Day 7 ArgumentsConstitutionality of Aadhaar Act
February 6th 2018
On the 6th day of arguments, Mr. Shyam Divan presented arguments based on ideas of constitutionalism, limited government and rule of law. Before the bench rose for the day, he began to read from affidavits of the Right to Food Campaign’s on-field reporters which contain instances where beneficiaries were prevented from availing their entitlements as the biometrics-based authentication had failed, leading to their death.
Today, Mr. S Divan continued to read from those affidavits, pointing out that these instances showed exclusion, death, loss of dignity and an absence of an alternative way of identifying oneself – all of which violated Article 21 of the Constitution. Chandrachud J pointed out that one must also look at the lack of internet permeability, to which Mr. Divan agreed and added that the authenticating machines had a ‘memory’ which stored the fingerprints so the authentication could be carried out at a later time in a place with an internet facility. The bench unanimously pointed out the potential for misuse in such a scenario.
Mr. Divan then argued that as a person’s biometric data was taken – without her consent – and then used against her to exclude her from benefits went against Articles 14, 19, and 21. He added the following dimensions of this argument:
- Aadhaar did not have an opt-out option: He read from affidavits of people who wished to opt out of the Aadhaar scheme, but had no such option.
- Data security aspect: He referred to the affidavit of Dr. Rakesh Mohan Goyal, which stated that the requesting entities not only collected and stored biometric data but that UIDAI had no control over their actions. Moreover, this data was easily accessible to third parties. The affidavit showed the high risk of this data being hacked at various points. Chandrachud J queried whether the authenticating device was provided by the UIDAI and Mr. Divan responded that the UIDAI merely prescribed technical specifications, but the devices could be bought in the market – indicating another point where the data was at risk. He emphasised that this design was faulty and the trust placed in the State was at risk.
- Biometric fraud: Referring to a Special Task Force report in Uttar Pradesh, where a group of defrauders had been nabbed for forging biometric data and fingerprints, Mr. Divan brought to the notice of the Court that cloning fingerprints was easy, and as the whole authentication system was probabilistic, citizens were essentially being asked to plant their fingerprints in a very unsafe system.
- Exclusion of ‘ghosts’: Referring to an affidavit which showed how schoolgirls in a residential school for tribal girls, who had no Aadhaar card or were unable to authenticate their biometrics, had not been counted when electronic attendance was taken. This could be a problem as, in the future, the teachers who were taking attendance manually might be seen as inflating the numbers, when in fact these girls were physically present in the class.
- Human body and informed consent: A liberal democratic public culture ensured the right against slavery, but the mandatory nature and the denial of entitlements for want of an Aadhaar card went against this very idea.
Mr. Divan concluded his arguments with the following statements:
- Personal Autonomy: Citizens could not be forced to lose parts of our body to the State, especially in a digitally advanced environment such as the present.
- Constitutional Trust: Not allowing citizens to use anything other than Aadhaar to identify themselves showed that the State mistrusted its people.
- Rule of Law: The way Aadhaar had been rolled out and expanded went against the rule of law.
- Domination by the State: If allowed to continue unfettered, the Aadhaar scheme would provide the State with a mechanism to dominate the citizenry.
Mr. Kapil Sibal, who was representing one of the Petitioners, began his arguments after lunch. He began by laying out the enormity of the matter and its implications for the consideration of the Court. He laid down the following propositions before the bench:
- The digital world is far more susceptible to manipulation than the physical world.
- No legislation could or should allow an individual’s personal data to be put at risk from a lack of a technologically assured and safe environment.
- Such a level of assurance is impossible to obtain in the digital space.
- Biometric, core biometric, and demographic data of an individual cannot be retrieved once it was part of the digital world, just like when a genie was let out of a bottle.
- The digital world is a vehicle to benefit the information economy.
- When this information economy created the architecture for an information policy it has far reaching consequences and impacts individual rights which are constitutionally protected.
Mr. Sibal proceeded to first analyse the Aadhaar Act, 2016. Before he began, Chandrachud J asked for clarification on how the Aadhaar Act made it an obligation to have an Aadhaar card, given that Section 3 made it an entitlement, to which Mr. Sibal responded that Section 7 made it mandatory. He went on to read the definitions of ‘subsidy’, ‘benefit’ and ‘service’ in the Aadhaar Act to and pointed out that they were related to the Consolidated Fund of India. He then pointed out that banks and mobile companies asking for Aadhaar authentication went against this, and also made the consent under Section 8 illusory. He went on to add that the CIDR (Central Identities Data Repository) was controlled by a foreign entity, which had the Respondents shaking their heads indicating this was not the case. Chandrachud J then asked who the ‘requesting entity’ could be, to which Mr. Sibal submitted that under Section 2(u) read with Schedule A of the Regulations, anyone could become a requesting entity and thus access the data.
Chandrachud J then read out Section 8(3)(c) which provided for ” alternatives to submission of identity information to the requesting entity”, thus indicating that alternatives could be provided. Mr. Sibal argued that the alternative was with respect to getting identity information (i.e. either Aadhaar number, or biometric information or demographic information). The Bench disagreed with this interpretation, stating that in that case the section would have been worded differently.
Mr. Sibal then stated that the Regulations which enabled the storing of data and metadata suggested that the State presumed every citizen was a money launderer or terrorist. He pointed out that after six months even the individual lost his right to access his information, but it was archived and usable by the State. He noted how the US was circumventing the fourth amendment by asking data from Google, and when asked by Sikri J what could stop the State from going to Google for the data, Mr. Sibal responded that the check was that this was allowed only after a Court order. Moreover, one had the choice of not being on Google, Facebook, and Twitter. In fact, Google used an individual’s data to provide the person with more choices, whereas the Aadhaar was taking away a person’s choices.
Mr. Sibal then moved on to discuss the power of the state to deactivate someone’s Aadhaar, pointing to Regulations which allowed such deactivation for “any other reason deemed appropriate.” Chandrachud J pointed out that the validity of an Act could not be judged by the potential for its abuse. Moreover, the constitutionality of a law had to be judged on a generality of cases and not on exceptions. He further asked how could the Court ensure a technologically safe environment? Mr. Sibal responded that in the digital information age, there was not merely a “possibility” or a “potential for” misuse any more, but a real vulnerability. He thus prayed the Court to come up with a new set of principles to deal with digital issues.
The matter will next be heard on 07.02.2018.