Day 5 began with Senior Advocate Shyam Divan recapitulating his arguments on surveillance from the previous hearing. He then discussed the ECHR judgment of Zakharov v. Russia which related to the interception of mobile phones in Russia and violation of Article 8 of the European Convention of Human Rights. The ECHR judgment, delivered by a Grand Chamber of 17 judges, held that Russian system of surveillance was inconsistent with the European Convention.
Mr. Divan then read out the decision of ECHR in the case of Digital Rights Ireland v. Minister of Communication which was concern the validity of an EU Directive (2006/24/EC) on the retention of data generated or processed in connection with publicly available electronic communications services. The Court held that by adopting the said Directive, the EU legislature had exceeded the limits imposed by compliance with the principle of proportionality and thus, ruled it to be invalid.
He further discussed another ECHR decision in the case of S and Marper v. UK wherein the court held that fingerprints, DNA profiles and cellular samples constituted ‘personal data’ and thus, their retention could not be regarded as neutral as it constituted an interference with the right to respect for private life.
Mr. Divan then read through the counter affidavit of Union of India where it said that UIDAI by design precluded itself from aggregating data and that there would be no 360 degree view of the individual. He contended that UIDAI had given a blanket denial but did not refute the specific points mentioned in the affidavits given by Samir Kelekar or J. D’souza on the process of surveillance.
Mr. Divan then moved on to discuss UIDAI’s documents on State Resident Data Hub (SRDH) and their establishment for managing resident’s data. Giving the example of Kerala’s KYR+, he stated that the SRDH was fed with Aadhaar data and then enriched with local data from other sources. He added that these SRDH were without any statutory framework. Referring to the SRDH websites of Madhya Pradesh and Odisha, he pointed out that it was a centralised data repository maintaining both demographic and biometric information, storing and integrating information from different government departments, thus presenting a 360 degree profile of the resident.
Justice Chandrachud intervened saying that maintaining this database can be justified if the government is limiting itself to disbursal of social welfare benefits to ensure the identity of beneficiaries and not profiling individuals. Mr. Divan responded that no concern could justify aggregation.
Mr. Divan then referred to the SRDH website of Telangana wherein the names, Aadhaar numbers and location of the residents could be obtained. Justice Khanwilkar responded that one could only get to the place where the individual resides and not the live movements.
Summarizing his arguments on SDRH, Mr. Divan stated that these were established without any statutory authority. Further, he submitted that the aggregation of data in SDRHs enabled religious, caste-based and community profiling, resulting in an infringement of privacy of the resident, as was also recognised in the privacy judgment in Puttaswamy v. Union of India.
Mr. Divan then referred to the affidavit by Kelekar and added that it was easy to track the time and place every time an authentication took place through IP address. He further explained the concept of a unique device ID. He then illustrated how the website of Kerala Dairy Farmers Welfare Fund Board, which provided for a pension scheme linked to Aadhaar, displayed the name, Aadhaar number, validation response, device ID among other details. He stated that using this information, location of an individual within 200-500 meters could be ascertained in real-time. Mr. Divan argued that this was a framework for digital dictatorship.
Justice Bhushan gave an example of ATM card saying that the information is available to banks as well. He asked whether it amounted to surveillance as well. Mr. Divan answered that in such a case, the information is known only to the bank. However, under Aadhaar, there were a host of schemes which left an electronic trail through the entire day.
Justice Chandrachud remarked that it was this very aspect of Aadhaar, ensuring targeted and effective delivery of services, which was being praised by economists and the World Bank.
Mr. Divan contended that this programme enabled surveillance by its very architecture. He said that the Dairy Board example established that Aadhaar is an instrument of mass surveillance. He said that through this programme, the State was being allowed to track people in real-time and aggregate data for the lifetime of the individual. He submitted that there could be no balancing factor for surveillance.
He reiterated his points with respect to authentication and deduplication, submitting that the entire authentication machinery was not developed, owned or controlled by UIDAI.
Next, he moved on to his submissions on limited government, constitutionalism and the rule of law.
He stated that his argument on rule of law stemmed from the Preamble and the values of the Constitution. He questioned if the State could force the citizen to use only a particular method for identification and also to part with her biometrics. He said that this programme violated the individual as well as collective dignity of people.
Making his point on good governance and rule of law, Mr. Divan said such an extensive programme was allowed to operate without any statutory backing, on the basis of an administrative notification which did not even mention anything about the biometric information.
He then handed over compilations containing extracts on limited governance and constitutionalism. He read out the relevant extracts from State of MP v. Thakur Bharat Singh on constitutionalism. He further referred to the principle of constitutionalism as enunciated in I.R. Coelho v. State of Tamil Nadu.
The hearing will continue on Thursday, 1st February, 2018.