On Day 8 of the final hearing, continuing his arguments on behalf of the petitioners, Senior Advocate Kapil Sibal read out Section 8(3)(c). He stated that the definition of ‘authentication’ says that a person can only use demographic or biometric information for authentication while Section 8 talks about alternatives. He contended that the law was poorly drafted. However, Justice Chandrachud pointed out that Section 8(3)(c), which was said to make room for alternate authentication methods, uses the term “identity information”. While it may be true that “identity information” is currently defined to include only Aadhaar number, demographic and biometric information, this is an inclusive definition that may be expanded upon in the future, said Justice Chandrachud.
Mr. Sibal then said that no other country except Israel has a centralized database like Aadhaar. Most jurisdictions pursuing smart governance use smart cards that contain biometric information i.e. without storing such information in a central repository. He also argued that Section 57 of the Aadhaar Act only provides an option (as opposed to a compulsion) to use Aadhaar for identity verification purposes.
Mr. Sibal spoke next of how collection of demographic and biometric information is done by private entities and not the state, and added that there can be no assurances regarding data security in the digital world. He then handed the Bench a note on meta data, and pointed out that meta data can provide all information on data transmissions except the core data itself. This means that linking Aadhaar to rail and air travel for instance, can provide detailed insights into an individual’s travel patterns.
After handing in another note on some technical aspects of Aadhaar, Mr. Sibal drew attention to a report by the Reserve Bank of India, which had outlined the dangers involved in maintaining centralized databases. Justice Chandrachud intervened at this point, saying the report in question was more of a staff paper that served as a statement of care rather than an admission of vulnerability.
Mr. Sibal then spoke about the dangers posed by leaked biometric information, arguing that information like fingerprints can easily be cloned using leaked data. This in turn can be used maliciously, for instance to implicate an individual of a crime. To Justice Sikri’s query about the ubiquity of fingerprint scanners in modern electronic devices, Mr. Sibal said the security risks are substantially lower as such devices generally store biometric information locally i.e. on the devices themselves.
Mr. Sibal then went on to recap the controversy around Airtel’s payment wallet and Aadhaar-based subsidy transfers, and spoke further on spatial privacy, the legal lacunae around ownership of data, and frequency of Aadhaar authentication failures among other things. On authentication failures, he highlighted the problems faced by children, the elderly and manual labourers, all of whom have fingerprints that are subject to change over time.
Hearing will continue on Thursday, 8th February, 2018.