In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.
Senior Counsel Shyam Divan started off by referring to the relevant portions of the Supreme Court’s judgment on the right to privacy (Puttaswamy vs. Union of India) to highlight how the implementation of the aadhaar programme pose a serious threat to the right to privacy of the citizens. He concluded by stating that privacy has always been a fundamental right and the correct position has been established in decisions subsequent to Kharak Singh v. The State of U.P. & Ors.
He summarized the crucial elements of the privacy judgment in two pages, which he submitted to the court. Following are the takeaways that he submitted:
- Privacy is a natural right and is therefore alienable. It is a condition precedent to the enjoyment of any other fundamental rights and it includes the right to control the dissemination of information regarding ones identity.
- Privacy is a postulate of human dignity.
- Privacy is integral to the enjoyment of liberty and freedom. It is a foundational right and not derivative and it cannot be lost or surrendered merely because the person is in a public space.
- Privacy has both negative and positive components. The negative component protects individuals from state whereas the positive component casts a duty upon the state to protect individuals from the infringement of their right by private actors.
- Privacy is not an elitist concept.
- Integration of different sets of data can pose a threat to freedom.
- Privacy can only be curtailed by a law which satisfies the proportionality and legitimate purpose requirements.
- Rule of law has to protect the rights.
Mr. Divan then took the court to the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (Aadhaar Act / Act). He read out the statement of objects, preamble and the short title. Then he moved to the definitions clause. He stressed on the definitions of “authentication” and “authentication record” and pointed out that both the time of authentication and identity of the requesting entities are required to maintain an authentication record.
Next he moved to the definition of “benefit” and highlighted that it does not necessarily have to be from the government. He also pointed out the open-ended nature of the definitions of “biometric information” and “core biometric information”.
Then he moved to the clause defining “enrolling agency” and indicated that the system remains privatized even after the enactment of the Act. He restated the risk of the privatization scheme by pointing out that close to 40,000 operators were blacklisted in 2017. He then directed the court’s attention to the definition of “registrar” and pointed out that similar to the pre-statute regime, the registrar need not be a government body. He also indicated that “requesting entity”, mentioned in s.2(d) and defined in s.2(u), need not necessarily be a government entity or department thereby enabling even private agencies to submit demographic and biometric information to Central Identities Data Repository (CIDR) for verification. He also discussed the definition of “resident” and the statutory form that is to be submitted by a resident and identified that it is a self-declaratory form with no verification to ensure that the applicant is actually a resident. He raised this as the first flaw of the statute. He also pointed out the open-ended nature of the definitions of “service” and subsidy”.
Mr. Divan next took the court to s.3 of the Act on enrollment and pointed out that the words used are “shall be entitled to obtain”. He argued that this indicates that it is the right of the resident to obtain an aadhaar number and not an obligation. He further stated that the entire regime under s.3(2) was established post 2016 and therefore there was no requirement of counseling for all the aadhaar number issued prior to that. He also argued that the concept of informed consent, reflected in the counseling requirement, would become completely illusory if Aadhaar is held to be mandatory. He also reiterated the probabilistic nature of the authentication process.
He then moved to s.4 and argued that the whole enrollment process is compromised. He further stated 49,000 enrolments were cancelled which questions the integrity of the whole process. He also indicated that s.4(3) enables an aadhaar number to be used as a proof of identity for “any” purpose. He also argued that the whole idea of uniqueness of the data on which the whole process is based is compromised by the fact that biometric information changes over time. Next, he discussed s.7, which effectively allows aadhaar to be made mandatory for receipt of certain benefits and services and stated that this deprives an individual of her right to identify herself in a reasonable alternative manner.
Mr. Divan then moved to Chapter IV of the Act and discussed the vast powers that have been granted to the Unique Identification Authority of India (UIDAI). He stated that the power of the UIDAI to contract out the security of the database raises a lot of security concerns. He also raised concerns with the UIDAI’s power to deactivate an aadhaar number which would effectively deprive an individual of her civil rights. He also pointed to s.23(3) which allows UIDAI to enter into agreements with both public and private entities to perform any of its functions.
Mr. Divan then moved to Chapter VI of the Act, which deals with protection of information. He stated that all the information that the Act requires to be kept secure has already been shared.
Justice Chandrachud asked how the breach of a statutory provision affects the constitutionality of the statute itself. Mr. Divan responded that the Aadhaar programme is unconstitutional due to its invasive nature and that it cannot reconcile with free and open democratic society. Therefore, he stated, an Act that supports such a programme is also unconstitutional. He said that this argument will be developed further.
Justice Chandrachud said that there are two possible claims. First, the programme itself is unconstitutional. Second, there have been breaches. He asked if Mr. Divan will argue on both the points. Mr. Divan responded that democracy entails choices and trust and therefore the key question is whether an individual is entitled to protect herself by making a choice about which method is to be used to identify herself. He stated that the breaches will help to substantiate this claim regarding choice. He also mentioned that if the system in its current form is upheld, it will result in a complete surveillance state as the architecture of the whole system enables it.
Justice Chandrachud raised the point that even in the absence of aadhaar, currently we are living in an extremely networked society where we are already sharing information with private entities. He asked what effective change would the interpolation of an aadhaar number bring about in the present situation. Mr. Divan responded that he will address it in detail.
The Chief Justice formulated a set of propositions on which the case is based and Mr. Divan agreed that it is mostly accurate.
Mr. Kapil Sibal raised concerns regarding the extent to which the state should be allowed to seek information under one umbrella and also the extent to which information is shared with private entities.
Mr. Divan resumed to go through the statute. He indicated how under s.47 an individual has no locus to make a complaint. He then moved to s.48 which enables the government to take control over the entire record in light of a public emergency and cited this as a cause of concern.
Justice Sikri asked what the harm would be in giving just the aadhaar number without any biometric information. Mr. Divan responded that the number when combined with other information publicly available could be compromising.
Justice Chandrachud pointed out that biometric information remains only with the CIDR. Mr. Divan responded that it is not correct and cited examples of mobile network operators collecting fingerprint while issuing SIM cards. He said that he will address it in detail in the next hearing.
The hearing will continue on 24th January, 2018.