The government is likely to mandate Aadhaar as the default unique identity of all citizens for the authentication of digital records, digital contracts, and signatures under the Digital India Bill (DIB), among other things, massively expanding its scope in the private sector, sources said.
The Ministry of Electronics and Information Technology (MeitY) has created a draft framework for the new Bill, to be proposed as a replacement for India’s primary digital law – the Information Technology (IT) Act, 2000. Though the draft is in its early stages, a senior official said it was in line with the broad principles of the law.
If a citizen chooses not to use Aadhaar as the default unique identity, then other unique identity proofs masked and linked to Aadhaar would be used. According to the document, any digital signature should be considered reliable only if it is linked to Aadhaar. The development may reignite the long-running debate about the use of Aadhaar-based eKYC (know your customer) procedures in the country. According to the Supreme Court’s judgment of September 2018 on Aadhaar, private firms were effectively banned from using the biometric authentication system. In other words, the verdict limited the ambit of Aadhaar for welfare services.
“Media reports since last December have been suggesting various provisions of the Bill that may replace the IT Act, and it would not be fair to comment on anything without an official communication from the government. Still, it is suffice to say that the Aadhaar Amendment Act of 2019 was challenged immediately in the court,” said a law expert, who did not wish to be named.
The government is also likely to have sweeping powers to track, monitor, intercept, moderate and take down online content under the new law. The central and state governments or any of their authorised officers may be able to direct their agencies to intercept, monitor or decrypt any information generated, transmitted, received or stored in any digital system.
They can take such actions if they are satisfied that “it is necessary or expedient so to do” in the interest of the sovereignty or integrity of India, defence of India, security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence related to it.
Experts have warned that such interception by the government would eliminate the security benefits of end-to-end encryption offered by messaging platforms like WhatsApp, Signal, and Telegram.
The new Bill may also allow the government to notify whether any category of intermediaries should be eligible to claim exemption from liability for third-party digital communication or digital records. If enacted, it would be a major reversal from the 'safe harbour' or immunity for online platforms from legal action against them for illegal content shared on the platform. Currently, Section 79 of the IT Act says an internet intermediary shall not be liable for any third-party information, data, or communication link made available or hosted by him.
MeitY has so far conducted two rounds of "pre-draft" consultations to discuss the principles of the Bill. Rajeev Chandrasekhar, minister of state for electronics and IT, had said the ministry would release the draft Bill by the first week of June. However, the Bill is still in its early stages, according to official sources.