This is a record of the proceedings in the Supreme Court bench hearings on the Constitutional validity of Aadhaar, which began on Feb 13, 2018. You may read the previous days’ proceedings here: Day 1Day 2Day 3Day 4Day 5Day 6Day 7Day 8Day 9, Day 10, Day 11, Day 12, Day 13Day 14Day 15Day 16, and Day 17.

This was to be the penultimate day of Petitioners’ arguments. Mr KV Viswanathan would conclude on the topic of exclusion. Then Mr Anand Grover would address the Court on national security, and Ms Meenakshi Arora on surveillance.

Mr. Vishwanathan started with saying that government has failed to show how Aadhaar has resulted in savings. He explained the kinds of frauds possible in PDS scheme—eligibility, quantity and quality fraud. Mr. Vishwanathan said that Aadhaar-based authentication, at best, helps only in identity fraud and none of the others.

Mr. Vishwanathan explained how the statistics shown by the government regarding savings have been misleading. He said that ABBA (Aadhaar-Based Biometric Authentication) doesn’t roll out the middle man. It only puts the machine in between. He said that the studies on which the govt has relied for savings are old studies, some of which were conducted even before ABBA was in place.

Mr. Vishwanathan said that the government has failed to show that the savings and better targetting are of magnitude justifying the infringement of rights. He said it is disproportionate. He read out Selvi case in this context. Mr. Vishwanathan said that the State failed to take into consideration less invasive or alternate measures which could achieve the same purpose.

Mr. Vishwanathan read out the court’s assesment in the ECHR decision of Peck v. UK wherein examination of alternative means to achieve same object was mandatory. He said that in present case, there were less invasive alternate methods available like Smart cards and social audits under NFSA, food coupons, etc. However the State didn’t examine such alternatives, thus failing to discharge their burden under Article 21 of the Constitution.

Mr. Vishwanathan said that Aadhaar Act was drafted on the premise that privacy is not a fundamental right. It wouldn’t have have drafted this way, had it been enacted after the Puttaswamy judgment. He read the case of Belfast City Council v. Miss Behavin’ Ltd said that the legislature didn’t try to strike balance between the competing rights.

Justice Sikri said that privacy not being a fundamental right was the argument of State in the court. He asked if it can be presumed that even the legislature did not have it in mind while enacting the statute. Mr. Vishwanathan said that the provisions of the statute do not show that privacy was considered at all. Also, the government made this contention while defending the said statute in the court.

Mr. Vishwanathan referred to the misinterpretation of LokNiti order by Union and challenged cell phone linking directive by DoT on using Aadhaar for mobile verification. He said that the order in Lokniti foundation case never gave an explicit direction to use Aadhaar. He said that there’s no contract or law. And a contract between DoT and Licensee cannot be used to impose Aadhaar on him.

Mr. Vishwanathan concluded his arguments by pressing for extension even in Section 7 notifications. He pleaded with the Attorney General to not take this in an adversarial manner.

Senior Advocate Anand Grover commenced his arguments. He said that he would show:

  1. The whole architecture of Aadhaar is beyond the Act. The Act is only one small part of it.
  2. No security in place to ensure that the data remains secure and private. Allows data to move outside CIDR.
  3. Serious breach of privacy. Thus, project has to stop.

Senior Advocate Anand Grover was appearing on behalf of petitioners in the matter of Mathew Thomas v. Union of India.

Mr. Grover submitted that unauthorised and excessive data is being collected under the Aadhaar Act – vast swathes of the Aadhaar project not even regulated by the Aadhaar Act.. He further pointed out towards illegal sharing of Aadhaar data- with various State Residents Data Hub. He argued that the CIDR is protected but data is distributed at all sorts of locations which are not protected.

He referred to SRDH as his first illustration. He rubbished the suggestion of Union that all Biometrics had been destroyed. He said that government had claimed that all the data in SRDH had been destroyed. That cannot be done just be deleting it from one place and that data destruction is a complex process including harddisk shredding etc. He referred to the UK national ID project which was discarded.

Mr. Grover referred to the 2016 Strategy Overview document and how there is an admission of aggregation of transaction record. Such aggregation is unlawful and unconstitutional. He asserted that the very aim of Aadhaar is Section 57 to facilitate corporates to be able to accurately build profiles of people when all databases are seeded with Aadhaar.

Mr. Grover referred to Regulations providing for metadata collection in authentication transactions and said that is ultravires the Act also besides being unconstitutional.

Mr. Grover then questioned the risks. He gave an example of authentications done in case of a tuberculosis control programme can disclose health information of a group of individuals within that region.

Mr. Grover referred to the UIDAI app of Update Client Lite and its faculties and shows how they have absolutely no regard for access control or privacy. He said that Section 59 doesn’t save any action which ultra vires the Aadhaar Act.

Mr. Grover closed up his first proposition that there are several parts of Aadhaar project that have no sanction by law and they should all be struck down straightaway irrespective of the constitutional vires of Aadhaar Act.

Mr. Grover’s second point was that Biometrics cannot and does not work for the purpose and it is unreasonable to use for the purposes of the Act. He said that one necessarily cannot have a unique identity. He gave an example that a thumbprint can match with one person in a million. By using a thumb print and the iris both, one can narrow down but still, it will not be unique. He referred to Biometrics Standards Committee report and then the Parliamentary Standing Committee report of 2011. They knew fully well the limitations of biometrics and still continued!

