see throughout the court’s decision— the majority bench noted early on in its proportionality analysis that it would not examine the actual working of the Aadhaar Act, as that bears no relevance to judging the constitutional validity of the scheme.[29] This means that the court would only test the Act on its face, for inconsistencies within the law itself that might impact fundamental rights, notwithstanding its actual effectiveness or impact. When looked at in the context of the suitability or the rational connection test, this leaves the court unable to examine the extent to which this law is actually able to advance the aim, and therefore whether it is a suitable measure. For example, the State’s evidence showed that there were Aadhaar authentication failure rates of 6% for fingerprint authentication and 8.54% for iris scan-based authentication. [30]The court did not examine whether the presence of such failure rates would render the Aadhaar system unsuitable for its purpose of being a vehicle for targeted welfare delivery.[31]


The court also failed to look at the over-inclusion likely present in the Aadhaar measure. Aadhaar imposes the burden of requiring every resident to prove their innocence by sharing their biometrics if they sought to claim their right to state subsidies and services. There was no consideration given to this aspect, despite it being highlighted by the petitioners, and the court simply accepted the suitability of the ID system and the “need” of the Aadhaar unique identity to effectively deliver welfare. This becomes even more unjustifiable because the Aadhaar system had already been functional for several years before the court made its decision; all its failings and consequences were already present for the court to analyse, and yet these factors were ignored.


xxxxx


In the last post, we looked at the burden of proof the different courts required to prove proportionality challenges and how that impacted the court’s decision, as well as the legitimacy of the state’s interest in implementing the national digital ID system. In this post, we will look critically at the remaining two legs of the proportionality test, and analyse how the Aadhaar court fared against other courts facing similar challenges.


Least intrusive test


The third leg of the test, the least intrusive or necessity test, requires the state to show that the measure adopted was the only one available, and there was no other alternative in the state’s arsenal that could have addressed the state aim without resulting in the same degree of infringement. Ideally, this would involve testimony from the state as to why no other state action could satisfactorily address the identified state aim.

This objective was missed in the Aadhaar case. While applying the proportionality test, the court simply held that no alternative measure could achieve the same purpose, without ever explaining how it arrived at that conclusion. They also held that “uniqueness”— and by extension Aadhaar and biometric authentication— was necessary to achieve the state’s purpose, which was to tackle fraud in the welfare system. The state was not required anywhere to prove that they had considered other less infringing measures, even while deciding on the contested one, thereby seemingly defeating the entire purpose of this test. The court even held that the petitioners inability to suggest alternative measures proves that the least intrusive test was met.[32] However, it is clear from most interpretations of this test, that such burden does not fall on the petitioners, and it makes no difference to the application of the test whether or not they were able to suggest less intrusive actions.


On the other hand, Justice Batts of the Jamaican court held that for a rights-infringing legislative measure to be constitutional, it must embody the least harmful way to achieve the objective. If the court knew of a less restrictive measure, then it cannot allow the former to stand.[33] The Chief Justice was also clear in his interpretation of this test— in cases of violation of fundamental rights such as this, the state will need to show to the court the alternate measures that satisfied the objective that were available to them while making their decision.[34] On this ground, the court challenged the state’s measure of making the ID system mandatory, as the state was unable to show that having it as a voluntary scheme would not sufficiently fulfil the state’s objective.


Another crucial aspect of this test is a determination of its intrusiveness based on the structure or design of the ID system. In the Aadhaar and the Huduma Namba case, the petitioners argued that certain features of the system— such as the use of a centralised database— were disproportionate in their harmful impact, and were also not the least intrusive way to achieve the purpose of the ID system. In the Aadhaar case, only Justice Chandrachud’s dissent acknowledged the integration of technological design of the system and its impact on fundamental rights in this case,[35] the majority decision did not engage with it in any manner. The Kenyan court refused to prescribe the choices that can be made in a system’s architecture, as that would be outside their jurisdiction.[36]


It is important to note that the proportionality test requires the state to show that it chose the least intrusive measure (out of, presumably, several available measures) to fulfil a stated aim; this would mean that here, the state has to demonstrate why it was not possible to have a decentralised storage system (which has a lower privacy risk). Thus, while the court need not “prescribe” a design choice for the ID system, especially since that would be outside their jurisdiction, it is very well within their limits to determine the proportionality of the particular design choice that the state has implemented.


