Notes From A Foreign Field: The Ninth Circuit Court of Appeals and Bulk Metadata Surveillance [Guest Post]

[This is a guest post by Rudraksh Lakra.]


On 3rd September 2020, the United States Court of Appeals for the Ninth Circuit (9th Circuit) delivered its decision in a landmark criminal appeal case of United States v. Moalin. The Court ruled that the National Security Agency’s (NSA) collection of telephony metadata under the now discontinued mass surveillance Telephony Metadata Collection Program (TMCP) constituted a search under the Fourth Amendment of the American Constitution and was potentially unconstitutional. Moreover, TMCP was deemed unlawful for being violative of the Foreign Intelligence Surveillance Act of 1978 (FISA). FISA is a federal law that establishes the procedure for authorizing and carrying out foreign intelligence surveillance. It is the first case where a federal court has held that bulk collection of metadata by intelligence agencies would constitute a search under the Fourth Amendment, and the second federal court decision to hold the TMCP foul of FISA Subsection IV Section 1861.

The article examines the interpretation given by the 9th Circuit on the constitutionality of the warrantless bulk surveillance undertaken by intelligence agencies to understand the lessons Indian courts can imbibe in the post-Puttaswamy era. This becomes even more important  in light of the petitions pending in the Supreme Court challenging the constitutionality and lawfulness of Section 5(2) of the Telegraph Act and Section 69 of the Information Technology Act (IT Act), along with the rules therein.

Background

The facts and procedural history leading to the appeal are themselves quite remarkable. Moalin was charged for providing financial assistance to a terrorist organization in Somalia. The main evidence the District Court relied upon was a wiretap authorized under FISA Chapter I. Moalin had unsuccessfully sought to exclude the wiretap from evidence, contending that information filled to authorize the wiretap was collected through illegal surveillance which the government failed to include in evidence or provide the Moalin notice of.

A month after this decision, Edward Snowden revealed the existence and working of NSA’s mass surveillance programs, including the TMCP. Under TMCP, the NSA maintains a central database of telephone metadata of all communication within and from the US. Telephone metadata, in this case, referred to the phone number of a caller, the location, recipient, and duration of the call, identity of the mobile subscribers, and the mobile device ID.

Subsequently, amidst public outcry, government officials justified TMCP by citing the case of Moalin’s prosecution as a success of TMCP. The-then FBI deputy director admitted before the House Permanent Select Committee on Intelligence that the investigation into Moalin was reopened only after the NSA provided them information collected under the TMCP.

It was based on this information that Moalin was able to file a motion for a new trial at the District Court, and on that motion being denied, for an appeal to the 9th Circuit.

Moalin challenged the District Court’s decision on various grounds. The three grounds relevant for our discussion are: the TMCP was violative of the Fourth Amendment (1) and of the FISA subchapter IV (2). Additionally, he contended that the government’s failure to provide notice of the metadata surveillance to him was violative of the Fourth Amendment and FISA (3). Therefore, evidence collected through TMCP, and fruits obtained therein, ought to be inadmissible, including the wiretap. 

The Fourth Amendment Argument

Moalin asserted that the TMCP was violative of his Fourth Amendment right against “unreasonable searches and seizures” without probable cause. Fourth Amendment protections apply where there the citizen has “an actual (subjective) expectation of privacy,” and “the expectation [is] one that society is prepared to recognize as ‘reasonable.’” (Katz v. United States). He contended that there is a reasonable expectation of privacy in telephone metadata.

The government and the district court in Maolin had relied upon Smith v. Maryland, in which the Supreme Court held that data voluntarily provided to third parties (third-party doctrine) was not protected by the Fourth Amendment. In Smith, the Supreme Court approved the collection by the government of call records spanning a few days, using a pen register. It observed that society would not have a reasonable expectation of privacy for a few days of call records, and for data that is voluntarily provided to communication service providers.  

Smith was, to an extent, overruled by the US Supreme Court in 2018 in Carpenter v. United States, where it held that obtaining seven or more days’ worth of cell-site location information constituted a search under the Fourth Amendment. The court rejected the application of the third-party doctrine to certain novel technologies on the grounds that – due to technological advancements in digital technology – these technologies have become a necessary part of life, and the collection of data through them is different. However, the Court refused to extend their finding to surveillance carried for foreign affairs or national security.

In Moalin, the Court – similar to Carpenter – distinguishes Smith in terms of the quantity of data stored by telecommunication service providers today, and how revealing it is vastly different from Smith, where a pen register was used to collect metadata for only a few days.  Moreover, the Court concludes that similar protection is to be provided to bulk collection of metadata and content data.

The Court observes that massive shifts in technology have allowed for bulk surveillance for extended periods of time, with which, conventional expectations of privacy must also evolve. Therefore, the Court concludes that today, unlike Smith, bulk collection of telephone metadata falls within society’s recognized reasonable expectation of privacy, as demonstrated by the public outcry post-Snowden’s revelations. Consequently, the Court notes that the collection of metadata under TMCP constitutes a search under the Fourth Amendment, but stops short of declaring it unconstitutional. 

This was because the Court found that the evidence the government presented at the trial was not a fruit of the metadata collected earlier, and was, therefore, not tainted by it. It was also bound by the 9th Circuit precedent US v. Ankeny, which held that it was not appropriate to adjudicate on Fourth Amendment questions where the exclusion of evidence was not warranted.

What is central to both Carpenter and Moalin is the idea that constitutional protection should be transformative and reflective of the realities of today. Thus, the decades-old precedents and understanding of constitutional protection should not be controlling today, especially concerning technological matters.

Another idea central to both Carpenter and Moalin is that state surveillance should not only be based on executive authorization but should also require probable cause. In cases of communication surveillance, the executive cannot be granted absolute discretion. Therefore, there is a need to have an independent body to regulate state surveillance activities. This need is reflected in international law standards (For instance See, Roman Zakharov v. Russia para 275 and United Nations High Commissioner 2018, Privacy Report para 39-40) and comparative practices (for instance, Germany, Canada, UK, New Zealand Australia, France, Belgium, Romania, and South Africa).  

Authorisation and Oversight of Communications Surveillance in India

In India, surveillance under both the Telegraph Act and the IT Act is authorized by the executive, and the surveillance orders under the rules of both are to be reviewed by a review committee of executive members every two months.

The constitutionality of this practice is itself in question. Recent SC jurisprudence, similar to Moalin, has indicated the need for judicial authorization regarding state’s surveillance activities. Justice Nariman in Puttaswamy I, observed that “the ultimate analysis” of a measure’s proportionality “must be left to the training and expertise of the judicial mind.” (J Nariman Opinion, Para 86). This need was reiterated as a part of the  Puttaswamy II case, wherein a provision of the Aadhar Act, which allowed for the disclosure of user information, was struck down, with the absence of judicial oversight or the scrutiny of the “judicial mind” being a critical factor in the court’s determination(Para 449(4)(f)).

This need was reiterated by the BN Srikrishna Data Protection Committee Report, which concluded that the lack of independent oversight over surveillance activities makes the Indian surveillance framework  potentially unconstitutional post Puttaswamy I.

When the SC adjudicates on the challenge to the contentious sections of the Telegraph and IT Acts, it will have to revisit PUCL v. UOI (1996) a more than two decades old precedent which currently governs laws on surveillance, along with the Telegraph and IT Acts, where it upheld the constitutionality of section 5(2) of the Telegraph Act. It also refused to require judicial approval for surveillance and laid down limited procedural safeguards, such as the requirement of an executive review committee. Moalin shows how the law – especially with respect to technology – must reflect the realities of today. Therefore, PUCL’s approach must be overturned, as it was laid down before the surveillance capacity of the state had ballooned, information technology had become central to society, and bulk surveillance had become the norm.

TMCP and FISA, Subsection IV Section 1861

FISA Subsection IV Section 1861(a)(1) allows the state to carry out surveillance only after being authorized by the FISA Court to “protect against international terrorism or clandestine intelligence activities.” However, at the time of the case, for surveillance to be authorized, 50 U.S.C § 1861(b)(2)(A) required demonstration of a relevancy nexus between the target sought and “an authorized investigation.”

The appellants argued that the TMCP violates the relevancy requirement, as the government collected metadata in bulk without any nexus to an already authorized investigation. They argued that the term “relevant” was inserted by Congress as a limiting principle.

The Court sides with the appellants, basing its reasoning and building upon American Civil Liberties Union v. Clapper – a 2015 Second Circuit Appeals Decision – which had held that bulk metadata surveillance contravened the FISA. In Clapper, the government had argued that the relevancy requirement should be read widely, as the Congress did not intend it to be a limiting principle. The court rejected this interpretation as being “unprecedented and unwarranted” and reading the “‘authorized investigation’ language out of the statute.” The Court’s interpretation was correct, as the government’s interpretation would have defeated the object of the section – to place a check on the executive’s discretion – and would have destroyed the essence of the right at stake.

The government argued that the collected metadata indicates that Moalin was associated with foreign terrorists, and therefore, the surveillance was relevant to a counterterrorism investigation. However, as the Court correctly points out, 50 U.S.C § 1861(b)(2)(A) requires the government to demonstrate a nexus between the target sought and “an authorized investigation” before any surveillance is authorized by the FISA Court. Moreover, the relevance nexus requirement cannot be satisfied after authorization by analyzing the collected surveillance data.

Consequently, the Court in Moalin concludes: “that the telephony metadata collection program […] violated that section [1861] of FISA.” However, the Court refuses to exclude the evidence presented in the district court, because FISA subchapter IV did not allow for suppression of evidence even if unlawfully gathered. Additionally, the Court concludes that the collected metadata did not taint the other evidence including the wiretap.

The approach of both Clapper and Moalin was to interpret the section allowing for state surveillance in a way to at least to narrowly restrict it. The approach of the SC in PUCL (1996) was similar, where it laid down procedural safeguards for surveillance under the Telegraph Act, limiting and narrowly tailoring the scope of authorization and the collection of data.

It is important to remember that the TMCP was based on a series of FISA Court orders. Therefore, even a separate supervisory body can become nothing more than a rubber stamp, if it does not have the institutional capacity to render objective rulings and exercise effective, and oversight over authorized surveillance activities, continuous (see Roman Zakharov v. Russia para 257-267).

Review Committees under the Telegraph and IT Acts

As observed above, executive review committees that have been established under the 2009 IT Rules and Rule 419 A – similar to the FISA Court – are nothing more than a rubber stamp. The BN Srikrishna Data Protection Committee Report highlighted that a review committee that meets once in over two months has the unrealistic task of extensively reviewing more than 18000 judgments. Clearly, the review committees cannot apply their judicial acumen well enough in every case and are merely meaningless stamps of approval.

This should amplify the concerns regarding executive authorization and review of communication surveillance. The SC, in the upcoming challenge to the Indian surveillance framework, must overturn PUCL (1996), and require an independent body with adequate institutional capacity to authorize and oversee surveillance activities.

Notice

The Fourth Amendment – in the case of a wiretap – requires notice to be provided once the surveillance operation is complete, (Dalia v. United States), and FISA Section 1806(c) require the government to provide a notice to the defendant to and to the District Court of the collected information “when the prosecution intends to enter into evidence or otherwise use or disclose information” obtained pursuant to the government’s foreign intelligence authorities.

The Government argued and sought to justify the failure to provide notice by distinguishing Dalia, relying upon US v. Cavanagh, which held that FISA satisfies the Fourth Amendment requirements and stated that Fourth Amendment standards apply differently to intelligence gathered for national security.

The Court, while concurring with the government that different standards apply in the context of foreign intelligence, observes that the rule does still apply here nonetheless. Therefore, the requirement of providing notice has to be complied with, even if it is circumscribed. The Court concludes that, at a minimum, the Fourth Amendment requires notice for surveillance conducted under FISA to a criminal defendant and to the Court in the required circumstances under Section 1806(c).

However, the Court refuses to declare if the government’s failure to provide adequate notice was unlawful. This because the lack of notice did not prejudice the appellant and the metadata did not taint other evidence.

While it is understandable why the Court sets a lower threshold of providing notice in the context of foreign intelligence, its standard is woefully inadequate. A more robust and stricter standard should be used in cases with a higher probability of abuse by the executive, which includes mass surveillance programs. Providing notice is essential to the right to an effective remedy (ubi jus ibi remedium) and the right to a fair trial. More fundamentally, it leads to greater transparency in the case of state surveillance programs, enabling stakeholders to meaningfully scrutinize their workings.

The Court’s standard limits the challenge to data collected by intelligence agencies only at the trial stage. It does not provide a remedy to those individuals whose data is stored by intelligence agencies even if it is completely extraneous to the investigation and was obtained unlawfully.

