On day 28 of the final Aadhaar hearing, Additional Solicitor General, Tushar Mehta resumed his submission on the defence of Prevention of Money Laundering Act (PMLA) and the Prevention of Money Laundering (Maintenance of Records) Rules. He contended that the new rule that mandates furnishing of Aadhaar number to open a bank account is not ultra vires the Aadhaar Act. Also, there is no challenge with respect to the PMLA rules being ultra vires the PMLA. To this, Justice Sikri remarked that Rule 9(4) [where the client is an individual, he shall for the purpose of sub-rule (1),submit to the reporting entity, one certified copy of an ‘officially valid document’ containing details of his identity and address, one recent photograph and such other documents including in respect of the nature of business and financial status of the client as may be required by the reporting entity] is challenged on the ground of proportionality. He asked what is the the need to make Aadhaar compulsory for operating a bank account when there are other officially valid documents available as mentioned in the Rules. Mr. Mehta said it was done to prevent impersonation.
Further, J. Chandrachud asked Mr. Mehta to respond to Mr. Datar’s contentions: PMLA rules are ultra vires the Act; there is no provision under PMLA to render a validly opened account non operational; why is Aadhaar linking extended to mutual funds and insurance policies as well. Justice Sikri commented, “Anyone can become a reporting entity under the PMLA, not just banks. How is this proportional?” Mr. Mehta answered that the State follows zero tolerance policy when it comes to money laundering and that public interest is interest of the nation in this case.
Next, J. Chandrachud questioned the rule that an existing bank account will become non operational if Aadhaar is not linked within six months. Mr. Mehta in reply said that the bank account will not permanently close but will be non operational till Aadhaar is linked. Chief Justice of India (CJI), Dipak Misra and J. Bhushan at this point ask how is blocking an individual’s bank account not in violation article 300A of the Constitution. Mr. Mehta answered that it is a reasonable restriction. J. Chandrachud remarked that the penal consequence of not linking Aadhaar with bank account is not authorized under PMLA and the Act only talks about verification of bank accounts. Therefore, this might be an overreach. Mr. Mehta replied that the rules are part of the Act and the penal consequence is just an ancillary provision which can be provided by the rules. He contended that not only the plenary law is considered with resect to “procedure established by law” under Article 21 of the Constitution but also the rules. He also asserted that freezing of bank account is not a penalty but just a consequence. The point of such a consequence is so that money launderers render their account non operational. J. Sikri disagreed with Mr. Mehta’s argument and remarked that the consequence is in the nature of a penalty as it leads to deprivation of one’s property. CJI Dipak Misra commented that the bench is only interested in knowing whether the consequence is mandated under law or is it an overreach. Senior Advocate Rakesh Dwivedi interjected and said that Aadhaar is just a condition for opening a bank account and the continuance of it and given the problems the nation is facing, it is important to re-verify existing bank accounts.
Mr. Mehta then stated that terror financing destroys the root of our democracy and threatens national security. Furthermore, there are huge cross border implications and such menaces happens both in India and outside India. Accordingly, it was important to link bank accounts with Aadhaar. In this regard, Mr. Mehta mentioned that the scheme of the PMLA is three fold: (a) zero tolerance towards money laundering; (b) curbing black money; and (c) for money to reach actual beneficiaries; and that while there would be minor inconveniences to some citizens, it was ultimately in the best interest of the nation. Mr. Mehta concluded his arguments by asking the bench to weigh public interest and ‘perceived privacy’ before taking a decision.
Senior advocate Rakesh Dwivedi began his submissions by admitting that he hasn’t felt like he’s being surveilled and that people have voluntarily signed up for Aadhaar. Mr. Dwivedi also mentioned that while lawyers may not qualify for targeted delivery of benefits, they have nevertheless signed up for Aadhaar for the sake of having a single identity.
Mr. Dwivedi then stated that the government has ample means to conduct surveillance and did not need Aadhaar for this purpose. In this regard, Mr. Dwivedi cited the example of the master circular of the CBI which allowed for monitoring of bank accounts. Mr. Dwivedi went on to state that the petitioners are using rhetorics to rubbish Aadhaar and further emphasized that Aadhaar was not required for conducting surveillance. To this, J. Chandrachud replied that technology was a very powerful enabler of mass surveillance and that elections in countries are being swayed wit the use of data and technology. In reply, Mr. Dwivedi stated that we can’t compare the algorithims of Google and Facebook with the technology of UIDAI. While J. Chandrachud mentioned that the Aadhaar Act does not preclude UIDAI to acquire such technology, Mr. Dwivedi replied that this would be an offence under Section 33 of the Aadhaar Act.
Mr. Dwivedi went on to state that the only purpose of Aadhaar is authentication and nothing else, and that there is no power provided under the Aadhaar Act to analyze date. Even meta data is limited, but such meta data is of authentication records and it does not reveal anything about an individual. Mr. Dwivedi explained that meta data consists of the authentication request, the result of the authentication and the time of authentication only. To this, J. Sikri replied that such data is enough to reveal a lot about an individual. However, Mr. Dwivedi answered that the authentication request will show from where the authentication request came but there would be no way to know the location from where it came. Also, the identity of the person requesting such authentication would not be revealed.
J. Chandrachud then explained that the requesting entity can store the data in view of the fact that there is no robust data protection law. Furthermore, commercial information about an individual is a gold mine and hence, surveillance doesn’t have to be interpreted in the traditional sense. To this, Mr. Dwivedi replied that millions like himself did not care about privacy. However, J. Chandrachud replied that while giving fingerprints for a limited purpose is okay, storing fingerprints in a central database for the purposes of authentication is a problem. Mr. Dwivedi explained that biometrics are encrypted and such data is not shared with anyone, and that even the EU data protection law did not have the kind of protection that the Aadhaar Act has. Accordingly, there is no reasonable expectation of privacy with respect to demographic information since most of that information is already in the public domain.
Mr. Dwivedi then went on to state that he understands if people have a problem with the implementation and enforcement of the Aadhaar Act but there is no problem with the law and technology. To this, J. Chandrachud explained that the problem lies in Section 29(b) of the Aadhaar Act which allowed sharing of daata with third parties by the requesting entities. To this, Mr. Dwivedi replied that Section 29(1) bars the sharing of core biometrics completely and therefore, Section 29(b) should be read in the context of Section 29(1). J. Chandrachud answered by saying that the Aadhaar Act has gone beyond the Section 7 benefits which was a major concern. Furthermore, Section 29(3) uses the word ‘identity information’ which seemed to suggest that even biometrics could be transferred.
With this, the bench rose for the day with arguments to continue on 17th April 2018.
