Aadhaar Day 3: The Entire Aadhaar Project Entails Invasiveness And Breaches, says Shyam Divan

In the morning session before the five-judge Constitution bench of the Supreme Court, Senior Counsel Shyam Divan appeared for the petitioners challenging the constitutionality of the Aadhaar Act of 2016 by reading out various paragraphs from the K.S. Puttaswamy v Union of Indiajudgement affirming the origin, nature, scope, sanctity and inviolability of the right to privacy.

He drew support from the judgement and characterised the right as an intrinsic pre-existing right derived from the right to life and liberty (Article 21 of the Constitution).

While constructing the basis of his arguments Mr. Divan drew the attention to the court to informational privacy as an aspect of this natural right mentioned in the judgements of Justices A.M. Sapre and Chandrachud. He proceeded to emphasise that Justices Nariman and Chandrachud had already in that judgement also held that economic rights do not precede civil and political rights.

Mr Divan stated that restrictions to right to privacy had to be justified by a valid law that is just, has a legitimate objective proportional with the infringement of the right and that the Aadhaar Act restricting right to privacy had to be tested on the same touchstone.

The second session of the Aadhaar hearing post lunch began with Mr. Divan referring to different provisions of the Aadhaar Act, beginning with the statement of objects and reasons regarding the rationale behind identifying beneficiaries and having identity proofs, apprising the court of his intention to comment only after having highlighted the relevant provisions of the statute.

He highlighted the ambiguities and the jeopardy to data security inherent in the definitions in the Act and noted that the definitions of “authentication process” and “authentication record” were such that the time and the identity of the requesting entity both were recorded, the definitions of biometric information and core biometric information both were open-ended. Moreover, the definitions of ‘’enrolment agencies” as well as “Registrar”, privatised the system as both didn’t necessarily have to be government bodies.

The absurdity of the criteria for defining “resident” as someone who lived in India for at least 180 days within the last year was also brought to the court’s notice, while the definition of “enrolment” making the Aadhaar number a rightful entitlement and not a mandatory obligation along with the probabilistic nature of the authentication process was reiterated. Mr. Divan further argued how the counselling provision incorporating the element of informed consent into the project would be rendered redundant if Aadhaar were to be mandated. He went on to cite provisions of the Act to show that the procedure for enrolment was not secure for lack of oversight and succinctly observed that as the Act itself mentions that biometric data is susceptible to change over time, the project can no longer purchase the claim to uniqueness. In an absolute denial of an individual to identify herself using an alternative mechanism, the Act allows the Aadhaar to be compulsory for receiving the benefits of services.

The counsel brought the attention of the court to documentation in the record submitted regarding the dangerous ramifications of the possible contracting out of the security of the database by the UIDAI. Mr. Divan also raised the point that the UIDAI’s power to deactivate any Aadhaar number was akin to the denial of a person of her civil rights and identity.

Justice Chandrachud tried to draw a distinction between alleging the breach of a statutory provision and challenging the constitutionality of the statute to which the lawyer explained that the challenge to constitutionality of the statute was based on its sanctification of the Aadhaar which did not harmonise with the free democracy envisaged by the Constitution.

At this point in time, Justice Chandrachud clarified if the counsel would be arguing both regarding the unconstitutionality of the statute and plugging of breaches of its provisions, the answer to which was foregrounded by Mr. Divan in an individual’s right to make a choice and identify herself as she pleases within the limits of reasonability. Chief Justice Deepak Misra made multiple observations regarding the fulcrum of the case and senior advocate Kapil Sibal astutely pointed out that a single form of identity, serving as a basis for multiple benefits, in an increasingly networked world was worryingly unsafe.

Emphasising the power of the State vis a vis an individual, Mr. Divan argued in response to Justice Sikri’s observation regarding the extent of the Aadhaar that it enabled a surveillance state to operate at the cost of an individual’s choice to identify alternatively to preserve the faith between an individual and the State, even when biometric data was only probabilistic in nature.

In response to Justice Chandrachud’s observations that in the status quo of networking, personal information is already compromised without much of a choice left to the individual by sharing it with private parties, Mr. Divan noted that private parties always leave the option to opt out with the individual. The Act also deprives the individual of any right to complain in case of non-compliance and vests this power solely with the UIDAI. Delegated rules and regulation making provisions within the Act were also criticised.

He also expressed anxiety over the provision permitting the government to secure the data on account of a public emergency and reminded the Court of the country’s history in that regard. Justice Sikri questioned Mr. Divan regarding only parting with the number and not the biometrics, to which Mr. Divan replied that an individual should have the choice to not have her personal information dispersed in this fashion, especially when other data in the public domain when used with the Aadhar number could potentially compromise private information.

Justice Chandrachud claimed that the biometric information was to remain entirely with the Central Identities Data Repository (CIDR) which was denied by the counsel citing examples of skimming off of fingerprints after which the Bench concluded hearing the matter for the day.