Notice: India

In the Indian context, there is no requirement of notice or of disclosure (even a limited one like Moalin) to the subject of surveillance. The only way a subject would potentially receive knowledge of the surveillance is at trial, where even illegally obtained evidence is admissible (State v. Navjot Sandhu). While the Bombay HC, last year, had refused to admit evidence in contravention of the right to privacy (read more here). There is also a contrary Delhi HC judgment on the point (read more here). The SC is yet to rule on this point of law (post Puttaswamy, the SC should side with the Bombay HC). This, in any event, will still not exclude all illegally obtained surveillance, but only that which can be demonstrated as unconstitutionally obtained.

Currently, lack of notice, coupled with the fact that illegally obtained evidence is admissible in court, means that an individual may not be able to seek effective remedy for the potential violation of their fundamental rights (such as quashing surveillance orders or excluding evidence). This raises constitutional concerns following the SC’s observation inAK Gopalanthat the exclusion of an individual’s access to effective remedies under the Constitution’s Articles 32 and 226 is unconstitutional.

Again, when the SC adjudicates upon the challenge to the Indian surveillance framework, it must mandate the requirement of a notice to the subject. While the concerns Moalin raises ought to be taken into account, the limited model it proposes should only serve as a cautionary tale.

Conclusion

On a concluding note, we must remember that Moalin’s case was an exception. He could only challenge the clandestine surveillance because the government itself admitted it, which does not happen in most similar cases.

Information asymmetry between the state and accused is a hallmark in such cases. Evidence presented at trial is often only collected based on the information gained from clandestine surveillance, which – due to both the classified nature of the program and the lack of notice – the accused is oblivious to. Even if the accused were to challenge surveillance programs, it is tough to prove the case as direct evidence is rarely available, and the design of the program is classified or unknown.

The judgment by the 9th Circuit is to be rightly commended for many reasons. First, the Court did not have to explore the question of the legality of TMCP, given that the collected metadata, according to the Court, did not taint the evidence presented against Moalin at the District Court. Second, the Court could have abdicated its responsibility or exercised juridical deference, since it was faced with a complex technological problem, and a sensitive case linked to national security and counter-terrorism operations.

Yet, the Court does not abdicate its responsibility even under such circumstances. Instead, it directly engages, rather than sidestepping, important constitutional and rule of law issues, forcing the state to adequately justify its surveillance program against the touchstone of the Fourth Amendment and FISA.

Second, the Court invests time in understanding and engaging with the technological design of the surveillance program and its effectiveness, instead of believing the state prima facie or avoiding engagement with questions about the technology.

Finally, the Court builds upon the foundation of Clapper, applying it to the situation of communication surveillance for national security, an area where the Court in Clapper had refused to delve into. The judgments expected from a constitutional court are not only to be based on correct precedents but must build upon those to forward constitutional aspirations and protect civil liberties.

The Indian SC will potentially face its biggest challenge on privacy when it adjudicates upon the constitutionality of the legislative surveillance framework. It would have the opportunity to forward its transformative right to privacy jurisprudence and apply it to a concrete case to reform India’s surveillance landscape. Moalin offers the Indian SC valuable lessons on how this can be achieved. However, the SC’s contemporary approach to key constitutional issues (recently, on privacy, see the mandatory voice sample case, here and here) and gradual shift in its role to that of an executive court will require a re-orientation if this is to happen.

Guest Post: (Mis)Applying Puttaswamy – The Delhi High Court on Privacy and Evidence

[This is a guest post by Karthik Rai.]


It has been argued  that the transformative character of the Puttaswamy judgement did not extend to governing claims to the fundamental right of privacy between private parties. To recapitulate, Puttaswamy adopted a narrow approach to privacy and did not examine horizontality (and rightly so, as this was not what the constitution bench was convened to answer). Thus, the court did not explicitly hold that an Art.21 protection in case of privacy violation would extend to violations by private parties or individuals.

However, this conclusion is not a unanimous or unambiguous one. Recently, in the case of Deepti Kapur v. Kunal Julka – a case where an argument based on the fundamental right to privacy was raised in a divorce-related proceeding between the plaintiff and the defendant – the Delhi High Court ruled that evidence cannot be inadmissible on grounds solely of breach of privacy under Article 21. The issue of horizontality serves merely as a prefatory remark to introducing this case; the more significant issue is the manner in which Puttaswamy was applied in this case, whether the horizontal application was valid or not. I argue in this piece that the interpretation of Puttaswamy in Kunal Julka was very restricted – and, at place, perhaps incorrect – and could precipitate an undesirable jurisprudence on the admissibility of evidence.

The Facts

The husband filed for divorce before the Family Court under S.13(1)(a) of the Hindu Marriage Act, stating that his wife had defamed him before her friend, causing him mental agony and cruelty. As proof, he submitted, in a CD, a video-recording of her conversation with her friend, collected by the CCTV camera in that room. The statute governing this issue was Section 14 of the Family Courts Act, 1984:

14. Application of Indian Evidence Act, 1872.—A Family Court may receive as evidence any report, statement, documents, information or matter that may, in its opinion, assist it to deal effectually with a dispute, whether or not the same would be otherwise relevant or admissible under the Indian Evidence Act, 1872 (1 of 1872). (emphasis mine)

The wife claimed that she had the right to the non-invasion of her ‘thoughts and behavioural patterns’ as part of her privacy rights, and that secretly-recorded conversation occurred in her bedroom, where her conversations should have been confidential. This, she argued, violated her fundamental right to privacy per the Puttaswamy holding (para 6). Since the evidence produced was in breach of this fundamental right, the recording would be inadmissible. While Section 14 permitted evidence notwithstanding its inadmissibility under the Evidence Act, it did not permit evidence that was not admissible “as per the Constitution”. (para 7).

Contrarily, the husband argued that the fundamental right to privacy was subject to restrictions – specifically, his right to fair trial under Article 21, lest he should be denied the opportunity of proving his claim. He also argued that Section 14 ensured admissibility regardless of its inadmissibility under the Evidence Act.

The High Court ruled in the husband’s favour. Its ruling on this point had two broad arguments, which are analysed below.

[A]. Relevance as the only test of Admissibility

The Court noted that the test for admissibility was ‘crisply’ detailed in Pooran Mal v. The Director of Inspection (Investigation), New Delhi, where it was held that since the Evidence Act referred to only relevance as the criterion of admissibility, the ‘spirit of our Constitution’ could not be invoked to exclude illegally-procured evidence. Then, the Court relied on State v. Navjot Sandhu which, while referencing RM Malkani v. State of Maharashtra, upheld the admissible-if-relevant test (paragraphs 17-20).

However, Justice Bhambani does not analyse the fact that Puttaswamy overrules each of these cases on these points, whether directly or indirectly. For instance, Pooran Mal relied on MP Sharma. As Vrinda Bhandari and Karan Lahiri argue, Puttaswamy, by upholding a fundamental right to privacy, overruled MP Sharma v. Satish Chandra which, while examining if procuring inculpatory documents violated Article 20(3) of the Constitution (which protected against self-incrimination), stated that, given the Constitution did not recognize a fundamental right to privacy, Article 20(3) could not be applied to such illegal procurement. Pooran Mal also relied on the siloed approach advocated by A. K. Gopalan v. State of Madras (para 23) which is now overruled. Therefore, Pooran Mal stands on very unstable grounds. The argument in Kunal Julka that post-Puttaswamy cases like Yashwant Sinha v. CBI too relied on Pooran Mal forthe admissible-if-relevant test (para 25), is consequently questionable.

Malkani considered the issue only of violation of a statutory provision (the Indian Telegraph Act), and did not address the issue of violation of a constitutional provision. Chandrachud J. stated that Malkani followed Kharak Singh’s reasoning, which stated that there was no fundamental right to privacy, and which was therefore overruled by Puttaswamy (para 51). Moreover, Malkani, too, adopted the siloed approach to fundamental rights which has been disregarded since RC Cooper and Maneka Gandhi, and thus liberty and privacy claims under Article 21 were not examined (something that Selvi v. the State of Karnataka [para 192]examined and upheld, in the context of the constitutionality of confession-obtaining methods like narco-analysis). Subsequently, Navjot Sandhu too fails as authority on this point, for its holding was premised on Malkani and Pooran Mal (paras 154-155).

Kunal Julka’s decision ties into a significant issue. Gautam Bhatia has argued that, since Selvi, which read Articles 20(3), 21 Sections 24-27 of the Evidence Act harmoniously to protect an accused’s mental privacy, a distinction has been created between illegally-procured and unconstitutionally-obtained evidence. Post Puttaswamy, this distinction was carried forth, as argued on this blog, by Vinit Kumar v. CBI and Ors. In Vinit Kumar, the Bombay High Court noted (in my opinion) rightly, that the interception orders passed under the Telegraph Act were violative of the testsofprivacyestablished in Puttaswamy, and therefore, the Court would be ‘breeding contempt’ by eschewing procedure, if such illegally procured evidence were to still be admitted in a trial (para 38). In fact, it noted all the cases mentioned afore and cited in Kunal Julka, and held that any privacy infringement by the State will have to meet the privacy tests Puttaswamy established, with any case suggesting otherwise not a ‘binding’ precedent on that point (para 12).

This well-founded distinction was not touched upon, unfortunately, in Kunal Julka. It only examined the Evidence Act and the Family Courts act, stating that the special law has to prevail over the general law (para 15). With the Constitution having a bearing on the admissibility of evidence, and not merely the Evidence Act, the question of ‘generalia specialibus non derogant’ rule should have never arisen.

Kunal Julka also stated that evidence adduced under Section 14 were to be excluded on privacy grounds, Section 14 would become ‘nugatory’ (para 35). However, that is a fallacious argument, and is not a legitimate justification for the admissibility of evidence under its scope. Besides, evidence collected illegally, but satisfying the Puttaswamy tests, could still be admitted under Section 14, and therefore, Section 14 would not necessarily be nugatory.

[B] Privacy subject to Fair Trial

Ruling on the husband’s claim for a fair trial right under Article 21, the Court simply stated that, since the fundamental right to privacy is not absolute, privacy considerations ‘may have to yield’ to the fundamental right to fair trial under Article 21 (para 24). It stated that, after the evidence had been made admissible, the weight (if any) to be given to evidence must be decided based on (undefined) ‘considerations of justice and fair play’ (para 36).

It is surprising how the Court, in its enthusiasm to admit the evidence, does not follow its own statement that no fundamental right is absolute. Since the right to fair trial, therefore, is also not absolute, the Court should have applied the tests of privacy established under Puttaswamy to ascertain if the privacy-violation precipitated by the evidence met the tests of legality and proportionality, instead of making a nonchalant remark that it may yield to fair trial rights. Only then should the evidence have been even made admissible. In fact, the court cited the Sahara v. SEBI case to justify the importance of fair trial against other fundamental rights, but that case tried to balance the two rights based on pre-established tests, observing that (para 25):

…even Articles 14 and 21 are subject to the test of reasonableness after the judgement of this Court in Maneka Gandhi…(para 25)”

Conclusion

Theinterpretation in Kunal Julka is, in my opinion, an archetypal adherence to the crime-control model as against the due-process model that Mrinal Satish and Aparna Chandra prove still pervades jurisprudence in cases of admissibility of evidence and criminal-law jurisprudence in general. In one part of the judgement, it even holds that, howsoever the evidence is collected, fair-trial and justice mandate its admissibility (para 35). Claims that a right to fair trial had to be preferred denying it impacted the public as against a personal impact if privacy was violated (para 23), further substantiate this point. If such substantive-truth seeking jurisprudence re-develops in future cases notwithstanding Puttaswamy, without even applying its tests, it may serve as the death knell for privacy and procedural truth, especially with modern technologies like Fitbits, etc., being used in trials as evidence. In any case, the argument this piece makes, is that the reasoning in Kunal Julka is extremely tenuous, dealing a heavy blow to the transformative character of Puttaswamy. The judgement exemplifies the truism, that whether a judgement is interpreted conservatively or expansively, could determine the outcome of a range of cases not specifically anticipated by it.

Guest Post: The Democracy Branch – Reimagining the Role of the Data Protection Authority

[This is a guest post by Nikhil Pratap.]


In Justice K.S.Puttaswamy (Retd) v. Union of India (2017), the Supreme Court instructed the Justice Srikrishna Committee to formulate a comprehensive legislation for personal data protection. A law was deemed necessary in the context of the surveillance and privacy threats to individuals, primarily from the executive action. The main purpose of the law would be to incorporate data protection principles and also ensure accountability of government use of data.

