SC Constitution Bench on Aadhaar – Final Hearing (Day XXXVIII)

By Arpita Biswas

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2018 and concluded on May 10, 2018. Summaries of the arguments advanced in the previous hearings can be found here.

Senior counsel Gopal Subramaniam continued with his rejoinder.

He started off by discussing the concept of dignity, stating that it was not meant to be promoted since it was assured under the preamble. He stated that dignity is inbuilt and would not depend on the largesse of the state.

Referring to the Aadhaar notifications, he stated that if the purpose of these notifications was to benefit individuals, the state would have to create conditions to ‘flower the dignity’ of people.

Justice Sikri commented on the duty of the state to provide benefits, which would also be a part of dignity. He stated that this would not just be applicable in cases of deprivation under Article 21 and that it would be an affirmative action.

Mr. Subramaniam agreed, stating that it would be an affirmative action. Further, he stated that the Act would have to be scrutinized to decipher whether it was an enabler or whether it was passed under the guise of enablement.

He then stated that the notifications begin with a preamble, which refers to the guarantee of seamless delivery of services.

He then discussed alternate forms of identification, like ration cards, stating that existing forms of identification were not failing, and Aadhaar therefore did not have a purpose.

He referred to examples of women in Jharkhand who could not get services despite having ration cards, due to failed Aadhaar authentication.

He also discussed the Essential Commodities Act and the central governments obligation.

He also discussed the applicability of the test of the ‘true purpose of the law’.

Further, he discussed the lack of machineries that were set up under the Aadhaar programme, stating that Aadhaar did not serve any special purpose since existing machineries were used to deliver services.

Mr. Subramaniam then went on to discuss the asymmetry of power under Section 7 of the Aadhaar Act.

He also stated that the Act was not enacted for a proper purpose. Further, he stated that the first step of legitimate aim was ‘proper purpose’. He also stated that it could only be justified if the right was preserved and that dignity and autonomy were not preserved under Section 7 of the Act.

Further on the issue of ‘proper purpose’, referring to the idea of ‘Socratic contestation’, he stated that a claim to a proper purpose would not qualify as a proper purpose.

Mr. Subramaniam then discussed the three letters of authentication. He stated that authentication was at the heart of the act and that failure of authentication was a ground for denial.  In relation to requesting entities, he discussed their lack of accountability under the law.

Further, he discussed the GDPR and the change in protocol. He also discussed the concerns about privacy of communication and not the privacy of individuals.

Further, he stated that there weren’t any other jurisdictions where the state could take all of its citizens data.

He also stated that declaration of human rights was necessary for this act. Further, he stated that the Act reduced people to numbers and also discussed the perils of using probabilistic algorithms.

Referring to Section 7 of the Act, he discussed ‘grants, subsidies, benefits’ as expressions of condescension.

Mr. Subramaniam further discussed the ‘power’ under the Act, stating that the power enables the collection of information.

He discussed the test in constitutional law, which was to question whether the state should logically be the holder of such information.

Further, he stated that if knowledge was power, giving information to the state would signal a ceding of power.

Justice Chandrachud commented on the nature of subsidies, to which Mr. Subramaniam stated that subsidy was provided at different levels of government.

Mr. Subramaniam then discussed Section 7 and stated that under it, strict rights were being bracketed. He further stated that it was not merely a segregation and that entitlements were being treated like grants.

On this Justice Chandrachud stated that wage payment was a benefit, to which Mr. Subramaniam responded, stating that wage payment would be a vested right.

He further discussed the Courts guidelines for rehabilitation laid down in 1982 in relation to bonded labourers, before deciding whether to rehabilitate or free them.

In this regard, he also discussed the incarceration of mentally ill citizens and the writs of mandamus issued to the Union.

Moving on, Mr. Subramaniam discussed census data and its use at federal and state levels. He stated that states had policies in regard to requesting data from the central planning commission.

He further stated that census data was a way of social mobilization, and that there was pre-existing data owing to the census.

He then discussed the concepts of horizontal protection and vertical protection, stating that the former was more important in the given instance.

Further, he discussed bodily integrity and autonomy as important considerations.

He also stated that ultimately, the fundamental freedoms in India must never be compared with the 4th Amendment under the United States constitution.  He also stated that the Indian constitution was a living document.

On the issue of Section 7, Justice Chandrachud stated that it is an enabling provision and not a mandate. He stated that it enabled the government to impose a mandate, the difference arising from may/shall.

Further, it was stated that these rights could not be ‘wielded down’. He also stated that there was no common denominator and rights could not be subsidies. Further on the issue of Part 3, he stated that the rights conduced to dignity.

Mr. Subramaniam then discussed identities and the dissolution of some kinds of identities.

He stated that if an act like manual scavenging was antithetical to the soul then he would want it destigmatized with the march of time. He further discussed how certain actions were akin to unmaking the dignity of people.

On the issue of fake profiles, he stated that it was not a matter of sticking up for fake profiles, but rather a matter of sticking up for better administration.

On the alleged voluntary nature of Aadhaar, he questioned how people could be asked to contract when they were not even under the capacity to contract.

Further, on the ‘legitimate aim’ of Aadhaar, he stated that collecting massive amounts of information would not satisfy this aim. He stated that the means used had to be adept and valid.

He also discussed the issue of two competing rights, which had to be balanced. In this regard, he discussed the concepts of freedom, autonomy, self-preservation and self-actualization. He also stated that the act of balancing had a direct correlation with seminal values and objectively protected values.

Mr. Subramaniam then stated that no contemporary studies on Aadhaar had taken place, the last one having been conducted a decade ago.

He then went on to read excerpts on an individual’s inalienable rights, stating that an individual should not be required to give up their rights.

Further, he stated that the procedure established by law had to be just, fair and reasonable.

On the Aadhaar project, he stated that there wasn’t merely a possibility of abuse, but that the Act postulated compelled behaviour.

He stated that the primary focus was that the judiciary had an obligation to protect fundamental rights.

Referring to the Constitution, he stated that it was a living document and should be seen as transformative. Further, he discussed parliamentary supremacy and the capacity to refuse. He stated that autonomy and integrity were intertwined in the capacity to refuse and if the capacity was obliterated, then the autonomy would also follow suit.

Mr. Subramaniam further discussed relief, stating that the petitioners would want the data stored to be taken down. He also stated that the Bench should exercise its powers under Article 32 and also rely on the case of Nilabati Behera.

Lastly, he stated that the propensity of information was an important consideration as well.

Next, senior counsel Anand Grover commenced with his rejoinder. He was brief, stating that none of the contentions of breaches of security had been dealt with and that privacy should not lose its character.

Next, senior counsel Arvind Datar commenced with his rejoinder.

He started off by stating that ‘pith and substance’ had no application to the legitimacy of an article and would not be applicable to a money bill.

Further, he discussed the difference between a money bill and a financial bill, stating that consolidated fund matters would be covered by financial bills.

He also discussed Article 117(1) in this context.

He stated that the Aadhaar Act could not have been passed as a financial bill.

