#Aadhaar (day 33) hearing will begin shortly. Senior advocate Rakesh Dwivedi appearing for State/UIDAI will finish by lunch today.
RD: What sort of control does UIDAI have over RE? Fair and reasonable safeguard under Article 21.
RD: Data under REs is segregated. There's no way to aggregate that data as there are over 300 REs.
J. Sikri: what about an individual RE collecting data?
RD: lets take the example of Vodafone. what will vodafone do with the authentication data? They can't track any individual.
J. Sikri: what about an individual RE collecting data?
RD: lets take the example of Vodafone. what will vodafone do with the authentication data? They can't track any individual.
RD: Vodafone can do targeted advertising using the data which is already happening without Aadhaar. Vodafone has far more demographic data about an individual than UIDAI has.
In the case of UIDAI, there are so many regulations and penal consequences that don't apply to Vodafone.
In the case of UIDAI, there are so many regulations and penal consequences that don't apply to Vodafone.
RD shows a credit card statement to the bench to show that banks have a record of all transactions made by an individual including the place of transaction.
Nobody is questioning what banks and telecoms are collecting. The single target is Aadhaar.
Nobody is questioning what banks and telecoms are collecting. The single target is Aadhaar.
RD: It's not difficult to collect data about someone from Google. How much senior advocates charged for particular cases is also available online.
He gives the example of bigbasket knowing an individual's food habits based on what they buy.
He gives the example of bigbasket knowing an individual's food habits based on what they buy.
RD: We need to have big data, processing power and statistical knowhow to do big data analysis as Google is doing.
RD says Google and Facebook process tremendous data on a daily basis. UIDAI does not have that kind of algorithms.
RD says Google and Facebook process tremendous data on a daily basis. UIDAI does not have that kind of algorithms.
RD: It is doubtful that an RE that collects data and transfers that data without any other data has any value. Also RE s do not have authentication records. Points to regulation 18.
RD shows a list of entities that require one time authentication and those that require authentication every time there's a transaction. Says most entities require authentication once. Therefore there's no way to surveil people 24x7.
RD says we are still conscious about providing as much security as possible because we want to gain the trust of the people.
On control of RE, RD says that RE will buy a fingerprint device from a vendor. We control the vendor wrt to the hardware and software of the device.
On control of RE, RD says that RE will buy a fingerprint device from a vendor. We control the vendor wrt to the hardware and software of the device.
RD says we also put a key in the device so that the data is encrypted and sent to CIDR.Machine is then taken to STQC and that Dept looks into the device to see whether it meets all the requirements. Device preparation and certification happens without the knowledge of RE
RD: Information systems operator then conducts an audit of the RE and the report is submitted to UIDAI. If it is approved then the RE gets a license from UIDAI in order to operate as an RE.
RD: Meta data is important for validation that the data is coming from a particular RE with which uidai has an agreement.
Says for fraud management and verification, meta data is required.
Says for fraud management and verification, meta data is required.
RD: REs have a data vault as well. It is controlled by trusted people. Apart from this there are two more audits conducted: annual audit and random audits by UIDAI. Even ASAs are audited likewise. Relevant regulations are 19(1)(g) and 21.
RD:Nature of information is such that it is not of any commercial value. All REs are already possessed of this information and much more.
UIDAI has device control which happens before the device is purchased. There are double pairs of keys.Encryption is immediate and time stamped
UIDAI has device control which happens before the device is purchased. There are double pairs of keys.Encryption is immediate and time stamped
RD: Transmission requires digital signature with a private let. There's a data vault. There's complete prohibition of storing PID block. Even demographic info is prohibited from transfer. Three level auditing by information system auditor.
RD: And finally there are penal consequences if any provision of the Aadhaar Act or regulation is violated.
RD: Also central government has no access to UIDAI's data as UIDAI is an autonomous body.
Emphasizes that no surveillance is possible.
Emphasizes that no surveillance is possible.
RD reiterates that proof of concept studies happened wrt to Aadhaar and biometrics. Only in the last two years, enrollment shot up from 60cr to 100 cr (after the Act was enacted). In the beginning when Aadhaar was a scheme, Aadhaar technology was just being tested.
RD: there were hardly any enrollments that time when Aadhaar was being tested.
Bench rises for lunch. RD says that he'll need another thirty minutes post lunch to argue on Aadhaar-SIM linking.
RD is going through regulations 27, 28, 29.
RD: While examining the problem of smart cards, even the EU has said that having a centralized database is important. Decentralization leads to fakes and duplicates.
