Aadhaar data breach is an ex-facie violation of an individual’s fundamental 'right to privacy,' the counsel further said.
New Delhi: Aadhaar law, which affects `right to privacy’ and lacked security for protection of data, should be struck down as unconstitutional, argued senior counsel Shyam Divan in the Supreme Court on Thursday.
Continuing his tirade against the Aadhaar programme, Divan told a five judge Constitution Bench comprising Chief Justice Dipak Misra and Justices A K Sikri, A M Kanwilkar, D Y Chandrachud and Ashok Bhushan that Aadhaar law which related to breach of personal information is an ex-facie violation of an individual’s fundamental right to privacy.
Counsel argued that the Aadhaar programme deprives aggrieved individuals of the knowledge required to exercise control over their information. Pointing out that there is no accountability on the agency collecting the biometric data, he contended that the handling of sensitive personal information by the UIDAI is therefore arbitrary and opaque, and consequently ultra-vires the Constitution.
Further, he said it couldn’t be denied that there have been multiple data breaches from several governmental portals resulting in unfettered, unauthorised access to individuals’ Aadhaar numbers. He said reports by privacy and security researchers indicated that such breaches have already affected 135 million Indians. There is an inherent danger of aggregating valuable personal data/information of all Indian residents in one centralised database. Aadhaar as a universal, unique identifier exponentially increases the dangers associated with any data breach.
He said the government’s insistence on “seeding” Aadhaar numbers viz the practice of incorporating the Aadhaar number into several databases, furthers the risk of identity theft as mere possession of the Aadhaar number can then enable an identity thief to access a host of other information linked to one’s Aadhaar number but stored in different databases.
Justice Chandrachud intervened and told the counsel “even if a citizen goes to a private insurance company or a mobile company, he is asked to give documents as proof of address and details are furnished. But when it comes to government seeking the same details, you (citizen) say I will not provide the details.” Justice Chandrachud cited the leakage of personal Aadhaar data of former Indian Cricket captain M S Dhoni and said, “at the most you can ask for sufficient safeguards to prevent such leakage of information”.
Divan said the UIDAI is clueless about how many fake Aadhaar enrolments were generated and how to identify fake authentication from genuine ones.
Given that the hackers were able to bypass biometric information--both fingerprints and iris scans were compromised—this is another telling commentary on the vulnerability of Aadhaar eco-system. He drew the court’s attention to a statement made by UIDAI in September 2017 that it has cancelled licences of 49,000 enrolment centres and argued that there was no integrity in the whole process of Aadhaar programme.
He said that if the Aadhaar Act and programme were allowed to operate unimpeded it would hollow out the Constitution, particularly the great rights and liberties it assures to citizens. A People’s Constitution will transform into a State Constitution. Counsel asked the court “whether the right to privacy guaranteed under the Constitution, especially dimensions such as ‘the right to be let alone’ and ‘the right to be forgotten’, entitle a citizen to protect his/her personal identity, his/her movements, his/her social interactions, etc., without being forced to part with personal information to the State and without being forced to embed the information with government departments and private entities?” Arguments will continue on January 23.