The challenge to Aadhaar and its validity is being heard by the 5 judges constitutional bench in the supreme court. The arguments on the behalf of the petitioner are slowly moving towards its last lap making the case extremely exciting and revealing a lot of apprehensions which were never addressed before. The bench assembled at 11:30 am today. Following are the highlights of the arguments presented by him in the apex court of the country.
Senior Advocate Shyam Divan on Section 59 of the Aadhaar Act
Mr. Divan started for the day by pointing out at S.59 of the Aadhaar Act which validates all acts of the UIDAI prior to the Act and states that it applies only to central government actions, at least as per its text. He stated that Section 59 does not control the acts the of private entities, like enrolment agencies and thus, their actions are not protected.
To this Justice Sikri questioned that under the pre-Act regime also, was UIDAI also appointed?
To which Mr. Divan replied, “No. There was no privity of the contract prior to the Act.”
“The central government appointed UIDAI, and all the acts thus flow from that.” Justice Sikri commented.
Mr. Divan replied that the notification establishing the UIDAI might protect the actions of the Central Government in entering into the MoU, however, it doesn’t cover the actions of the registrars.
Justice Chandrachud intervened to ask, aren’t the actions of the registrars traced back to MoU?
Mr. Divan replied that the enrolment agencies are not covered even under the MoUs. As far as the Registrars are considered, their actions are thus, not the actions of the central government.
Mr. Divan concluded this argument by stating that, “thus, enrollments prior to the act are not validated by S.59.”
Mr. Divan argued that the State cannot have a retrospective validation of a fundamental right violation, especially when the violation is complete.
Justice Chandrachud questioned whether Aadhaar was used by private players before the Aadhaar Act as that would not be validated under S.59. The privacy judgment says that there must be a basis in law. How do you deal with data breaches prior to the act will have to be considered.
Mr. Divan replied, “Informed consent is crucial, and retrospective validation cannot apply. Saying there was always a consent, prior to the act. Even if this provision is to be upheld, it must be given the narrowest of construction.”
Senior Advocate Shyam Divan specified the heads of a challenge to the Aadhaar act
1# Surveillance – The architecture of Aadhaar enabled surveillance.
2# Violation of privacy – Between 2010-2016 there was no law authorizing the violation of privacy. Post Aadhaar, citizens compelled to report her activities to the state through electronic footprint.
3# Limited Government – The constitution is not about the power of the state but about limits to that power. Aadhaar allows the state to dominate an individual through an architecture that enables profiling and by the power to cause civil death by deactivating Aadhaar.
4# Aadhaar was not a money bill.
5# The act also violated Article 14 and 21 of the Indian Constitution – no informed consent, no opt-out option.
A summary of Mr. Divan’s arguments
1# UIDAI has no direct relationship with collecting agencies.Data collected and stored lacks integrity.
2# Data is not verified. Now being taken as gospel. For eg. EKYC
3# Biometrics are untested and probabilistic. Use of Biometrics leads to exclusion of welfare schemes.
4# If Biometrics don’t work flesh and blood individual ceases to exist. If your biometrics don’t match, you become a ghost.
5# A citizen in a democratic society has the right and choice to identify herself in a reasonable manner. Mandating a single highly intrusive of identity is inconsistent with democracy.
6# Authentication records include the time of authentication and the requesting entity. This can be stored for 7 years. This enables real-time surveillance.
7# The notion of a central database where all data is stored at one place itself is indicative of authoritarianism.
Justice Chandrachud at this point questions as to who maintains the CIDR and whether the source code is with UIDAI?
Mr. Divan replies, “information about the specific details of CIDR is not available in public domain because of national security concerns. The source code is proprietary and not with UIDAI. “
Continuation of Mr. Divan’s arguments
1# Section 7 is unconstitutional. An individuals entitlement cannot be made subject to compelling her to give up her constitutional rights.
2# The individual has a right to remain free of monitoring as long as they have not violated any criminal law.
3# On cancellation of Aadhaar the services will be disabled personally. “You can just SWITCH OFF a person.”
Justice Sikri questioned, “why shouldn’t Aadhaar be canceled if it has been fraudulently obtained?”
Shyam Divan answered by saying that, “The point is that you are giving that power.”
Justice Sikri observed that this is only a case of abuse of power.
Circumstances where taking of biometrics is considered reasonable
Mr. Shyam Divan handed over a compilation to the court that deals with the issue of circumstances in various jurisdictions where the taking of biometrics is considered reasonable. He took the court through the census act of 1948. He pointed to section 15 of the census act to illustrate the nature of protection accorded to census data.
Mr. Divan took the court through the identification of prisoners act. He showed the court that Section 7 of the act provides for the destruction of data if the person is released with no charge.
He then pointed out Section 32(a) of the registration act. This is taken at one time and by one registry – an example of a legitimate purpose, done proportionately.
Mr. Shyam Divan on surveillance
Mr. Divan continued post lunch by stating how does the architecture of the Aadhaar act is designed in a way that it de-facto enables surveillance. He stated that the CIDR is responsible to retain the records which the state is entitled to collect over the duration of an individual’s lifetime. This leads to a state of surveillance, which cannot be permitted by the Constitution of India.