Further, he discussed the doctrine of severability and whether certain portions of the Aadhaar Act could be removed.

He stated that the doctrine of severability could only apply if a statute was valid and certain portions are invalid. He stated that if the rest of the statute ‘made sense’ and was valid, it could be retained. However, in this instance, the statute itself was invalid, and relying on the Kihoto Hollohan case, he stated that a statute that was fatal at its inception could not be saved.

Mr. Datar also discussed the Mangalore Ganesh Beedi works case and subsequently Article 110(b) of the constitution.

Further, he discussed the issue of linking bank accounts to Aadhaar.

He stated that millions of bank accounts have already linked to Aadhaar and that permanent linking did not seem to serve a purpose and that accounts should be delinked once determination was over.

Next, senior counsel P.C. Chidambaram commenced his rejoinder. He discussed the issue of the Aadhaar Act being passed as a money bill.

He started off by discussing the interpretation of ‘only’ under Article 110(1), and went on to discuss how clause (g) must be read narrowly.

Lastly, he stated that a non-money bill being passed as a money bill would effectively limit the power of the Parliament, by disallowing review, which should not be condoned by the Court. He also stated that the doctrine of severability would not hold credence if the legislature was unconstitutional to begin with. Further, he discussed how the doctrine of pith and substance would not be applicable to bills passed under Article 110.

Next, senior counsel K.V. Viswanathan commenced his rejoinder. He discussed the theories of proportionality and balancing of rights. He stated that the balancing of rights proposition by the respondents was incorrect, and that fundamental rights would not survive. Further he discussed exception handling and the problem with making vested rights conditional on Section 7 of the Act. He also stated that citizens should not have to face the burden brought about by systems for ‘targeted and efficient delivery’.

Lastly, senior counsel P.V. Surendranath discussed the problem with excessive delegation.

The hearing concluded on the 10^th of May and the matter is now reserved for judgment.

Arpita Biswas is a Programme Officer at the Centre for Communication Governance at National Law University Delhi

SC Constitution Bench on Aadhaar – Final Hearing (Day XXXVII)

By Arpita Biswas

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.

Senior Counsel Shyam Divan continued with his rejoinder. He started off by addressing the UIDAI’s responses to the questions posed by the petitioners.

In this regard, he discussed the architecture of the Aadhaar programme, along with inorganic seeding. He discussed how entities of the Aadhaar architecture allowed traceability and location tracking. He also discussed flawed statistics that were released on the rate of authentication success.

Mr. Divan then referred to a 2009 order, which did not mention that biometric authentication would be a part of the Aadhaar programme.

He then discussed the unauthorized collection of data by the UIDAI, stating that biometric information was collected without any statutory authority. He stated that India was not a monarchy and unauthorized collection of this nature should not be permitted.

He also stated that the UIDAI had no way of verifying the accuracy of the information on its database . He also stated that there was no contractual obligation created between UIDAI and its agents. He then went on to refer to a hypothetical log of authentication, that was created to illustrate the point that biometric authentication would allow for tracking and profiling.

Mr. Divan then went on to discuss the World Bank report and the high level advisory committee. He stated that the report, which discussed the benefits of Aadhaar, stating that it was not as impartial as it seemed to be, and likened it to a ‘sales pitch’. He also stated that there were no people with expertise in civil liberties and privacy on that committee.

He then went on to discuss Section 59 of the Aadhaar Act and the validity of biometric information that was collected prior to the Aadhaar Act.

He also stated that under the Aadhaar programme, citizens were being compelled to ‘voluntarily’ sign up.

He stated that certain schemes should be excluded from the purview of Aadhaar, these included schemes that affected vulnerable portions of society. He stated that women who were rescued from trafficking, bonded labourers, children, those who were in need of rehabilitation and others, should be excluded.

In this regard, he stated that Sarva Shiksha Abhiyan should not require Aadhaar authentication.

Mr. Divan stated that the principle of non-retrogression would apply, and that it would not be possible to go backwards in human rights law.

He then questioned how Supreme Court orders could be overridden by economic advisers in the ministry.

He went on to refer to the August and October 2015 orders, stating that Aadhaar was declared voluntary in those orders and that it could not be declared mandatory till the Supreme Court decided it was.

He then went on to discuss the powers under Articles 226 and 227 of the Constitution, stating that the ‘magic’ lied in the fact that bureaucrats could not override independent judicial power and that their actions would be checked under the law.

He also discussed the issue of the Act being passed as a money bill.

Moving on, he referred to the an ‘intricate scheme of defences’ in the Constitution, and that there was a whole set of defences, the last being the court.

Referring to the ‘second bulwark’, he stated that Article 111 of the Constitution would also not be applicable if the Aadhaar Act was upheld as a money bill.

He then discussed the importance of protecting demographic information, and the ‘fatal’ features of the Aadhaar programme.

Lastly, he questioned if the Aadhaar programme could stand the first five words of the Constitution – ‘We the people of India’.

Senior Counsel Gopal Subramaniam continued with his rejoinder. He started off by discussing acts of malfeasance and misfeasance.

He referred to Section 33 of the Aadhaar Act, stating that there was a complete giveaway of information, including identity information or authentication records.

He questioned the information that was made available to the state, stating that there seemed to be no nexus between the requirement of knowledge and the delivery of services. He stated that this went against Puttaswamy vs. Union of India.

He stated that the collection of data of over a billion people was not fool-proof, referring to the Cambridge Analytica case.

Further, he questioned what happens when the legislature was not an enabler, stating that the law would be disempowering, if not empowering.

Referring to the Facebook data leak, he stated that this leak was thought to affect elections and political power dynamics in Singapore.

Further, he stated that the issue was not merely multiple classes of people that were, but also the price of revelation.

He also discussed the issue of legislative competence and voidness.

Lastly, he discussed the case of West Ramnad and the ability of the state to enact laws retrospectively.

He stated that the sine qua non for retrospective validation was the prior existence of a statute, which was not the case with Aadhaar.

The hearing will continue on the 10^th of May.

Arpita Biswas is a Programme Officer at the Centre for Communication Governance at National Law University Delhi

SC Constitution Bench on Aadhaar- Final Hearing (Day XXXVI)

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.

The AG resumed his submissions on the issue of money bill. He reiterated that Ar.110(1)(g) is a stand alone provision and therefore there can be a bill which deals only with it and not deal with Ar.110(a)-(f). Referring to s.57, he submitted that independent laws can be passed under the section as long as it is relatable to Ar.110(a)-(g).

The CJI interjected that s.57 is an enabling provision that allows the state legislature to introduce Aadhaar either as a money bill or not for various services and that its nature would be examined only if its challenged in a court of law.

Justice Chandrachud mentioned that when Aadhaar platform is used by the states through law or by private parties through contract, it must conform with the data protection provision.

The AG responded that Aadhaar architecture is created by central law and therefore unless it authorizes the use, the states can’t use it. He further submitted that the government of India has created this massive structure to provide subsidies and other services but requires it to be self-sustaining and therefore has opened it to the private parties.

