In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.
The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.
The AG resumed his submissions on the issue of money bill. He reiterated that Ar.110(1)(g) is a stand alone provision and therefore there can be a bill which deals only with it and not deal with Ar.110(a)-(f). Referring to s.57, he submitted that independent laws can be passed under the section as long as it is relatable to Ar.110(a)-(g).
The CJI interjected that s.57 is an enabling provision that allows the state legislature to introduce Aadhaar either as a money bill or not for various services and that its nature would be examined only if its challenged in a court of law.
Justice Chandrachud mentioned that when Aadhaar platform is used by the states through law or by private parties through contract, it must conform with the data protection provision.
The AG responded that Aadhaar architecture is created by central law and therefore unless it authorizes the use, the states can’t use it. He further submitted that the government of India has created this massive structure to provide subsidies and other services but requires it to be self-sustaining and therefore has opened it to the private parties.
Justice Chandrachud interjected that s.7 retains the nexus to the consolidated fund of India (CFI) but s.57 snaps it. He pointed out that a private party could join the Aadhaar infrastructure through contract for purposes that have no nexus to the CFI. He said that based on this, the petitioners are arguing that s.57 does not qualify as money bill.
The AG responded that one has to look at the Act in totality and not examine if each provision would qualify as money bill. He conceded that s.7 is the nexus to the money bill but submitted that s.57 is part of the Parliament’s efforts to open the Aadhaar platform to other entities.
Next, he discussed the issue of telecom linking to Aadhaar. He argued that the linking eliminates all possibilities of forgery and fraud. He pointed out that the linking will remain optional only till the final disposal of the matter.
The AG then submitted that surveillance is prohibited under the Act and therefore the Act cannot be struck down merely because there is a possibility for it. He raised objection to the usage of the terms “concentration camp”, “electronic leash”, and “totalitarian state” by the petitioners.
Senior counsel Shyam Divan commenced the rejoinder on behalf of the petitioners. He submitted that it is the first time that a technology of this kind is deployed in a democracy. He stated that Supreme Court is the absolute vanguard of traversing human rights into technology. He argued that surveillance state is not permissible under Constitution and objected to the respondent’s argument that Aadhaar infrastructure does not result in surveillance.
He next referred to an affidavit filed by the Union on March 9, 2018.
He submitted that there are three elements of surveillance- identity of person, date and time, and location. He pointed out that the Act itself requires identity, date, and time at the time of authentication. Referring to the affidavit and presentation of the CEO and supporting documents, he argued that the response of the government’s experts to the petitioner’s experts states that biometric database is accessible to third party vendors. He submitted that the breach of the verification log would leak location of places where an individual performed his authentication in the past five years. He submitted that this compromises the security of privacy. He further pointed out that as per the presentation report, it is possible to track the current location of the individual even in the absence of a breach. He submitted that the UIDAI knows the location but for a third party to access the location, he would have to breach the verification log.
He therefore submitted that as per the experts of both parties, all three elements of surveillance are satisfied by the Aadhaar architecture.
Justice Chandrachud interjected that in a digital world one cannot ever have a guarantee of absolute security and therefore as long as the database is kept secure, an adequate level of privacy is maintained. Mr. Divan responded that this is not just a privacy issue but also a limited government issue. He argued that the coercive power of government cannot extend to the creation of an infrastructure that is capable of tracking people across five years in real time.
Next, referring to the CEO’s submission that all devices will have a unique ID to enable traceability and detection of fraud, he submitted that this would enable the individual to be traced using the device.
Mr. Divan then raised objection to the AG’s submission that UIDAI is distinct and autonomous and that the union government is different from it and therefore the latter would not be provided with access to the data. He argued that no instrumentality of state should establish such a mass surveillance regime. He submitted that the Supreme Court should not permit something so deeply flawed to function in the country.
He argued that if our constitution repudiates surveillance state, we cannot have a legislation which allows it. He submitted that the Supreme Court should not usher in a machinery that can trace back the locations, as it is constitutionally impermissible. He further submitted that if the court arrives at the conclusion that there is indeed surveillance, then balancing of rights is impossible.
Next, he referred to the answers submitted to the UIDAI in response to the questions asked by the petitioners subsequent to the CEO’s presentation. He pointed out that in the answers the UIDAI has mentioned that it does not take responsibility for correct or incorrect identification but only provides a matching system which is a self certification system. He argued that the UIDAI does not verify the authenticity of the documents submitted and with the linking of the bank accounts to the Aadhaar, now even the bank authorities do not check the authenticity of the documents. He submitted that UIDAI has no responsibility for identity.
The hearing will continue on May 9, 2018.