The efforts on instructions of the Supreme Court eventually culminated in The Personal Data Protection Bill, 2019 (“PDP Bill”) which sets out data protection principles for collection and processing of personal data, both by government and private parties. It envisages a Data Protection Authority (“DPA”) having wide powers to carry out policy setting, monitoring enforcement, investigation, research, awareness and grievance redressal functions. The powers and the structure of the DPA in the PDP Bill are largely inspired from other sectoral regulatory bodies – such as SEBI or TRAI, which carry out core economic functions of the executive and are under its direct supervision and control.

It is the author’s argument that the proposed DPA in its current form greatly deviates from its originally envisaged primary function i.e. to ensure accountability of the executive (both Central Government and State Governments and its various arms) – while it collects and processes personal data of its citizens. Given the intent and context of the PDP Bill, setting up the DPA as a sectoral economic regulator under the control of the Central Government, amounts to defeating its mandate. To ensure that the Bill effectively meets its purpose, the DPA should be reimagined as a ‘Fourth Branch’ Institution or a ‘Democracy Branch’ Institution.

Fourth Branch Institutions

Constitutional theory traditionally divides the State into three branches – the Legislature, the Executive and the Judiciary. Under this traditional conception of State, institutional accountability of executive action lies with the other two branches of the government – namely, legislature and the judiciary. However, due to the design constraints of parliamentary democracy and collective responsibility, legislative accountability tends to get weakened as the executive usually commands the support of a parliamentary majority. (See recent decision of the Parliamentary Committee on review of PM Cares). This means that the judiciary is effectively the only institution responsible for protection of Constitutional checks and balances.

In such a context, the concept of a ‘Fourth Branch’ of the State gains immense significance and potential. There is growing literature which classifies institutions protecting the core ideals of democracy, as the ‘Fourth Branch’ or the ‘Democracy Branch’. (See Professor Bruce Ackerman and Professor Tarunabh Khaitan). The core democratic ideals which the Fourth Branch ought to protect depends on the conception of the democracy embraced by the Constitution. A ‘thinly’ defined democracy would limit these core ideals to fair processes such as free and transparent elections, oversight, impartiality and civil and political liberties whereas a ‘thickly’ defined democracy would also require protection of other constitutional values such as socio-economic rights and distribution of financial resources. The protection offered by the fourth branch institutions would thus vary depending on the constitutional values. However, in either case, these institutions are independent from the other branches of the State and provide for an additional layer of institutional accountability- apart from the judiciary.

Good examples of fourth branch institutions are the ‘Chapter IX’ institutions in the South African Constitution, which are called ‘State Institutions Supporting Constitutional Democracy’. These include institutions such as the South African Human Rights Commission, Electoral Commission, the Auditor General and the Commission for Gender Equality. Similarly in India, institutions such as the Finance Commission, Election Commission, the CAG, Lokpal, Information Commission, National Human Rights Commission may be considered as examples of the fourth branch even though they are not explicitly enumerated as such. The distinctive characteristic of the ‘Fourth Branch’ institution is that they are independent from the direct influence and control of the Executive.

While some of these fourth branch institution are constitutional bodies, they may be created through a statutory enactment as well. Gautam Bhatia argues that statutory bodies that provide a framework towards implementation of core fundamental rights or a democratic ideal are elevated to the status ‘constitutional statutes’. He draws a functional equivalence between constitutional bodies (such as the Election Commission) and the institutions created by constitutional statutes (such as Information Commission, CBI, CVC)- as both of them serve core democratic functions and ensure accountability- and concludes that both types of bodies are fourth branch institutions. As such they deserve equal protection of their independence from the executive, irrespective of their structure or manner of enactment. In this context, he argues that the recent Right to Information (Amendment) Act, 2019, which removed the fixed tenure and salary of the Information Commissioners is unconstitutional because it dilutes their constitutionally protected independence.

To ensure independence, members of the fourth branch institutions are usually not appointees of the executive but are appointed by a committee often having bipartisan legislative representation and in some cases representatives from the judiciary. Examples of appointment through such selection committees include the Information Commissioners, Central Vigilance Commissioners or the members of the National Human Rights Commission. Many fourth branch institutions have fixed terms and salary for their members. For example, the Comptroller and Auditor General of India has a fixed term of 6 years and can only be removed from office in the same manner and on the same grounds as that of a judge of the Supreme Court and his/her salary can be altered only by a law by the Parliament. Similarly, members of the National Human Rights Commission can be removed on ground of proved misbehaviour or incapacity as prescribed in law.

DPA AS A FOURTH BRANCH INSTITUTION

The question which then arises for consideration is why must the DPA be considered a fourth branch institution instead of a mere sectoral regulator such as TRAI, SEBI or CERC. To answer this question, we must first understand that in a welfare state such as India, the executive branch continues to play a dominant role in individual lives, and they process a wide range of personal data for functions such as healthcare, subsidies, census, surveillance and targeted governance. Intelligence and law enforcement agencies also collect and process swathes of personal data of individuals. Given the width and scale of executive action related to personal data, accountability of executive actions becomes necessary. This sentiment was captured in Puttaswamy, where Chandrachud J. observed :

180. (…) In a social welfare state, the government embarks upon programmes which provide benefits to impoverished and marginalised sections of society. There is a vital state interest in ensuring that scarce public resources are not dissipated by the diversion of resources to persons who do not qualify as recipients (…) Data mining with the object of ensuring that resources are properly deployed to legitimate beneficiaries is a valid ground for the state to insist on the collection of authentic data. But, the data which the state has collected has to be utilised for legitimate purposes of the state and ought not to be utilised unauthorizedly for extraneous purposes. This will ensure that the legitimate concerns of the state are duly safeguarded while, at the same time, protecting privacy concerns.

 

The potential dangers of privacy and surveillance posed by the executive has already been made evident in the constitutional challenge to the AADHAR scheme, where the Petitioners exhaustively presented the privacy, surveillance and security dangers to unchecked data processing by the government.

Further, the right to privacy has already been recognized as a civil political right which requires heightened protection from the executive abuse, for they are inextricably linked to a free exercise of other democratic rights such as a right to vote or the right to freedom of movement and association. Thus, protection of right to privacy as a fundamental right is not merely an end in itself but also instrumental in protecting the minimum democratic core of our Constitution. It is for safeguarding this fundamental right of privacy that the Supreme Court instructed the Committee chaired by Justice B N Srikrishna to draft an appropriate legislation, knowing fully well that an unchecked collection and use of personal data can lead to executive aggrandizement and adversely affect democracy.

The mandate of the PDP Bill was to constitute an independent body which would facilitate democratic and institutional accountability of the executive but in stark contrast, the DPA has now been modelled as a sectoral regulator; and much like any other sectoral regulator, the central government has retained executive control and supervision over the DPA. For example, the Selection Committee which appoints the members of the DPA comprises entirely of members from the executive i.e. secretaries from different departments of the Central Government. Their salaries and allowances are to be prescribed by the Central Government. The Central Government has also been empowered under the Act to remove any member of the DPA on the grounds enumerated in the PDP Bill. Emulating economic regulators, the PDP Bill has also vested its adjudicatory function in adjudicatory officers. The manner and term of appointment of these officers shall be decided by the Central Government.

Such pervasive executive control built into sectoral regulators is justified as they are bodies which set out, regulate and monitor economic policy. Since economic policy is a core function of the executive, it is only appropriate that the government has the functional autonomy and powers related to it. However, the same principal cannot apply to an accountability and democracy body such as DPA. Given the key role of DPA in protecting a core democratic ideal of the Constitution (and that too largely against the Executive itself), it neatly fits into the category of a fourth branch institution and not a sectoral regulator. It is therefore necessary that the DPA is reimagined as a robust and independent part of the ‘Fourth Branch’ lest the right to privacy becomes illusory over time.

Coronavirus and the Constitution – XXIV: Aarogya Setu and the Right to be Forgotten [Guest Post]

[This is a guest post by Karthik Rai.]


Introduction

While the Puttaswamy case recognized privacy as intrinsically embedded in Art. 21 of the Constitution of India, it was simultaneously conceded that health concerns would trump privacy considerations, if there were through necessary and proportionate intrusions into individuals’ privacy [paragraph 180]. In light of the Covid-19 pandemic currently gripping the world, one such purported governmental intrusion into the citizens’ privacy was the introduction of the ‘Aarogya Setu’ app (‘the App’) to track users’ movements and ascertain if they are at the risk of contracting the virus.

Let me briefly describe the App. The App obtains details regarding the users’ name, sex and medical antecedents, to mention a few, and its usage is propelled by mobiles’ Bluetooth and GPS services. These details, under certain circumstances, get uploaded onto the server which is then accessed by the government to respond appropriately. There had been various concerns with the privacy policy (‘Policy’) of the App which compelled the government to release an updated Policy with various changes. However, criticisms have still persisted – on its static Digital Identity Number (‘DiD’), its requirement of GPS being excessive and not in line with global standards, and its lack of transparency – all of them seemingly infringing privacy disproportionately.

However, through this piece, I provide a hitherto-unexplored perspective to the App’s Policy. First, I will be proving that the Policy contains a substantial phrasal fallacy, intentional or not; next, I will show this affects the RTBF and its related concomitants, undermining user privacy. Finally, I shall conclude with suggestions on how to alleviate the problem.

The Phrasal Fallacy and its Consequences

Clause 1(d) of the Policy (it can be accessed here) states that the App collects locational information in fifteen-minute intervals – basically, the App stores data about the places users visited. It also states when said data will be uploaded to the server. Clause 3(b) addresses data retention apropos information collected under Clause 1(d), and posits three different time periods for data retention, based on the category the data falls in:

Category 1: If the data is not uploaded to the server, not having satisfied the conditions mentioned under Clause 1(d), it gets ‘purged’ within 30 days from the App.

Category 2: If the data is uploaded to the server, two further situations arise:

If the person tests negative for Covid-19, the data will be purged from the Server within 45 days of upload.

If the person tests positive, the data will be purged from the Server within 60 days of being cured.

While Category 1 entails data deletion from the App, Category 2 concerns deletion from the Server. So, if a person’s data under Clause 1(d) has been uploaded to the Server, there is no provision providing for the deletion of the same information from the App, implying it could remain on the App, indefinitely.

Clause 1(d) stipulates three situations under which the data gets uploaded to the Server: when the person tests positive for Covid-19, when ‘self-declared’ symptoms indicate a probability of being infected, and/or when the self-assessment test returns a ‘yellow’ or ‘orange’ result.

The assessment is conducted by algorithms whose criteria are unclear. Therefore, reports have stated that misidentifications are highly possible. A similar mechanism is present in China, and such predictive data-assessment has been inaccurate. Therefore, even mere suspicion could lead to a ‘yellow’ outcome, mandating a data transfer to the server. This would then mean that the user falls within Category 2, and his/her data would be deleted from the server but would linger in the App indefinitely, without violating the Policy.

Clause 2(e) states that the data collected under Clause 1(d), will not be used for purposes other than those mentioned in Clause 2. However, under Clause 2, the use mandated for Clause 1(d) data is only for the replicated data uploaded onto the Server. So, no use has been prescribed for the original data the App collects, which means Clause 2(e) does not exactly apply to it. Thus, it could be used for anything as long as it is not uploaded to the Server. Additionally, the data present on the App is not even encrypted into DiDs.

Clause 1(a) data, which contains personal attributes like name, gender, etc., remain as long as the account remains. Clause 1(a) data is first ‘collected’ in the App and subsequently ‘stored’ on the server. Thus, both Clause 1(a) and 1(d) data, in many users’ cases, can remain indefinitely on the App (and thus the mobile), and an accurate map of the places the user has visited can be charted, easily combinable with his/her personal attributes.

The government recently issued a slew of directions in order to increase usage of the App, including making the installation of the App mandatory for all employees in both the private and the public sector. Astonishingly, the Noida police has stated that not having the App on your smartphone would constitute a crime, possibly attracting imprisonment. In light of these developments, it becomes all the more important to understand how the problematic Policy could proliferate privacy violations, contravening fundamental principles of data protection.

Purpose Limitation and the Violation of RTBF

Purpose Limitation (‘PL’), an essential prerequisite for data protection, states that the collection of data must be for a specific purpose. The ‘data principal’ – used to refer to persons whose data is processed – must know the reason for which they provide data voluntarily. Therefore, the limit of data usage by the government must be constrained by the informed consent of the user.