Justice Chandrachud interjected that s.7 retains the nexus to the consolidated fund of India (CFI) but s.57 snaps it. He pointed out that a private party could join the Aadhaar infrastructure through contract for purposes that have no nexus to the CFI. He said that based on this, the petitioners are arguing that s.57 does not qualify as money bill.

The AG responded that one has to look at the Act in totality and not examine if each provision would qualify as money bill. He conceded that s.7 is the nexus to the money bill but submitted that s.57 is part of the Parliament’s efforts to open the Aadhaar platform to other entities.

Next, he discussed the issue of telecom linking to Aadhaar. He argued that the linking eliminates all possibilities of forgery and fraud. He pointed out that the linking will remain optional only till the final disposal of the matter.

The AG then submitted that surveillance is prohibited under the Act and therefore the Act cannot be struck down merely because there is a possibility for it. He raised objection to the usage of the terms “concentration camp”, “electronic leash”, and “totalitarian state” by the petitioners.

Senior counsel Shyam Divan commenced the rejoinder on behalf of the petitioners. He submitted that it is the first time that a technology of this kind is deployed in a democracy. He stated that Supreme Court is the absolute vanguard of traversing human rights into technology. He argued that surveillance state is not permissible under Constitution and objected to the respondent’s argument that Aadhaar infrastructure does not result in surveillance.

He next referred to an affidavit filed by the Union on March 9, 2018.

He submitted that there are three elements of surveillance- identity of person, date and time, and location. He pointed out that the Act itself requires identity, date, and time at the time of authentication. Referring to the affidavit and presentation of the CEO and supporting documents, he argued that the response of the government’s experts to the petitioner’s experts states that biometric database is accessible to third party vendors. He submitted that the breach of the verification log would leak location of places where an individual performed his authentication in the past five years. He submitted that this compromises the security of privacy. He further pointed out that as per the presentation report, it is possible to track the current location of the individual even in the absence of a breach. He submitted that the UIDAI knows the location but for a third party to access the location, he would have to breach the verification log.

He therefore submitted that as per the experts of both parties, all three elements of surveillance are satisfied by the Aadhaar architecture.

Justice Chandrachud interjected that in a digital world one cannot ever have a guarantee of absolute security and therefore as long as the database is kept secure, an adequate level of privacy is maintained. Mr. Divan responded that this is not just a privacy issue but also a limited government issue. He argued that the coercive power of government cannot extend to the creation of an infrastructure that is capable of tracking people across five years in real time.

Next, referring to the CEO’s submission that all devices will have a unique ID to enable traceability and detection of fraud, he submitted that this would enable the individual to be traced using the device.

Mr. Divan then raised objection to the AG’s submission that UIDAI is distinct and autonomous and that the union government is different from it and therefore the latter would not be provided with access to the data. He argued that no instrumentality of state should establish such a mass surveillance regime. He submitted that the Supreme Court should not permit something so deeply flawed to function in the country.

He argued that if our constitution repudiates surveillance state, we cannot have a legislation which allows it. He submitted that the Supreme Court should not usher in a machinery that can trace back the locations, as it is constitutionally impermissible. He further submitted that if the court arrives at the conclusion that there is indeed surveillance, then balancing of rights is impossible.

Next, he referred to the answers submitted to the UIDAI in response to the questions asked by the petitioners subsequent to the CEO’s presentation. He pointed out that in the answers the UIDAI has mentioned that it does not take responsibility for correct or incorrect identification but only provides a matching system which is a self certification system. He argued that the UIDAI does not verify the authenticity of the documents submitted and with the linking of the bank accounts to the Aadhaar, now even the bank authorities do not check the authenticity of the documents. He submitted that UIDAI has no responsibility for identity.

The hearing will continue on May 9, 2018.

SC Constitution Bench on Aadhaar- Final Hearing (Day XXXV)

By Aditya Singh Chawla

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.

Advocate Zoheb Hossain continued his submissions for the State of Maharashtra and the UIDAI. He began with referring to various international charters and covenants, stressing on the importance of harmonizing between the economic and social rights and the civil and political rights.

Justice Chandrachud noted that the Directive Principles, even though they are non justiciable, are necessary for good governance and as a guarantee of reasonableness of the law. This is why they are read into Article 21.

The counsel argued that all rights give rise to corresponding duties, and that Aadhaar was a project to secure the economic and social rights of the people. He then brought the Court’s attention to the Justice Wadhwa Committee Report on the Public Distribution System. He then brought the Court’s attention to various precedents. He referred to the case of DK Trivedi, where the Court had held that ensuring socio economic welfare was a constitutional obligation of the State. Further, it had been held that a statute could not be judged on the presumption that the executive power that it confers would be abused, or used arbitrarily.

The counsel then referred to the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and resolutions of the UN General Assembly. He reiterated that rights were indivisible and interconnected, and that socio economic rights were equal to the civil and political rights.

The counsel then argued that the proportionality and reasonableness of a restriction must be examined from the point of view of the general public, and not that of a specific party that claims to be affected. He argued that even if Aadhaar is used for different purposes such obtaining a SIM card or opening a bank account, the data remains disaggregated. He stated that as a consequence, there was no possibility of surveillance, even at the level of the Requesting Entities.

The counsel then drew a comparison between Aadhaar and the Social Security Number in the United States. He noted that the SSN was used for a variety of purposes, and that people could be denied benefits for not producing their SSN. He argued that the Courts in the US had upheld the firing of an employee for refusing to provide his SSN. The counsel then argued that the Aadhaar Act had sufficient safeguards in place over the identity and authentication information. He referred to Section 33 of the Act, noting that decisions made under that Section were subject to review by an oversight committee. He concluded that the safeguards in place were greater than what are provided by the Telegraph Act, and the standards laid down by the Supreme Court in the PUCL case.

Post lunch, the counsel resumed his submissions for the Respondents with examining how various search and seizure related provisions under the IT Act and CrPC had passed constitutional muster. He then proceeded to the issue of ‘national security.’ He argued that in times of emergency, a strict adherence to the principles of natural justice is not necessary. He referred to a House of Lords decision that read in a national security exception to a statute even though the text did not provide  for it.

He then addressed the contention with respect to Section 47 of the Aadhaar Act, arguing that it provided for sufficient remedy since a complaint could be filed to the UIDAI. He argued that Aadhaar had many technical aspects, so it would be best if only the Authority has the power to complain. He noted that a similar setup in the Industrial Disputes Act had been previously upheld. In addition, he noted that the UIDAI could authorize a person to make a complaint as well.

The counsel then submitted that the Aadhaar Act had sufficient safeguards for the CIDR, while provisions under the IT Act would cover actors outside the CIDR.

The counsel then framed the purpose of Section 139AA of the Income Tax as a measure to ensure redistributive justice, to ensure substantive equality. He argued that ‘distribute’ in the Directive Principles had been interpreted liberally, and measures to prevent leakages would thus be considered redistributive.

