On the 28th day of arguments, Mr. Rakesh Dwivedi had argued that the Aadhaar scheme is in place to only carry out authentication, not surveillance; and that the core biometric data is not shared with anyone. Today, Mr Dwivedi resumed his arguments. He began by arguing for the presumption of constitutionality, and that Courts must first ‘make small repairs’ if they find laws defective, instead of striking the entire legislation down.
Mr Dwivedi then began to provide an explanation for the various data sharing capacities under the Aadhaar Act. Under Section 8, he alleged that information is used only for the authentication process, and core biometric information can never be shared. Similarly, Section 29 is also limited to the authentication process. To avoid even the possibility of surveillance, the Court can give a narrow interpretation to Section 29, and limit sharing of information. Responding to Justice Chandrachud's questions on ensuring data security, he said that technical specifications and professional audits can put those fears to rest.
Mr Dwivedi denied that Justice Chandrachud’s point that the requesting entity can find out the purpose of authentication. He illustrated that if one goes to Apollo hospital, the hospital will not transmit the reason for the visit. The only information transmitted will be that the authentication was sought from Apollo Hospital. Justice Sikri disagreed with Mr Dwivedi’s analogy and reasoning. Justice Chandrachud pointed out that the UIDAI may not keep track of the data, but the requesting entity might do so. Mr Dwivedi responded that the Court could then interpret the Act to exclude that possibility.
Justices Chandrachud and Sikri pointed out that the fact that an individual has gone to a hospital x times in y number of months can be mined by pharmaceutical and insurance companies. Mr Dwivedi responded that these companies do not need Aadhaar data for this, they can ‘can just go to ten hospitals and find out’. Justice Chandrachud disagreed, and said that unless a data protection law is in place, this situation posed a problem. He asked the government to look at the EU Data Protection Law which will come into force next year. Mr Dwivedi responded that no data protection law can be as strong as the safeguards in the Aadhaar Act.
Mr Dwivedi asserted that the design of the Aadhaar Act was not to aggregate information, and that the Court can give it an interpretation that prevents aggregation or data analysis.
Justice Chandrachud was vocal about his concerns of election manipulation through data. Safeguards must be introduced to ensure that the Act achieves its purpose and is not an overreach. Mr Dwivedi argued that Aadhaar does not have learning algorithms. He argued the UIDAI only has a ‘matching’ algorithm, not a learning algorithm. Mr Dwivedi alleged that the petitioners are pushing for a smart-card because the smart-card lobby and companies like Google do not want the Aadhaar to succeed. He argued that fingerprints and iris scans are not genetic information but were just modes that aided instant authentication. Further, there is a limit on what can be added under the Aadhaar Act later. Other biological attributes could be added later only if they met this condition and enhanced accuracy.
Mr Dwivedi rebutted the claim that the state is numbering its citizens like Hitler did during World War II. He argued that the practice of numbering did not begin and end with Hitler. Even the proximity card to enter the Supreme Court of India contains a number. Travel tickets have a PNR number. The problem with Hitler's numbers was that it was based on identity, but Aadhaar does not ask for identity. Justice Chandrachud interjected to ask how Aadhaar went from being an entitlement under Section 3 to becoming a mandate. Mr Dwivedi responded that the issue of linkage should be examined on a case to case basis. If the Court feels that the ‘government is going too far with linkage’, it can strike that down. But this is not reason enough to strike down the entire Aadhaar Act.
With respect to Section 57 of the Aadhaar Act, Mr Dwivedi argued that nobody can be enrolled as a requesting entity unless they showed that they needed to carry out authentication. Justice Chandrachud asked the purpose of opening up the Aadhaar platform to private players. Mr Dwivedi responded that the public/private divide is changing. Private parties are increasingly performing public functions.
Mr Dwivedi argued that under Section 57, the UIDAI exercises supervisory control over private parties. The need for a law or a contract is an important limitation under the Section. Moreover, the UIDAI determines if authentication is needed and after the contract is signed, the UIDAI verifies if the entity could be permitted to carry out authentication. Justice Chandrachud pointed out that there is nothing in Section 57 to show that the UIDAI has this discretion. Mr Dwivedi argued that it flows from the provision, from the phrase "pursuant to any law or contract." A contract must be entered into before registering as a requesting entity and carrying out authentication.
Mr Dwivedi argued that apart from the safeguards of the contract, under Section 30, the Information Technology Act also applies to issues of storage. Together, the IT Act and the Aadhaar Act require machines to be reasonably secure. The CIDR has been declared critical information infrastructure under the IT Act. Access to the CIDR is restricted. IT was not connected to the internet and five layers of biometric checks required to reach the servers.
Mr Dwivedi argued that as far as the UIDAI is concerned Aadhaar is an entitlement – except Section 7 benefits. The UIDAI has not made Aadhaar mandatory. With respect to the other laws, the Court can examine the need for linking and take a call.
Mr Dwivedi claimed that the Aadhaar is revolutionary, as it compels face to face interaction which in turn brings down theft and leakages in the PDS system. Aadhaar also aids de-duplication and refuted the argument that the Aadhaar is a probabilistic system, claiming that it is a deterministic one. Even so, it could not be discarded merely for being probabilistic. Justice Chandrachud said that it is of concern if the probabilistic nature of Aadhaar leads to a deprivation of fundamental rights. The administrative machinery must ensure that no genuine beneficiary is deprived of their entitlements.
With that, the arguments on day 29 concluded. Mr Dwivedi will continue his arguments on 18th April 2018.