The Supreme Court has held in the Aadhaar judgement that purpose limitation is integral for executive projects involving data collection – unless prior permission is provided, third parties cannot be provided access to personal data [paragraph 166]. This principle is embodied in S.5 of the yet-to-be-implemented Personal Data Protection Bill, 2019 (‘the Bill’). PL, as stated earlier on this blog, enhances transparency in data processing, and helps examine the proportionality of the mechanism used to collect data for a specific purpose. Moreover, as Siddharth Deb writes, it prevents the emergence of permanent data ‘architectures’ based on interlinking databases without consent. Stemming from this is an implicit expectation of RTBF. In order to understand and appreciate the relevance of RTBF, it becomes pertinent to establish the jurisprudence pertaining to the same in India.

The Right to be Forgotten: A Brief History

RTBF grabbed headlines after the popular Google Spain case, where a case was filed by a Spanish citizen against Google requesting the erasure of links that concerned forced sale of certain properties he owned due to debts, indicating financial hardships. The Court of Justice of the European Union ruled in the citizen’s favour by acknowledging that his right to be forgotten, and therefore his privacy, were being violated. Since the information had become “irrelevant” and “inadequate”, he had a legitimate claim to get such data removed under the EU Directive 95/46; thus he could be ‘forgotten’ from the internet [paragraphs 93-94].

However, the trajectory of the evolution of RTBF in India was slightly different, due to the absence of the right being grounded in statute. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which was India’s first legal framework recognizing the need to protect the privacy of personal data, had no mention of RTBF. Therefore, contrasting judgements on RTBF emerged.

To exemplify, the Gujarat High Court in Dharamraj Bhanushankar Dave v. State of Gujarat held that there was no law under which the petitioner could claim that he had a right to ensure the removal, from the internet, of a court judgement he was a party to; therefore, his arguments were insufficient to establish a successful case of violation of Art. 21 of the Constitution. However, a judgement reported four days later, {Name Redacted} vs The Registrar General, recognized RTBF explicitly, though in a limited sense. The petitioner’s request to remove his daughter’s name from a judgement involving claims of marriage and forgery was upheld by the Karnataka High Court. It held that recognizing RTBF would parallel initiatives by ‘western countries’ which uphold this right when ‘sensitive’ cases concerning the ‘modesty’ or ‘reputation’ of people, especially women, were involved [paragraph 5].

However, it was only in the Puttaswamy judgement that RTBF was unequivocally recognized by Justice Kaul as residing in Art.21, which guaranteed privacy. He noted that the recognition of RTBF would imply that, if an individual desired to remove his/her personal data from the virtual space, it ought to be respected, if said personal information served no ‘legitimate interest’, was ‘incorrect’, or was not ‘necessary’ or ‘relevant’ [paragraph 69]. However, he did concede that RTBF was subject to reasonable restrictions based on countervailing rights like free speech [paragraph 69]. Similarly, in Zulfiqar Ahman Khan vs M/S Quintillion Business Media, the Delhi High Court recognized RTBF as ‘inherent’ in the right to privacy [paragraph 9], thereby ordering the removal of internet articles that would sully the plaintiff’s reputation ‘forever’ [paragraphs 7 and 8].

Applying RTBF to the App’s Policy

In light of the judicial interpretation of RTBF in India, especially post Puttuswamy, it is clear that, once the purpose of the data submitted is completed, data principles have a right to be erased without unwarranted intrusions into their privacy. This is embodied in S.20(1)(a) of the Bill. RTBF is founded on the dignity of an individual, which could be tarnished if the information is not erased.

In the instant case, personal data is uploaded by users to the App for a limited, specific purpose – to ascertain their health’s status. Once the purpose of this data is completed, an automatic deletion of the data collected must have been effected, as Prof. Schönberger suggests. Moreover, the data collected by the App constitutes ‘digital footprint’, as the data upload is by the principals themselves, and not by other parties. Thus, after the purpose is complete, neither public interest nor any violation of free speech will occur by deleting such information from the App. Thus, RTBF in this case should have been absolute.

However, if a user is denied this right by not deleting his/her personal information from the App, issues of identification of such persons arise. There have been instances of inter-app communication, wherein one app permeates another to extract information from the latter. This app then sends this data to an external server, which could be of another country as well. Then, the data could be used for any purpose. This could lead to microtargeting, finding out what medicines you use, etc., all of which violate privacy.

Besides, identification based on such data could precipitate widespread social media abuse. In South Korea, where similar surveillance methods were used recently, detailed timelines of people’s locations were uploaded on social media, with information like the place of residence giving reasonable indications of who the person was. A man was accused of infidelity after one of his locations on the app in Korea was near a brothel. Such online harassment impacts people’s psyche, and has also led to suicide.

The Right to Informational Self-Determination (‘RISD’)

RTBF is grounded in the fact that a citizen has control over his/her digital footprint, and thus no competing claim can use the information for anything else. Only the user has complete control over their data. The data principal must be equipped with the ability to retain personal control over personal information. In Puttaswamy, the judges emphasised the criticality of informed consent and informational autonomy, in line with European data privacy practices [paragraph 177], and any use of data contravening such consent would be ‘unauthorized’. Consent, therefore, is not a one-time permission, but must be obtained each time a new, specific use of the information is needed.

In the App, if the user tests ‘yellow’ or is Covid-positive, the information is uploaded to the Server from the App, voluntarily. However, 45 or 60 days after such information transfer, as the case may be, the purpose of sharing information is complete. The data principle had ascertained that only the government could control such information, and, that too, for a specific period, which has lapsed. Thus, RTBF automatically operates, and, respecting the users’ RISD, consent for further use of data should immediately terminate. However, since the App does not purge this information, users’ locational data could be illegitimately used for any purpose, by anyone. This violates their RISD.

Conclusion

The Supreme Court in Puttaswamy stated how the transgression of the right to privacy is subject to reasonable restrictions [paragraph 26, Sapre J.]. Therefore, the infringement must be backed by law, must be proportionate to the specific objective sought to be achieved, and must be the least intrusive measure.

There is no clarity on the legal underpinning behind the App; it can be surmised that it has been envisioned under either the vaguely-provisioned Epidemic Diseases Act, or the National Disaster Management Act, both of which provided extensive executive discretion. However, a chassis of clear regulations has not been designed to collect and reveal information about travel history, sex, etc. Thus, there is no specific law backing such executive action.

This is aggravated by the fact that the Bill has not been passed yet; thus, statutory grounds to regulate data collection and processing are still unavailable. Coupled with the fact that judges are deferential towards executive actions during such testing times, a challenge to the App based on Art.21 may not be sustained. Mere assurances by the government about protecting privacy will not suffice, as evidenced by Singapore, where, despite the government’s guarantees, user data was published in great detail, online.

It is not difficult, thus, to surmise that data protection is a desideratum for constitutional inspection. The Bill must soon be implemented and the App’s privacy policy recalibrated to pass the scrutiny of the Bill’s provisions, including RTBF, and purpose limitation. This would ensure a legitimate legal backing. Additionally, ensuring open access to the App’s source code is all-important. This would facilitate greater transparency and attenuate privacy flaws, thereby rendering the privacy intrusion by the App the least intrusive alternative.

Countries like China South Korea, which have managed to reduce Covid-19 cases through measures mirroring the App, have substantially infringed their citizens’ privacy, with the citizens condoning the same as a necessary trade-off to achieve greater efficiency of the measures. However, this institutionalizes the ‘culture of tolerance’ of repeated and excessive privacy violations, giving the government greater confidence to effect more blatant privacy violations in the future. Thus, in light of the abnormal times we are countenancing, the govt has to implement the Bill, recalibrate the Policy, and take other necessary measures to achieve an optimal trade-off between efficiency and privacy.

Coronavirus and the Constitution – XXI: The Mandatory Imposition of the Aarogya Setu App

The extension of the “nationwide lockdown” by another two weeks has brought with it a slew of further directions under the National Disaster Management Act. Many of these directions exacerbate the problems pointed out in previous posts. For example, unlike previous directions, this one actually does impose a physical curfew (between 7PM and 7AM), and directs local authorities to pass necessary orders implementing it. This particular direction lies at the intersection of rule by executive decree and the undermining of federalism, as discussed previously. In this post, however, I want to briefly consider Guideline 15 of Annexure 1, which mandates the use of the government’s contact tracing app – Aarogya Setu – for all private and public employees, and obligates employers to ensure 100% coverage.

To those who have followed the many twists and turns of the Aadhaar story, this metamorphosis from “voluntary” to “voluntary-mandatory” to “effectively mandatory” will have a familiar ring – the pandemic probably just accelerated the pace of transformation from a few years to a few weeks. The mandatory imposition of Aarogya Setu through executive decree, however, suffers from serious legal problems, discussed below.

The Absence of Anchoring Legislation

As pointed out repeatedly on this blog, the legal framework for the government’s pandemic management strategy has been the National Disaster Management Act, which has an umbrella clause permitting the issuance of guidelines and directions aimed at addressing disasters. Previously on this blog, we have discussed the separation of powers and other democratic problems that come with using vague enabling legislation to anchor a wide-reaching executive response. When it comes to the infringing of rights, however, the problem is even more acute: Part III of the Constitution requires that even before we get to the discussion of whether a rights violation is justified or not, there must exist a law that authorises it. Any such law has to be specific and explicit with respect to the rights that it seeks to infringe, the bases of infringement, the procedural safeguards that it establishes, and so on.

The NDMA cannot be such a law, because it says absolutely nothing about the circumstances, manner, and limitations under which the government is authorised to limit or infringe civil rights (in this case, the right to privacy). The enabling clauses do not help, because – as pointed out above – they are generic enough so as to permit just about any executive decree that (the executive believes) is required to tackle the disaster. If the NDMA was indeed accepted as the basis, then this would effectively subvert the legality requirement entirely and across the board: there could, hypothetically, be one single umbrella legislation that stipulates that “the government may do anything that it believes is reasonable to achieve the public interest” , and do away with any further need for lawmaking in toto. This, however, is the very definition of rule by executive, instead of the rule by and of law.

It should be noted that the proposition I am advancing here is a very basic one. Last week, for example, the High Court of Kerala refused to allow the government to cut salaries without specific legislation authorising it (the Court correctly observed that the existing provisions of the Epidemics Act and the Kerala Covid-19 Ordinance were far too generic to authorise such a step). We shall discuss the judgment of the Kerala High Court in a subsequent post, but for now, suffice it to say that this is not just a basic proposition under Indian law, but a basic proposition everywhere. The Israeli High Court – not exactly known for being a hotbed of bleeding-heart liberal jurisprudence – held a few days ago that the Shin Bet could not engage in surveillance without authorising legislation. A few months ago, the High Court of Kenya held that GPS Coordinates and DNA samples could not be collected under cover of a general law, but – at the very least – would require “anchoring legislation” to do so.

The requirement of specific legislation is not a mere procedural quibble, but a crucial constitutional point. One, of course, is the separation of powers issue, which we have discussed before: if the State is going to mandate an intrusive, data-collecting app upon its citizens, then the least that ought to be done is that it be authorised by the citizens’ elected representatives, in Parliament. Equally importantly, however, a hypothetical “Aarogya Setu law” will necessarily have to demonstrate constitutional compliance with respect to data protection principles. A good example of this – again – is the history of Aadhaar: once it became clear to the government that it actually had to pass an Aadhaar Act, the accompanying infrastructure – including limitations upon the use of Aadhaar – also had to be considered. Writing out these provision in law also enabled an informed challenge in Court, where at least a part of the Act was struck down for being unconstitutional (I need not go over that again here). Blithely mandating Aarogya Setu in one sentence through an executive decree tears the constitutional architecture to shreds.

The Proportionality Test(s)

Given the government’s penchant for Ordinances (the Kerala government has, for example, issued an ordinance to get around the High Court’s salaries judgment), the requirement of legislation is unlikely to present an effective check upon executive abuse. That, however, makes it important to highlight that there exist serious substantive constitutional concerns with the mandatory use of the Aarogya Setu app.

As is well known, the proportionality standard for adjudicating whether a violation of the right to privacy is justified or not has four prongs: legality (requirement of a law, with a legitimate purpose), suitability (the government’s action must be suitable for addressing the problem, i.e., there must be a rational relationship between means and ends), necessity (i.e., it must be the least restrictive alternative), and proportionality stricto sensu (there must be a balance between the extent to which rights are infringed and the State’s legitimate purpose).

There is, by now, extensive literature on the question of the very effectiveness of contact-tracing apps to fight a pandemic such as Covid-19. As this Brookings Paper shows, (a) contact tracing is effective where there exists large-scale testing capacity and less spread (the first condition certainly does not exist in India today); (b) there is a high risk of false positives and false negatives, something that gets worse as the population size increases (recent examples in India bear testimony to this); (c) the absence of complete smartphone penetration can defeat the purpose (particularly true for India) (the authors also point out other risks, such as social stigmatisation). It is, therefore, an open question whether the second limb of the proportionality test – suitability/rationality – is satisfied.