He went on to explain how every electronic device is linked to a unique number on the internet. The minute this device gets linked to CIDR, the devices inevitably exchange information, making the devices number assignment qua Aadhaar. This leads to recognition of the transmission emanating from that device. Every such transmission has a unique electronic path which attaches by itself. This path identifies the links through which transmission is done, making every link identifiable.
Thus, as per him, it is possible to track every transaction, location as well as the broad nature of transaction of every device in real time.
Mr. Divan then established the nexus with section 57, and says that this will only deepen the extent and scope of surveillance.
Affidavits of Mr. Samir Kelekar and Mr. J D’souza
Mr. Shyam Divan then moved ahead to submit the affidavits of two technical personnel Mr. Samir Kelekar and Mr. J D’souza to demonstrate the above-explained process.
Affidavit of Mr. Samir Keleker
Mr. Divan read apart from the first affidavit of Mr. Samir Keleker which reads as follows, “The project facilitates real time and non-real time tracking of UID holders. It is quite easy to know the place and type of transaction everytime authentication take place. This would allow UIDAI or any other party to track behavior. UIDAI recommends that each point of service device should register itself with UIDAI and get a unique ID. This method of surveillance will only make the task of tracking location easier. There are other ways as well. No security is perfect. However, biometrics is a bigger problem because you can’t change them once they are lost, stolen or hacked. Let’s say for example if army personnel are using Aadhaar to take the salary and the system is hacked there could be national security concerns. “
Affidavit of Mr. D’souza
Mr. Divan then moved on to Mr. D’souza’s affidavit which stated, “I have conducted demonstrations to show the unreliability of biometrics. One demonstration was before the UIDAI officials themselves. They were shown the ease with which the fingerprints can be replicated. There may or may not be a GPS on the fingerprint device, which in either case can track location. I have examined multiple fingerprint machines. These machines can be easily tampered with to capture biometric data before the point of encryption. This is called a skimmer. These machines that are not manufactured indigenously without the machine code and source code are unknown to UIDAI. There may be a backdoor or Trojan Horse feature which can mine the data without UIDAI knowing it. These are some national security concerns. Data collected over an individual’s lifetime can soon become a tool of political blackmail which can also compromise constitutional functionaries.” He then gives an example of Jan Chrysler recently cracked down the iPhone’s biometric system as well as iris recognition.
Justice Chandrachud and Mr. Shyam Divan
After taking the court through the affidavit a series of questions were posed at Mr. Shyam Divan by Justice Chandrachud. Following is the brief of it.
Justice Chandrachud questioned the extent of which the Court can get into the questions pertaining to technical evidence. He stated that there is a distinction between the existence of a mechanism and its abuse. He sought to know whether the distinction between fingerprint on iPhone and Aadhaar is of a mere degree? He stated that “should the court second guess the decision of the executive government, especially when no system in the world is secure.”
Mr. Divan again pointed out at the affidavits and states that there is a complete mapping of the electronic path which happens in real time, thus you can track the location.
Justice Chandrachud enquired, aren’t we accepting the Google Maps tracking us, and other private co-operations?
Mr. Divan said, “when you are tracked by a state in real time it is tantamount to a police state. This is not permissible by the constitution. Google is not a state. It might be powerful, but not as powerful qua me as the state. Moreover, it is a matter of consent.”
Justice Chandrachud exclaimed, “I should have no objections to the state knowing whether I am paying my taxes or not, so there should be a distinction between collecting data and using it. If he use of data is limited to its purpose, then what is the problem with the collection? We live in times of terrorism and money laundering and welfare expenditure and this has to be balanced. I reiterate surveillance is about how data is used and not how it is collected. “
Kapil Sibbal and the Big Brother argument.
At this point, Kapil Sibal stood up to say that the actual issue is of giving the state that kind of information. He stated, “Big brother will have the information. He may use it and you won’t know it. By the time you do, he will become a bigger brother.”
Mr. Divan consented and added by stating that the whole case is about preventing the situation that a big brother is watching.
Mr. Shyam Divan; “We are no more living in Police Raj!”
Mr. Divan then read the first articulation of the right to privacy in the Indian constitution, which is Justice Subba Rao’s dissenting judgment in Kharak Singh, which was endorsed in the privacy judgment as valid.
He mentioned how surveillance constricts life and liberty and how the “shadow of surveillance engenders inhibitions upon people.”
He then mentioned cases like District Collector Vs. Canara Bank and US vs. Jones and states “we are not living in Police Raj, which is exactly the point in this case.”
Mr. Divan moved on to read Justice Sotomayor’s opinion that observes that their infringement of privacy no longer needs mere physical violations. He states how GPS data can reveal an entire profile of the individual by simply observing the places she visits. This is very future orientated and as it is surreptitious, it evades scrutiny.
He stated, “the very fact that the government is watching can chill speech and associated freedoms.” He then read the part which established that merely there is a consent to disclose some information, to some people for some time, does not necessarily mean that you have lost your privacy right over it.
Mr. Divan moved on to refer to the judgment of ECHR in Sakharov vs. Russia which involved interception of the communications.
Before he could complete, the bench rose for the day.
For more such live updates and latest legal news, discussions and a lot more follow iPleaders on facebook or twitter @lawsikho
You can also follow our website for awesome blogs and informative forums at blog.ipleaders.in
Next hearing is scheduled for Tuesday, stay tuned.