On Day 5 of the Aadhaar hearings, senior counsel Shyam Divan continued the arguments on behalf of the petitioners. The surveillance argument was continued, with the citing of supporting case laws, and technical evidence of data aggregation as well as on the State Resident Data Hubs (SRDH) being presented today. The Bench, looking at most of these arguments, emphasised the benefits of Aadhaar, such as with weeding out fake beneficiaries. The Court stated that a balance would have to be struck between the state’s interest in disbursal of welfare benefits and privacy concerns with aggregation of data.
Lack of adequate remedies
Continuing the surveillance argument from last week, the petitioners continued citing landmark international judgments on surveillance. One such judgment is the European Convention on Human Rights (ECHR) ruling in Zakharov v. Russia, which ruled that the surveillance law in issue in the case was violative of privacy due to the lack of safeguards and ambiguity in its provisions. The Bench pointed to an important aspect of this case, where this ruling was given by the ECHR despite the fact that the petitioner, in that case, was not himself a victim of surveillance under the law.
A key issue was the lack of adequate remedies under this law. This was despite there being some criminal remedies under that law, because an injury or an actual privacy violation had to be proven in order to exercise the remedies. This point lends support to the argument on the lack of adequate remedies in the Aadhaar Act. This also supports the need to prevent a potential violation of privacy.
Proportionality with data collection
The Zakharov case further held that in view of the risks that surveillance has of undermining democracy, the necessity for carrying out the surveillance must be demonstrated. This leads to the next argument, on proportionality, or the need to ensure that the amount of data collected is proportional to the purpose for which it was collected.
Another case, Digital Rights Ireland v. Minister of Communication, was cited, which found that a generalised direction allowing all persons and all means of electronic communication to be intercepted, without any differentiation for fighting a serious crime, was not proportional to the objective sought to be achieved. The Directive was found to infringe the fundamental rights of an entire population.
Mere retention is a violation
An interesting case that was cited was S and Marper v. UK, which questioned the retention of DNA and fingerprint samples even when the case had resulted in an acquittal. A common argument in support of Aadhaar is that there is no harm in retention of data, so long as it is not used for surveillance. While the UK court, in this case, held that mere retention was not a violation of privacy, the ECHR held that the blanket and indiscriminate retention of data, even of people who had not committed or were not suspected of a crime, was a disproportionate interference with privacy. It did not strike the appropriate balance between individual rights and social goals.
The SRDH databases
Next, the petitioners drew attention to the UIDAI’s affidavit, which stated that neither the UIDAI nor any agency will be able to use Aadhaar to track or surveil and that there would be no 360-degree view of an individual.
They then drew the Court’s attention to the UIDAI’s document on the Institutional Framework for State Resident Data Hubs. These, as per the document, was envisaged by the UIDAI to provide states with the ‘ability to manage resident data’. The SRDH databases contain Aadhaar data, including demographic and biometric data, as well as local data from other sources, such as Kerala’s KYR+. This indicates that the CIDR is not the only repository of biometric data. Moreover, the SRDH allowed a ‘view’ of a ‘360-degree profile’ of an individual, in contrast with the UIDAI’s affidavit.
The Bench on striking a balance
The Bench, here, observed that the term of ‘360 degree’ may be merely consultant language, and that while the possibility of surveillance is important, the efficient administration of social benefits is equally important. The Bench expressed a reluctance with doing away with Aadhaar completely, in view of its advantages, such as with weeding out ineligible beneficiaries. The Bench observed that a balance will have to be struck between the two concerns of privacy and disbursal of welfare benefits.
In a discussion that ensued between the Bench and the petitioners, the Bench questioned that if the government would confine itself to providing social welfare benefits, shouldn’t this indicate a legitimate concern in maintaining details of the identity of the person. If an aggregation of data was for this limited purpose, shouldn’t this pass the test.
Aggregation of data can lead to violative profiling
To this, the petitioners countered that the aggregation of data on the SRDHs violated privacy by allowing religious, caste-based and community profiling of individuals, and moreover, the SRDHs lacked the authority of the law. The petitioners also argued that vehicle data, HIV and health data are also being retained.
Technical details on Aadhaar as a surveillance enabler
The petitioners then returned to the technical affidavits presented in the last hearing, describing how the Unique ID assigned to Aadhaar acts as a geographic locator. An important point here is that the UIDAI did not deny the contents of these technical affidavits.
The Court’s attention was drawn to the website of a pension scheme connected to Aadhaar
The data collected on this website included the Log ID, Aadhaar number, details of validation success, client IP and unique device ID. While the client ID established the location of a person within a 2 km radius, the unique device ID establishes this in a 200-500 m limit. This, as per the affidavits, shows that a person who tried to authenticate, would share data on name, number, success or failure of authentication, as well as a geographic location upto 200-500 m in real time, which is mapped to Google Maps.
The ‘rhetoric’ of surveillance?
The petitioners argue that these technical details indicate real-time mass surveillance. The Bench observed that this data may be being collected to ensure that a given person gets his pension, and as such would not amount to surveillance. A similar collection of data, after all, is also seen when a person uses an iPhone or even an ATM card.
The Bench further observed that the example of the pension scheme was actually an example of the positives of Aadhaar, because it allows for targeted delivery, and has been supported by the World Bank. The Bench further observed that ‘one must not get carried away with the rhetoric of surveillance’. To this, the petitioners argued that surveillance was at the core of the issue, and the pension scheme was only a microcosm of the program as a whole.
Lastly, the petitioners commenced the argument on limited government, constitutionalism and the rule of law. The hearings will continue on Thursday.
Read our past coverage of the on-going Aadhaar Supreme court hearing:
The author is lawyer and author specialising in technology laws. She is also a certified information privacy professional.
Updated Date: Feb 02, 2018 11:03 AM