Editor's Note: This copy was published on 13 April, 2018. It is being republished in light of the Supreme Court's verdict on the constitutionality of Aadhaar likely being pronounced tomorrow.
On Day 28 of the Aadhaar hearing, Additional Solicitor General Tushar Mehta concluded his arguments on the Aadhaar-PAN and the Aadhaar-Bank account linkages. The Bench also questioned the counsels extensively on the justification of these linkages, noting that the freezing of accounts thereby was a deprivation of the constitutional right to property.
Senior counsel Rakesh Dwivedi then commenced his arguments, arguing that the surveillance possibilities discussed by the petitioners were ridiculous and mere rhetoric. The purpose of Aadhaar, he argued, was authentication alone.
Aadhaar as a compulsory document for bank accounts
First, the Additional Solicitor General continued his arguments, that the amendments to the Prevention of Money Laundering (Maintenance of Records) Rules (PML), on Aadhaar-bank account linkage were for the benefit of the public. These rules, he stated were neither ultra vires the Aadhaar Act nor the RBI Rules.
The Bench, here, first observed that the challenge to the PMLA Rules was proportionality and on why there was a need to make Aadhaar compulsory when the RBI KYC Master Directions recognised six forms of Officially Valid Documents. To this, it was argued that the purpose was to prevent impersonation. Aadhaar, further, is one of the most robust IDs which cannot be faked, unlike others which are not based on biometrics.
On rendering bank accounts non-operational
The Bench, here, asked the Additional Solicitor General to specifically address Arvind Datar’s arguments for the petitioners, that the PMLA Rules are ultra vires the PML Act, and that no provision of the PMLA allowed validly opened bank accounts to be rendered non-operational. Further, the rationale behind linking with insurance as well as mutual funds was questioned.
To this, it was argued that the freezing of accounts in this manner was not permanent. The Bench, here, further observed that such freezing of accounts could amount to a violation of Article 300A of the Constitution, or the constitutional right to property. To this, it was argued that the freezing would only amount to a reasonable restriction on this right.
Is freezing of accounts a valid, penal consequence?
The Bench, further questioned if the penal consequence of freezing accounts was authorised by the PML Act. The Act, they said, only discussed the verification of bank accounts. To this, it was argued first that this was not a penalty but a mere consequence. Secondly, the rules were part of the Act.
The Bench, however, did not agree with this, observing that the prescription of penalties via rule-making powers had not been sanctioned by the Aadhaar Act. Further, freezing of accounts did amount to a penalty, since it amounted to a deprivation of property under Article 300A. The Bench further stated that their question was on whether the freezing of accounts was authorised under the law, or was it a case of judicial overreach.
Can penal consequences be prescribed via rule-making power
The Bench directed the Additional Solicitor General to show how rules may prescribe such drastic consequences when the Act did not allow it. The Additional Solicitor General cited judgments that rules once issued are effectively part of the Act. The Bench, however, observed that this cannot apply to rules made outside of rule-making power.
Senior counsel Rakesh Dwivedi, arguing for the State, intervened here, arguing that Aadhaar was a just a condition for opening and continuing a bank account, to meet the need to re-verify bank accounts. The Bench here, again questioned how a validly opened bank account could be frozen under the PMLA.
The Additional Solicitor General then summed up his arguments, discussing the threat from terror financing and also of cross-border offences. He argued that the purpose behind the PMLA Rules is threefold: zero tolerance to money laundering, curbing black money and reaching beneficiaries.
Petitioners are using rhetoric to rubbish Aadhaar
Senior counsel Rakesh Dwivedi then commenced his arguments for the State, arguing that he never felt that he was under surveillance while using Aadhaar, and further, that Aadhaar was voluntary. He argued that it was ridiculous to consider that the government would surveil people like a farmer and that the government had ample means of conducting surveillance if it needed to, without the need for Aadhaar. The petitioners, he argued, were using rhetoric to rubbish Aadhaar.
Technology as an enabler of mass surveillance
The Bench, here, observed that technology was a very powerful enabler of mass surveillance, with even elections being swayed using it. To this, it was argued that the technology in use by Facebook and Google could not be compared to that in use by the UIDAI. For instance, there were no learning algorithms in use by the UIDAI.
The Bench, to this, observed that the Aadhaar Act does not preclude the UIDAI from acquiring that kind of technology, to which Dwivedi responded that this would amount to an offence under Section 33 of the Aadhaar Act.
Authentication metadata reveals very little
Further, he argued that the only purpose behind Aadhaar was authentication, and there was no authorisation under the Aadhaar Act to analyse the data. The Bench questioned the collection of metadata, to which it was argued that the metadata collected was limited to that related to authentication, i.e., of the authentication request, the result, and the time of the authentication. The Bench, here, observed that even this data could reveal a lot about a person.
To this, it was argued that this was not possible unless such data is sought in collusion with the CBI, which is far-fetched. For a specific authentication, it was argued that the authentication request would reveal the place where the request arose from (such as Apollo Hospitals), but not specific location (such as which Apollo hospital).
The Bench here observed that the requesting entity itself may store data, and that surveillance need not be interpreted in the traditional sense only. The prevalence of commercial surveillance, and also the absence of a data protection law to protect the data was also pointed to.
Most people are not concerned with privacy
Dwivedi further argued that individual information is of no value. Further, most people were unconcerned about privacy. The Bench, here stated that the issue was not of whether 1.9 billion people are concerned with privacy. Regarding the information being available, he further argued that fingerprints were only of interest to palmists and for palmistry. To this, the Bench observed that the question was not of fingerprints per se, such as their use for a limited purpose. The issue, instead, was of storing them in a central database, followed by their use for authentication.
To this, it was argued that biometrics are encrypted, and the data is not shared with anyone. It was argued that it was understandable if the people had a problem with the implementation and enforcement of the Aadhaar Act, but there is no issue with the law itself and the technology.
Sharing of data under Aadhaar Act
A discussion then ensued on Section 29 of the Aadhaar Act, which permits the sharing of data. The Bench here observed that Section 29(3)(b) of the Aadhaar Act allowed the sharing of data with requesting entities to third parties. Further, Section 29 read with 57 allowed the information to be shared with third parties even under contracts.
To this, it was argued that this section should be read in context with Section 29(1), which completely bars the sharing of biometric data. The Bench, here, observed that the issue was not only about Section 7 or the UIDAI but goes far beyond that. Further, Section 29(3) uses the word ‘identity information’, which indicates that biometric data can also be transferred. To this, it was suggested that the Court read this provision down to prevent the sharing of biometric data.
The arguments will continue on 17 April.
The author is a lawyer and author specialising in technology laws. She is also a certified information privacy professional.