The problem grows more severe when we come to the necessity prong (discussed previously on this blog as well). The data collection practices of the Aarogya Setu app – and how they fall short of constitutional standards – have already been discussed extensively (see here, here, here, and here). Now, it is not the purpose of this post to engage in a detailed technical discussion about whether the Aarogya Setu app complies with the third limb of the proportionality standard or not (much of that work may be accessed in the links above). However, there is a broader legal point that needs to be noted. This is the issue of burden: it is well-established under Indian constitutional jurisprudence – most recently in the Aadhaar judgment – that once a prima facie violation of privacy has been demonstrated, the burden of justification (under the proportionality standard) shifts to the State. In other words, it is for the State to show that the suitability and necessity prong of the proportionality standard are satisfied. A necessary corollary of this is that as far as the suitability prong goes, the State cannot mandate the use of a privacy infringing app before it is first demonstrably established that a means-ends relationship actually exists. Thus, if – as the Brookings analysis shows – there is a non-trivial likelihood that the app in question cannot achieve the very (legitimate) purpose that it is designed for, it cannot be made mandatory.

Secondly, as far as the necessity prong goes, it creates a constitutional obligation upon the State to be transparent about the basis for choosing this app, designed in this way. Were less intrusive alternatives considered (see the IFF working paper linked above)? If so, were they found non-suitable for the goal? If not, why were they rejected? And even if not, why is there not a mandatory sunset clause here? Once again, this is not a radical legal proposition: in the Aadhaar judgment, the mandatory linking of bank accounts with Aadhaar was struck down precisely on the basis that there existed less restrictive alternatives, and that the government had comprehensively failed to provide any reasons why they had not been considered. It is fair to say that if the government cannot even show why it has chosen a more intrusive data collecting app over a less intrusive alternative (that exists), then it is in no sense a constitutionally justified decision.

Conclusion

The government directive mandating Aarogya Setu for all public and private employees suffers from serious legal flaws. In the absence of a specific anchoring legislation, it fails the first limb of the proportionality test. And on more substantive grounds, the government bears the burden of showing that the design of the app satisfies both the suitability and the necessity prongs of the test – a burden that, thus far, remains undischarged (indeed, going by blithe ministerial statements about how the app might continue to be in use for two years, there seems to be very little appetite in the government to even attempt to discharge that burden). There would, therefore, appear to be excellent legal grounds for a challenge to the NDMA Direction; of course, the prospect of any such challenge succeeding at a time when the Court appears to have withdrawn itself from its task of rights adjudication, is another matter.

Guest Post: The UP Hoardings Case – in Defence of the State

[This is a guest post by Tanishk Goyal and Rishabh Narain Singh.]


This post is a response to Shubhangi Agarwal’s interesting piece on the U.P Hoardings case, where it was argued that the swift justice delivered by the Allahabad High Court  in the Hoardings Case was derailed by the Supreme Court of India, that its reliance on the UKSC judgement in the case of In the matter of an application by JR38 for Judicial Review (Northern Ireland) was misplaced, and that it failed to correctly apply the Puttusawmay judgement to the present case.

We begin by arguing that the executive orders passed for the recovery of damages from the protestors constituted “law” as required by the first determinative factor of the proportionality test. Next, we argue that that the aim of the above orders was not to deter mischief by the protestors, but to warn the public at large not to purchase the property of such persons, which had been attached to claim the recovery amount. Next, we illustrate not only how there existed a rational nexus between the means employed and the object sought to be achieved by the State, but how such means were just, fair and reasonable as well. Having established the due compliance of the law with the proportionality test, we seek to apprise the reader that the Supreme Court, in fact never placed its reliance on the UK SC judgement in the case of In the matter of an application by JR38 for Judicial Review (Northern Ireland), while referring the matter to a larger bench.

On Administrative Orders Qualifying as Law within the meaning of the Proportionality Test

The Allahabad High Court in the case of Mohammad Shujauddin v. State of Uttar Pradesh & Ors. had taken judicial notice of rioting, arson, and the damage to private and public property by an insurgent mob in 2009. Having taken such judicial notice, a single judge bench of Justice Sudhir Agarwal had issued certain directions that mandated the competent authorities to hold quasi judicial proceedings, assess the damages and pass necessary recovery orders. The directions also emphasised the realisation of the assessed damages from the protestors as arrears of land revenue and included a mandate to comply with the decision of the Supreme Court in the case of In Re:Destruction of Public and Private Properties Vs. State of Andhra Pradesh & Ors.

In pursuance of this judgement, an administrative order was issued by the Uttar Pradesh Government on January 8, 2011, whereby all District Magistrates and Additional District Magistrates of the State were empowered to hold quasi judicial proceedings, assess the damages and pass necessary recovery orders so as to ensure compliance with the directions. Since the decision of the Allahabad High Court has not been set aside till date, it remains good law. Furthermore, the decision of the Allahabad High Court itself created a right in the State to recover the damages as “arrears of land revenue” under the Uttar Pradesh Revenue Code and Revenue Rules 2016 (which involves attachment of property and a warning to the public at large not to deal in the attached property, explained in Part III) when the conditions given in Direction IV of the judgement are satisfied:

  • That there is a finding that the persons against whom the claim has been filed are responsible for the said loss;
  • Such amount has not been paid by the persons on their own;
  • Such amount has not been paid within the time directed by the competent authority.

Therefore, the Administrative Order which was relied upon to realise the assessed damages from the protestors was in pursuance of a High Court Judgement which provided for the Uttar Pradesh Revenue Code and Revenue Rules 2016 to step in to back the State Action of realising the damages as arrears of land revenue (involving the attachment of property and a warning to the public at large by the beat of drums not to deal in the attached property) if the foregoing conditions were not satisfied. This is to say that the power to put up of banners flows from the non-payment of damages by the defaulters. As soon as the prescribed time period lapses, the Uttar Pradesh Revenue Code and Revenue Rules 2016 step in to back the State Action of putting up the posters.

Thus, the action satisfies the test of legality, which postulates the existence of law according to the first determinative factor of the proportionality test.

Understanding the Legitimate State Aim in the Current Case

In the post post mentioned above, it has been averred that the authorities also failed on the second count of the proportionality test as “the aim to deter mischief and recover money from protesters for alleged damage to public property was not a legitimate aim, as they were not fugitives, and there was no need to publicize their personal details.”

 It is acknowledged that the protestors were not fugitives. However, there was still an impending need to publicise their personal details. This is because in the case of fugitives, the publication of personal details is aimed at deterring such fugitives from evading the process of law in India by staying outside the jurisdiction of Indian Courts. However, in the case at hand the administrative orders were not intended to have a punitive impact. This is to say, that the aim of the State was not to deter the protesters from committing such acts in the future. Instead, the aim of the administrative orders was to warn the public at large not to deal with such persons in property as the same has been attached for recovery proceedings. This is amply illustrated by the Administrative order passed by the State on January 8, 2011 which empowered the Executive magistrates to be the competent authorities as mentioned in the directions issued by the Allahabad High Court. A close reading of the directions mentioned above reveal that the State was under by a positive obligation to fulfil the mandate of recovery of damages, failing which the State officials would have to face disciplinary action. The responsibility conferred on the State to fulfil such a mandate of recovery from the protestors is evident from the following lines of the order.

(iv) After giving an opportunity of hearing to the concerned persons, Competent Authority shall pass appropriate order within next 30 days. In case it is found that persons, against whom such claim is filed, were responsible for the said loss, the amount assessed and awarded by such Competent Authority shall be realized, if not paid on its own by the person responsible within such time as directed by such authority, as arrears of land revenue.

(vi)         If the authorities responsible for taking steps, as directed above, failed to observe their duties within the specified time, it shall be treated to be a misconduct justifying disciplinary action.(emphasis supplied)

Furthermore, this is not the first time that the recovery from the defaulters has been supplemented by the publication of their names and addresses. Illustratively, The Bombay High Court in D.J Exim Bank Pvt. Ltd v. State Bank Of India, while allowing the banks to publish the names and photographs of the defaulters, observed that:

A perusal of the said Rule clearly indicates that the bank has the right to publish the name of the defaulters by giving their names and addresses and two-fold purpose is served as a result of the said publication of the names, firstly the fact that these persons are wilful defaulters is made known to the public at large and secondly it also tends to caution the prospective buyers who may be offered the property which is mortgaged by these defaulters with the bank. This being the primary objective for the publication of the notice, in our view, there would be no impediment in publication of photographs of wilful defaulters and particularly those defaulters who have committed various acts of misfeasance.

A Special Leave Petition was preferred against this order and was accordingly dismissed by a division bench of the Supreme Court. The bench upheld the Bombay High Court Order allowing the lender to publish names and photographs of directors and guarantors of defaulter firms in newspapers on the grounds that Rule 8 framed under the SARFAESI Act (which interestingly does not mention that the names and addresses of defaulters may be published) authorised such a move. The Supreme Court agreed with the view that there was no legal bar either in the said rule or under any provisions of the Act which expressly prevents the bank from publishing photographs, and that therefore, the action taken by the bank was not ultra vires.

Similarly, The Madhya Pradesh High Court in M/S Prakash Granite Industries vs. The Punjab National Bank, The Madras High Court in M/s.Mohan Breweries and Distilleries Limited v. The Authorized Officer,State Bank of Mysore, and The Delhi High Court in M/s. K.V. Wall Mount Pvt. Ltd. v. State Bank of India, have endorsed the reasoning of the Bombay High Court, allowing the banks to publish the photographs of the wilful defaulters.

Thus, the aim of the State in the present case was to affix a civil liability on the protestors and recover the damages from them, and not to deter them from committing such acts in the future. Furthermore, the photographs and address of the protestors were only published after the order for recovery by the Executive Magistrate had been passed, and had not been complied by the defaulters.

It is for this reason that the argument claiming that “lakhs of accused persons in UP were also facing criminal trials but their personal details were never subjected to such publicity” is misconceived, as contrary to those facing criminal trials, the present case concerns itself with defaulters against whom the final order for recovery has already been passed.

Rational nexus between the means employed and the object sought to be achieved

As explained in the previous section, the object which was sought to be achieved by the State was the recovery of damages from the protestors against whom a final order had been passed by the Executive Magistrate.

This power of an Executive Magistrate to pass a final order, after conducting a quasi-judicial proceeding and after giving an opportunity of hearing to the defaulter, is in fact sourced from the judgement of the Allahabad High Court in the case of Mohammad Shujauddin v. State of Uttar Pradesh & Ors. According to the guidelines issued by the Court in the above case, the order for recovery cannot be passed by the competent authority if the defaulter has not been given an opportunity of hearing.

Once the order of recovery has been passed against the accused, and the order is not complied with, a right is created in the State to recover the amount as arrears of land revenue. The recovery of a certain amount as “arrears of land revenue”, under Section 279 of the U.P Zamindari Abolition and Land Reforms Act, 1950 & Rules 1952 inter-alia involves the creation of a security interest on the property of the defaulter, as well as notice to the public at large that the property has been attached, by the beating of drums. This is illustrated by Section 279 of the Act, the corresponding rule to which as been reproduced below:

273. Where any land is attached in pursuance of the provisions of Clause (d) or (f) of Section 279 or sub-section (1) of Section 284 or of Section 286 or is let out under sub-section (2) of Section 284, a proclamation in Z.A. Form 73, shall be affixed at a conspicuous place in the village in which the land is situate and it shall also be notified by beat of drum.

Interestingly, This Act was replaced by the Uttar Pradesh Revenue Code and Revenue Rules 2016. The new act mandates recovery of arrears by attachment of land of the defaulters, the corresponding rule to which states: […] “158 (2) A copy of R.C. Form-41 shall also be served on the defaulter and the factum of attachment shall also be announced by beat of drum on the spot.”[…]

Thus, it is clear that the objective sought to be achieved by the State was the recovery of damages from the protestors against whom a final order had been passed by the Executive Magistrate. The means to achieve the same objective were evidently laid down by the Allahabad High Court which empowered the competent authority to pass the final order of recovery. If the defaulter could not pay the damages, the same was mandated to be realised as “arrears of land revenue” under the erstwhile U.P Zamindari Abolition and Land Reforms Act, 1950 & Rules 1952 (Replaced by the Uttar Pradesh Revenue Code and Revenue Rules 2016 with similar provisions). Whenever an amount has been realised as “arrears of land revenue” the legislative intent has concurrently been to inform the public at large about the attachment of such a property so that they are consequently precluded from dealing in the same.

