In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.
The final hearing commenced on January 17, 2017. Summaries of the arguments advanced on the first four days can be found here.
The matter is being heard in front of a constitutional bench, comprising of Chief Justice Dipak Misra, Justice Sikri, Justice Khanwilkar, Justice Chandrachud and Justice Ashok Bhushan.
Mr. Sibal started off the proceedings by clarifying his interpretation of Section 8(3)(c) of the Aadhaar Act. He also read out the definition of authentication as under Section 2 (c) of the Act.
He stated that authentication pertains to either democratic or biometric information. Referring to the previous day’s proceedings, he stated that these were the only forms of information acceptable and that there were no alternatives available. He stated that the provision was wrongly drafted.
Justice Bhushan stated that if Mr. Sibal’s interpretation was accurate, there would no need for this provision.
Mr. Sibal agreed, stating that the Aadhaar Act would evidently only pertain to Aadhaar and not other forms of identification. He read out the definition of demographic information, stating that it was broadly worded. He reiterated that there were no true alternatives and that the only alternatives were under the 3 heads that have already been mentioned.
The Bench stated that the mention of ‘alternatives’ could be for the purpose of double-checking, Mr. Sibal agreed.
Justice Chandrachud stated that identity information under Section 2(n) is defined in an inclusive sense and that it is not exhaustive. Mr. Sibal disagreed, stating that this would not be relevant in the context of Section 8(3)(c).
Moving on, Mr. Sibal stated that there was no centralised database of this nature in other jurisdictions. He also stated that Israel had a similar system, however, furnishing identity to avail of benefits was not mandatory under this system.
He then went on to discuss the Authentication Regulations, specifically Regulation 4. He then discussed the different forms of authentication, including multi-factor authentication. He referred back to Section 8(3)(c), stating that these were the only forms of authentication available and that there were no alternatives available.
Further, he discussed the storage of fingerprints on centralised depositories, stating that in other jurisdictions, the fingerprint would be stored on the identity card itself and not in a database. He stated that the UK system which was discarded functioned similarly.
He then discussed Section 57 of the Aadhaar Act, and offered an alternative interpretation.
He stated that no one could question the use of a citizens Aadhaar because it is their identity, neither the state nor any body corporate or person.
The Bench implied that in this context, Aadhaar could be used for other purposes.
Justice Chandrachud questioned this interpretation. He also stated that the government seems to imply that private parties could also use Aadhaar. He clarified that Section 57, as per Mr. Sibal, was an option not a compulsion.
Mr. Sibal reiterated that the possible misuse could result in its validity. He clarified that he was not referring to the misuse by the state but was focussing on the nature of the digital world.
The focus then shifted to metadata, Mr. Sibal read out excerpts on the difference between data and metadata. He mentioned what metadata entails and referred to instances of civil rights organizations detailing possible human rights abuses.
Mr. Sibal then stated that the issue was not misuse by the state, rather that a citizen was being made vulnerable. He stated that vulnerability was the violation of Aadhaar.
He then referred to a document by the RBI, detailing issues with UIDAI system.
Justice Chandrachud clarified that the document was a staff paper, not a policy document.
Further on the issue of the safety of biometric information, Justice Chandrachud stated that any such system would be vulnerable to attacks and leakages.
Mr. Sibal stated that in the digital realm, a loss of data would be permanent.
He concluded the proceedings for the day by referring to the degree of control the retaining agency obtains over biometric information and the relevant legal safeguards. He also referred to the exclusionary nature of Aadhaar.