Constitution isn’t about power of the State, but limits to that power, said the petitioners’ counsel before SC bench.
On day four of Aadhaar hearing before the Constitution bench of the Supreme Court, petitioners’ counsel Shyam Divan spoke eloquently, once again, about the undue power wielded by the Unique Identification Authority of India (UIDAI) and its pet project of biometrics-based identity authentication of Indian citizens.
While Divan had from day one to three argued that Aadhaar is an electronic leash that would hollow out the Constitution, and is violative of privacy since it’s designed to breach the fundamental right, today he’s detailing the contours of Aadhaar Act, and its many retrospective validations of earlier breaches by the UIDAI.
However, he added that Section 59 of Aadhaar Act doesn’t control acts of private entities like enrollment agencies, hence any violations of privacy by them aren’t protected by the Act, unlike the central government and its appointed body UIDAI.
Shyam Divan says that Section 59 of the Aadhaar Act, which validates all acts of the UIDAI prior to the Act, applies only to central government actions, as per its text.
Shyam Divan says that the notification establishing the UIDAI might protect the actions of the central government in entering into the MoU, but doesn’t cover the actions of the registrars.
Divan added that we cannot have a “retrospective validation of a fundamental right violation”. When Justice DY Chandrachud interjects on the basis of Section 59, Divan explains that it’s based on the assumption of consent and not informed consent.
Chandrachud J says that the privacy judgment says that there must be a basis in law. Section 59 attempts to provide that by bringing about a legal fiction. It will have to be considered how you deal with data breaches prior to the Act.
Divan goes on to enumerate the challenges to Aadhaar Act, saying it enables “architecture of surveillance”, allows “violation of privacy”, and doesn’t adhere to the principle of “limited government”. Explaining how each of these elements actually emboldens the other, acting in tandem and eroding collectively the citizen’s right to informational self-determination, autonomy, liberty, privacy and limited governance in a digital society, Divan argues that Aadhaar Act compels the citizen to report her activities to the State at all times via electronic footprint, whether or not the citizen intends to part with the information or not.
Shyam Divan says that he will now specify the heads of challenge to the Aadhaar Act. The first head is that of surveillance. The architecture of Aadhaar enables surveillance.
The second head is violation of privacy. Between 2010 and 2016, there was no law authorising the violation of privacy. Even after the Aadhaar Act, the violation continues. The citizen is compelled to report her activities to the State through the electronic footprint.
Divan says that Aadhaar has the power to cause the civil death of a citizen by deactivating the Aadhhar number, in case the biometrics fail to match and the citizen isn’t authenticated. This has been the case in myriad exclusions reported by rights and welfare activists on the ground, leading to starvation deaths in Jharkhand, Uttar Pradesh, Chhattisgarh, among other states, mostly ruled by the BJP.
Divan says Aadhaar creates ghosts by design, and instead of making the State transparent, makes the citizen transparent to the State. The Constitution is about “limits to the power of the State”, and therefore any mechanism to make it more powerful than it’s mandated to be for effective governance is unconstitutional.
SD: In a digital society, an individual has the right to protect herself by maintaining control over personal information.
SD talks about aggregation of information silos.
SD: The third head is limited government. The Constitution is not about the power of the State but about limits to that power.
Divan says that coercive Aadhaar linkage was brought in as a money bill during the Finance Act 2017, which would be discussed at length by Aravind Datar and Kapil Sibal, also counsels for the petitioners in the Aadhaar case.
However, Divan details how Aadhaar’s violation of Articles 14 and 21 of the Constitution – that guarantee right to freedom – is carried out by not necessitating informed consent, not having an opt-out option, making it mandatory in place of voluntary (which it is in the Act), UIDAI having no direct relationship with the private, commercial enrollment agencies, breaking of the information silos thereby throwing privacy and security of sensitive personal details to the wind, lacking integrity, etc.
SD: The fifth head is that the procedure under the Act violates Articles 14 and 21. There is no informed consent. There is no opt-out option. UIDAI has no direct relationship with the collecting agencies. The data collected and stored lacks integrity.
Divan adds that biometrics as the premise for authentication is extremely problematic since it’s “probabilistic”: that is it’s not 100 per cent certified to authenticate and match the biometrics with the Aadhaar holder, therefore locking out the citizen from his/her own Aadhaar and the facilities/services it has been made a key to. This has led to widescale exclusions in the welfare schemes, creating “ghosts” of flesh and blood citizens.
SD: A citizen in a democratic society has the right and choice to identify herself in a reasonable manner. Mandating a single highly intrusive form of identity is inconsistent with democracy.
Moreover, unverified data is stored for five years in centralized databases that are hackable, and prone to leaks, as shown through various investigative reports, digital security and tech experts and internet rights activists. Yet, this insecure data storage makes the citizen vulnerable, and creates a State that can track individual’s activities unlawfully, round the clock, in deeply invasive ways. This “smacks of authoritarianism”, Divan categorically asserts, while also creating enormous national security risks, since the source code is proprietary, not with the UIDAI.
Divan further argues that Section 7 of Aadhaar Act is unconstitutional since it makes the citizen give up her fundamental rights in lieu of entitlements accessed via Aadhaar. And in case the UIDAI “switches off” a person by deactivating Aadhaar, what happens to the citizen herself? How can biometrics failure or mere suspicion of fraud be ground to deny fundamental rights of a citizen?
SD says that Section 7 is unconstitutional, because an individual’s entitlements cannot be made subject to compelling her to give up her constitutional rights. “It is both an unconscionable and unconstitutional bargain.”
Divan also notes instances where there’s example of reasonable use of biometrics information, such as in Census data, precisely because of limited and restricted usage that the data can be put to. Similarly in Identification of Prisoners Act, Section 7 provides for destruction of personal data if the prisoner is released without charge, thereby limiting future use for nefarious ends such as profiling, surveillance, etc.
Similarly, in Registration Act, Section 32 allows fingerprints collection for a narrow purpose, taken only during one time, not stored in centralised systems, and allowing only proportionate use.
Divan says all the existing laws pertaining to biometrics collection are narrow in usage, and it’s this necessary limitation that prevents the abuse of information at a mass scale. When compared with Aadhaar, where the situation is exactly the opposite, the end usage is tracking. #KhabarLive