On 22.02.2018, the 5 Judge bench of the Supreme Court comprising Chief Justice Dipak Misra, and Justices A.M. Khanwilkar, D.Y. Chandrachud, A.K. Sikri and Ashok Bhushan continued hearing the Aadhaar Act case (Puttaswamy v UOI), to decide the constitutional validity of the Aadhaar Act.
Today, Mr Gopal Subramanium began by arguing that people could not be made to submit their personal information such as biometric data and biometric authentication could be mandated only on commission of a crime. In fact, in the Selvi Case (which had been approved by the Puttaswamy judgment), the Court noted that in certain situations, even compulsory fingerprinting of ‘suspects’ could violate their fundamental rights. Moreover, national security actions must be taken in accordance with constitutional concepts and could not be used as a shield to violate fundamental rights.
Mr Subramanium then referred to the electoral roll being linked with Aadhaar, ignoring interim orders of the court. He submitted that the fact that the flawed architecture of Aadhaar was now a part of the electoral scheme was a matter of great concern. He read excerpts from the book IBM and the Holocaust: The Strategic Alliance between Nazi Germany and America’s Most Powerful Corporation by investigative journalist Edwin Black which details the business dealings of International Business Machines (IBM) and its European subsidiaries with the government of Adolf Hitler during World War II, to point out how technology could be used to profile citizens.
He submitted that banking data which had been linked to Aadhaar to purportedly prevent money laundering was available to SRDHs and private parties. There now existed an industry around this data – the Aadhaar ‘bridges’ (as they called themselves) – which were now claiming through intervention applications in this case that it was their right to trade this data under Article 19. At this point, Mr Rakesh Dwivedi interjected to clarify that the data with the SRDHs had been destroyed and deleted after they were closed down and that there was no sharing of data by the SRDHs and private parties.
Justice Chandrachud asked Mr Subramanium to provide credible evidence (other than third-party applications) that showed that private parties had accessed the data, the nature of the data that was being allegedly accessed and how it was accessed. Mr Subramanium responded that the Aadhaar architecture facilitated it through Section 57, and authenticating agencies were using the data they had collected to come up with innovative business models like the Aadhaar bridge which was an invitation to other businesses to access this data. The Aadhaar number, now part of multiple channels, could be used to construct a picture of all the activities of an individual – where he went, what he ate, how much he made, how much he spent, who he voted for. Justice Chandrachud illustrated the point with a situation where a man who applied for a job application is asked for his Aadhaar number by the employer, who could then find out about his medical history, his marital history, etc. Mr Subramanium gratefully agreed, pointing out that this was where convergence happened. The CJI and Justice Sikri wondered – wasn’t it the right of the employer to know the background of the prospective employee? Mr. Subramanium submitted that it was his right, but that could be carried out through human interactions – Aadhaar was not necessary for this.
Mr Subramanium then submitted that Section 31, read with the Regulations, put the burden of updating the data upon the individuals. This was an excessive burden on the citizens. Not only was the science of biometrics flawed, but how was the citizen to know when the biometrics needed to be updated in the system? Moreover, in every case of authentication failure the individual was treated as a ghost, a fraud by the State, which was an assault on the citizen’s dignity. Justice Sikri agreed, saying that when authentication failed the person ceased to exist, and the question of updating the data didn’t arise.
Mr Subramanium concluded the morning session by pointing out that asking children for their data was detrimental to child rights, and children could not be subject to such indignity. Mr Arvind Datar interjected to point out that he was asked for his Aadhaar card to visit the Tirupati temple, to which Mr Subramanium quipped that it was not God who had asked for the Aadhaar card.
Post lunch, Mr Subramanium attacked the Aadhaar Regulations – Regulations 27 to 29 – which dealt with the deactivation of Aadhaar Number. He contended that the regulations presupposed a valid authentication (which was not always the case) and there were incremental assurances in Section 28 of Aadhaar Act. The Proviso in Section 28 excluded even the individual from accessing his own biometric information! It thus violated the right to dignity and Articles 14, 19 and 21, and was absent of substantive and procedural reasonableness. Referring to Section 29 of the Aadhaar Act, which restricts sharing of information, he pointed out that the word “may” used throughout the provision also violated substantive reasonableness.
Mr Subramanium also assailed Sections 32 and 33 which mandated that no order by the court under 33(1) could be made without hearing out the Authority. He asked the court, what about hearing out the individual? That aspect was completely missing and furthermore, India was not an inquisitorial jurisdiction, but Section 33(1) made it one.
Mr Subramanium assailed Section 7 of the Act, arguing that it imposed conditions and requirements on the citizens to undergo authentication. He submitted that the purpose of the Act, which was targeted delivery of subsidies and entitlements, was not furthered by Section 7. Section 4(3) made Aadhaar a universal identifying tool and not a mechanism to disburse benefits. The overarching coverage sanctioned through these sections was another reason for it to be struck down, as it violated Article 14 in the absence of a clear object, discernible objective, and intelligible differentia. He submitted that Aadhaar as a universal identifying tool violated the Constitution. Moreover, if authentication failed, it resulted in complete disablement (refer to Section Regulation 27(2) and (3)).
Mr Subramanium then argued that there was also a threat to the data. He drew the Court’s attention to the contracts that existed between the State and private actors for writing algorithms. The algorithms were neither created nor controlled by UIDAI. Bidders with L1 contracts had access to data which could then be sold, misused, or leaked. Technology had the power to defeat law and data which had been collected through the Aadhaar scheme could facilitate predictive policing through learning algorithms. As this data could reveal everything about the individual, in the absence of a data protection law the roll out of Aadhaar could not be allowed. He also argued that the data retention policy of Aadhaar was too broad, uncanonised and went against the constitutional concept of judicial review.
Mr Subramanium argued that the probabilistic nature of Aadhaar was prone to error, leading to several instances of exclusion. He read from a letter issued by the Government which stated that many Common Service Centres (CVCs) had been scrapped due to allegations of corruption and enrollment violation. Such a situation had been made possible, he argued, due to lax accountability standards. He prayed that the Court note that the policy had not shrunk and had made inroads into, and encroached upon, fundamental rights. The Act was failing Part III in two ways, firstly by violating citizens’ right to privacy and dignity and secondly by enabling exclusion of the rightful beneficiaries when they failed to “authenticate” themselves. He vociferously argued that Aadhaar architecture had allowed starvation deaths and prayed the court to set up a commission to identify those who had suffered deprivation, and assign compensation, on the lines of the Rudul Sah and Neelabati Behra decisions.
He concluded his arguments by stating that the Aadhaar Act was unconstitutional as it demanded that the citizen should reveal details about himself to the State without substantive reasonableness, and thus violated human rights, the right to life and liberty, and dignity.
The matter will be heard after the Holi Vacation, on 6th March 2018. Mr Arvind Datar will begin his arguments.