On Day 7 of the Aadhaar hearing, Senior Advocate Shyam Divan summed up his submissions before the 5-judge bench of Dipak Misra, CJ and Dr. AK Sikri, AM Khanwilkar, Dr. DY Chandrachud and Ashok Bhushan, JJ. Shyam Divan picked up from where he left on Day 6 i.e. arguing on the affidavit filed by a fieldworker on the Jharkhand NREGA program recounting starvation deaths that occurred in Jharkhand because of Aadhaar linking failures.
Below are the highlights from Day 7 of the hearing:
Submission on affidavit on exclusion of people with leprosy:
- Shyam Divan: The issues here pertain to exclusion, death, and dignity. The reports are about extreme situations. SD says that the basis point is that in a democracy, there has to be an element of choice. There can’t be just one method of identification imposed.
- Chandrachud, J: One thing the Court needs to look at is the level of internet penetration in the country.
- Shyam Divan: The PoS machine has a memory, so if the internet fails, the machine is often taken to another place. All Aadhaar can do is stop a very limited kind of misuse (identity fraud), and there are other ways to weed out leakages.
- Chandrachud, J: The affidavit seems to show that even after Aadhaar, the citizen remains dependant on the PDS dealer. While that argument may not furnish a constitutional ground, but the argument that Aadhaar itself is causing exclusion nay furnish a ground under Article 14.
- Shyam Divan: Persons who cannot authenticate are treated as “ghosts”, and as mere statistics. He says this cannot meet the tests under Articles 14, 19, and 21. This is especially so because the system is coercive.
Submission on no option to opt out of Aadhaar scheme:
- Shyam Divan: This is crucial from an informational self-determination point of view. There must be a right to opt-out. (Reads out affidavits from people who have asked to be able to opt-out, on the ground that there was no genuine informed consent at the time of enrolment and a collective affidavit from Meghalaya from people who want to opt-out of Aadhaar.)
- Chandrachud, J: What is the position in the North-East?
- Shyam Divan: There are places where the roll-out is low, and they have been exempted.
- Shyam Divan reads out the affidavit of Rakesh Mohan Goel, a computer industry expert who went and audited enrolment centres. Below are the findings mentioned in the affidavit:
- Computer Industry people were retaining biometrics and storing them, and the UIDAI had no way of knowing.
- The biometrics of Indians are available to private entities, can be and are being stored in logs.
- Because of the architecture of Aadhaar, UIDAI has very little control over this.
- There is no way of knowing, after an audit, whether the storage is continuing or has stopped.
- Shyam Divan: When you part with something as precious as biometrics, there has to be a fiduciary relationship between you and the person taking it. How can you trust a system like this?
- Chandrachud, J: How are the authentication machines purchased?
- Shyam Divan: UIDAI has technical specifications, but the purchase is private. The point is that biometric data is easily compromisable. This is a reason why people do not want to be on Aadhaar, and why they should not be *mandated* to get into the system. While some of these leaks can be plugged, the basic design is faulty. In Surat, the biometric data of ration card holders was stored and then used to siphon off.
- Shyam Divan (Discussing the mechanism of producing artificial fingerprints): The operator’s fingerprints are cloned. When UIDAI found this out, they added iris authentication. However, the hackers then found a way to bypass that as well. Cloning of fingerprints is easy and it’s possible, and it’s been done. What is the integrity of the system, and why should anyone trust this? This is a question of my right to protect my body and my identity. If the system is so insecure, why am I being mandated to authenticate through fingerprints for every transaction? The more the database expands, given that this is a probabilistic system, the more times you will have a match. This is indicative of exclusion, and that the system is saturated, leading to unjustified rejections.
- Shyam Divan (Reading out Dr Reetika Khera‘s affidavit, who is an economist at IIT Delhi, and works on the NREGA. It speaks about biometric authentication failure at a tribal school, where those whose fingerprints were not recognised by Aadhaar, were not marked present): Firstly, these are not ghosts in the system. They are flesh and blood girls attending the school, and Aadhaar is not recognising them. Secondly, you’re creating records for an entire lifetime, starting from school. Is this not a surveillance society? Thirdly, there is no statutory sanction.
- Sikri, J: In fact later, the teachers may be hauled up for inflating numbers.
Submission on whether an individual’s body belongs to her or to the State:
- The question is, in a digital world, how do I exercise control over my body? In a liberal democratic culture, the basic value is the prohibition of slavery, which means that an individual’s body cannot be used for purposes that she does not endorse.
- If a person exists in flesh and blood, where is the question of denying her anything? This is at the core of Article 21 and the relationship between the individual and the State. In a liberal democratic culture, can the State say that “I will choose to recognise you only in this manner, otherwise you cease to exist”?
- There is no concept of eminent domain as far as the body is concerned. The body cannot be used as a marker for every service.
- The State has a legitimate interest in identifying a person, and so there could be a set of limited, narrowly tailored circumstances where you are required to give up fingerprints, such as for a passport or a driving license or a criminal investigation.
Summary of Shyam Divan’s arguments:
- Personal autonomy: Are we going to cede complete control of the body to the State? In a digital world, personal autonomy extends to protecting biometrics.
- Constitutional trust: We have created the State, and now the State trusts us as unworthy unless we cede our biometerics. The Aadhaar program treats the entire nation as presumptively criminal.
- Rule of law: Look at how this project has been rolled out.
- Surveillance and privacy
- Domination of State: If this program is allowed to roll on unimpeded, think of the domination The State will have over the individual.
Senior Advocate Kapil Sibal’s submissions:
- Kapil Sibal: If the State wants Google to give information, it will have to get a court order. Aadhaar bypasses that safeguard. You have the right to opt-out of Google, FB, Twitter. There is no such right with respect to Aadhaar.
- Chandrachud, J: This distinction may not be persuasive, because in today’s world, you have only notional consent even with respect to private players.
- Kapil Sibal: There is an important distinction between the State and Google. There are open source alternatives to Google. And even within Google, I have choices and control. There is also a further qualitative distinction. Google uses your data and that often increases your choice. Aadhaar restricts it.
- Kapil Sibal: How can Aadhaar Act, 2016 be a money bill?
- Chandrachud, J: That link comes from the Consolidated Fund of India. (P. Chidambaram to argue on this point later)
- Kapil Sibal (On deactivation of Aadhaar): Consider what will happen in the time that your Aadhaar is deactivated, and you’re trying to rectify it. This is unimplementable in a polity as large as ours. Think of how this will play out in rural India. He points to the regulation that allows deactivation for “any other reason deemed appropriate.” What kind of power is this? This is the power to cause civil and digital death.”
- Chandrachud, J: You can’t judge the validity of an act by the potential for abuse.
- Kapil Sibal: This is about how much power you are giving up to the State. In the information age, it’s not merely about “possibility” any more. It exists. (Reads out an article in the newspaper today that talks about digital payments being pushed to 1 trillion dollars in five years.)
- Chandrachud, J: How does the Court decide what level of risk is proper or not? Should the Court get into this or should it be left to the legislature?
- Kapil Sibal: I am not saying that the State will misuse it. But the information is in the public domain.
- Sikri, J: What information will the bank have when you link your Aadhaar?
- Kapil Sibal: Aadhaar has been used for banking frauds. Different principles need to be evolved in dealing with digital issues. The principles used to adjudicate other statutes don’t map with accuracy.