The counsel then moved to the addressing the argument about compelled speech. He argued that not all transactions can be considered to have a speech element, for instance linking the Aadhaar to PAN. He further noted that the Court in Puttaswamy had held that rights could be curbed to prevent tax evasion and money laundering. He added that the Income Tax Act and the Aadhaar Act were standalone Acts, and that after Binoy Viswam, it was settled that they were not in conflict. He responded to the contention that only individual tax payers had been mandated for linkage, stating that a measure need not strike at all evils at once. He argued that the linkage could help cure ills with companies as well, by revealing the people behind them. The linkage can allow the deduplication of DINs. Advocate Zoheb Hossain then concluded his arguments.

The Attorney General then began his arguments, by addressing the Money Bill issue. He argued the Act was, in pith and substance, a Money Bill. ‘Targetted Delivery of Subsidies entails the expenditure of funds. He argued that every act would have ancillary provisions dealing with review, appeal etc., but the primary purpose deal with the Consolidated Fund of India.

Justice Chandrachud questioned the counsel about whether Section 57 of the Act severed that link. The AG responded that the Section merely allowed the existing infrastructure to be used for other purposes, and was just an ancillary provision. The UIDAI had been brought into existence primarily to prevent leakages and losses.

Justice Sikri noted that there was no distribution of benefits or subsidies under Section 57. The AG argued that the Section would be saved by Article 110(1)(g) of the Constitution, and stressing on an interpretation of the word ‘only’ in the Article. Justice Chandrachud suggested that that might amount to rewriting the Constitution.

The Attorney General will resume his arguments on May 3, 2018.

Aditya is an Analyst at the Centre for Communication Governance at National Law University Delhi

SC Constitution Bench on Aadhaar- Final Hearing (Day XXXIV)

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.

Counsel Gopal Sankaranarayanan, appearing for the intervener Centre for Civil Society, resumed his arguments. He began with a discussion on the right to identity and submitted that it is an absolute intrinsic part of Ar.21. Justice Chandrachud interjected that one has an umbrella identity of a citizen and in addition has multiple identities associated with race, religion, caste, which are not taken away by Aadhaar. He further mentioned Aadhaar only identifies the individual who is seeking the benefits under s.7 of the Act and therefore the constitutional identity is not effaced.

Mr. Sankaranarayanan responded that Aadhaar is a number that helps in establishing the identity of a person who avails the benefits and subsidies under s.7 of the Act.

He further submitted that he supports Aadhaar because of the safeguards and pillars which the Act have in place and pointed out that s.139 AA of the Income Tax Act does not have those.

Next, referring to the statement of objects and reasons of the Act, he submitted that identification of targeted beneficiaries is the key purpose and therefore Aadhaar is voluntary and could be used a proof of identity by persons who are beneficiaries of subsides. He further stated that even if someone does not have an Aadhaar the state has an obligation to identify the person as he has a fundamental right to identity under Ar.21 and cited it as the reason for the way in which s.7 is drafted.

Justice Chandrachud pointed out that the concern raised is that the state has restricted the means of identification solely to Aadhaar. Mr. Sankaranarayanan responded that according to Ar.266(3), utilization of any amount from the consolidated fund has to be in accordance with the law, the Aadhaar Act in this case, and that it would not only be a violation of the scheme of law but the Constitution itself if any amount goes from the consolidated fund to a person who is not entitled to receive it. He further submitted that the government has an onus to secure the fund and that the Act helps in ensuring that the obligation is discharged and therefore the action of the government is subserving a fundamental right. But he argued the government’s submission that s.7 is in furtherance of fundamental rights is flawed, since identification of beneficiaries would not have been required as everyone would have been entitled to it if it was a fundamental right. He therefore submitted that it is in furtherance of Directive Principles.

Justice Chandrachud mentioned that when the state is enforcing a Part IV value, it indicates reasonableness and thereby a restraint on judicial review. However he stated that as per s.7, Aadhaar is not completely voluntary since it is required for a person who wants to avail a benefit. Mr. Sankaranarayanan responded that it is voluntary since it is not mandatory for 1.3 billion of the country but only for a specific section of the population.

Next, Mr. Sankaranarayanan raised concerns with Aadhaar becoming the universal proof of identification (PoI) replacing all other 18 PoIs. He submitted Aadhaar is only as foolproof as any of the other PoIs.

He then submitted that making Aadhaar mandatory for purposes other than what is provided in s.7 is arbitrary and that the section has the balance of limited purpose whereas s.139AA of the Income Tax Act does not. He further mentioned that the reasonableness and proportionality criteria would be satisfied only if Aadhaar remains voluntary for purposes other than s.7.

Addressing the issue of proportionality, he submitted the least restrictive test should not be applied as proportionality deals only with balancing of rights. He also stated that entrusting data with CIDR is safer than using embedded cards as one can misplace his card. He further stated that the legal safeguards and limitations provided under the Act are balancing factors for proportionality.

Mr. Sankaranarayanan then argued that UIDAI should plug the holes in the Aadhaar architecture before rushing with it especially since at present Aadhaar is unable to keep up with the technology. He also raised concerns with the level of security assured by the state and submitted that even 2048 bit asymmetric key is not the best. Next, he submitted the authentication history of the CEO of UIDAI and pointed out that his biometrics is locked indicating his distrust in the safety of his biometrics offered by CIDR.

Mr. Sankaranarayanan, then submitted that there are various problems with the Act. Firstly, he argued the requirement under s.8(4) to share identity information is a violation of privacy with no counterbalancing state interest. He stated that address is also as important as biometrics and therefore authentication should be restricted to Yes or No. Secondly, he submitted that s.29(2) conflicts s.12 of the Right to Information Act. Thirdly, he argued that s.139AA of the IT Act targets individual income tax pan holders and not corporates even though it is always dummy companies and not individuals that are involved in the scams. He also submitted that Aadhaar has been made mandatory for income tax purposes without informed consent and in spite of it not being related to the consolidated fund of India. He therefore submitted that it fails the proportionality test. He argued that if the purpose was to curb black money and money laundering, it is not achieved by linking PAN with Aadhaar number.He concluded by submitting that petitioners have a valid ground for expressing lack of trust in the Aadhaar architecture.

Next, senior counsel Neeraj Kishan Kaul commenced his arguments on behalf of Authentication User Agencies and e-KYC User Agencies (AUAs and KUAs). He submitted that if Aadhaar is a reliable and speedy tool for identification and authentication, it should not be held invalid. He argued that Aadhaar authentication in the banks have empowered the poor, women, and migrants and that the use of Aadhaar has helped in reducing predatory financing.

Mr. Kaul submitted that private players are also governed by the Act and have the choice to use Aadhaar if required under s.57 as it is an enabling provision. Justice Chandrachud responded that the need for verification should not be decided by the private players. Mr. Kaul responded that as long as there is consensus between the private entity and the consumer on using Aadhaar, it should not be disallowed. He argued that the AUAs and KUAs are not performing any verification outside the Act. He asked if the statute enables a private entity to use Aadhaar, a powerful tool for verification of identity, why should not it be allowed to employ it.

