In October 2015, a 3-judge bench of the Supreme Court of India referred challenges to the Aadhaar program to a constitution bench. One of the primary concerns of this petition was to decide on the existence of a fundamental right to privacy, which has since been upheld. Other similar petitions, concerned with the legitimacy of Aadhaar had been tagged with this petition. While the existence of the fundamental right to privacy has been upheld, challenges against the Aadhaar programme and linking services to this programme were yet to be adjudicated upon.
An interim order was passed in December of 2017, a summary of the arguments can be found here and here.
The final hearing commenced on January 17, 2017. Summaries of the arguments advanced in the previous hearings can be found here.
Senior Counsel Meenakshi Arora continued with her submissions.
She stated that the collection of data under the Aadhaar project was grossly disproportionate. She also stated that the collection and retention of data should be subject to purpose limitation, in the absence of which mass surveillance and profiling could become prevalent.
She referred to the case of Digital Rights vs. Ireland discussing the effect this judgment had on the retention of metadata.
She stated that the the law required the service provider to retain the communication and not the content of the communication. She also referred to excerpts wherein the data retained made it possible to identify users and communication equipment. In addition she stated that the data taken as a whole allowed precise identification, including daily movements and other sensitive information. She stated that if a citizen had the ‘feeling’ that their private lives were likely to be surveilled, it should be enough of a concern.
Moving on, Ms. Arora discussed the difference between general warrants and specific warrants. She stated that the Aadhaar Act was in the nature of a general warrant, and not a specific warrant. Referring to Justice Nariman judgment in Puttaswamy vs. Union of India, she stated that general warrants were considered to be ‘bad’ and that ideally a warrant should be specific in nature.
She then discussed the cases Szabo vs. Hungary and a case by the German Federal Court. Referring to the latter, she stated that the German Court held that 6 months was too long for data to be stored, comparing it to Indian standard of 7 years.
Referring to a judgment by the German Constitutional Court, she stated that storing communication without cause would create the apprehension of being watched.
She then moved on to discuss a United Nations General Assembly resolutions (16th November, 2016), stating that while metadata could provide benefits, certain kind of metadata could reveal sensitive information.
She then discussed Puttuswamy vs. Union of India, stating that there was no place for a ‘big brother’ in this democracy. Referring to an affidavit filed, she stated that surveillance by the CIDR with the use of aggregated data from the Aadhaar project was a possibility.
She stated that this form of surveillance could only take place in a state that does not follow the law. She stated that laws should be formulated in a way to ensure that those elected in the future cannot abuse their power. She stated that protection was not meant to be immediate, but long lasting.
She also stated that the collection, aggregation and retention of data on a mass scale had no purpose for Aadhaar. This conclusion could also be reached at by applying the general/specific warrant test and the proportionality test.
She questioned the validity of a national legislation which covered, in a general manner, all subscribers as generalised users. She stated that there was no stated objective for the same and no strict necessity either. Further on the issue of necessity and proportionality, she questioned if it was proportionate to link a large number of services to Aadhaar.
Referring to Section 7 of the Act, Ms. Arora discussed the proviso with regard to alternate means of identification. She questioned why alternate forms of identification would not be good enough for benefits and subsidies, since they were good enough to procure Aadhaar identification.
Chief Justice Misra commented on the interpretation of these provisions, stating that they the petitioners were ‘reading up’ the provision.
Ms. Arora went on to discuss the Canara Bank judgment. She also discussed the absence of data protection and security provisions and its effects on the Aadhaar project. Referring to a UN document, she stated that individuals often do not provide explicit and informed consent and that sharing of sensitive data had become increasingly common.
Further, she went on to discuss judicial supervision in the context of the Act and the ‘political nature of the authorisation’.
She also discussed the chilling effect the Aadhaar project had had on the exercise of fundamental rights. Further, she discussed Bentham’s Panopticon model and the nature of a surveillance state. She also referred to the creation of an asymmetry of knowledge, and the state aiding in the creation of docile bodies.
Lastly, she stated that the Aadhaar project infringed on the right to dignity of an individual and that the Magna Carta recognised that every human being was entitled to an identity. She stated that in this system, citizens did not have control over their own identities. She commented on Aadhaar being the sole means of identification and stated that it altered the relationship between the state and its subject.
Senior Counsel Meenakshi Arora concluded her arguments and Senior Counsel Sajan Poovayya commenced his arguments.
He started off by referring to a 1983 German federal court case on data submission and discussed ‘compelling state interest’ in this regard. He stated that when the same legislation was in the domain of ‘brick and mortar’ it would be viewed differently than a legislation about different technology.
He then discussed the shift in technology over decades and the perils of the Aadhaar Act. He stated that technology disrupts itself often, and new technology comes into force. He stated that even assuming that there was a compelling state interest in Aadhaar, the interest would be that the resident has to receive subsidies. He stated that the there was no need for a precise identity for the use of subsidies from consolidated funds. Lastly, he stated that the interest had to be achieved in the least intrusive manner.
He briefly discussed the case of Chintaman Rao.
The discussion then moved on to biometric information. He stated that assuming that biometrics were a good form of identification, it would still be problematic for the Aadhaar programme because the best technology is meant to be the least prescriptive. Drawing on the instance of a credit card, he stated that credit card chips can store data in a much more credible way and is a cost-efficient alternative as well.
He stated that similar to information stored on a credit card chip, biometric information could be stored on an external chip as well. At the time of availing subsidies and benefits, these cards could be produced and the person could place their thumb print and verify through the chip. He stated that that seemed to be the least intrusive method, since personal information would remain with the individual and not in a centralized database. Referring to the 9 judge bench decision of Puttaswamy vs. Union of India, he stated that informational self determination was an important consideration and that the use would have to be limited to a specific purpose for self determination to be intact.
Further on this issue, he stated that the test was not possibility of misuse, rather the consideration was seeking lesser intrusive ways to collect information.
He referred to the failure rates of the Aadhaar programme, stating that the probability test would become much more certain when only the thumb prints were on the card.
He moved on to his second submission, questioning if biometric methodology was the only methodology in use. He stated that certain forms of biometric identification had been long in use, and that there seemed to be limited compelling state interest to mandate biometric identification.
He also stated that under Section 57, what construes biometric data can be amended too. Further he stated that seemingly ordinary practices could become intrusive in the technological world. A legislature could permit more intrusive ways of identification, Mr. Poovayya illustrated the case of DNA or bone marrow being used in the future.
Referring back to a German decision from 1983, he stated that the speed of computation technology has grown exponentially from millions to billions. Citing this case, he explained the difference between personal data being collected as opposed to statistical data.
He also stated that the Aadhaar programme was not the same as the census, since the Parliament would only allow government servants to deal with data. He questioned why personal data in the Aadhaar programme was not afforded this kind of protection.
Lastly, he also discussed handing over sensitive personal data to software companies and data retention policies.