In the present case, in light of the non feasibility of the “beating of drums” the mode of communication to the public was reasonably extended to and replaced by the publication of banners, whose only objective was to warn the public at large not to deal with such persons in property as the same has been attached for recovery proceedings. Moreover, the least restrictive measure which the State should employ is a matter of policy. By virtue of being a matter of policy, the State is given a limited amount of discretion. The limits to such discretion have been emphatically spelled out in the case of Reliance Airport Developers Pvt. Ltd vs Airport Authority of India, where a division bench of the Supreme Court ruled that discretion, when applied to State action should be according to rules of reason, which is regular, and not arbitrary or fanciful. This requirement of employing a least restrictive measure which is guided by a sound and reasonable exercise of discretion was accordingly met in the present case as the publication of the banners was a reasonable extension to the mandate of the “beat of drums” under the Uttar Pradesh Revenue Code and Revenue Rules 2016. This is essentially because, the requirement of the “beat of drums” in the Revenue Code (which is essentially meant to be employed in villages and small towns) would not suffice for the demographics of a city like Lucknow where the defaulters were alleged to have been residing. This line of argumentation was, in fact endorsed and upheld by a division bench of the Supreme Court in the case of Rai Vimal Krishna v. State of Bihar, where Justice Ruma Pal held that,

27. […] Indeed it appears to us that the requirement to notify people by beat of drum is an anachronism which appears to inappropriate in the present day and age in a large city like Patna. Where equally efficacious, if not better modes of publication are available, it would be ridiculous to insist on an obsolete form of publication as if it were a ritual.

The above judgement in fact went on to distinguish between the requirement and the manner of publication, holding that while the requirement of publication per se was mandatory in nature, the manner in which such publication should be made is merely directory, and the Courts should look at whether there has been sufficient compliance in effecting the intention of the legislature to warn the public at large in the city.

Now, one counter to this line to argument would be that if the purpose is to publicise the fact that there is certain property under attachment and to prevent the property-holder from alienating such a property and circumventing the legal process, then why can’t the State publicise the description of the property itself, instead of the personal details of the property-holder? While such an alternative may have been able to achieve the objective sought, it would also have caused undue hardship to the persons who might have a stake or an undivided interest in the property. This is to say, that the aim of the State is to recover the damages only from the share of the person in a property (which may have multiple undivided interests) against whom a final order of recovery has been passed. In light of this, the means employed in achieving the objective, were rational, and reasonably least restrictive in nature.

The Reliance of the Supreme Court on the UKSC Judgement

Contrary to the opinion expressed in the above blogpost, the UKSC judgement in the case of In the matter of an application by JR38 for Judicial Review (Northern Ireland), was never relied upon by the Division bench of the Supreme Court while referring the matter to a larger bench. The Supreme Court merely noted the submission of the Learned Solicitor General. This is illustrated by the following lines.

Learned Solicitor General also relied upon the decision of the Supreme Court of United Kingdom in the matter of an application by JR38 for Judicial Review (Northern Ireland), (2015) UKSC 42 and particularly paragraphs 2, 3 and 73 of the decision. He also placed for our consideration text of Article 8 of the European Convention on Human Rights (ECHR), which was subject matter of discussion in said decision and submitted that the action taken by the State in the instant case was fully justified.

Thereafter, without relying on any ruling whatsoever cited by both the sides, the Court went ahead to refer the matter to a larger bench for reasons solely relating to the “nature of the matter and issue of significance involved therein.

It is pertinent to note here, that the Supreme Court had explicitly relied upon the In the matter of an application by JR38 for Judicial Review (Northern Ireland), judgement of the UK Supreme Court in the case of K.S Puttaswamy vs. Union of India (2017) SCC 1. Here, the plurality opinion of Justice D.Y Chandrachud, in Paragraph 168 quoted the separate concurring judgement of Lord Clarke, where he said that “[…] the criminal nature of what the appellant was doing was not an aspect of his private life that he was entitled to keep private. He could not have had an objectively reasonable expectation that such photographs taken for the limited purpose of identifying who he was would not be published.”

This amply illustrates the relevance of the UKSC judgement in the privacy jurisprudence of India which remains to be relied upon or interpreted by a larger bench of the Supreme Court.

Guest Post: The UP Hoardings Case and Misplaced Comparativism

[This is a guest post by Shubhangi Agarwal and Harsh Singh.]


In March, the Uttar Pradesh administration had ordered the putting up of banners in Lucknow with names, photographs and addresses of more than fifty CAA – NRC protesters, asking for compensation from them for allegedly causing damage to private and public property. Observing a clear case of a breach of privacy, the Allahabad High Court took suo moto cognizance and registered a PIL against the government administration. The court rightly ruled that the actions of the state are “an unwarranted interference in privacy of people” (discussed here). However, this decision was appealed before the Supreme Court, and the apex court, after placing reliance on a UK Supreme Court judgment, ordered that the case be referred to a larger bench for consideration. This article seeks to juxtapose the crisp and timely intervention of the Allahabad High Court with the Supreme Court’s referral order and analyzes the apex court’s misplaced reliance on UK case law.

The Allahabad High Court’s swift justice

The Allahabad High Court criticised the UP administration for displaying such banners on the roads. It applied the proportionality test laid down in the Puttaswamy judgment and observed that the authorities failed it on all the three counts. Firstly, there was no law which permitted such actions. Secondly, the aim to deter mischief and recover money from protesters for alleged damage to public property was not a legitimate aim, as they were not fugitives, and there was no need to publicize their personal details. Lastly, there existed no rational nexus between the means employed and the objective sought to be achieved. Lakhs of accused persons in UP were also facing criminal trials but their personal details were never subjected to such publicity. The court even went on to remark that “the placement of personal data of selected persons reflects colorable exercise of powers by the Executive.”

The Supreme Court’s waywardness

The Supreme Court, on the other hand, shied away from its responsibilities when dealing with the same questions. It relied on a UK Supreme Court case – In the matter of an application by JR38 for Judicial Review (Northern Ireland), and referred the appeal to a larger bench. It is pertinent here to explain the facts of the foreign case to distinguish it from our case. In the UKSC case, the appellant, aged fourteen years, was engaged in rioting and his CCTV footage (taken during the course of rioting) was published in two newspapers by the police authorities. The publication was done to ‘identify’ him and to deter future disturbances. The question was whether there was a breach of privacy under Art. 8 of ECHR.

The UK Supreme Court judgment on this can be divided into two parts – the majority opinion and the minority opinion. The majority (Lord Toulson, Lord Clarke and Lord Hodge) opined that there could have been no reasonable expectation of privacy in the facts of the case, because of the nature of the criminal activity the appellant was involved in. Therefore, the appellant could not have expected non-publication of his photograph by the police for his identification. However, their conclusion that the appellant did not have any reasonable expectation of privacy was greatly dependent upon the ‘identification’ purpose of the police.

Lord Clarke, with whom Lord Hodge concurred, held that (paragraph 112):

I agree with Lord Toulson that on the facts here the criminal nature of what the appellant was doing was not an aspect of his private life that he was entitled to keep private. He could not have had an objectively reasonable expectation that such photographs, taken for the limited purpose of identifying who he was, would not be published. I would not however hold that the mere fact that a person is photographed in the course of a criminal activity deprives him or her from the right to prevent the police from publishing the photographs. Thus, if the photographs had been published for some reason other than identification, the position would have been different and might well have engaged his rights to respect for his private life within article 8.1. I would not therefore put the point quite as broadly as Lord Hope does in para 21 of Kinloch quoted above.

The minority opinion (by Lord Kerr and Lord Wilson) held that that the appellant retained a reasonable expectation of privacy primarily because he was a child at the time the photograph was taken, and factors like age, consent, and risk of stigma also play a role when determining the question of privacy. However, after applying the proportionality test, the judges came to the conclusion that the interference with the appellant’s right to privacy under Art. 8 of ECHR was justified for the same reasons as that of the majority opinion.

Lord Kerr J. with whom Lord Wilson concurred, stated (paragraphs 41 and 76):

Prima facie, therefore, the taking and use of a photograph of an individual will lie within the ambit of article 8. The essential question is whether it is removed from that ambit because of the activity in which the person is engaged at the time the photograph was taken and because the person could not have a reasonable expectation that his or her right to respect for a private life arose in those particular circumstances. The fact that the activity in which the person is engaged is suspected to be criminal will not, by reason of that fact alone, be sufficient to remove it from the possible application of article 8.

The painstaking approach taken by the police service to the objective of identifying young offenders such as the appellant has been explained by Chief Inspector Yates and Superintendent Robinson. Internal police inquiries were made; community leaders and social services were asked whether they could identify those involved; and it is ironical that the appellant and his father were shown the photograph that was later published. Had they identified the appellant, no publication would have occurred.

 

As is clearly evident from the above paragraphs, the photograph was published with the clear purpose to identify the wrongdoer; in the present case, however,, banners with personal details were put up to seek compensation from protesters for damage to public property, and to ‘name and shame’ them. There is a stark contradiction in both the objectives. These protesters were not fugitives and were not trying to bypass their interrogation and trial.

Conclusion

Only a few days before this referral order, the Supreme Court in Shah Faesal v Union of India, had remarked on judicial references. It had noted that “when substantial judicial time and resources are spent on references, the same should not be made in a casual or cavalier manner.” Regrettably, it failed to follow its own laid down principle. Moreover, the recovery notices which were issued to the protestors were challenged by them and the matter was already pending before the court. In such circumstances, the reference order was evidently unjustified. The result of this was that the swift justice delivered by the Allahabad High Court was derailed in the Supreme Court, in no small part because of erroneous reliance upon UKSC case law, as well as a failure to correctly apply the Puttaswamy judgment.

Guest Post: The Right to Love and the Right to Leave – Recognising Autonomy through Unilateral No-Fault Divorce

[This is a Guest Post by Shraddha Chaudhary and Shreedhar Kale.]


Thappad (2020) began an important conversation about the inequality and everyday violence that often defines women’s experiences within the institution of marriage. It highlighted the need to interpret fault-grounds liberally, so that ‘just a slap’ would be sufficient proof of cruelty. However, this does not go far enough to recognise the autonomy and dignity of the individual in marriage. The right to dissolve a marriage should not be beholden to proof of ‘fault’ any more than the right to marry should require reasons for the union.

Marriage is considered the cornerstone of family life in India. Unsurprisingly, therefore, Indian divorce laws, whether religious or secular, seek more to preserve marriage, than to facilitate separation. With the exception of certain forms of unilateral repudiation available to a Muslim husband, divorce can ordinarily be obtained either through mutual consent, or by proving one of the listed grounds of ‘fault’, such as adultery, desertion, cruelty etc. In this post, we argue that the autonomy of the individual in marriage will not be truly recognised until Indian divorce law provides the option of unilateral no-fault divorce. Exercising such an option, an individual may unilaterally divorce their spouse, without the need to prove fault or irretrievable breakdown of marriage, or to obtain the consent of the spouse. We discuss the vital constitutional concerns that arise from the legal conditions governing the dissolution of marriage, due to the unique social and symbolic significance of the institution. We also demonstrate how these conditions constitute an unreasonable restriction on the autonomy of the individual, under Article 21, to dissolve a marriage.

Marriage as a Constitutional Concern

Why should the legal conditions of the dissolution of marriage be a constitutional concern? The answer lies in the special place that marriage occupies in Indian social tradition, as well as in the lives of individuals. First, while marriage may formally be a choice, it would be far from accurate to suggest that this choice is, in fact, exercised freely by those who enter the marriage institution. In 2015-16, for instance, 27% of married women aged 20-24 had been married before the age of 18, and 7% before the age of 15. This indicates that millions of women currently in the institution of marriage were not even legally competent to exercise their choice to enter that institution.

Secondly, in the absence of civil partnerships or formal cohabitation, marriage enjoys a legal monopoly over formalisation of intimate relationships in India. This means that a couple is faced with an unpleasant binary. On the one hand is informal cohabitation, which has minimal legal protection and almost no rights. On the other is marriage which, while granting legal rights and social sanction, triggers an onerous legal regime that may keep parties tied together long after the intimacy has died, and often in circumstances of grave emotional, physical and sexual abuse. Fewer than 1% of Indian women aged 41-49 have never been married. In light of the systemic and structural gender inequalities that plague the institution of marriage, it would be naïve to read this to mean that marriage is a popular ‘choice’. In fact, the difficulties of navigating social spaces, the fear of social ostracism, the denial of legitimacy, and the loss of legal protection create pressures so overwhelming that non-marriage is often not a viable option.