He further submitted that Aadhaar is extremely different from Cambridge Analytica as it is based on matching algorithms unlike learning algorithms used by Google and Facebook and also has a statutory control. He argued a statute cannot be struck down merely because there is a scope for misuse.

Mr. Kaul further argued that the nature of request that goes from AUA is to please match the information provided and if it is e-KYC the requesting entity will receive the basic demographic information and photograph. Based on this, he submitted that the CIDR does not obtain any data on location but only receives that an AUA has made a request, thereby eliminating the scope of surveillance. He further submitted that the information collected via e-KYC is collectible dehors Aadhaar and therefore the actual issue is of unauthorized sharing which is possible even outside Aadhaar and therefore it is no reason to strike down s.57. He concluded by mentioning that with the use of virtual ID, no AUAs/KUAs will be able to store the Aadhaar numbers.

Next, counsel Zoheb Hossain commenced his brief submission on behalf of UIDAI and State of Maharashtra. He began by raising an objection to Mr. Sankaranarayanan’s argument that s.7 is only in furtherance of Directive Principles. Referring to Amartya Sen and Martha Nassbaum, he argued that now there is a greater consensus that social and economic rights are enforceable and pointed out that the Supreme Court has also held that they are justiciable rights. He further submitted that the right to food, shelter, clothing are embedded in Ar.21 and that the state has a positive obligation to provide it to its citizens. He therefore submitted that here the issue is of balancing the right to privacy with other socio economic rights of the people provided by Ar.21 and not merely of furtherance of Part IV requirements. He argued that Aadhaar is an architecture that helps in progressively achieving positive duties of the state under Ar.21

The hearing will continue on May 2, 2018.

SC Constitution Bench on Aadhaar- Final Hearing (Day XXXII)

By Aditya Singh Chawla

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.

Senior Counsel Rakesh Dwivedi resumed his arguments for the Respondents. He began with referring to jurisprudence from the United States, the United Kingdom, South Africa and the European Union, to describe how privacy should be constructed in the Indian context. He argued that Indian jurisprudence is more in line with that of the United States, than the European Union. He stated that that former lays greater emphasis on the ‘reasonable expectation to privacy’. He then quoted a Harvard Law Review article, for the proposition that privacy should be tempered by considerations such as national security, efficiency, and entrepreneurship. He argued that that was especially true in the Indian context, where innovation and development should have more emphasis than privacy.

The counsel made reference to Justice Chandrachud’s opinion in Puttaswamy, and argued that social welfare could be a legitimate purpose for processing of data. Coming back to the construction of privacy, he argued that all Aadhaar data was in the public, relational sphere. He submitted that privacy is diluted in these realms, so there is a reduced expectation of privacy over data such as demographic data, and facial photographs. He reiterated that data with the Requesting Entities was dispersed, and therefore didn’t require the same level of protection as the CIDR.

Justice Chandrachud sought a clarification, if the submission was that core biometrics had a higher privacy interest, as opposed to demographic data, such as one’s address. He countered that the implication was not that the privacy interest in such data was gone. He gave the example of a woman and her address. He argued that she might give her address out for various purposes, but still had immense privacy interest in that information. The counsel responded that their argument was simply that privacy varies according to context.

The counsel argued that India had developed the appropriate tests in VG Row, much before any other jurisdiction. He reiterated the three-fold requirement of legality, necessity and proportionality. He noted that Indian jurisprudence generally did not adopt the due process standard. The counsel then addressed some of the cases that had been cited by the Petitioners, and attempted to distinguish them on facts.

Post lunch, the counsel resumed his submissions, with the issue of metadata collection. He attempted to distinguish the present case from Digital Rights Ireland, which had been cited by the Petitioners. The counsel argued that there were different types of metadata, and the data in question in those cases had been much more intrusive than what is collected by the Aadhaar authentication. He reiterated that the test is that of ‘appropriate safeguards’. He cited the case of Sundar Rajan v State of Tamil Nadu, which dealt with the Kundankulan nuclear power plant. He argued that the court had examined whether adequate safeguards had been in place, and had given due weight to economic benefits such as the increase in welfare, poverty alleviation etc. He argued that the Court in Sundar Rajan had held that apprehensions and fears could not be allowed to override the justification of the project. The counsel reiterated that the standard would be of ensuring adequate safeguards, and the risk would never be zero.

The counsel argued that the Aadhaar Act imposes a complete bar on sharing of the data, factors in consent, and the data with Requesting Entities was in any case disbursed and decentralized. He argued that the Petitioners had not suggested any way of improving the system, and only wanted it dismantled.

Justice Chandrachud asked what remedy was present in case of breaches. The counsel responded that the Information Technology Act would be applicable, which had penal provisions. Further, the route of contractual damages could be taken.

The counsel then described the EU Data Protection Directive, arguing that the purpose of the Directive was very different, with the aim being to ensure free flow of data. He argued that in contrast, Aadhaar didn’t allow any sharing of data. He argued that as a result, the absence of a regulation such as the Directive, or the General Data Protection Regulation would have no bearing on the matter at hand. He reiterated that the protections in the Aadhaar Act were sufficient, and even higher than those provided by the EU instruments. The counsel then went over the various provisions of the Directive and Regulation that govern the processing of sensitive information.

The counsel then resumed his submission with respect to metadata, as a response to the surveillance concerns raised by the Petitioners. He argued that the Petitioners had not appreciated the distinction between different types of metadata, such as system metadata, process metadata, business metadata etc. He argued that each had to be examined separately. He submitted that Aadhaar authentication only collected limited technical metadata.

The Chief Justice asked why the data had to be retained, and what sort of data was actually retained. The counsel drew the Court’s attention to an affidavit he had submitted, as well as the relevant circular which prescribes the metadata that is collected. He argued that it was all system related metadata, which allowed the UIDAI to exercise control over the Requesting Entities. He argued that information such as location data, the purpose for authentication, was not collected in the process.

The hearing will continue on April 25, 2018.

Aditya is an Analyst at the Centre for Communication Governance at National Law University Delhi

SC Constitution Bench on Aadhaar- Final Hearing (Day XXXI)

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.

Senior Counsel Rakesh Dwivedi resumed his arguments on behalf of UIDAI and the state of Gujarat.

He discussed the nexus between s.7 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (Aadhaar Act / Act) and welfare of the society. Justice Chandrachud mentioned that as per the submissions, the absence of a robust method for identification of beneficiaries result in leakage of services which is appropriated by undeserved. He asked if Aadhaar would help in eliminating this issue to which Mr. Dwivedi answered in the affirmative.

Justice Chandrachud stated that the caveat pointed out by the petitioners is that there should be no exclusion on the grounds of not having an Aadhaar. Mr. Dwivedi responded that adequate measures are taken to ensure that no exclusion takes place on that ground. He further stated that Aadhaar brings the card holder face to face with the service provider since he has to go to him and give his biometrics. Justice Chandrachud responded that it is not the best model of governance and ideally the state must go to the individual. Mr. Dwivedi responded that such a model would depend on the capacity of the government.

