Aadhaar Hearing: Highlights From 38 Days Of Supreme Court’S 2nd Longest Hearing In History
Editor’s Note: This copy was published on 22 June, 2018. It is being republished in light of the Supreme Court’s verdict on the constitutionality of Aadhaar likely being pronounced tomorrow. For the past four months, cyberlaw expert and certified information privacy professional Asheeta Regidi has been following the proceedings of the Aadhaar case in the Supreme Court for tech2. As we approach the judgment in this, the second-longest hearing in the history of the Supreme Court, here’s a glance at the major arguments made over the past 38 days of hearings.
Lack of integrity in Aadhaar enrolment and authentication
The arguments against Aadhaar began with the assertion that data collection was happening in the absence of a law, that personnel were not qualified to collect and handle sensitive data and that the biometric process itself was unreliable. Fingerprints can be cloned and iris scanners bypassed.
To add to this, it was argued that firstly, the collection of biometric information is itself a violation of the fundamental right to bodily integrity. Further, it was argued that the receipt of government benefits on the conditional waiver of constitutional rights is unconstitutional.
On day 7 of the hearings, an affidavit by a cybersecurity expert was presented, which stated that enrolment centres were illegally retaining biometric data, a fact that neither the UIDAI and the people were aware of. The affidavit also enumerated six ways of hacking Aadhaar.
Petitioners also pointed out the leakage of data compromises the system.
On day 13 of the hearing, petitioners made the argument that people cannot be asked to give their biometrics if criminality of proof of offence hasn’t been proved.
Further, it is currently assumed that biometrics were captured properly the first time. A failure to authenticate later is seen as an attempt at duplicity.
It was also pointed out that the UIDAI didn’t have ownership of the software involved in biometric data collection, further putting the Aadhaar system at risk. The Aadhaar Act requires complete ownership.
On day 18, petitioners argued that the use of uncertain and unproven biometric technology was a violation of Articles 14 and 21, and that a thumbprint and iris scan are both not unique and changeable.
Test of validity
The petitioners argued that there was no law for data collection prior to 2016. Therefore, Aadhaar violated the privacy of citizens without any legal basis for doing so.
They also argued that the large-scale collection and storage of data did not meet the “test of proportionality”. In other words, the petitioners are arguing that the ends (efficient disbursal of welfare benefits) did not justify the means (breaching the right to privacy of a billion plus citizens).
The petitioners argued that when the potential for harm is overwhelming, the standards of scrutiny for the Act enabling the harm must be higher, and Aadhaar does not meet these standards.
Retrospective validation of Aadhaar
While Aadhaar was launched in 2009, it was only given a legal basis in 2016. This, argue the petitioners, is significant because informed consent cannot be assumed in retrospect. The fundamental right to privacy cannot be violated in retrospect.
India is a nation that’s governed by law, argue the petitioners, not by people. Depriving a person of life or liberty is only possible with the authority of the law. To add to this, Aadhaar was enforced in direct violation of several Supreme Court orders mandating that Aadhaar be voluntary.
On day 12 of the hearing, the Bench agreed, stating that while an absence of law could be supplemented in retrospect, a breach of law could not be validated in retrospect.
On the validity of Section 59 as a validating provision
Section 59 of the Aadhaar Act retrospectively validates the acts of the government prior to 2016, when the Aadhaar Act was passed. The bench stated that while the section does not grant retrospective validity to the acts of the govt, it deems them to have been done after the passing of the Act. The petitioners questioned if it was even possible to have such a provision. They also argued that since Section 59 only deems the Act to be valid from 2016 as opposed to 2009, the act is invalid.
They also argued that trying to correct the absence of a law and the absence of safeguards in retrospect, as Section 59 attempts to do, cannot be legal. For example, the collection of data before 2016 happened without informed consent, which cannot be retrospectively assumed.
On Aadhaar Act passing as a money bill
Petitioners argued that Section 7 of the Aadhaar Act (which establishes the link with Aadhaar as a money bill), was not essential to the Act. An amendment to the Food Securities Act would have sufficed, they argued.
Without Section 7, Aadhaar cannot be treated as a Money Bill and would only establish a new mode of identification. It was argued that Section 7 gives too much power to the State or a private entity to deny any other form of authentication. It was also noted that the Section 7 was in direct violation of an earlier Supreme Court order, making the mandating of Aadhaar an impermissible executive exercise.
