On Day 18 of the final Aadhaar hearing, Senior Counsel K.V Vishwanathan, continued his arguments from the previous day, stating that the Government has failed to show how Aadhaar has resulted in savings. Mr. Vishwanathan discredited the studies relied upon by the Government to show the savings, some of which were carried out even before the Aadhaar ecosystem was in place. He explained the three kinds of frauds possible in PDS scheme- eligibility, quantity and quality fraud. Aadhaar-based authentication, at best, helps prevent identity frauds and nothing else, he opined.
Mr. Vishwanathan then cited the case of S and Marper v. United Kingdom to explain how the statistics produced by the Government have been misleading. He stated that Aadhaar-based authentication does not roll out the middle man, instead it only puts a machine in between.
Citing Selvi v. State of Karnataka, he asserted that Government savings and better targeting does not justify the infringement of rights, and is hugely disproportionate. He argued that the State could have adopted less intrusive alternate measures to achieve the same purpose. In this context, Mr. Vishwanathan read out the court’s assessment in the ECHR decision of Peck v. United Kingdom, wherein examination of alternative means to achieve the same object was held mandatory. He contended that in the present case, there were less invasive measures available, for e.g., smart cards and social audits under National Food Security, food coupons, among others. However, the State failed to examine such alternatives, thus failing to discharge their burden under Article 21 of the Constitution.
Mr. Vishwanathan then submitted that the Aadhaar Act was drafted on the premise that privacy is not a fundamental right. He stated that the Act would have been drafted differently, had it been enacted after the K.S Puttaswamy judgment.
He cited Belfast City Council v. Miss Behavin’ Ltd and asserted that the legislature did not try to strike a balance between the competing rights.
At this point, Justice Sikri stated that the argument that right to privacy is not a fundamental right was taken up by the State during the Puttaswamy hearings and asked whether it would be prudent to presume that the legislature did not keep it in mind while enacting the Aadhaar Act. Mr. Vishwanathan replied that the provisions of the Aadhaar Act do not seem to show that the right to privacy was taken into consideration at all while enacting the statute. Moreover, he pointed out that this contention was made by the Government while it was defending the said statute in the court.
Mr. Vishwanathan then referred to the Department of Telecommunications directive related to mobile verification and stated that the order in Lokniti Foundation case never gave any explicit directions to use Aadhaar for the purpose of e-KYC. He further contended that a contract between DoT and Licensee cannot be used to impose Aadhaar on a third party- i.e. subscribers. With this, Mr. Vishwanathan concluded his arguments.
Next, Senior Advocate Anand Grover commenced his arguments on behalf of petitioner Matthew Thomas. His main contentions were as follows:
-
The whole architecture of Aadhaar is beyond the Act and the Act comprised only one small part of it.
-
There is no security in place to ensure that the data remains secure and private. Further, the Aadhaar infrastructure allows data to move outside the Central Identities Data Repository (CIDR).
-
The project involves a serious breach of privacy.
Mr. Anand Grover stated that unauthorised and excessive data is being collected under the Act. He further pointed out towards illegal sharing of Aadhaar data with various State Residents Data Hubs, and argued that even if the CIDR is protected, data is being distributed at all sorts of location that are not protected.
He then referred to the UK National ID project which was discarded and said that the Government had claimed that all data stored in State Resident Data Hub has been destroyed. However, destruction of data is a complicated process and cannot possibly be done by deleting data from one place.
Mr. Grover then moved on to the risks associated with the programme. He cited an example of a tuberculosis control program and stated that authentications done in this case can disclose health information of a group of people within that region.
He further stated that Section 59 does not save any action which is ultra vires the Aadhaar Act. Thereafter, Mr. Grover, went on to refute the claim that biometrics are unique and hence cannot be duplicated. He referred to the observations made by the Parliamentary Standing Committee and pointed out the defects that they had observed with respect to the use of biometrics. He also cited a study that showed that the quality of one’s iris changes within three years, thus disproving the claim that biometrics are immutable. He further referred to the Governments’s own admission in a case wherein it had stated that iris authentication will result in a huge number of false matches.
He further referred to a study by Dr. Hans Varghese Mathews which stated a very high deduplication ratio of 1:121 for 1.2 billion of population. Mr. Grover asserted that use of biometrics results in exclusion which is violative of Article 21 of the Constitution.
He then talked about the contracts of UIDAI with foreign agencies for multi-modal biometrics systems rendering it ‘insecure ab initio’. He then read out the access provision: clause 3 of Biometrics Solution Provider agreement which says that these agencies shall process all personal data in accordance with the law. Stating the dichotomy, Mr. Grover submitted that the Aadhaar Act specifically mentions that no one is supposed to have access to all this information, however, these agencies had access to all the data.
Mr. Grover then moved on to his next submission and stated that there is a complete failure to ensure safety of the data which is a requisite under the law. He contended that due to the inherent personal nature of data, its protection should be ensured and thus, if the State cannot ensure its protection, it cannot collect personal data.
He then pointed out that UIDAI had not stopped accepting authentication requests from unregistered devices, which showed their level of callousness. He submitted that the security measures adopted by UIDAI were on ad hoc basis and were devised as and when a problem arose.
Mr. Anand Grover then took the court through Aadhaar Data Security Regulations and submitted that various regulations have been challenged by him on the basis of excessive delegation. Referring to notifications issued under Section 7 of Aadhaar Act, he questioned that once an interim order has been passed whether the executive could override that order.
Citing the case of State of Bihar v. Rani Somnath Kumari, he asserted that all persons are duty bound to follow the orders of the court once it has been passed, for so long as it stands. He then went on to discuss foreign decisions.
Mr. Grover finally concluded his submissions by stating that Aadhaar project as well as Section 7 has to go.
Next, Senior Advocate Meenakshi Arora began her submissions on surveillance, stating that the Puttaswamy judgment recognizes that wherever there is collection of data, there is scope for surveillance. She talked about mass surveillance, and stated that the decision in case of S & Marper recognised that it is not the use of surveillance but also the apprehension of it that can result in chilling effect. Surveillance can give a 360 degree view into an individual’s life. Thus, in the cloak of mass surveillance, democracy can be destroyed rather than protected, she asserted. Ms. Arora highlighted the ECHR case of Szabo and Vissy v. Hungary wherein it was held that mass surveillance activities by police force violates the right to privacy, home and correspondence.
The hearing will continue on Tuesday, 20th March, 2018.
