Category Archives: Uncategorized

Aadhaar Is Not Mandatory For Bank Accounts And Bank Purposes

Banks have been harassing their customers in the name of seeding of Aadhaar with customer’s bank accounts. Some banks even tried to impose a restriction on deposit and withdrawal of cash unless Aadhaar is seeded with bank account. However, vigilant citizens foiled all these attempts of banks and Indian government so far.

Now government and banks have once again started harassing the bank customers. As per the Reserve Bank of India (RBI) directions, Aadhaar is absolutely optional for banking purposes, including direct bank transfer (DBT).

Even a Constitution Bench of Supreme Court has made Aadhaar optional (pdf) till the matter is decided by it finally. The constitutionality of Aadhaar and Aadhaar Act, 2016 has already been challenged before the Supreme Court.

In fact, Indian must block their biometric and deseed Aadhaar from all services and purposes as soon as possible. But both biometric blocking and Aadhaar deseeding must be done together for stronger protection.

If you have already seeded your Aadhaar with a bank account, ask your bank to deseed it. No bank can refuse to deseed your Aadhaar form the bank account if you have complied with other KYC requirements. Such KYC requirements can be complied with by giving other government approved documents like PAN, driving license, passport, etc.

Aadhaar is not needed for:

(1) Opening of a bank account or continuing the same in an uninterrupted manner,

(2) Uninterrupted cash deposits and withdraws, subject to citing of PAN in some cases,

(3) Opting for Internet banking, digital payments, etc without Aadhaar clubbing,

(4) For money laundering issues that Indian government and its authorities are required to manage,

(5) For checking terrorism funding or any other illegal activity involving money of a person, etc.

The list is just illustrative and many more cases would be covered by this list in future.

So Aadhaar is optional for all purposes, including for banking related issues. If any bank or other institution asks for Aadhaar, simply refuse the same citing interim order of the Constitution Bench.

Aadhaar Is Not Mandatory For PAN And Tax Returns Even In July 2017

Many people have asked us whether quoting of Aadhaar is mandatory or not for tax returns or PAN purposes. Recently Supreme Court gave a very complicated judgment in this regard where one thing was dependent upon another.

For instance, the constitutional validity of Section 139AA (1) has been partially approved subject to final decision of the Constitution Bench of Supreme Court. Further, constitutional validity of Section 139AA (1) has also not been tested on the more stringent touchstone of Article 21 and other Fundamental Rights. Even the limited constitutional validity of Section 139AA (1) is subject to the final decision of the Constitution Bench.

Section 139AA (2) has also been severely read down by Supreme Court making the entire Section 139AA toothless. No penal action, including cancellation of PAN card, can take place now till the matter is finally decided by the Constitution Bench of Supreme Court.

So for all practical purposes, Supreme Court of India has made Aadhaar optional for Section 139AA. As a result no return would be rejected or any PAN would be cancelled for not quoting Aadhaar.

Even in July Aadhaar would be optional keeping in mind the settled legal and constitutional position in this regard.

Please see the true interpretation and impact of recent Supreme Court’s judgment on Section 139AA here.

Indians Must Block And Destroy Their Biometric And Deseed Aadhaar From All Services Opines Praveen Dalal

Aadhaar has created serious constitutional, civil liberties and cyber security problems in India. Indian government and Supreme Court are not interested in rescuing Indians from this precarious situation. Clearly India is heading towards dystopian and totalitarian state and something has to be done right now to counter this position.

We have suggested few strategies to Indians so that they can escape from being digital slaves forever. These include:

(a) Blocking of your biometric at UIDAI website and never using Aadhaar again for KYC or EKYC purposes in future,

(b) Deseeding of Aadhaar from all services, whether government or private, where you have seeded the Aadhaar, and

(c) Asking the UIDAI and Supreme Court to delete your biometric database from UIDAI registry and any and all other places where your biometric have been stored.

According to Praveen Dalal, it is pertinent that you must go for biometric blocking and Aadhaar deseeding together and not in isolation. Neither blocking of biometric nor deseeding of Aadhaar from all services without blocking of the biometric is sufficient in itself.

Once the biometric have been blocked and Aadhaar is deseeded from all government and private services, ask UIDAI, Indian government and Supreme Court to destroy your biometric to prevent any future misuse of the same.