RD will now argue on the issue of Aadhaar SIM linking. Cites Lok Niti foundation judgment. Mentions TRAI's recommendation to link Aadhaar with SIM.
RD is reading out the DoT notification that talks about re- verfication of mobile numbers using e-KYC process.
This process, he says, is part of the license agreement.
Section 4 proviso of the telegraph act gives exclusive power to the Central govt to decide license conditions.
This process, he says, is part of the license agreement.
Section 4 proviso of the telegraph act gives exclusive power to the Central govt to decide license conditions.
RD: Aadhaar SIM linking helps in ensuring that Sim card is given to the person who's applying for it. This is a legitimate state interest.
RD: Says the measure to verify your SIM card one time is not excessive at all. Therefore it's proportional to the object sought to be achieved.
J. Chandrachud: SC never directed in Lok Niti foundation order to carry out e-KYC of mobile nos.using Aadhaar.
J. Chandrachud: SC never directed in Lok Niti foundation order to carry out e-KYC of mobile nos.using Aadhaar.
J. Chandrachud: the DoT notification says that Aadhaar SIM linking is being done on the direction of the SC while the SC had not issued any such direction.
RD: No, it was done on the recommendation of TRAI before the Lok Niti order had even come out.
RD: No, it was done on the recommendation of TRAI before the Lok Niti order had even come out.
RD: My submission is that the government had a legal basis to link Aadhaar with SIM by virtue of section 4 of the telegraph act. Also, the measure is reasonable in the interest of national security.
RD: There's no possibility of surveillance via CIDR. CIDR is absolutely necessary to avoid fakes.
The entire architecture is such that there's no aggregation of data and therefore no surveillance. That's why there's a mix of public and private players.
The entire architecture is such that there's no aggregation of data and therefore no surveillance. That's why there's a mix of public and private players.
RD: The system stands the test of article 21 on its own and there's no infringement of right to privacy.
This project has the support of two governments because Congress had started this and Mr. Sibal was part of the cabinet that time.
This project has the support of two governments because Congress had started this and Mr. Sibal was part of the cabinet that time.
ASG Tushar Mehta wants to make a small submission.
TM: Does Aadhaar pass the muster of Article 300A? "Authority of law" phrase in 300A gives the power to the legislature to link Aadhaar with bank account under PMLA. The PMLA rules have the backing of the PMLA.
TM: Does Aadhaar pass the muster of Article 300A? "Authority of law" phrase in 300A gives the power to the legislature to link Aadhaar with bank account under PMLA. The PMLA rules have the backing of the PMLA.
TM addresses whether article 300A encompasses rules also.
Cites 1966 3 SCR and Vishambhar Dayal v. State of UP: Even a rule is considered law.
Cites 1966 3 SCR and Vishambhar Dayal v. State of UP: Even a rule is considered law.
TM: A statutory rule is akin to law under Article 300A of the Constitution. The parliament cannot every time amend the law (PMLA) for example in respect of money laundering. Therefore a wide statutory network is provided and power is given to the rule making authority.
Senior Advocate V.Giri wants to appear on behalf of State of kerala. He wants to argue on legislative competence. Bench is of the view that states cannot challenge a central govt statute.
Bench has asked him to submit bullet points on what he wants to argue and then the bench will decide if he can be allowed.
Senior Advocate Jayant Bhushan starts his submission.Hes reading the master circular by RBI issued on April 20. Says RBI has issued the master circular by virtue of its power under banking regulation act.PMLA Rule 9(4) provides that Aadhaar has to be submitted to reporting entity
Says that under Rule 9(14) provides that the regulator (RBI in this case) shall provide guidelines incorporating the requirements of sub-rules (1) to (13) above and may prescribe enhanced or simplified measures to verify identity.
JB: Requirements under Rule 9(1)-(13) is made mandatory by Rule 9(14). The master circular is now in conformity with PMLA rules. RBI has no option but to amend the master circular.
Gopal Sankarnarayanan now begins his submissions:
1. Aadhaar Act is valid subject to three specific provsioms that have to be read down or struck down.
2. Conflict with RTI.
3. 139aa wrt to article of 21 and manifest arbitrariness.
1. Aadhaar Act is valid subject to three specific provsioms that have to be read down or struck down.
2. Conflict with RTI.
3. 139aa wrt to article of 21 and manifest arbitrariness.
GS: Right to identity is an absolute fundamental right. Aadhaar provides one kind of proof for identification. It arises from recognition of an individual. Cites Ayn Rand's "Anthem"
GS will continue tomorrow. Bench rises for the day.