On day 15, Senior Counsel Arvind Datar argued that for Aadhaar to be classified as a money bill, it would have to be bound by its Statement of Objects. Since private parties are allowed to use Aadhaar (as per Section 57 of the Aadhaar Act), the Bench observed that the Act then loses its nexus with a money bill.
The petitioners pointed out that the Rajya Sabha had recommended the deletion of Section 57 and the provision of an opt-out clause.
The primary argument against the passing of Aadhaar as a money bill, however, is that a bill so passed bypasses the Rajya Sabha and the president. This, it was argued, requires very careful and strict interpretation to classify a given bill as a money bill.
Aadhaar as a surveillance tool
The petitioners further argued that Aadhaar could be used as a surveillance tool and that secret surveillance had the ability to undermine a democracy. More importantly, there is a need to protect the future generations from such surveillance. They also argued that while surveillance by a private entity like Google existed, Google was an optional service. To add to that, surveillance by the State can cause much greater harm.
The Supreme Court countered some of the Aadhaar-surveillance arguments with an observation that similar data collection happens when a person uses an iPhone or an ATM.
The Bench also asked how data collection via Aadhaar was different from data collection via a PAN card linked to the Income Tax department, say. The petitioners explained that the problem with Aadhaar was the centralisation of data collection. Data that was normally in silos was now in one place, making it much simpler to track an individual. Ultimately, they argued that it’s not even about data collection, but about an architecture that enables pervasive surveillance.
Kapil Sibal went so far as to call Aadhaar an RTI tool (Right to Information) for the State for information on citizens.
The Bench here pointed out that the Aadhaar Act cannot be questioned on its potential for misuse. The petitioners countered that given the amount of information that was being taken by the State, surveillance was a reality.
On day 9 of the Aadhaar hearing, petitioners brought up the 2011 destruction of the UK ID card database, a biometric database that was found to be too intrusive and thus, unconstitutional. The petitioners further argued that Aadhaar is even more intrusive because it also collects metadata, not just biometrics (as defined by Regulation 26).
On day 10, petitioners pointed out that information is knowledge, information which, in silos, amounted to nothing. They also pointed to the high valuation of WhatsApp, which was based entirely on its potential to generate information on its users. A nationalised ID is fine as long as it is private and not in a centralised database.
On day 11, they argued that Aadhaar cannot survive in the absence of a data protection law, given that it treats data as property.
On day 12, the Bench raised the question of privacy vs national security. The Bench noted that the State has a legitimate interest in monitoring the web to secure the nation against cyberattacks and terrorist activities. The petitioners countered that Aadhaar was dealing with an entire population, not terrorists. Also, the stated purpose of the Aadhaar Act is not that of surveillance.
Pointing to the case of Szabo vs Hungary, petitioners argued that a system of secret surveillance set up on the grounds of defending democracy, entails a risk of undermining or even destroying democracy.
Responsibility and redressal
It was also argued that there is no redressal mechanism in place for dealing with violations because of or related to Aadhaar. The UIDAI took no responsibility for the data while still going ahead and funding the SRDHs (State Resident Data Hub) without any sort of statutory approval.
The petitioners argued that sharing of data with the SRDH was illegal and impermissible under the Aadhaar Act. They also pointed out that there was no evidence that third parties like SRDHs and registrars destroyed biometric data, as they should have done once the Aadhaar Act was passed.
Challenging the State’s claims about Aadhaar
The government’s claims of Rs 17,000 crores in savings via MNREGA and LPG subsidy via Aadhaar were challenged, with the petitioners claiming that the actual numbers were nearer the Rs 220 Crore mark. A World Bank report claiming $11 billion in savings due to Aadhaar was also brought into question, with petitioners bringing up the fact that a senior World Bank official resigned over issues with data integrity. Petitioners also pointed out that some of the savings could also be attributed to previous schemes.
They pointed out that any law cannot violate a fundamental right in retrospect.
The petitioners argued that the goverment assumed that identity fraud was the only cause of leakages. They claimed that the government used older reports to make assessments and that the State would otherwise be unable to present any evidence to justify the infringement of rights as a result of enforcing Aadhaar……..Read More>>