Cyber security of Aadhaar and its biometric database is very poor by design and implementation. It is better to safeguard you interests, including your civil liberties, than being sorry in future. So start blocking your biometric at UIDAI, deseed Aadhaar from all services and demand for destruction of biometric from all places.

The Constitution of India and your Fundamental Rights empower you to take all these actions. Neither Indian government nor Supreme Court of India can restrict you from doing above mentioned three activities of blocking, deseeding and destruction of biometric database of Aadhaar.

General Guidelines For Securing Identity Information And Sensitive Personal Data Or Information In Compliance To Aadhaar Act, 2016 And Information Technology Act, 2000

Recently the Meity released guidelines pertaining to data security for various government departments. The guidelines intend to assist government departments that collect, receive, possess, store, deal or handle personal information including sensitive personal information or identity information to implement the reasonable security practices and procedures and other security and privacy obligations under the IT Act, 2000 and Aadhaar Act, 2016.

While the IT Act 2000 has become grossly outdated yet the constitutionality of Aadhaar Act, 2016 is already questioned before the Supreme Court of India. Further, the guidelines are general guidelines meant for guiding the government departments and lack enforceability capability. In any case, enforcement of laws in India is very poor especially when it comes to enforcement of cyber law and cyber security related norms.

Some people have already started celebrating as if these guidelines have brought something magical. Truth is these guidelines are neither effective nor enough to cover even the basic concepts of data protection and cyber security as per international standards. So the fact remains that India has no dedicated privacy, cyber security and data protection laws and cyber security of sensitive information, including Aadhaar and its CIDR, is at great risk.

The guidelines are just suggestions with no binding legal obligations for data breaches. They are simply telling the government departments to use common sense while dealing with sensitive data of Indians. They have not put any onerous obligations upon government departments the violation of which would be subject to prosecution. Indians have no right even if their data and information is leaked by such government departments.

Government departments are even free to ignore these guidelines as non-existent by simply not acting upon them. There is no time line within which the government departments are required to ensure even basic cyber security practices. Saying that government departments must do this and that does not make any sense if there is no time bound obligations coupled with imposing sanctions against non compliance.

In short, these guidelines are just eyewash to fool Indians and Supreme Court by claiming that some magical data security and cyber security remedy has been put at place. In reality, the guidelines are nothing more than a façade to keep Indians in dark.

Supreme Court’s Proceedings Under Aadhaar Act, 2016 On 19-05-2017

Aadhaar remained optional till 19-05-2017 due to interim order of the Constitution Bench (CB) that is still in force despite Aadhaar Act, 2016 and Finance Act, 2017. CB of Supreme Court (SC) has not modified that order so it still binds Parliament, Executive and government agencies/departments.

Today the Supreme Court briefly heard Petitioner(s) and posted the case for further hearing on 27-06-2017. However, some significant observations were made by the Attorney General (AG) regarding last date of/for seeding/enrolling Aadhaar. The position that emerged is as follows:

(1) The last date imposed by govt to seed Aadhaar or enroll or take step to enroll for the same is 30-06-2017. That can be extended as suggested by the AG.

(2) SC would hear the case on 27-06-2017. This still leaves 3 full days to explore various options, including enrolling or showing intention to enroll for Aadhaar. Actual enrollment is not required as hinted by AG.

(3) The Division Bench (DB) of SC cannot overturn the interim orders of the CB. So Aadhaar remains optional till CB decides otherwise.

(4) Either DB would say Aadhaar is optional due to CB interim orders or govt would extend the date to escape this conclusion on 27-06-2017.

(5) The DB cannot postpone the matter beyond 27-06-2017 except if one of the eventualities occurs as specified in point (4) above. So petitioners would not be required to get an Aadhaar or enroll for the same till 27-06-2017 or even 01-07-2017.

In short, after 27-06-2017, requirement of Aadhaar would be either rejected by the DB citing CB interim orders or postponed due to extension of date by Govt.

So relax and demand government services, whether welfare or non welfare, as a matter of right and without any Aadhaar or its enrollment.

Indian Government Must Use Techno Legal Methods To Eliminate Child Pornography In India: Praveen Dalal

Praveen-DalalIndian government has been struggling to deal with the menace of child pornography in India. On the one hand, the Supreme Court of India is asking it to comply with its directions whereas on the other hand Internet service providers (ISPs) of India have communicated their inability to help Indian government unilaterally in this regard.

