By Arpita Biswas
In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.
An interim order was passed in December of 2017, a summary of the arguments can be found here and here.
The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.
Senior Counsel K.V. Viswanathan continued with his submissions.
He discussed PDS irregularities related to Aadhaar.
He also discussed the case of Marper, citing to establish that several misleading statistics had been used by the parties. He stated that several statistics were considered and rejected by the Court. Similarly, he urged the Bench to consider the statistics on Aadhaar’s success which would be presented by the respondents.
He then went on to discuss the case of Peck vs. The United Kingdom. He stated that the examination of alternate means in this case was mandatory. He also stated that the court noted that the council had other options available to it.
Mr. Viswanathan also discussed ‘excessive delegation’ under the Aadhaar Act. In this regard he stated that the Act does not lay down any guidelines and there was no right of hearing against omission of Aadhaar numbers, in addition to other such aspects.
Mr. Viswanathan concluded his arguments and Senior Counsel Anand Grover commenced with his submission.
His first submission was that the whole architecture of Aadhaar was beyond the Act since data was allowed to move outside the CIDR.
He also commented on the private nature of enrolling agencies and other related bodies, as has been stressed on earlier in the hearings.
He stated that all these factors could contribute to a serious breach of privacy.
Moving on, he discussed the Aadhaar Act and what was allowed to be collected under the Act. While the Act allows for the collection of biometric demographics, the data collected in real time went beyond just the demographics. Mr. Grover stated that often factors like caste were collected as well. He stated that the data was segregated and sent to the state and the CIDR separately. He also stated that the UIDAI had a proactive role in this form of data collection.
On the issue of data destruction, Mr. Grover stated that the hard disk and the server would have to be destroyed to ensure the complete removal of data, implying that the data removal technique in use now was technique.
He also stated that privacy had to be preserved and that data leakages into the public domain would have to be prevented as well.
Referring to the state resident data hubs, he stated that biometric data was made available for private and unregulated use as well. Further, he stated that registrars retain biometric information as well and that the CIDR would also be absolved of any liability.
Reiterating the issue of collecting details about caste, he stated that state resident data hubs could collect and use such data for their own analyses, as has happened previously in Maharashtra.
He stated that permanent deletion of data was not a simple process and that the union should have to furnish evidence of such deletion.
He also stated that the architecture of the CIDR was such that unauthorised entities had easy access as well.
Mr. Grover then went on to discuss the inaccurate nature of fingerprints and iris scans.
Further on the Aadhaar Act he stated that no one could file complaints under the Act and that the biometric system allowed for exclusion. He reiterated that private agencies had access to personal information of third parties
On the issue of data retention, he stated that there was a complete failure to ensure the security of data. He also stated that data retained its private nature at all stages.
On the issue of authentication, he stated that authentication was only meant to be conducted through registered devices, however, unregistered devices have also reportedly been used.
Mr. Grover further discussed the Aadhaar Act, focussing on Section 23(2)(m) and data security regulations.
He discussed the likelihood of how e-governance systems would function and the effects on essential supplies. Using the example of electricity supplies, he stated that e-governance systems often categorised areas and that rural areas could be on the lowest rung of the categorisation. This would imply that rural areas would receive lesser resources.
The Bench questioned whether Mr. Grover was referring to a system of categorisation or prioritisation.
Mr. Grover stated that the system took the form of prioritisation.
He stated that the determination of such matters would then be carried out by technologically driven code, and that it was impossible to understand the technology. He questioned how it could be determined, stating that it could amount to a violation of rights by virtue of use of technology. He stated that laws are written into self-executing codes and Aadhaar data would never be neutral to all citizens. He stated that even if there was no active discrimination, there could still be differential treatment by virtue of the technology.
He remarked on the excessive delegation of the Aadhaar Act and the interim orders passed in 2015, stating that the executive could not override the Court’s orders.
On the issue of privacy, he commented on purpose specific use limitations and discussed the PUCL guidelines and the case of United States vs. Resting House.
He stated that the Aadhaar Act had no safeguards and that prohibited acts were being carried out with impunity. He also stated that the UIDAI had facilitated data transfer in contravention of the Act. He also reiterated that the data could not be permanently destroyed. Lastly, he stated that a solution would be to carry out an audit of the Aadhaar project or prove that one had been carried out.
Mr. Grover concluded his arguments and Senior Counsel Meenakshi Arora commenced her submission.
She stated that her submission would look into 3 aspects. First, her submission would look into data collection, profiling and surveillance. Next, she stated that dignity and identity were important aspects and could not be denied.
Referring to the judgment of Kharak Singh, she discussed physical individual surveillance, targeted surveillance and mass surveillance. On mass surveillance, she stated that other jurisdictions had also recognised the effects of mass surveillance. Relying on the judgment of Marper, she stated that it was not merely a matter of surveillance but also an apprehension of the fact that there could be future use of certain data.
Referring to an ECHR judgment, he stated that data was required to be destroyed and the concern was not with regard to real time surveillance. He also stated that data could be in the hands of authority that could have the propensity of using it and there could be an apprehension of use as well.
She stated that with reference to the linkage of Aadhaar, the Union had claimed that the law was to avoid all forms of fraud, evasion, terrorism and that it was necessary for preventive measure. Ms. Arora also commented on the quality of the law.
Chief Justice Misra stated the Indian judiciary has not used the phrase ‘the quality of law’ since it brings morality into picture.
Justice Chandrachud commented that the ‘quality of law’ implied that the test of necessity, foreseeability and accessibility would apply.
The hearing will continue on the 20th of March (Tuesday).
Arpita Biswas is a Programme Officer at the Centre for Communication Governance at National Law University Delhi