On Day 33 of the Aadhaar Hearing that has been going on since January 17, 2018, Senior Advocate Rakesh Dwivedi concluded his submissions and made way for other counsels to present their arguments before the 5-judge bench of Dipak Misra, CJ and Dr. AK Sikri, AM Khanwilkar, Dr. DY Chandrachud and Ashok Bhushan, JJ.
Below are the highlights from Day 33 of the Aadhaar Hearing:
- Dwivedi: UIDAI’s control over RE is a fair and reasonable safeguard under Article 21. Data under REs is segregated. There’s no way to aggregate that data as there are over 300 REs.
- Sikri, J: What about an individual RE collecting data?
- Lets take the example of Vodafone. what will vodafone do with the authentication data? They can’t track any individual. Vodafone can do targeted advertising using the data which is already happening without Aadhaar. Vodafone has far more demographic data about an individual than UIDAI has. In the case of UIDAI, there are so many regulations and penal consequences that don’t apply to Vodafone.
- Nobody is questioning what banks and telecoms are collecting. The single target is Aadhaar. (shows a credit card statement to the bench to show that banks have a record of all transactions made by an individual including the place of transaction.)
- It’s not difficult to collect data about someone from Google. How much senior advocates charged for particular cases is also available online. We need to have big data, processing power and statistical know how to do big data analysis as Google is doing. Google and Facebook process tremendous data on a daily basis. UIDAI does not have that kind of algorithms.
- It is doubtful that an RE that collects data and transfers that data without any other data has any value. Also RE s do not have authentication records. We are still conscious about providing as much security as possible because we want to gain the trust of the people.
- Explaining the control of RE:
- RE buys fingerprint device from a vendor. We control the vendor with respect to the hardware and software of the device.
- We also put a key in the device so that the data is encrypted and sent to CIDR. Machine is then taken to STQC and that Dept looks into the device to see whether it meets all the requirements. Device preparation and certification happens without the knowledge of RE.
- Information systems operator then conducts an audit of the RE and the report is submitted to UIDAI. If it is approved then the RE gets a license from UIDAI in order to operate as an RE.
- Meta data is important for validation that the data is coming from a particular RE with which uidai has an agreement. Meta data is required for fraud management and verification.
- REs have a data vault as well. It is controlled by trusted people. Apart from this there are two more audits conducted: annual audit and random audits by UIDAI. Even ASAs are audited likewise. Relevant regulations are 19(1)(g) and 21.
- Nature of information is such that it is not of any commercial value. All REs are already possessed of this information and much more. UIDAI has device control which happens before the device is purchased. There are double pairs of keys.Encryption is immediate and time stamped.
- Transmission requires digital signature with a private let. There’s a data vault. There’s complete prohibition of storing PID block. Even demographic info is prohibited from transfer. Three level auditing by information system auditor.
- There are penal consequences if any provision of the Aadhaar Act or regulation is violated.
- Central government has no access to UIDAI’s data as UIDAI is an autonomous body. Hence, no surveillance is possible.
- While examining the problem of smart cards, even the EU has said that having a centralized database is important. Decentralization leads to fakes and duplicates.
- Aadhaar SIM linking helps in ensuring that Sim card is given to the person who’s applying for it. This is a legitimate state interest. he measure to verify your SIM card one time is not excessive at all. Therefore it’s proportional to the object sought to be achieved.
- Chandrachud, J: SC never directed in LokNiti foundation order to carry out e-KYC of mobile nos. using Aadhaar. The DoT notification says that Aadhaar SIM linking is being done on the direction of the SC while the SC had not issued any such direction.
- No, it was done on the recommendation of TRAI before the Lok Niti order had even come out. My submission is that the government had a legal basis to link Aadhaar with SIM by virtue of section 4 of the telegraph act. Also, the measure is reasonable in the interest of national security.
- There’s no possibility of surveillance via CIDR. CIDR is absolutely necessary to avoid fakes. The entire architecture is such that there’s no aggregation of data and therefore no surveillance. That’s why there’s a mix of public and private players.
- The system stands the test of article 21 on its own and there’s no infringement of right to privacy. This project has the support of two governments because Congress had started this and Mr. Sibal was part of the cabinet that time.
- ASG Tushar Mehta: Does Aadhaar pass the muster of Article 300A? “Authority of law” phrase in 300A gives the power to the legislature to link Aadhaar with bank account under PMLA. The PMLA rules have the backing of the PMLA. A statutory rule is akin to law under Article 300A of the Constitution. The parliament cannot every time amend the law (PMLA) for example in respect of money laundering. Therefore a wide statutory network is provided and power is given to the rule making authority.
- Senior Advocate VV Giri: I want to appear on behalf of State of Kerala in order to argue on legislative competence.
- Bench: States cannot challenge a central govt statute. You can submit bullet points on what you want to argue and then the bench will decide if you can be allowed.
- Senior Advocate Jayant Bhushan:
- RBI has issued the master circular by virtue of its power under banking regulation act.PMLA Rule 9(4) provides that Aadhaar has to be submitted to reporting entity.
- Under Rule 9(14) provides that the regulator (RBI in this case) shall provide guidelines incorporating the requirements of sub-rules (1) to (13) above and may prescribe enhanced or simplified measures to verify identity.
- Requirements under Rule 9(1)-(13) is made mandatory by Rule 9(14). The master circular is now in conformity with PMLA rules. RBI has no option but to amend the master circular.
- Advocate Gopal Sankarnarayanan:
- Aadhaar Act is valid subject to three specific provsions that have to be read down or struck down.
- Right to identity is an absolute fundamental right. Aadhaar provides one kind of proof for identification. It arises from recognition of an individual.
To read the highlights from the PowerPoint Presentation made by the CEO of UIDAI, click here.
To read the highlights from submissions of Senior Advocates Meenakshi Arora, Sajan Poovayya, CU Singh, Sanjay Hegde and Counsel Jayna Kothari, click here.
To read the highlights from submissions of Senior Advocates KV Viswanathan and Anand Grover, click here.