Aadhaar hearing: Petitioners argue that Aadhaar is an RTI Act for the State and violates right against self-incrimination

On Day 7 of the Aadhaar hearings, Shyam Divan concluded his arguments for the petitioners, arguing on the unconstitutionality of exclusion via Aadhaar, and the violation of the right to bodily integrity through the use of biometric data. Thereafter, Kapil Sibal commenced his arguments for the petitioners, equating the Aadhaar Act to an RTI Act for the state, giving the state unfettered access to people’s data, and violating people’s constitutional right against self-incrimination.

Representational image. Reuters.

Representational image. Reuters.

Unconstitutionality of Aadhaar-based exclusion

First, the petitioners continued their argument from the previous session that with Aadhaar, the people don’t have an option to authenticate. This choice, they argued, is a basic requirement in a democracy. Several examples were cited pointing to exclusion via Aadhaar, including diversion of pension based on the wrong Aadhaar being linked to accounts, denial of rations which have led to starvation deaths like the case of Santoshi, and even cases where school children were denied attendance because their fingerprints didn’t match. The petitioners argued that this was a question of exclusion, death and dignity of the people.

The Bench observed that this exclusion caused by Aadhaar is a ground for violation of Article 14, the right to equality, indicating grounds for its unconstitutionality.

The Bench also pointed here to the lack of internet penetration in the country, and the issues created thereby. The argument was concluded that people were treated as ‘ghosts’ simply due to their inability to authenticate, which was a violation of Articles 14, 19, and 21 of the Constitution. This is only amplified by the fact that the Aadhaar system is coercive.

People want to opt-out from Aadhaar

The petitioners went on to argue against the lack of an opt-out from the Aadhaar system, submitting affidavits from people who wanted to do so. Aadhaar enrollment also is particularly low in the north-east, leading to a demand for an opt-out from there as well.

Biometrics and the violation of bodily integrity

Turning to the use of biometrics and its constitutionality, the petitioners presented an affidavit by a technical expert, who had conducted a cybersecurity audit of enrolment centres. This affidavit pointed to how these centres were illegally retaining and storing biometric data, a fact that neither the people nor UIDAI was aware of. They attributed this lack of control over such entities to the very architecture of Aadhaar. Moreover, there was no way of knowing if, even after the audit, this practice was continued or stopped.

Arguing further on the risks to this data, the affidavit enumerated 6 ways of hacking. This, the petitioners argued, impacted people’s right to control information on themselves, and violated their right to bodily integrity.

The recent example of the scam in Surat was also cited in support of the compromise-ability and misuse of biometric data. Pointing to the ease with which fingerprints can be cloned and faked, and on the bypassing of iris authentication by reverse engineering, the petitioners argued on why people were being forced to authenticate through biometrics via such an insecure system. Attention was also drawn to the 49,000 operators that were blacklisted.

6 crore enrolments rejected as duplicates

Again pointing to the insecurities of biometric data, an RTI reply from 2017 was cited which stated that 6 crores, 27 lakh enrolments were rejected as duplicates. The petitioners argued that it isn’t possible that such a large number of people queued up to defraud the nation. This example was used to draw attention to the issue of false positives, which leads to unjustified rejections. This again points to the probabilistic nature of biometric authentication.

The key question asked by the petitioners was that in the digital world, how does one exercise control over their body? This question is particularly relevant taking into account the fact that this system puts people’s fingerprints and other biometric data into the digital world.

Can the government choose only one authentication method?

Lastly, the petitioners questioned the government’s right to choose to recognise people via one method only. They argued that the body cannot be used as a marker for every service. The State may have a legitimate interest in identifying a person via fingerprints, but for a limited purpose like passports or a criminal investigation. They argued that personhood follows from being alive, and not from registering oneself with a central database.

Aadhaar an RTI Act for the State

After this, Kapil Sibal commenced his arguments for the petitioners, arguing that Aadhaar is the equivalent of the Right to Information Act for the State for information on the citizens. It was argued that any statement that the technology was safe is false, since all technology is unsafe. Moreover, this technology transfers the power of information to the State, emphasising its impact on current and future generations. To emphasise the importance of this power, the Bench was asked to reflect on why powerful corporations like Google and Uber had few other assets apart from information.

Returning to the lack of choice, it was argued that Article 21 has choice at its heart, and this was violated by not giving people a choice of the means of identification. It was argued that people’s thumbprint was their property, and could they be forced to part with it without reciprocal safeguards.

Violation of the right against self-incrimination

It was argued that the Aadhaar system violated not only Articles 14 (equality), 19 (freedom), and 21 (right to life and liberty), but also 20(3), which is the right against self-incrimination, or a person’s right not to provide evidence against himself. A note was also made of the storage of metadata with the CIDR, data which is most revelatory of a person. It was argued that when the Aadhaar system extracted all of a person’s information, this nullified this right.

Summing up on the risks, it was further argued that the move from an information economy to information polity has far-reaching effects on rights that are constitutionally protected. Information is the market now, and Aadhaar is seeking the behavioural patterns and preference of 1 billion Indians on a platter. It was argued that normally, a warrant was required to get information from an entity like Google, and this was bypassed by the Aadhaar system.

At this point, the Bench, yet again, drew notice to the fact that an Act cannot be questioned on its potential for misuse. To this, the petitioners argued that the issue was with the amount of information being given up to the state. In the digital age, they argued, this was not a mere possibility anymore, but a reality.

After this, discussion on various sections of the Aadhaar Act and rules commenced, including on Section 57 and Section 7 of the Aadhaar Act.

The arguments for the petitioners will continue tomorrow.

Sources of the Arguments: Live Tweeting of the case from the Twitter handles @SFLCin, @prasanna_s and @gautambhatia88

Read our past coverage of the on-going Aadhaar Supreme court hearing:

Aadhaar hearing: Petitioners argue on centralisation of data and challenge Aadhaar’s claims on savings

Aadhaar case: Why SC needs to look into technical evidence of Aadhaar’s surveillance capabilities

Aadhaar hearing: Lack of governmental ownership of CIDR’s source code can have serious consequences

Aadhaar hearing in Supreme Court: Will State give citizens rights only if they agree to being tracked forever, asks lawyer Shyam Divan

The author is lawyer specialising in technology laws. She is also a certified information privacy professional.

Published Date: Feb 07, 2018 14:57 PM | Updated Date: Feb 07, 2018 14:57 PM