Proportionality


The very last leg of the test, that of the measure’s impact, is often considered to be the most significant part of the judicial inquiry. In this analysis, the statutory measure could have a legitimate state interest (first limb), be rationally connected to its objective (second limb), and narrowly tailored (third limb), but could still fail the proportionality component. This was where the crux of most of these cases lay.


In Jamaica, the court struck down several parts and features of the ID system— such as mandatory collection of biographic information, third party access to the system, etc— as they produced risks that were disproportionate to the objective.[37] Eventually, they held that since these provisions could not be sufficiently severed from the rest of the ID system, the ID enacting Act was struck down as unconstitutional. Similarly, in Kenya, the court halted the system until the Kenyan government implemented a sufficiently robust data protection legislation, as well as framed regulations in order to safeguard the data collected. They held that in its current form, the ID system was risky and not well protected, and therefore unconstitutional. The Mauritian court, persuaded by testimony about the risks of unauthorized access especially in a centralised system, held that the storage and retention of data is disproportionate to the legitimate aim, as it exposed ID holders to too many risks.[38] On examining the legal framework, the court held that the many exceptions allowed to consent through disclosures, third party access, etc, allow potential for misuse of the exercise of the powers granted under the law, and is therefore unconstitutional.[39]

In the Aadhaar case, despite the petitioners highlighting similar issues, such as the disclosures and third party access allowed by the Act, the seeding of aadhaar data into other databases, etc, the court did not find any impact that was disproportionate to its welfare goal.[40] It held that since the fundamental right to privacy applied only to some categories of data,[41] and that the privacy incursion was minimal and balanced with the important benefit offered by the scheme, the ID system was constitutional. However, as an important factor to consider would be the actual impact of the law, it is unclear how the court could answer the question of proportionality without considering empirical evidence to that effect. If the law is effective in delivering welfare and stemming leakages, the balance may tip in favour of the measure; if on the other hand it results in excluding people, is ineffective in its purpose, or has repeatedly allowed data breaches, then the balance may have to fall in favour of the right to privacy.[42] With the Aadhaar system being operational for several years before this judgment, it is difficult to see why the court relied more heavily on the law and the government’s intentions than empirical evidence of its functioning.


As the test of proportionality is subjective, it is difficult to conclusively claim that the Aadhaar court erred in its application in the absence of any bright-line rules that govern this step; however, it is clear that the court did not consider the risks posed by the ID system with the same gravity that the other courts did, despite identical facts.


Conclusion


Amongst these cases, the Aadhaar case arguably shows the least thorough application of the proportionality test, despite perhaps having the most opportunity to.[43] By explicitly noting that the “working of the Act” was irrelevant to the question of its constitutionality, the court hindered its ability to examine several important questions such as the Aadhaar system’s intrusiveness, efficacy, necessity, etc. The court seemed more remiss of the proven ill-impacts of the Aadhaar system, than the other courts were on the possible impacts of their ID systems. There is a general passivity of the court even in its treatment of the glitches in the functioning of the Aadhaar system: while the Kenyan court observed that the errors in implementing their ID system point to a “haste” on part of the State, that could allow grave effects of breach of data on residents,[44] the Aadhaar court held that the devastating exclusionary errors that have occurred thus far should be excused because it is “a work in progress.”[45] As Justice Chandrachud noted in his dissenting judgment, errors that have such grave impacts have to be anticipated when a project is on the drawing board, and cannot be condoned after they cause such severe deprivations.[46]


Looking beyond the court’s reluctance to examine evidence of faulty working of the Act, it also failed to look into much more than the legal framework of the Aadhaar eco-system. An example of what the court could have done can be seen in Justice Chandrachud’s dissent, where he scrutinized the contracts signed between the UIDAI (the administrator of the Aadhaar system) and foreign entities providing the source code for biometric storage, and found that it allowed too much third party access to the Aadhaar system.[47] The