Next, Mr. Dwivedi discussed about countries having economic and social rights and right to welfare as part of their respective constitutions also pointed out that welfare rights are a part of the Universal Declaration of Human Rights (UDHR). He reiterated that basic welfare requirements must be taken care of.

Mr. Dwivedi then referred to the Statement of Objects of the Protection of Human Rights Act, 1993 and pointed out that India is a signatory to it and many other international covenants as well. He further referred to various judgments of the Supreme Court on economic and social welfare, which culminated the framing of the Aadhaar Act.

Addressing the issue of balancing of rights, he referred to CJI’s judgment in Subramanian Swamy v. UoI, and pointed out how the right to freedom of speech was balanced against the right to reputation. He also referred to X v. Hospital Z, G. Sundarrajan v. UoI, Asha Ranjan v. State of Bihar, and Noise Pollution In Re v. UoI.

Mr. Dwivedi submitted that s.7 of the Act addresses the human rights of many people in the country and therefore the court should act as a sentinel and ensure that the right to privacy is balanced against all the other rights guaranteed under Ar. 21 that are covered by the Act. He reiterated that privacy is a small price that is to be paid for ensuring life and other rights under Ar.21. He further submitted that larger public interest is the determining factor when there is a conflict between rights. Justice Chandrachud however responded that it cannot be accepted as a ground for suppression of civil rights and Mr. Dwivedi responded that Aadhaar does not result in it.

The CJI asked if the argument was that whatever was done under the Act was to enhance the Ar.21 right of many, that being the legitimate state interest, accompanied by minimal intrusion, and Mr. Dwivedi responded in the affirmative.

Next, Mr. Dwivedi addressed the issue of reasonable expectation of privacy. He began with a discussion of the four kinds of information collected as part of the Aadhaar programme- a) demographics, b) optional demographics, c) biometrics, and d) core biometrics. He reiterated that these information are encrypted and stored in the CIDR and the authentication is performed either through YES or NO mode or E-KYC mode.

He submitted that the reasonable expectation of privacy would vary from one kind of information to another and that nobody can have it with respect to their demographic information and photo as it is publicly available.

The CJI mentioned that in case of every right, everyone has a reasonable expectation of exercising it. He further stated that in some instances the rights cannot be exercised in absoluteness and therefore whenever freedom is claimed it should be reasonable and that it applies to privacy as well.

Justice Sikri mentioned that the fact that the CIDR has all these information creates a fear of the data being utilized in a manner and for purposes unauthorized by the individual. Mr. Dwivedi responded that the UIDAI could only take note of general apprehensions and not subjective fears.

The hearing will continue on April 24, 2018.

SC Constitution Bench on Aadhaar- Final Hearing (Day XXX)

By Aditya Singh Chawla

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.

Rakesh Dwivedi resumed his arguments for the Respondents. He began with the issue of  Section 7 and exclusion. The counsel responded to the argument about probabilistic systems by submitting that there are alternatives that are allowed by the Act. In the event of an authentication failure, the first alternative is to produce a proof of possession of Aadhaar. The second alternative is to provide enrollment ID, for people who haven’t yet received the Aadhaar. He submitted that the UIDAI had issued directions to this effect. A refusal to comply would be a breach under the Aadhaar Act.

Justice Chandrachud asked if the Section 7 proviso would apply to someone who had not applied for Aadhaar. The counsel replied in the negative. The counsel continued, describing the Regulation. He submitted that for State and Central agencies that require Aadhaar for benefits, they are required to ensure enrollment, including the setting up of coordination centres. Further, in the context of PDS, he argued that Clause 5 of the relevant notification allowed any member of a household to claim the benefit. He concluded that there could be no question of denial, as a result of these measures.

Justice Chandrachud asked if the systems had been tested in remote areas, with limited connectivity, such as Ladakh. Section 7 is silent on alternatives in such cases. The counsel responded that certain exemptions had been notified in the regulations.

The counsel reiterated that the system should not be demolished, but improved so that it could work. He then submitted that even today, we live in a relational world. One cannot pick and choose how one relates to the world; or how one establishes identity. All institutions require some kind of identity, and have some conditions about it.  He argued that this wasn’t a question of dignity, because these are regulatory conditions. He stated that these are permissible, and the only standard is if a fundamental right is being violated.

The Bench noted that the counsel was trivializing the Petitoners’ argument. They noted that the central concern was that of centralization of the database and its misuse.  Justice Chandrachud further argued that the issue was why only one identity had been mandated, and why multiple identities could not be allowed.

The counsel responded that one must go by the rules of the institution they want to participate in. He provided the example of the Proximity Card of the Supreme Court. Justice Chandrachud asked if the form of identity should relate to the purpose of identification. The counsel agreed, stating that there should be a rational nexus. However, he argued that allowing different forms of identity to be submitted would lead to a slippery slope which would destroy the whole purpose of the system.

Justice Bhushan added that many of the other forms of identification don’t have pan-India operation. The counsel agreed, noting that they were also sectoral, without any portability. In comparison, he argued, Aadhaar is universal. Aadhaar is also unique on account of the use of biometrics. If you abandon biometrics, the unique nature is lost. He submitted that even Smart Cards use biometrics.

Justice Chandrachud reiterated the concern about aggregation and analysis of data. The counsel responded that all protections that were socially and legally possible were in place.

He continued, stating that the argument about biometrics providing knowledge about the person was incorrect. He argued that while DNA might contain such information, fingerprints don’t. Further, only one fingerprint would be present with the Requesting Entities. Justice Chandrachud clarified that the issue was not of the biometrics themselves, but their attachment and linking to everything else, which could become a source of information about the individual. The counsel responded that no single Requesting Entity would have access to all of that information. It would be delegated and segregated. Further, any collusion or aggregation would not possible. Any misuse would require corruption at an inconceivable scale. In addition, most of the authentication would be required very rarely – once a year, or once in a lifetime. For PDS, it would be once a month.

At this point Shyam Divan interjected, that Banks had been demanding Aadhaar every time a Fixed Deposit is opened. The counsel responded that for most people, that is also a rare occurrence. Further, that was an issue on the Bank’s side, and not mandated by the Act. He argued that that can be examined separately. If the law were to be changed, to mandate authentication for every transaction, that could be questioned and challenged.

The counsel then moved on to the issue of clashes between fundamental rights. He brought the bench’s attention to the Preamble to the Constitution. He argued that the Preamble states that certain values are to be ‘secured’ by the state, and certain are to be ‘promoted.’ He argued that this imposes an obligation on the state to provide the basic minimum (for instance, minimum wages) to people. He argued that there was therefore a hierarchy, and the right to life should triumph over the right to privacy. He argued that for the people to without the bare minimum, the Constitution would amount to a mere paper Constitution.

Justice Chandrachud noted that dignity was not a peripheral value in the Constitution, but the core foundation of all rights. The Constitution protects dignity in all its forms, and food security and privacy were both aspects of dignity. The counsel responded that when they were in conflict, the first must have primacy over the second. He noted the NALSA judgment, which according to him brought about a paradigm shift in our conception of dignity.

