Aadhaar hearings: Petitioners seek compensation for starvation deaths and extension of March 31st deadline

On Day 13 of the Aadhaar hearings yesterday, senior counsel Gopal Subramaniam concluded his arguments for the petitioners.

On Day 13 of the Aadhaar hearings yesterday, senior counsel Gopal Subramaniam concluded his arguments for the petitioners. The petitioners discussed the risks of profiling and private party access to this data in the Aadhaar system.

A woman goes through the process of finger scanning for the Unique Identification (UID) database system, Aadhaar. Image: Reuters

A woman goes through the process of finger scanning for the Unique Identification (UID) database system, Aadhaar. Image: Reuters

The intervention applications from companies stating that their business models needed Aadhaar to function were pointed to in this regard. The conflict of a filed authentication being assumed to be a fake profile, and the discretionary powers of the UIDAI to deactivate Aadhaar were also raised.

Lastly, the petitioners sought compensation for those who suffered due to the system and requested an extension of the March 31st deadline for Aadhaar linkages.

Collection of fingerprints and ‘purification’ of electoral rolls

Discussing various issues with the Aadhaar system, the petitioner’s first contention was that without criminality or proof of any offence being committed, people cannot be asked to give their biometrics. The case of Selvi v. State of Karnataka was quoted, wherein the Supreme Court had ruled on tests like brain fingerprinting and narco analysis without consent and had also discussed the collection of fingerprints.

A woman waits for her turn to to enrol for the Unique Identification (UID) database system, Aadhaar, at a registration centre in New Delhi, India. Image: Reuters

A woman waits for her turn to to enrol for the Unique Identification (UID) database system, Aadhaar, at a registration centre in New Delhi, India. Image: Reuters

Next, the National Electoral Roll Purification and Authentication Programme, which had required Aadhaar to be linked with electoral rolls for their ‘purification’, was raised. On the directions of the Supreme Court in 2015 order in the Puttaswamy case, this linkage was suspended, and the Election Commission clarified that linking Aadhaar to voter cards was optional.

Risks of profiling via SRDH, etc and access by Pvt parties

Further discussing the invasive nature of data collection in the Aadhaar system, the petitioners argued that while Aadhaar was being linked to bank accounts for prevention of money laundering, the NPCI was making this data available to third parties.  Also, access to individual profiles was possible through the State Resident Data Hubs, which had no restriction on the data collected on an individual. Rakesh Dwivedi, the senior counsel on behalf of the State of Gujarat, interjected at this point arguing that all data in SRDH had been erased after the enactment of the Aadhaar Act.

The intervention application from the Digital Lenders Association and others, stating that they needed Aadhaar for their businesses to function, was also raised.

The Bench, at this point, asked for credible information on exactly how much access private parties had to the information in the database. The Bench also pointed to Section 57, which allows private parties to use Aadhaar for authentication purposes only, asking how then do private parties gain access to data. The petitioners responded that the seeding of Aadhaar with multiple databases allowed such entities to gain access to information on people.

Inadequate safeguards for biometric updates and failed authentication

The petitioners also pointed to the fact that related definitions under the Aadhaar Act, such as of ‘biometric information’ and ‘core biometric information’ were open-ended definitions, allowing the addition of new forms of data via regulations. On being asked by the Bench if this allowed the inclusion of DNA in the future, the petitioners answered in the affirmative. The petitioners also pointed to the proposed creation of DNA databanks.

A man goes through the process of eye scanning for the Unique Identification (UID) database system, Aadhaar, at a registration centre in New Delhi, India. Image: Reuters

A man goes through the process of eye scanning for the Unique Identification (UID) database system, Aadhaar, at a registration centre in New Delhi, India. Image: Reuters

The Aadhaar Enrolment and Update Regulations were also raised, on the fact that the burden of updating data was on the individuals, and that unlike with updating demographic data such as address and phone numbers, people couldn’t know when to update their biometric data. On the Bench suggesting that people could do so upon authentication failure, the Petitioners argued that the issue with this was that failed authentication led to the person being seen as a ghost or fake profile. It is simply assumed that biometrics were captured properly at the time of enrolment and the failed authentication is an attempt by the person to duplicate.

The provisions of Regulation 27-29 under the Aadhaar Enrolment Regulations, particularly the clause which allowed deactivation or cancellation of an Aadhaar number at the discretion of the UIDAI (See Regulations 27(1)(iv) and 28(1)(f)), were argued to be completely inadequate. The lack of a prescribed procedure to safeguard this power or the need for substantive reasonableness was pointed to.

Section 33 of the Aadhaar Act, which allows the disclosure of information on an individual, including identity information and authentication records, pursuant to a Court order, was also pointed to. This is because this section requires the UIDAI to be heard prior to passing an order on such a disclosure, but doesn’t give the same opportunity to the individual whose data is being disclosed.

In summary, a failed authentication could lead to entitlements being annulled, thus resulting in permanent disablement.

Data retention must be within reasonable limits

Points raised previously were also summarized, that in the absence of a data protection law, the injury to people through the dangers of profiling, metadata collection and big data analytics were heightened. Data retention, it was argued, must be reasonable and subject to limits, and data retention of an entire population is extremely risky.

A man goes through the process of eye scanning for the Unique Identification (UID) database system, Aadhaar, at a registration centre. Image: Reuters

A man goes through the process of eye scanning for the Unique Identification (UID) database system, Aadhaar, at a registration centre. Image: Reuters

The uncertainty and probabilistic nature of biometric systems were reasserted. The L1 Identity Solutions contracts were also referred to, which indicate that a foreign entity had possession of the algorithm and that the data was with L1 even if the UIDAI had ownership over it. This data, which includes personal data of the UID holder, could be subject to collection, use and analysis as required.

Compensation for those excluded and extension of deadlines

Gopal Subramaniam concluded his arguments with two main prayers, firstly that the Court grant compensation to those who were excluded, with exemplary damages in the case of starvation deaths. Secondly, he requested the Court to extend the March 31st deadline. To the second prayer, the Bench stated that appropriate interim orders would be passed at the time.

Sources of the Arguments: Live Tweeting of the case from the Twitter handles @SFLCin and @prasanna_s, and LiveLaw Reports.

Read our past coverage of the on-going Aadhaar Supreme court hearing:

Why SC needs to look into technical evidence of Aadhaar’s surveillance capabilities

Lack of governmental ownership of CIDR’s source code can have serious consequences

Will State give citizens rights only if they agree to be tracked forever, asks lawyer Shyam Divan

Coalition for Aadhaar: A collective of private companies wants to ensure that Aadhaar ID and related services continue to be offered

Petitioners argue on centralisation of data and challenge Aadhaar’s claims on savings

Petitioners argue for a voluntary ID card system that does not collect user data

Petitioners argue that receipt of govt benefits cannot be at the cost of compromising fundamental rights

Aadhaar is architecturally unconstitutional, argue the petitioners

Petitioners argue that Aadhaar violates dignity by objectifying and depersonalizing an individual

The author is lawyer and author specialising in technology laws. She is also a certified information privacy professional.




also see

science