Thirdly, and most importantly, however, marriage is a constitutional concern because of the essential symbolic role it plays in the lives of individuals. Marriage has, for centuries now, been integral to the human experience, an important part of the aspirations of human beings. It provides access to symbols which help shape identities, and sanctify intimate relationships that give meaning to people’s lives. To say, then, that marriage is not an Article 21 concern as long as a person may simply choose not to marry, therefore, is like saying that criminalisation of anal-sex is not an Article 21 concern because gay men may simply choose not to have sex. Certainly, the prima-facie choice exists, but forcing people to make that choice cuts at the foundation of human dignity.

Even assuming that marriage is indeed a choice that can freely be exercised without compromising human dignity, we believe it would still be a constitutional concern. This is because it is a legal institution that, in its present form, infringes the autonomy and dignity of the individual at the point of its dissolution, and therefore, violates constitutionally affirmed and protected rights.

Divorce Laws as Barriers to Individual Autonomy

The Supreme Court of India has, time and again (see Puttaswamy, Shafin Jahan, Shakti Vahini , and Navtej Johar) affirmed the autonomy and privacy of the individual in choosing whom to marry, whom to love and how to love. This negative right of non-interference essentially bars the state and society from dictating or infringing on these decisions. In Navtej Johar, in fact, the Court went further to recognise the role of this autonomy as constitutive of individual identity. The pride of place enjoyed by autonomy in creating relationships, including marriage, contrasts sharply with its conspicuous absence in ending formal relationships. Where a marriage is no longer a positive constituent of a person’s identity, ceases to be a source of love or intimacy, or simply fails to meet her expectations, the end of this marriage should need nothing more than her personal decision to exit it. A system that requires a person to justify this decision within the paradigm of arbitrary legal pigeon-holes, and to assign blame where none might lie, severely undermines the autonomy she enjoyed when entering the very same relationship.

Tying the dissolution of marriage to proof of fault in this manner also attacks the dignity of the individual. To fall in love and out of it, to have sex and stop having it, and in the same vein, to enter a marriage and exit it are intimate choices, intrinsically linked to a person’s imagination of herself, and to her most personal boundaries. Such choices should not be subservient to the satisfaction of subjective legal standards, or even to legal adjudication. This extends beyond fault grounds to mutual consent divorce. The relational rights that undoubtedly arise from marriage, such as the right to maintenance or child-support, are not contingent on the subsistence of the marriage. Therefore, the decision of one spouse to dissolve the marriage should not be contingent on the consent of the other. Similarly, it encompasses irretrievable breakdown, which has come to be an ad-hoc measure adopted by the Supreme Court to grant divorce in cases where the relationship is ‘beyond salvage’. Though no longer beholden to grounds of fault, divorce based on irretrievable breakdown still subjects individual autonomy to adjudication, and the satisfaction of the legal standard that the ‘marriage has broken down beyond repair’.

Simply put, the autonomy to enter the institution of marriage is incomplete and meaningless unless it is accompanied by the autonomy to freely and without ‘reason’, exit it, that is, through unilateral no-fault divorce.

Unilateral, no-fault divorce was the subject of constitutional scrutiny by the Supreme Court of India in Shayara Bano, where the Court held talaq-i-biddat (unilateral, irrevocable divorce on demand by a Muslim man) unconstitutional. Of the majority which affirmed this position, Joseph J., based his decision largely in theology, while Nariman and Lalit JJ. misidentified the ‘wrong’ of triple talaq. As this blog rightly argues, talaq-i-biddat was unconstitutional mainly because it discriminated on the basis of sex (Article 15), and not so much because it was manifestly arbitrary (Article 14). We believe that such discrimination is not a necessary consequence of unilateral no-fault divorce, but was a product of the circumstances in which talaq-i-biddat was practiced. It arose from the fact that the option of unilateral divorce was available only to men, and, more importantly, that there were no safeguards against the financial hardships that divorced women faced.

It is possible, therefore, to have an option of no-fault divorce that is not discriminatory. This would be done, first, by extending the right equally to both parties, regardless of gender, and secondly, by ensuring that the financial and material needs of the divorced woman are adequately met, either by her ex-spouse or by the state.

Fault-Based Divorce: An Unreasonable Restriction to Article 21

A constitutional challenge to the absence of unilateral no-fault divorce is likely to be met with strong opposition from various sections of society, including the State. The State has, in other issues relating to the marital sphere, such as marital rape, prioritised the ‘preservation of the institution of marriage’ over the rights of the parties, particularly women, in the marriage. The State would likely defend the status-quo of fault-based divorce as a reasonable restriction on the autonomy of an individual under Article 21. According to Puttuswamy II, “…a measure restricting a right must, first, serve a legitimate goal (legitimate goal stage); it must, secondly, be a suitable means of furthering this goal (suitability or rational connection stage); thirdly, there must not be any less restrictive but equally effective alternative (necessity stage); and fourthly, the measure must not have a disproportionate impact on the right-holder (balancing stage).”

Do arguments in favour of fault-based divorce as a reasonable restriction meet these criteria?

Legitimate Goals Stage

  1. The State has consistently claimed that the stability of the marriage institution is a legitimate State interest. Such an interest would arguably be threatened by a system that allows ‘arbitrary’ or ‘capricious’ divorce on demand. Therefore, the State may claim to have an interest in ensuring the indissolubility of marriage, or at the very least, in setting legal standards that prima facie disincentivise parties from dissolving the marriage.
  2. Additionally, it may be argued that the restrictions on divorce are meant to safeguard the interests of women and children in the event of an ‘arbitrary’ divorce.

First, it is possible to reject the State’s interest in the institution of marriage on the ground that decisions related to marriage and family relationships, being protected private choices, are not the appropriate domain of the State, except in limited circumstances. However, given that this interest has come to be constitutionally recognised, we choose not to contest this claim, given the limited scope of this post. Similarly, we also concede that the broad aim of protecting the rights of women and children is a legitimate aim of the State.

Notwithstanding this, we argue that fault-based divorce has no rational connection with these legitimate interests, and given the availability of a less restrictive but equally effective option, cannot be termed a necessary restriction.

Rational Connection Stage

Under the proportionality standard, once an infringement of a right is established, the burden of justification shifts to the State. The rational connection between prohibiting no-fault divorce and maintaining the stability of the marriage institution is, therefore, for the State to establish. On closer scrutiny, however, it can be seen that no such clear rational connection exists.

Marriage is not indissoluble in India, even if fault-based divorce does often make the process so protracted and cumbersome as to disincentivise divorce. However, this does not ensure the ‘stability’ of marriage unless the only metric of ‘stability’ is longevity. Arguably, if marriage is to serve as the cornerstone of family life, the test of its stability should be its strength and quality. A marriage that is long-lasting, but devoid of emotional value for one or both parties, and perhaps even marked by prolonged conflict or violence, cannot possibly be a reliable or stable foundation for family life. It is also arguable that a system that connives to keep people in a marriage by making its dissolution unnecessarily complex and onerous does a disservice to the institution of marriage.

Unilateral, no-fault divorce, on the other hand, has the potential to strengthen the institution of marriage by ensuring that those who remain in it do so because of the value it adds to their lives rather than the legal barriers to its dissolution. Moreover, no-fault divorce is no more ‘arbitrary’ or ‘capricious’ than fault-based divorce. Given the complexities of the human experience, especially in a sphere as intimate as marriage, no classification of fault grounds can ever hope to be comprehensive. In light of this, a legal regime that forces individuals to ensure that their narratives kowtow to the pre-determined grounds of fault available to them, is in itself arbitrary.

The purported interest in protecting women and children is, similarly, not advanced by fault-based divorce. This is for three reasons:

First, the underlying presumption of this interest, that the option of no-fault divorce would primarily be exercised by men against women, is erroneous. Considering the inequality and gendered violence that often marks marriage, such an option would, in fact, provide women an easy means of liberation. The expensive and adversarial process of litigation in fault-based divorce can exacerbate conflict, especially since the very purpose of the litigation is to find fault with one’s spouse. In cases involving physical, mental or sexual abuse, such litigation may also revictimize an abused woman. Faced with such a system, women may, in fact, be compelled to stay in abusive or exploitative relationships.

Secondly, while it is true that divorce is a traumatic experience for a child, the dangers of living in a household steeped in conflict, and possibly violence, over extended periods of time, should not be ignored either. It would be potentially more damaging for a child to be caught in the protracted crossfires of divorce litigation than to simply be from a divorced household.

Finally, the only way in which the State can seek to safeguard the interests of women and children in the event of a divorce is to ensure that the financial and material needs of women and children are adequately provided for. However, this need not be linked to the method of divorce, and can be determined separately.

Therefore, fault-based divorce does not further either of the State’s aforementioned interests, whether in ensuring the stability of marriage as the foundation of family, or in protecting the rights of women and children in the marriage.

Necessity and Balancing Stages

Unilateral no-fault divorce with adequate safeguards for the protection of vulnerable parties (as previously discussed) is far better suited to achieving the aims of the State, while simultaneously causing less infringement to the autonomy and dignity of individuals at the stage of dissolution of marriage, compared to fault-based divorce. Given this less infringing and equally efficacious alternative, fault-based divorce cannot reasonably qualify as a necessary restriction.

As regards the possible claim that fault-based divorce does not disproportionately impact those seeking divorce, the foregoing discussion on the autonomy-infringing effects of fault-based divorce would, we believe, suffice to negate the claim.

From the above, it is evident that the absence of an option of unilateral no-fault divorce amounts to an unreasonable restriction on the fundamental right to dignity and autonomy under Article 21. The only question that remains, therefore, is how the Supreme Court ought to adjudicate on the matter if such a challenge is brought before it.

Creating Space for Unilateral No-Fault Divorce

Based on our arguments in this post, the absence of unilateral no-fault divorce must first be held to be violative of Article 21, recognising that the right to love and the right to leave are two sides of the same coin. The Court would then have three options. First, it could make the declaration of unconstitutionality and leave it upto the State to pass a law on the subject. However, since the Court has acknowledged its duty to correct constitutional wrongs, without waiting for a majoritarian government to bring about such change, this would not be the most suitable option.

Secondly, the Court could choose to pass guidelines, including the option of unilateral no-fault divorce in various legislations till their formal enactment by Parliament, as in Vishaka. Thirdly, it could direct the Government to amend the relevant laws to include this option, as in NALSA. Of these, it appears that the second option would be the least objectionable. Given the orthodox position of the state on marriage, it is likely that the declaration would be ignored, as in Prakash Singh. Therefore, guidelines created by the Court would serve as an appropriate interim measure, ensuring that the declaration is not reduced to empty words. However, this option should be exercised consultatively, keeping in mind that the operationalisation of unilateral no-fault divorce must be based on empirical data on the patterns of divorce, custody and maintenance litigation in the country, lest we risk the remedy being worse than the ailment.

Coronavirus and the Constitution – VII: Balancing Privacy and Public Health in Karnataka [Guest Post]

[This is a guest post by Basawa Prasad.]


As per a press release published on 30/03/2020, signed by the Karnataka Medical Education Minister, a direction has been made asking all those who are quarantined at home over the COVID-19 outbreak to send a “selfie image” of themselves every hour from their home, failing which they may be housed in government-created mass quarantine centers. The press release also mentions that the selfie image sent will include location coordinates (global positioning system (GPS)) which informs the government where the sender is; it further notes that every selfie sent by a home-quarantined person is verified for its legitimacy by the state government’s photo verification team. The state government has, further, released a mobile application which reveals the addresses of COVID-19 patients in the state under which such exercise will be carried on. This decision to the use the mobile app for tracking of quarantined patients has also been adopted by the Delhi, Gujarat, Tamil Nadu, and Maharashtra governments.

This step taken by the Karnataka Government is in addition to its decision on 25/03/2020, to publish personal details of almost 20,000 quarantined persons including their door numbers, PIN code, and which country they travelled from, on the website of the Ministry of Karnataka Health and Family Welfare Services. Such publication of names has also been carried out in other States including Delhi, Rajasthan, Maharashtra, and Punjab.

These actions of the State Government, especially by the Government of Karnataka in response to fighting COVID 19, raise an important question of the conflict between the two fundamental rights: right to health and right to privacy, enshrined in the Constitution under Article 21.

Right to Health

The publication of the names, and the decision to track personal details of the quarantined persons, has been justified under the objective of curbing the transmission of the virus. The right to health has been recognized by the Hon’ble Supreme Court time and again as an integral part of the right to life and personal liberty. In furtherance of this protected fundamental right, in the present situation, the State is bound to take measures for creating awareness of the spreading virus, provide medical facilities to the infected persons, and take measures for preventing its transmission.