Justice Bhushan questioned if they had to be read in conflict, and could not be recognized together. The counsel responded that they were arguing for a balanced approach, and in this case, in the favour of the right to life.

Justice Chandrachud asked if this would require a proportionality test. He stated that the question was whether the incursion on privacy is so less, to justify the benefits that have been claimed. The counsel responded that in the case of a restriction on a right, the burden lies on the state. However, this was a case of an interplay between rights. Justice Chandrachud countered that the burden was still with the state. The counsel responded that they were only submitting that the parameters for scrutiny would be different. Further, that Article 21 supersedes the rights under Article 19 and 14. Life would come first, and the other rights wouldn’t mean anything without it.

The counsel then resumed arguing for the relevance of biometrics, noting that large parts of the population were illiterate. Their thumbprints were all they had had to use in the conduct of their lives.

The Chief Justice noted that the real problems were of surveillance, aggregation, privacy and exclusion, which have to be addressed. The counsel said that the subsidies were in furtherance of life, liberty and dignity.

Justice Chandrachud asked for a clarification, whether the respondents were arguing for the tests under Puttuswamy to be abandoned. The counsel responded in the negative, and that Section 7 was not examined in Puttuswamy.

He then went on to quote from the Universal Declaration of Human Rights, and excerpts from Kesavanda Bharathi, the NALSA judgment, and German human rights jurisprudence.

The hearing will continue on April 19, 2018.

Aditya is an Analyst at the Centre for Communication Governance at National Law University Delhi

SC Constitution Bench on Aadhaar- Final Hearing (Day XXIX)

By Aditya Singh Chawla

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.

Rakesh Dwivedi resumed his arguments for the Respondents. He began with stating that if there were problems with the system, they should be fixed, rather than the system being demolished completely. He argued that under Section 8 of the Act, the sharing and use of information was confined specifically to the authentication process. He further argued that the mandate of Section 29 states that core biometrics cannot be shared.

Justice Chandrachud asked how the UIDAI planned to control the Requesting Entities. The Counsel responded that control could be in terms of technical specifications of the devices, mandating approved software, mandating information systems audits etc.

In response to Justice Chandrachud’s query about the framing of Sections 8 and 29, the Counsel reiterated that the sharing of information would be limited to the process of authentication. Further, only non biometric information could be shared under Section 29.

Next, there was some disagreement between the counsel and Justice Chandrachud on the interpretation of Section 8. The Counsel stated that the Requesting Entity would not know the purpose for the authentication, but only that authentication had been done. Justice Chandrachud stated that that could be true for UIDAI, but it was uncertain if that would be true for Requesting Entities. According to him, the language of the Act didn’t conform to this design. Justice Sikri added that that would also render Section 8(3) redundant. The Counsel responded that the Bench could chose to read the Act in that way.

Justice Chandrachud then gave an example of an individual who goes to the hospital for certain services. The hospital sought authentication for him, 122 days out in 6 months. He noted that that would be potentially extremely valuable information for pharmaceutical companies, insurance providers etc. Until there was a data protection law, this could be a problem.

The counsel responded that no other jurisdiction has the sort of protections that the Aadhaar Act provides. Justice Chandrachud asked if the protection under the Act was all the data protection the citizens of India would ever need. He also gave the example of the European Union’s General Data Protection Regulation as an example of a comprehensive framework for data protection. The Counsel replied that the Aadhaar Act was sufficient, and in many ways superior. According to him, the GDPR has no penal provisions, and the States have to enact their own, which creates a patchwork. The Counsel argued that the Aadhaar framework has technological security, auditing, as well as penal provisions in place. He went on to say that there could never be 100% surety about anything. The standard to be sought was that of reasonable safeguards, and reasonable protection. He noted that none of the Petitioners had pointed out what more could be done.

Justice Chandrachud then noted that according to the Counsel’s reading, Sections 8(3) and 29(3) could be excised from the Act. The Counsel responded that nothing needed to be excised from the Act, only clarified. Further, there was no intent, purpose, or objective in the Act to allow aggregation of data, its analysis or transfer. In addition, any breach of the provisions would be punitive.

Justice Chandrachud observed that it is hard to predict commercial ingenuity, and it wouldn’t be possible to tell what use the Requesting Entities could make of the data with them. Justice Sikri interjected with the earlier hospital example, noting that the hospital would already have the data about medical treatments of the patients, and may not need Aadhaar to get that information. The main apprehension was one of misuse. The counsel agreed, questioning whether Aadhaar was adding to the problem, or making it worse in any way.

Justice Chandrachud noted that they must evaluate what safeguards can be introduced. He noted that data about individuals was now being used to influence electoral outcomes.

The counsel responded that Cambridge Analytica should not be brought into the discussion, because the nature of the data was different. Justice Chandrachud interjected, stating that that incident was symptomatic of the present times. The counsel responded arguing that the algorithms employed were different. There is a difference between matching algorithms (which Aadhaar uses) and sorting algorithms (which these companies use). He argued that there were many different types of algorithms, and the Petitioner’s had confused this distinction.  He concluded that the data could not be analyzed by the Respondents. If at all, they would have to go through proper procedure.

The counsel continued, stating that Smart Cards were entrenched technology and that the Smart Card lobby in the West didn’t want Aadhaar to succeed. He claimed that other countries like Singapore were looking to replicate our model.

Justice Chandrachud noted that the issue was that there is a big world that interacts with Aadhaar. He said that the UIDAI might only be the least of their problems, since it is a government entity subject to a lot of scrutiny. The Counsel reiterated that only matching algorithms are used.

Coming back to the Act, the counsel submitted that Requesting Entities cannot be enrolled unless they establish the need for authentication.  Justice Chandrachud asked what the purpose behind opening Aadhaar to private players was. In response, the Counsel argued that the nature of the public-private divide was changing. Private companies have been entering fields that were historically the domain of the public sector. The companies are funded by money from Banks, where the people have made deposits. So, it was actually the public that is funding these players. He argued that private players that perform public functions should also be subject to constitutional norms, review and scrutiny. Currently, public companies are subject to many restrictions, such as standards of reasonableness, while no similar shackles apply to private companies. He concluded stating that that was a larger debate for another time. For now, all that was necessary to know is that private players are also regulated by the Act.

The counsel then moved on to responding to the Petitioner’s argument that the Aadhaar framework amounted to the numbering of human beings. Counsel argued that we have been numbering humans for a long time. He cited the PNR number for flights as an example. He also noted that the Supreme Court proximity cards were numbered.

Justice Chandrachud responded that Aadhaar was a unified identity, as opposed to multiple identifying numbers. The counsel responded that just because they were assigning numbers for a specific purpose, didn’t mean that they were numbering people. Further, they were not collecting information such as race, caste etc.