There is no clear cut and simple solution to this problem and as per Praveen Dalal, CEO of Perry4Law Organisation (P4LO), we need techno legal methods to deal with child pornography in India. This statement is based upon the techno legal experience that the Exclusive Techno Legal Centre of Excellence for Cyber Crimes Investigation in India (TLCOECCII) has acquired since 2012 while dealing with national and international cyber crimes and related cases.

For some time, Indian government has been trying very hard to find solution to curb child pornography in India. The patience of Supreme Court is also fading away as there is no concrete solution that central government has prescribed so far before the Supreme Court. This is understandable as there is no simple and ready to use solution for this problem.

At Perry4Law Organisation (P4LO) we believe that there must be an optimum mix of technological and legal measures that Indian government must adopt in this regard. This is so because neither technological solutions nor legal remedies alone would be sufficient.

Similarly, Indian government would also be required to analyse the laws of different jurisdictions before approaching a company or individuals hosting an offending website in a particular jurisdiction. If we simply block a website in India, that does not solve the problem as it is just clocking the same. But the website is still available to world at large and even in India with the help of proxy servers, VPN and software.

Indian government and judiciary need to understand how Internet works and what problems can arise due to conflict of laws in cyberspace as Indian government and Supreme Court cannot kill a fly with a sledgehammer. This is exactly what they are doing at this moment by relying exclusively upon blocking of offensive websites. We have communicated with thousands of websites carrying offensive and copyright violating contents and have been successful to a great extent in getting those offensive contents removed. It is true that not in all cases the contents can be removed but in vast majority of cases the offensive contents can be removed in a better manner than merely blocking the website carrying the offensive materials and contents.

We at Perry4Law Organisation (P4LO) firmly believe that Indian government and Supreme Court must work at the “micro level” rather than at the “macro level” to reduce the menace of child pornography in India. They must also understand and accept that child pornography cannot be eliminated completely from the Internet and their focus must be more on reducing the same to maximum possible extent. This exercise requires tremendous techno legal expertise on the one hand and a “dedicated team” on the other.

According to Praveen Dalal, “The starting point for the Indian Government and Supreme Court is to ascertain whether they have done anything beyond blocking of child pornography websites in India. If the answer is in negative, we have already lost the battle against child pornography in India”.

Perry4Law Organisation (P4LO) believes that it is high time for the Indian government and Supreme Court to give the issue pointed above serious considerations and come up with a techno legal policy to fight against child pornography in India.

Center Of Excellence (CoE) For Internet Of Things (IoT) In India By Perry4Law Organisation (P4LO)

Praveen-DalalInternet of things (IoT) is the new buzz word these days. Everybody is talking about IoT because it has great business, commercial and personal use potential. IoT combines software, hardware and a communication infrastructure so that systems/devices can contact and communicate with each other in a non intrusive and automatic manner.

Like any other technology, IoT has its own used and challenges.  For instance, IoT can be used for smart grids, smart cities,  e-health, etc and thereby reduce their cost of operation and improve their productivity. However, IoT also has civil liberties and cyber security challenges to manage. Cyber criminals have already started abusing IoT controlled devices for launching malicious cyber attacks. As the technology protocols for IoT are still evolving, it is very difficult to avoid such cyber attacks.

Similarly, on the legal framework front, IoT has yet to be suitably regulated around the world. India has no dedicated law for IoT and some guidance can be found from the Information Technology Act, 2000 (IT Act, 2000). Indian government has issued the draft IOT Policy of India (pdf) and Revised Draft IOT Policy of India (pdf) but they are not sufficient to manage the complicated techno legal issues of IoT.

IoT is essential part of Digital India project of Indian government that is already heading towards rough waters in the absence of adequate cyber security and civil liberties protections. For instance, ensuring of cyber security for smart grids and smart cities is still a distant dream for Indian government. Similarly, IoT and Smart cities have to manage civil liberties issues as well that are presently ignored by Indian government.

Perry4Law Organisation (P4LO) has launched a dedicated and exclusive techno legal centre of excellence (CoE) for Internet of things (IoT) in India. We have covered many techno legal issues there that Indian government is required to manage in near future. We have been managing these issues for long and we would discuss the same at our CoE-IoT website in more details in our subsequent posts.

P4LO would help national and international IoT stakeholders in formulation and implementation of techno legal frameworks so that adoption and use of IoT can be as smooth and hassle free as possible.

Source: Perry4Law Blog.