The easy nature of the transmission of the virus requires that the individuals have the information of infected persons, as well as of the persons from whom there is a possibility of infection, in order to take sufficient precautionary measures to not be in contact with them. The action of the State to make available this information can be claimed as a part of the fundamental right to health, and the right to live in a healthy environment protected under Article 21, under the guise of “public interest”. However, the question of abrogation of the fundamental rights of the quarantined persons arises, with their privacy rights being breached, through the disclosure of their personal details including, as well as the continues surveillance of their movement.

In this context, in the year 1989 ( the Lucy R. D’Souze Case), a petition challenging Section 53(1) (vii) of the Goa, Daman and Diu Public Health Act, 1985, which empowered the Government to isolate persons found to be positive for AIDS, was argued before the Bombay High Court. It was contended by the Petitioner that the impugned provision violated fundamental rights protected under Article 19. However, the Court, rejecting the argument, held that

Isolation, undoubtedly, has several serious consequences. It is an invasion upon the liberty of a person. It can affect a person very adversely in many matters including economic. It can also lead to social ostracization. But in matters like this individual rights has to be balanced the public interest. In fact liberty of an individual and public health are not opposed to each other but are well in accord. Even if there is a conflict between the right of an individual and public interest, the former must yield to the latter.

 

Right to privacy and Doctrine of Proportionality

However, in recent times, the Supreme Court has clarified that a clash between rights must also be adjudicated within the framework of proportionality.

The doctrine of proportionality stipulates that the nature and extent to which a law interferes with fundamental rights must be proportionate to the goal it seeks to achieve. The Hon’ble Apex Court in a 9 bench decision in Puttaswamy I, while upholding the Right to Privacy as a Fundamental Right under Article 21, laid down the criteria for determining proportionality, emphasizing on the aspect that the State’s action, infringing the rights of an individual, has to be least restrictive alternative, with the sanction of a law and in consistence with achieving its goals. Further, the right to privacy ensures that every State intrusion into privacy interests, which deals with the dissemination of information personal to an individual or personal choices relating to the individual, has to be subjected to the balancing test prescribed under the fundamental right that it infringes. The reason for doing so is to assure dignity of an individual; dignity can be assured only when an individual has an autonomy over their personal choices and control over dissemination of information.

When tested against the above principle, the decision of Medical Education Minister to track quarantined individuals has no constitutional backing. The said decision has been made through a “press release”; it is, therefore, an executive action of the Ministry. There is no clarity with regard to which law it has been authorised under. Even presuming that the government has invoked the Epidemic Diseases Act, 1897 or the National Disaster Management Act, 2005, neither of these laws authorizes the State (as rightly pointed out by Suhrith here) to track individuals and collect their data, without any safeguard. Therefore, it can safely be said that the executive decision has no sanction of law.

Moving further, the practice of tracking quarantined individuals has been adopted by several countries including Israel, China, Tiwan, and Singapore. Both Singapore and Israel have been enforcing certain procedural safeguards. For example, Singapore has mandated the using of mobile applications like Trace Together for quarantined individuals, which embeds a number of privacy-preserving features, such as data anonymisation, explicit user content to data sharing and no use of geolocation. At the same time Israel, while authorizing its internal security agency to track the movements of persons who have contracted the coronavirus and identify others who should be quarantined because their paths crossed, sets a limitation of usage of such data for a period of 30 days, with the permission of the attorney general.

However, in India, the states which have adopted the use of mobile applications to track the quarantined individuals, in complete violation of the Doctrine of Proportionality, provide no procedural safeguards. Furthermore, it is doubtful whether these moves meet the other prongs of the proportionality standard: i.e., the least restrictive alternative and the balancing test. For example, publicly stigmatizing individuals runs the risk of people – in the future – hiding their symptoms to avoid discrimination – a move that will be barrier for individuals to seek healthcare immediately, and to adopt healthy behavior. Thus, even if the goal is to preserve and maintain public health, measures such as these – which cause public stigma – are unlikely even to serve that goal on its own terms.

Coronavirus and the Constitution – IV: Privacy in a Public Health Crisis [Guest Post]

[This is a guest post by Suhrith Parthasarathy.]


In a bid to contain the Covid-19 pandemic, governments across the world are using means and measures that would otherwise be considered invasive and illegitimate. In some countries—China and Israel, among others—the State has used phone tracking devices to monitor the movements of persons who have either contracted the virus or have come into contact with someone who might have done so. Even the European Union has relaxed some of its existing regulations governing the sharing of location data. On 23 March, the European Commission wrote to a number of the continent’s telecom operators, urging them to share anonymized and aggregated mobile phone data. This information, the commission said, was necessary for it to track how the virus was spreading and to determine where and in what areas people’s medical needs were most necessary. Indeed, as a Financial Times report pointed out, the EU has had to put on hold its newly proposed digital strategy for artificial intelligence and data that called for an enhancement of its data sovereignty, with a recommendation that European AI algorithms should be trained on European data. In India, while it’s unclear if mobile phone data has yet been used to track the virus, a whole host of other measures have been put in place, which have otherwise impinged on people’s right to privacy. The State of Karnataka, for example, published a database containing a list of all persons (14,000 residents of Bangalore alone) who had either contracted the virus or who had been placed in quarantine. This database included details of these persons’ residential addresses and their travel history, among other things. Other states too have followed suit, and these details have often been leaked on WhatsApp and have been shared across groups and platforms.

Pandemics, as we know, can alter the course of history. The Yale historian, Frank Snowden’s study in his recently published book, “Epidemics and Society: From the Black Death to the Present” puts the coronavirus in perspective, by telling us the tale of the bubonic plague that hit London in 1665. “It had,” he told Isacc Chotiner in this interview, “an enormous effect on the economy. Bubonic plague killed half the population of full continents and, therefore, had a tremendous effect on the coming of the industrial revolution, on slavery and serfdom.” But in doing so, pandemics also change the nature of political power. Consider this passage from Snowden’s book:

Plague regulations also cast a long shadow over political history. They marked a vast extension of state power into spheres of human life that had never been subject to political authority. One reason for the temptation in later periods to resort to plague regulations was precisely that they provided justification for the extension of power, whether invoked against plague or, later, against cholera and other diseases. They justified control over the economy and the movement of people; they authorised surveillance and forcible detention; and they sanctioned the invasion of homes and the extinction of civil liberties. With the unanswerable argument of a public health emergency, this extension of power was welcomed by the church and by powerful political and medical voices. The campaign against plague marked a moment in the emergence of absolutism, and, more generally, it promoted an accretion of the power and legitimation of the modern state. [a hat-tip to Soutik Biswas for the reference to the passage].

 

We have, therefore, important lessons to take from history: that to absolutely waive our civil liberties in the perceived interest of public health portends dangerous consequences. In India, the trouble begins with the lack of a clear legal regime. Originally—before the central government finally woke up to the perils in front of it—various state governments had invoked The Epidemic Diseases Act, 1897, a colonial era law that granted state governments the power to prescribe temporary regulations to control the outbreak of any dangerous epidemic disease should it finding the existing laws insufficient. On 23 March, the Union government, following an address by the Prime Minister invoked the National Disaster Management Act, 2005, to seemingly provide a lawful basis for a nation-wide lockdown. [Gautam has discussed the implications of invoking the NDMA in this post here]. Notably, though, neither legislation provides governmental authorities any explicit legal basis to disclose personal information of persons who have either been inflicted with the virus or who have been quarantined for other reasons (such as their travel history).

The right to privacy, as we know, is a fundamental right. The Supreme Court’s judgment in Puttaswamy I makes it clear that the right includes a right to informational self-determination, that is the authority of every individual to decide for herself, when and within what limits information about her private life should be communicated to others. The opinions of Chandrachud, J. (on behalf of four judges), Nariman, J. and Kaul, J. each makes it clear that every person in India has a right to control the dissemination of information that is personal to her. Now, when governments disclose, as the State of Karnataka has done, residential addresses, phone numbers and travel histories of persons who have both been infected by Covid-19 or otherwise been quarantined there is a prima facie violation of the right to privacy. The question that we need to ask ourselves, though, is whether the infringement in this case is legitimate and constitutionally justifiable given the prevailing circumstances.

There can be little doubt that the right to privacy, like every other fundamental right, is not an absolute guarantee. But, as the Supreme Court held in Puttaswamy I, to restrict the right legitimately the State must first show us that there exists a valid piece of legislation permitting it to place a constraint on the right. What is more, such a constraint, as judgments since Puttaswamy I have made it clear (including the verdicts in Puttaswamy II, Anuradha Bhasin v. Union of India and Internet and Mobile Association of India v. RBI) must be proportionate in nature, that is they must satisfy the test as propounded by the Court in Modern Dental College and Research Centre v. State of Madhya Pradesh (2016)There, the court held, that the doctrine of partakes four separate lines of analyses: (1) that the measure has to be designated for a proper purpose; (2) that the measure undertaken is rationally connected to the fulfilment of that purpose; (3) that there are no alterative and less intrusive measures available that may similarly achieve that same purpose with a lesser degree of limitation; and (4) that there needs to be a proper relation between the importance of achieving the aim and the social importance of preventing the limitation on the constitutional right.

In the present case, neither the Epidemic Diseases Act, 1897 nor the NDMA accords the government the power to disclose personal information of any kind. Thus, the disclosures made are, as such, illegitimate. But there could be an argument made that the basic residuary power that these legislation accords to government also includes within its ambit the power to publish information of this kind, should such publication be deemed necessary for the purposes of controlling the epidemic or the disaster, as the case may be. The Epidemic Diseases Act, for example, grants state governments the power to prescribe temporary regulations. Similarly, section 6(i) of the NDMA grants to the “National Authority”—which has as its ex officio chief, the Prime Minister—the power to “take such other measures for the prevention of disaster, or the mitigation, or preparedness and capacity building for dealing with the threatening disaster situation or disaster as it may consider necessary.”

Even assuming for a moment that these clauses do accord to governments the power to make disclosure of private information any such disclosure will however have to nonetheless be proportionate in nature and must satisfy the test laid down in Modern Dental College. Here, however, no express regulation appears to have been made under either statute laying out a general framework for disclosure of information such as the residential addresses, phone numbers and travel history of those infected with the virus. What is more, it’s also entirely unclear how the disclosure can at all be considered proportionate.

Maintaining public health, especially during the time of a pandemic, is unquestionably a legitimate aim of the state. But there is nothing on record here to show us how the measure undertaken—that is the publication and leaking of a whole host of private data—is rationally connected to the fulfilment of the aim. How, we might want to ask, is public knowledge about an infected person’s residence and her mobile phone number going to assist the fight against the pandemic? Surely, there are less intrusive measures available. Would it not be sufficient to have broad locality level knowledge of where infected persons might be residing as opposed to publishing their exact residential addresses? The disclosures made by the Karnataka government fall afoul, therefore, of at least three prongs of the test expounded in Modern Dental. Moreover, the state government has now released a web-based mobile application, called “Corona Watch”, that discloses not only the movements made by persons infected with the virus—public places that they might have visited and the time when they made such visits (information that one might find helpful) but also the home addresses of these persons. Again, the disclosure of this personal information us unfounded in any authority of law and it is also grossly disproportionate to what might be considered as lawful objectives of the state.

There is no doubt that these are extraordinary times. They call for special actions by the State. Chandrachud, J’s plurality opinion in Puttaswamy I explicitly recognises public health as a valid ground on which certain forms of restrictions can be placed on the right to privacy. “…the state may assert a legitimate interest in analysing data borne from hospital records to understand and deal with a public health epidemic such as malaria or dengue to obviate a serious impact on the population,” he wrote. “If the State preserves the anonymity of the individual it could legitimately assert a valid state interest in the preservation of public health to design appropriate policy interventions on the basis of the data available to it.” But while the State will inevitably have to make encroachments on certain swathes of private information that it otherwise cannot, in the interest of public health, any such intrusion, as Chandrachud, J. holds, must still be necessary and proportionate.

At least some of these illegalities could have been obviated had we enacted a data protection law enshrining basic privacy principles, as demanded by the Supreme Court in Puttaswamy I. Such a statute might have installed a regime in which governments were made more acutely aware of when and where they could disclose private information. In the present case, by indiscriminately revealing information about persons who have either been infected with Covid-19 or who have been asked to keep themselves quarantined on account of their travel history the government has opened up the possibility of stigmatization, which, in a country like ours, could lead to various other forms of discrimination. The disclosures made, therefore, not only impinge on the right to privacy, but potentially violate a slew of other guarantees, including the basic human dignity of these individuals. We might well view the urgency of the pandemic as a justification for a limitation on civil rights. But to allow it to enter our conscience as legitimate state action can have dangerous consequences that go far beyond the immediate perils that we are faced with today.