On Day 8, Senior Advocate Kapil Sibal continued his submissions before the 5-judge bench of Dipak Misra, CJ and Dr. AK Sikri, AM Khanwilkar, Dr. DY Chandrachud and Ashok Bhushan, JJ on the issue of misuse of the Aadhaar Scheme. On Day 7, Senior Advocate Shyam Divan concluded his 6 and a half day long submissions and said
“If this program is allowed to roll on unimpeded, think of the domination the State will have over the individual.”
Below are the highlights from Day 8 of the hearing:
Submissions on misuse of Aadhaar:
- Kapil Sibal: I am not talking about the State abusing Aadhaar, but how Aadhaar makes everyone vulnerable. He says that vulnerability is where the violation of rights comes in. Why should anyone know where I am flying to?
- Sikri, J: Most of us our frequent flyers and our flight information is anyway stored by the airlines.
- Kapil Sibal: But that is only with the airline. It was because of the perils of storage of information that the UK destroyed its national biometric identity program.
Submissions on the technical aspect of Aadhaar:
- Kapil Sibal: The first issue is that of centralisation. UIDAI claims it is secure because it is federated. (Cites an RBI report that identified the CIDR as “a single point of attack” and a “single point of failure.”)
- Chandrachud, J: I agree that theoretically, every centralised database can be hacked. But this is not necessarily a statement of vulnerability, but the acknowledgement that you need to take care.
- Kapil SIbal: Yes, there need for safeguards that protect the system.
- Kapil Sibal: Unlike smart cards, most biometric readers in India can be defeated by a child using fevicol and wax. With smart cards, there is no centralised database that can be compromised. Any leakage of biometric data is permanent. If there is no knowledge of when the biometric data is stolen, it will be difficult to trust future transactions.
- Sikri, J: These days phones have fingerprints and iris authentication.
- Kapil Sibal: That is only stored on the phone.
- Sikri, J (Smiling): We understand that distinction.
- Kapil Sibal (talking about recent Airtel scam involving Airtel payment accounts): UIDAI itself has acknowledged these issues by releasing L0 and L1 security standards, but many machines still don’t meet that standard. In fact, the State Resident Data Hubs have no security of any sort
- Kapil Sibal (On perils of face recognition):
- There is an important question of who owns the biometric data, and that there is nothing in the law that defines this.
- The margin of error increases with the increase in the size of the database. The larger the database, the more the rejections. At 1 billion, it’s 1 in 146 rejections. So basically, the UIDAI will decide who are the ghosts and who aren’t.
- Kapil Sibal: UIDAI claims that replay attacks will be dealt with like you deal with forged credit cards. He asks “but where will you find the evidence from.”
- Kapil Sibal: Aadhaar impacts federalism. The exclusions caused due to Aadhaar violates the right to equal treatment. It disproportionately impacts people who are aged, people engaged in manual labour, disabled people, and so on. This is a specific issue with biometrics, as opposed to smart cards. What might be appropriate for fighting crime and terror is inappropriate for the daily interactions between citizen and State. The Aadhaar Act contemplates breaches.