Justice Chandrachud then asked how the Aadhaar became a mandate, from a mere entitlement. The Counsel responded that the Aadhaar was an entitlement, and the UIDAI was mandate neutral. It is the government that notifies that certain linkages are mandatory. Each of these could be examined or challenged separately.

The counsel resumed his arguments after lunch by examining the scope of Section 57.  He argued that the objective of the section was not to expand, but to limit power. He submitted that if this limitation did not exist, anyone could become a Requesting Entity. The provision requires that there must be a law, or a prior contract.

Justice Chandrachud asked if once there was a prior contract under Section 57, if the UIDAI would be bound to offer authentication.  The Counsel responded that UIDAI could still refuse, and there was a requirement of necessity. Further, this embargo was applicable to anyone, which is why State Resident Data Hubs are no longer possible.

The Bench noted that nothing in the Act seems to give UIDAI this type of discretion, and questioned whether there were any guidelines for how the UIDAI would come to its decisions. The counsel responded that the power came from Section 57. He gave the example of the CBSE, noting that there had been many cases of fraud. The Board could apply to be a Requesting Entity for the purpose of conducting the exam. However, this would require the presence of a prior contract, and it cannot be an ex post facto exercise. He argued that this contract must also state that authentication must be in accordance with Sec. 8 and Part VI of the Aadhaar Act.

The counsel then went on to examine the Information Technology Act, arguing that all the provisions and safeguards under that Act and its Rules would also be applicable. For instance, the CIDR had been notified as a protected system under the Act.

The counsel then discussed the attributes and benefits of biometric data. He argued that Aadhaar brings service providers face to face with the beneficiaries. He noted that Aadhaar would not be a panacea for all problems, but the issue of fake identity documents would be solved.

He then responded to other arguments raised by the Petitioners. In response to the argument that there was no legal mandate to store information in the CIDR, he brought the Bench’s attention to Section 10 of the Act. On the argument of the use of foreign suppliers and licensors, the Counsel responded that the hardware all belonged to the UIDAI, and even technicians only had access when there was some troubleshooting required. In response to the system being probabilistic, he argued that there were appropriate fall back mechanisms under Section 7.

The hearing will continue on April 18, 2018.

Aditya is an Analyst at the Centre for Communication Governance at National Law University Delhi

 

SC Constitution Bench on Aadhaar- Final Hearing (Day XXVI)

In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.

An interim order was passed in December of 2017, a summary of the arguments can be found here and here.

The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.

Advocate K. K. Venugopal resumed the arguments for the state. He submitted that s.59 of the Act provides for retrospective application. He referred to cases wherein actions were validated by a subsequent Act.

The AG then discussed the third version of the Aadhaar enrollment notification and highlighted that it is free and voluntary and provides for informed consent. Justice Chandrachud asked if the notifications that came out in 2009 and 2015, referred to in s.59 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (Aadhaar Act / Act), covers the entire universe of Aadhaar. He further pointed out that these notifications did not have any reference to biometrics and that it was only inserted in the third notification. He stated the argument is regarding the actions that took place before the issuance of the third notification.

Senior Counsel Rakesh Dwivedi responded the first two forms were hardly used as the government authorized only 1 crore enrollments prior the issuance of the third form.

The AG, next, mentioned that in 2014 when the CBI approached the Bombay High Court to obtain biometrics from the Central Identities Data Repository CIDR in connection with a rape case, the Unique Identification Authority of India (UIDAI) opposed it as it believed that it bound to not disclose it without the individual’s consent. Interestingly, Justice Chandrachud pointed out that the Magistrate of the lower court had passed an order to provide the CBI with the biometrics of all the residents of Goa, which was appealed by the UIDAI.

Next, referring to Justice Chandrachud’s judgment in Justice K. S. Puttuswamy & Anr. V. UoI & Ors., which talks about ‘reasonable expectation of privacy’, he reiterated that biometrics collected is only for the purpose of benefitting the individual and that the invasion of privacy as a result of it is minimal. He further stated that the Puttuswamy judgment restored privacy as a fundamental right but actions that took place prior to that should be neutralized. He further submitted that going by M. P. Sharma & Ors. Satish Chandra and Kharak Singh v. State of UP & Ors., the government acted in a bona fide manner and therefore its actions cannot be reversed but should be protected.

Justice Chandrachud said in Puttuswamy it was stated that the observation on privacy in M. P. Singh was not required and that with respect to Kharak Singh there is a clear inconsistency.

The CJI said the argument of the state should be that s.59 of the Act should be given a wider understanding and a purposive interpretation.

Additional Solicitor General Tushar Mehta commenced his arguments on behalf of the UIDAI. He stated he would address the following issues:

1. Challenge to s.139AA of the Income Tax Act (IT Act) from the right to privacy perspective
2. Challenge made to the argument of how Aadhaar helps in curbing the issue of money laundering
3. Challenge to the linking of mobile numbers and bank accounts with Aadhaar number
4. Scope of judicial review in the area of technology

Addressing the first issue, he stated his submissions would comprise of:

1. Enforcement of the right to privacy
2. How the tests laid down to determine legitimate invasion of privacy are dealt with in the Binoy Viswam v. UoI & Ors.
3. How these tests are satisfied by 139AA of the IT Act

The ASG stated this court had previously dealt with the challenge to s.139AA and that all aspects expect the right to privacy were addressed. He pointed out that in Puttuswamy, the right to privacy was upheld as a fundamental right, linked to Ar.21 and therefore subject to the same limitations as the article. He referred to Justice Chandrachud’s judgment that laid down the three tests used to determine to permissible limitations on the right to privacy- existence of law, legitimate state interest, and proportionality. He submitted that there is an additional test of manifest arbitrariness derived from Shayara Bano.

He submitted that all the four tests were examined in the case of Binoy Viswam but in the context of Ar.19. He, next, stated that Justice Nariman, in Puttuswamy, put forth another test of larger public interest, having a lower threshold than legitimate state interest. The CJI however responded that satisfaction of legitimate state interest would be sufficient to indicate larger public interest.

Next, he referred to s.139A of the IT Act and highlighted that it required signature and left hand thump impression since 1989 to obtain a PAN. Justcie Sikri pointed out that the fingerprint was collected only from those people who could not sign. However the ASG responded the privacy of the small group of illiterate people is not of lesser importance. He further stated that the Parliament introduced s.139AA as an extension of s.139A in light of legitimate state interest and larger public interest. The bench however pointed out that the Aadhaar regime is different as previously there was no practice of collection of biometrics or authentication.

The ASG next discussed the issue of duplication of PAN and how it is misused for the purpose of money laundering, tax evasion, setting up of shell companies. He submitted the linking of Aadhaar with PAN would help in eliminating these problems by making PAN allocation more robust.

He further stated that uniqueness of PAN is important and that it can be verified with Aadhaar using biometrics and iris scans and claimed that it would be 100 percent accurate.

The ASG further stated that there is huge gap between the number of PAN holders and the tax base. He submitted that ours is a largely tax non-compliance economy as only 1.72 lakh people in the country are showing an income above 50 lakhs.

The hearing will continue on April 11, 2018.