Aadhaar hearing: Petitioners argue for a voluntary ID card system that does not collect user data

On Day 8 and 9 of the Aadhaar hearing, senior counsel Kapil Sibal continued with his arguments for the petitioners. The key arguments made were on the controversial Section 57, based on which Aadhaar was made mandatory for multiple services, on the lack of adequate security measures in the Aadhaar system, and that Section 7, the section establishing the link to the Consolidated Fund of India, is not essential to the Aadhaar Act. On returning to the argument on exclusion, the State, citing various rules, argued that no one is being excluded due to Aadhaar.

On making Aadhaar mandatory under Sec 57

Aadhaar would be better off as a voluntary ID card, argue the petitioners

The petitioners argued on the controversial Section 57 of the Aadhaar Act, which is the section based on which Aadhaar has been made mandatory for various purposes (for example, see the NEET notification in 2017 mandating Aadhaar). Aadhaar opponents have often taken the stand that this section does not in any way allow another party to make Aadhaar mandatory, but merely establishes it as another identity document.

The petitioners argued that the only interpretation which retained the constitutionality of this section, was that this section only established Aadhaar as just another identity document and allowed an individual the option of using Aadhaar as such, and no one could prevent such a person from doing so.

The Bench was sceptical of the interpretation, stating that the government’s interpretation is that this section empowers other bodies to make Aadhaar mandatory. The petitioners argued that ruling that this section empowers even private parties to insist on Aadhaar, would make this section seriously unconstitutional.

Leakage of biometric data compromises the system

The lack of security and safeguards in this system was another argument put forth. The petitioners pointed to how the leakage of biometric data compromises the system, making it difficult to trust future transactions. The petitioners cited the issues created by the Airtel Payments Bank scam, as one such example.

The vulnerability of the CIDR as a single point of attack, the evidence of leakage of biometric data from various sources, and the lack of security with SRDHs was also pointed to. Criminal investigations and trials, it was also argued, are impacted by the leak of this data.

Going further into the security risks with Aadhaar, this system was compared with the security of smart cards. The petitioners argued that with smartcards, there is no centralized database that could be hacked. Also, biometric readers, unlike smart cards, could be defeated quite simply using even Fevicol or wax. The risks of man in the middle attacks were also raised. The petitioners further stated that UIDAI’s L0 and L1 standards for registered biometric devices had not been met by many devices.

State says no one has been excluded due to Aadhaar

Returning to the exclusion arguments made in previous hearings, the petitioners further argued that the exclusion violated people’s right to equal treatment, due to the discrimination against people engaged in manual labour, those with disabilities, etc. The recent reports of people in old age homes being denied pension due to Aadhaar issues was also cited.

The Bench cited that the exclusion may be either due to infrastructure or due to irremediable factors like old age. In the first case, this could be remedied through upgrades. When the petitioners raised the point on how exclusion was to be prevented in the meanwhile, the state countered this saying that nobody has been excluded due to the lack of Aadhaar.

Exclusion cannot be ascertained by citing laws

The State cited Section 7 of the Aadhaar Act, which allows a person to show his Aadhaar card if authentication fails, and Section 31 of the Act, which allows a person to upgrade his biometrics. Exceptions for persons who cannot provide biometric data for any reason under Regulation 6 of the Aadhaar (Enrolment and Update) Regulations, 2016 were also cited. The state argued that the Aadhaar Act in no way contemplated exclusion at either the enrolment or authentication stage. The State argued that arrangements were made in all blocks and talukas to have alternatives available for such cases.

The Bench insisted that in a country as diverse as ours, nobody should be excluded, to which the state responded that people are not being excluded.

The petitioners countered this, stating that there are serious problems on the ground, and the issue of exclusion cannot be ascertained by reading out the provisions of the Act and regulations.

UK’s ID card database

The destruction of UK’s ID card database in 2011, a database that was designed to hold the biometric and other data of people who had registered for the ID card was also discussed. Many of the arguments that were made against the database were brought to the Bench’s notice, such as that the system was intrusive and ineffective, and a compromise of the database affects security. The petitioners argued that Aadhaar was identity ‘plus’, where the plus indicates identity data with metadata.

Section 7 not essential to the Aadhaar Act

Lastly, the petitioners argued that Sections 3 (enrolment for an Aadhaar number), 4 (properties of an Aadhaar number), 8 (Authentication of an Aadhaar number) and 57 (Act not to prevent the use of Aadhaar numbers for other purposes) are at the heart of the Aadhaar Act. Section 7 (Proof of Aadhaar needed for certain subsidies, etc.), they argued, was not key to the Act, since even in its absence, the government could have achieved the same objective by amending the Food Security Act.

Here, it is important to note that it is this section, Section 7, which establishes the connection of the Aadhaar Act to the Consolidated Fund of India, which, in turn, is used to justify the passing of Aadhaar as a money bill. In the absence of this section, the Aadhaar Act only establishes a new mode of identification.

The petitioners further argued that Section 7 authorises the government to say that Aadhaar can be the only way to get subsidies. They argued that a person’s entitlements depend on their ‘status, and not their identity’. For example, a pensioner may have a pension card, but still be denied his pension on the grounds of Aadhaar.

The petitioners argued that all forms of identity, which are otherwise acceptable, have been excluded by this Act. When you consider Section 57, for example, even a private person can use this to exclude previously acceptable forms of IDs, such as passports, and insist on Aadhaar. The petitioners argued that Article 21 guarantees choice, and this has been taken away through this Act.

Voluntary smart cards

Lastly, the petitioners drew the attention of the Bench to Israel’s smart ID system, where users could use the card to avail benefits and services if they wished to do so. The system used biometric authentication and has a database, but the database lacks any identifying information.

In summary, the petitioners argued that there can be an ID card, but it must be voluntary, authentication data must be on the card, it should not collect data, and the people should have the right to alternatives.

The arguments for the petitioners will continue on Tuesday.

Sources of the Arguments: Live Tweeting of the case from the Twitter handles @SFLCin, @prasanna_s and @gautambhatia88

The author is lawyer and author specialising in technology laws. She is also a certified information privacy professional.