On day four of Aadhaar hearing before the Constitution bench of the Supreme Court, petitioners’ counsel Shyam Divan spoke eloquently, once again, about the undue power wielded by the Unique Identification Authority of India (UIDAI) and its pet project of biometrics-based identity authentication of Indian citizens.
While Divan had from day one to three argued that Aadhaar is an electronic leash that would hollow out the Constitution, and is violative of privacy since it’s designed to breach the fundamental right, today he’s detailing the contours of Aadhaar Act, and its many retrospective validations of earlier breaches by the UIDAI.
However, he added that Section 59 of Aadhaar Act doesn’t control acts of private entities like enrollment agencies, hence any violations of privacy by them aren’t protected by the Act, unlike the central government and its appointed body UIDAI.
Divan added that we cannot have a “retrospective validation of a fundamental right violation”. When Justice DY Chandrachud interjects on the basis of Section 59, Divan explains that it’s based on the assumption of consent and not informed consent.
Divan goes on to enumerate the challenges to Aadhaar Act, saying it enables “architecture of surveillance”, allows “violation of privacy”, and doesn’t adhere to the principle of “limited government”. Explaining how each of these elements actually emboldens the other, acting in tandem and eroding collectively the citizen’s right to informational self-determination, autonomy, liberty, privacy and limited governance in a digital society, Divan argues that Aadhaar Act compels the citizen to report her activities to the State at all times via electronic footprint, whether or not the citizen intends to part with the information or not.
Divan says that Aadhaar has the power to cause the civil death of a citizen by deactivating the Aadhhar number, in case the biometrics fail to match and the citizen isn’t authenticated. This has been the case in myriad exclusions reported by rights and welfare activists on the ground, leading to starvation deaths in Jharkhand, Uttar Pradesh, Chhattisgarh, among other states, mostly ruled by the BJP.
Divan says Aadhaar creates ghosts by design, and instead of making the State transparent, makes the citizen transparent to the State. The Constitution is about “limits to the power of the State”, and therefore any mechanism to make it more powerful than it’s mandated to be for effective governance is unconstitutional.
Divan says that coercive Aadhaar linkage was brought in as a money bill during the Finance Act 2017, which would be discussed at length by Aravind Datar and Kapil Sibal, also counsels for the petitioners in the Aadhaar case.
However, Divan details how Aadhaar’s violation of Articles 14 and 21 of the Constitution – that guarantee right to freedom – is carried out by not necessitating informed consent, not having an opt-out option, making it mandatory in place of voluntary (which it is in the Act), UIDAI having no direct relationship with the private, commercial enrollment agencies, breaking of the information silos thereby throwing privacy and security of sensitive personal details to the wind, lacking integrity, etc.
Divan adds that biometrics as the premise for authentication is extremely problematic since it’s “probabilistic”: that is it’s not 100 per cent certified to authenticate and match the biometrics with the Aadhaar holder, therefore locking out the citizen from his/her own Aadhaar and the facilities/services it has been made a key to. This has led to widescale exclusions in the welfare schemes, creating “ghosts” of flesh and blood citizens.
Moreover, unverified data is stored for five years in centralized databases that are hackable, and prone to leaks, as shown through various investigative reports, digital security and tech experts and internet rights activists. Yet, this insecure data storage makes the citizen vulnerable, and creates a State that can track individual’s activities unlawfully, round the clock, in deeply invasive ways. This “smacks of authoritarianism”, Divan categorically asserts, while also creating enormous national security risks, since the source code is proprietary, not with the UIDAI.
Divan further argues that Section 7 of Aadhaar Act is unconstitutional since it makes the citizen give up her fundamental rights in lieu of entitlements accessed via Aadhaar. And in case the UIDAI “switches off” a person by deactivating Aadhaar, what happens to the citizen herself? How can biometrics failure or mere suspicion of fraud be ground to deny fundamental rights of a citizen?
Divan also notes instances where there’s example of reasonable use of biometrics information, such as in Census data, precisely because of limited and restricted usage that the data can be put to. Similarly in Identification of Prisoners Act, Section 7 provides for destruction of personal data if the prisoner is released without charge, thereby limiting future use for nefarious ends such as profiling, surveillance, etc.
Similarly, in Registration Act, Section 32 allows fingerprints collection for a narrow purpose, taken only during one time, not stored in centralised systems, and allowing only proportionate use.
Divan says all the existing laws pertaining to biometrics collection are narrow in usage, and it’s this necessary limitation that prevents the abuse of information at a mass scale. When compared with Aadhaar, where the situation is exactly the opposite, the end usage is tracking.
[Editor’s note: The copy will be updated again after session two of today’s hearing ends. Gratefully acknowledging @gautambhatia88’s Twitter live feed on the Aadhaar hearing.]