Aadhaar Linkages case: Sibal points out the many ways data can be compromised

681
Aadhaar Linkages case: Sibal points out the many ways data can be compromised

The hearings on Aadhaar and its various linkages and privacy and security issued attached to them continued before the Supreme Court constitution bench of Chief Justice Dipak Misra and Justices A K Sikri, A M Khanwilkar, D Y Chandrachud and Ashok Bhushan on Wednesday (February 7).

The following deliberations took place:

11:34am: Senior advocate Kapil Sibal continued his submissions. He talked about identity information which requires authentication as per section 2(c) of the Aadhaar Act. This means Aadhaar number along with biometric or demographic information. He argued that this part has been wrongly drafted. It means that only

these two pieces of data can be submitted for the purposes of authentication.

He said that while photograph is included in biometric, it has been excluded in code biometric. He said that no alternative information can be given. Aadhaar Act is only for Aadhaar information and nothing else, Sibal said.

“Hence, for every Aadhaar card, the individual’s photograph will also be present,” he said. “There is a definition of identity information in the Act itself.”

At that Justice Ashok Bhushan pointed out:  “The alternatives are for double-checking.”

Sobal said: “It’s a legal argument and not political argument that you’re reducing me to one identity. Section 2(m) is not inclusive, it is exhaustive as pointed out by justice Chandrachud.”

Justice Sikri said: “If I don’t have the Aadhaar number, I still exist…” to which Sibal agrees, saying “we are more than just an Aadhaar number.”

Sibal says: “Section 8(3)(c) proposes that only three methods of identity information should be available. Secondly, there is no centralised database. Regulation 4 refers to modes of information. It gives you an idea what of authentication is. There is no other mode. Regulation 5 has to be read with 8(3)(c).”

He said: “If you have your authentication on your smart cards, your biometrics cannot go anywhere, hence no one can steal anything. That’s what most jurisdictions do, especially in the UK.”

Justice Bhushan said: “That regulation 5 has an overriding affect.”

Ibal said: “The act says that the number qualifies for the identity information. That means I can establish my identity via Aadhaar. Once I establish my identity information with the help of Aadhaar, no one can question me.”

“Read the Act in consonance with the provisions of the constitution,” says Sibal.

“If we accept your submissions, the constitutional validity of this becomes substantive,” says justice Chandrachud. “Under this statute, you have to collect information, which is not a state activity. Use of Aadhaar number to establish identity by the state or a body corporate under the law… that answers all of the ‘who’ and ‘how’ questions.”

Sibal says: “It must be assured that my property is protected. It is licensed out to agencies, etc. Now, because it is my property, i.e. my information, hence it must be protected and I must be assured that it is done.

“In a digital world my property cannot be retrieved, unlike in the physical world. If I have lost my property, in the physical world, it can be retrieved. If not, compensation would be provided. In the digital world, nothing can be protected. We’re not dealing with the physical world,” submitted Sibal.

“The digital world will know more about you than you would know; that’s where the world is heading towards,” he said. “In the USA, it is said that the digital world is like a Jurassic Park.”

“Data can arguably be divided into two types, Meta data and messages. Aadhaar is linked to every journey. Meta data is the information minus the messages. You’re making me vulnerable,” said Sibal.

“Unnecessary information is being stored because of Aadhaar and the vulnerability is the violation of my rights. The point is, an individual’s data who is not a criminal, should not be in the public domain.”

Justice Sikri gave a counter situation where a member of a particular airline travels even the airline retains the data about your traveling trend. What is so different about Aadhaar being linked to your railway ticket?”

Sibal continued: “CDR becomes a single target for cyber criminals for external and internal attacks according to an RBI report. A recent RBI report has explained that CDR has been targeted. According to this, because of Aadhaar there is a readily available platform for cyber criminals. It’s a staff paper/report. We need to have safeguards.”

“There’s a need for care. It does not straightaway talk about vulnerability,” Justice Chandrachud commented. “Every centralised depository can be hacked and using Fevicol and wax, by making a mould, anyone without even any technical knowledge can derive your fingerprint.”

At that Sibal said: “Once the national based information is compromised, we cannot do anything. Any criminal can take a defence that my fingerprints were stolen during every criminal trial,” Sibal said.

“By creating a 3D image of a fingerprint, once infringed through using a fingerprint app as in Android phones, the infringer can use it anywhere he wants, Sibal said.

“Airtel was benefitted by using latest Aadhaar, where new bank accounts were opened and the bonus/benefits the people earned were transferred into that Airtel bank. Hence, Aadhaar wouldn’t be a reliable source of information for the benefits to them,” Sibal said.

“And most benefits are received by aged people. Biometrics of children and the aged cannot be relied upon, as they don’t come to be very accurate. Further, it’s not reliable in cases of disabled people. The statute contemplates breaches.”

12.47 pm: “It will encourage bribery as big corporate competitors will pay money to get information, Sibal said. “The larger the data base, greater the chance of rejection of Aadhaar enrolment.

1.03pm: Adhaar matter adjourned to February 8.

– India Legal Bureau