Senior Advocate Rakesh Dwivedi continued with his arguments before the 5-judge bench of Dipak Misra, CJ and Dr. AK Sikri, AM Khanwilkar, Dr. DY Chandrachud and Ashok Bhushan, JJ on Day 29 of the Aadhaar Hearing.
Below are the highlights from Day 29 of the Aadhaar Hearing:
- Dwivedi: It’s better to tighten the nuts and bolts of Aadhaar rather than demolishing it completely. Information is strictly confined to the purpose of authentication. Interplay of section 8 and 29 pf the Aadhaar Act, 2016 say that core biometrics are not shared. Data shared under section 29 is non biometric data.
- Chandrachud, J: Section 8(3) combined with section 29(3) means that the requesting entity will know the purpose of the authentication.
- Dwivedi: If the bench is unsure whether requesting agencies collect information that they are not supposed to then the bench should read down sections 8(3) and 29(3) to make sure that REs do not know the purpose of the authentication or collect any information.
- Chandrachud, J: A hospital may have data on an individual based on the number of times the individual has requested authentication. This can be helpful information for pharmaceutical or insurance companies.
- Dwivedi: GDPR provides no curative measures. Aadhaar Act provides enough data protection to citizens. No data protection law can provide hundred percent protection. The test should be ” reasonable, fair and just” protection. Aggregation, analysis or transfer of data is not allowed by the Aadhaar Act.
- Chandrachud, J: : What use the REs are making of the data, we don’t know right now.
- Dwivedi: We can only tackle real apprehensions.
- Chandrachud, J: Real apprehension is that elections are swayed using data analytics. These problems are symptomatic of the world we live in.
- Dwivedi: Can’t compare this to Cambridge analytica. We don’t have algorithms that Google has.
- Chandrachud, J: We can’t have a blinkered view of reality.
- Dwivedi: UIDAI does not have learning algorithms. Aadhaar Act does not authorize it. We have simple matching algorithms. The Bench should not give in to the hyper phobia that the petitioners have created. We have a powerful media and competitive interests to check any misuse of data.
- Chandrachud, J: Interface of Aadhaar with the world outside is the area of concern.
- Dwivedi: Examine the design of the Act. We don’t want any scare mongering. We want people of India to trust us. Section 28 of the Act also provides protection of information. The information will be in the control of UIDAI and will be kept secure in CIDR. Section 57 does not allow just anyone to become a requesting entity. It’s a limited exercise. UIDAI will not approve anyone to become an RE unless it is satisfied that the particular entity needs to use the facility of authentication.
- Chandrachud, J: Why are words “body corporate or any person” used in section 57? That breaks the nexus of the Act with the consolidated fund of India. What is the point of involving private parties in the Aadhaar infrastructure?
- Dwivedi: Private players are not exempt from constitutional norms. And the divide between public and private sector is narrowing.
- Chandrachud, J: Section 3 says Aadhaar is an entitlement. How did it become mandatory?
- Dwivedi: It was made mandatory by other Acts. Aadhaar Act has nothing to do with other linkages of Aadhaar except Section 7. UIDAI is mandate-neutral. The government is making it mandatory under other Acts. The bench can look at these Acts separately. Under the Aadhaar act, obtaining Aadhaar is voluntary.
- Chandrachud, J: Aadhaar can be made mandatory under a law or through a contract under section 57.
- Dwivedi: Object of section 57 is not to expand but to limit. Backing of contract is needed. Any paanwalla or chaiwalla cannot become a requesting entity. It has to be pursuant to a contract. UIDAI may still refuse an entity from becoming a requesting entity.
- Chandrachud, J: How is need for authentication decided? For e.g a taxi service or software app.
- Dwivedi: There has to be a prior contract and then uidai is approached for request.
- Sikri, J: Where is the guideline for what will be considered a “need” for authentication and what won’t be.
- Khanwilkar, J: Prior contract comes before permission from UIDAI is taken. Schedule A of the Act that outlines who call can be REs is very wide.
- The rules of IT Act 2000 and the punitive provisions of the Act are also applicable to Aadhaar data under Section 30 of the Aadhaar Act. This is further security. Anyone who attempts to gain unauthorized access to CIDR will be imprisoned for ten years. CIDR comes under critical information infrastructure.
- Aadhaar is not just an exercise to provide benefits and weed out fakes but also to bring the service providers face to face with the beneficiaries. That’s the revolutionary aspect of Aadhaar.
- None of the other identification cards are universally held in the country. These cards are only for initial identity and address proof. Nobody will give their wrong name or address when biometrics are involved.
- Aadhaar is not the panacea for all evils but the problems that were occurring on account of fake identity documents will be solved.
- Petitioners were arguing that there’s no legal mandate to store information in CIDR. RD quotes section 10 in this regard.
- Petitioners argued that we have hired foreign suppliers. Only software is used by UIDAI as licensee. The hard disks and servers belong to UIDAI. Even technicians are given access to CIDR only when there’s a problem in the process of UIDAI officials.
- Another argument that was raised was that Aadhaar is probabilistic. It is not probabilistic, but deterministic.
- Sikri, J: You have to give a proper response to that. Argument was from the exclusion angle.
- Dwivedi: Probability governs us everywhere. Nothing is certain. Just because it is probabilistic, it cannot be discarded.
- Chandrachud, J: If the probability leads to deprivation of fundamental rights, then there should be safeguards in place to ensure that this deprivation doesn’t happen. There should be an administrative machinery in place to ensure no genuine beneficiary is deprived.
- Dwivedi: I agree that nobody should be denied benefits due to authentication failure. Our submission is inclusion. Section 7 itself provides a fall back mechanism if authentication failure happens. We have to look at effective implementation.
To read the highlights from the submissions of Senior Advocate Rakesh Dwivedi, click here.
To read the highlights from the PowerPoint Presentation made by the CEO of UIDAI, click here.
To read the highlights from submissions of Senior Advocates Meenakshi Arora, Sajan Poovayya, CU Singh, Sanjay Hegde and Counsel Jayna Kothari, click here.
To read the highlights from submissions of Senior Advocates KV Viswanathan and Anand Grover, click here.