Mr. Grover now came to the Parliamentary Standing Committee’ observations. He pointed out the defects that they had observed with respect to the use of biometrics. He said that it was assumed that the iris cannot be changed. However, a study shows that within three years, the quality of iris changes. He then referred to their own admission in a case wherein government had said that using the iris will result in a huge number of false matches. Further referred to a study by Dr. Hans Varghese Mathews which, for 1.2 billion of population, stated a deduplication ratio of 1/121- far too high. He referred to the Kevin Bowyer paper on Iris ageing, now referred to the face authentication and its limitations.

Mr. Grover said that biometrics results in exclusion which is violative of Article 21 of the Constitution of India. He referred next to Nandini Nayak and Shikha Nehra study published in EPW sample study of PDS and Aadhaar. He followed up with 2017 studies published by Prof. Reetika Khera.

Mr. Grover then brought up contracts of UIDAI with foreign agencies like L-1 for multi-modal biometric systems rendering it ‘insecure ab initio’. He said that these agencies had access to everything. He read the access provision- clause 3 of BSP agreement which said that these agencies shall process all personal data in accordance with the law. He said that the Act specifies that no one else is supposed to have all these information. However, these agencies had access to all the data.

He referred to various provisions in the contract. Also referred to the background of L-1 and their antecedents. Clarifies to the Bench that they had notice of this and are parties to the petition and no statement is being made where they are not in a position to defend.

Mr. Grover came to his next submission regarding security issues with the Aadhaar ecosystem. He said that there’s a complete failure to ensure the safety of data which is required under the law. He said that because of the inherent personal nature of data, the State has to ensure its protection. If it can’t ensure it, it cannot lawfully collect or retain such data.

Mr. Grover said that fingerprints can be duplicated very easily. He gave several examples where it has taken place.

Mr. Grover pointed out that the UIDAI has not stopped accepting authentication requests from unregistered devices. He highlighted the level of callousness. He said that all security measures are ad hoc. As and when a problem arises, measures are devised to cover it.

(The Bench rose for lunch. Continued at 2:30 pm.)

Mr. Grover took the court through the Aadhaar Data Security Regulations. He said that he has challenged various Regulations on the basis of excessive delegations. He asked that once interim order is passed, can the executive, by a notification, override the orders? He referred to various notifications under Section 7.

Mr. Grover referred to the case State of Bihar v. Rani Somnath Kumari that all persons are duty bound to follow the orders of the court once it has been passed for so long as it stands.

Mr. Grover then expanded on the foreign decisions. Mr. Grover’s detailed written submissions can be found here.

Mr. Grover summarized that the Aadhaar project is larger than the Aadhaar Act. UIDAI has facilitated data transfer in contravention of the Act. He further said that there is no security to the data of the individuals being collected. He submitted that Aadhaar project and section 7 has to go.

Mr. Grover concluded his submissions.

Senior Advocate Meenakshi Arora commenced her arguments on surveillance.

Ms. Arora stated that she would argue that Aadhaar makes individual identity dependent upon an identification mechanism that the individual cannot control. She said that the Puttaswamy judgment recognises that wherever there is data collection, it can result in surveillance. Her next submission was on dignity. Her last submission was the proportionality test and violation of fundamental rights.

Ms. Arora said that at the time that Kharak Singh was decided, the form of surveillance was individual and targeted. Today, targeted surveillance is a thing of the past.

Ms. Arora’s first submission referred to para 300 of Puttaswamy judgment. Justice Sikri said these things have already been discussed in details. Ms. Arora said she will present only a very nuanced submission on the matter.

Ms. Arora discussed mass surveillance and said that the ECHR in Marper recognised that it is not necessary the actual surveillance take place, but that a reasonable apprehension of surveillance causes a chilling effect which needs to be taken into consideration. Data retention, justified in the anvil of crime-prevention, was invalidated by the ECHR. She stressed that the question is not whether surveillance is happening in real time, but whether the existence of the data in that form can be used in that fashion.

Justice Sikri said that it had been argued.

Ms. Arora then discussed the ECHR case of Szabo. In Szabo, the stated justification for secret surveillance was national security and crime prevention. A similar argument has been made to justify Aadhaar for bank linking, telephones, income tax etc. In Szabo, the ECHR held that the very existence of a law permitting secret surveillance, without adequate safeguards, was a violation of privacy. In other words, a reasonable risk of surveillance, felt by individuals, is sufficient.

Ms. Arora pointed out that the State said that Aadhaar is required as a preventive measure. It is this justification that was considered and rejected by the ECHR in Szabo. In Szabo, the ECHR considered that the lack of recourse that an individual had was one ground for violation. The same is the case with Section 47 of Aadhaar, where the individual has no power to complain or file an FIR. Only the UIDAI can register complaints. She discussed the methodology applied by the ECHR, and in particular, the insistence on procedural safeguards against surveillance.

Ms. Arora said that in the cloak of mass surveillance, the democracy can be destroyed rather than being protected. Mass surveillance will result in the chilling effect due to 360° view on the individuals at all times. A system of secret surveillance that is justified on the ground that it is required to protect democracy can end up undermining democracy.

There was a brief discussion between the bench and Ms. Arora on the term “quality of law” in the European judgments. Ms. Arora said that the requirement that a law must be “necessary in a democracy” is of particular importance.

Court rose for the day.MA will continue her submissions on Tuesday, 20th March. Chief Justice of India wants petitioners to finish their arguments by afternoon Tuesday, 20th March.

Summary of hearing based on tweets by Prasanna S  Gautam Bhatia and SFLC