The Cambridge Analytica data leak controversy today found mention in the Supreme Court, which red flagged the threat of probable misuse of citizens' information by entities which were getting Aadhaar details authenticated by the UIDAI.
A five-judge constitution bench headed by Chief Justice Dipak Misra, hearing clutch of petitions challenging Aadhaar and enabling 2016 law, referred to the Cambridge Analytica controversy and said these are not "imaginary apprehensions" and, in the absence of robust data protection law, the issue of misuse of information becomes relevant.
"The real apprehension is that elections are swayed using data analytics. These problems are symptomatic of the world we live in," the bench, also comprising Justices A K Sikri, A M Khanwilkar, D Y Chandrachud and Ashok Bhushan, said.
"Please do not bring Cambridge Analytica into this. The UIDAI simply does not have the learning algorithms like Facebook, Google to analyse details of users," senior advocate Rakesh Dwivedi, appearing for Unique Identification Authority of India (UIDAI) and the Gujarat government, said.
Besides the Aadhaar Act does not authorise any kind of data analysis, he said, adding the UIDAI has "simple matching algorithms" which give answers like 'yes' or 'no' after it receives a request for Aadhaar authentication from a requesting entity.
The bench, which posed several searching questions, asked the lawyer why the authorities were allowing private entities to use the Aadhaar platform for various purposes and referred to the legal provision to this effect.
"Why are words 'body corporate or any person' used in section 57 of the Act. It breaks the nexus of the Act with the Consolidated Fund of India... What is the point of involving private parties in the Aadhaar infrastructure," the bench asked.
Dwivedi responded by saying that "it does not allow any 'chaiwala' or a 'panwala' to become a requesting entity under the Act. It is a limited exercise. The UIDAI will not approve anyone to become an requesting entity (RE) unless it is satisfied that the particular entity needs to use facility of authentication."
He also referred to private companies like Reliance venturing into the defence sector and said at some point in time, the court will have to decide the aspect where private firms were dealing with public functions of the state, which are currently being carried out by public sector companies.
Dwivedi also dealt with the persistent allegation that the people were being given a number identity as was done by dictator Adolf Hitler in Germany.
"Hitler counted citizens to identify Jews, Christians etc. Here, we do not seek details like caste, creed and religion from the citizens," he said, adding that the history of numbers began in India and "numbers are beautiful and fascinating".
He also urged the bench not to give in to the "hyper phobia" against the Aadhaar created by the petitioners opposed to the "inclusive scheme" of the government based on a law and the proper infrastructure.
"Lobbies favouring smart cards do not want this scheme to succeed as they are opposed to Aadhaar," the senior lawyer said, adding there have been efforts from many quarters to ensure that this scheme, which is more secure and works offline, does not work.
The bench then referred to the provisions of the Aadhaar Act and said the misuse of information at the end of UIDAI may not happen, but there could be possibility of misuse or commercial abuse of information by private entities involved in Aadhaar authentication.
To this, the lawyer said the Aadhaar Act provided enough data protection to citizens and contained provisions to punish the offenders for any breach and moreover, the core biometric details cannot be shared by UIDAI.
"No data protection law can provide hundred percent protection. The test should be 'reasonable, fair and just'," he said, adding that "aggregation, analysis or transfer of data" is not allowed under the statute.
The lawyer also referred to uncertainties faced in life and said nothing was 100 per cent secure as people died in air travel and accidents on the highways.
He then referred to the fact that documents like passport, PNR and boarding passes of airlines contain numbers only and it does not mean that identity of an individual is lost.
He said biometric details do not contain genetic data and they are not intrusive and they are used in instant digital authentication of Aadhaar holder.
"Aadhaar is not just an exercise to provide benefits and weed out fakes but also to bring the service providers face to face with the beneficiaries. That is the revolutionary aspect of Aadhaar," he said.
"Aadhaar is not the panacea for all evils but the problems that were occuring on account of fake identity documents will be solved," he said.
The bench took note of the plea that Aadhaar cannot be struck down solely on the ground that it is "probabilistic".
However, it said, "If probability leads to deprivation of fundamental rights, then there should be safeguards in place to ensure that this deprivation does not happen. There should be an administrative machinery in place to ensure no genuine beneficiary is deprived."
The advancing of arguments remained inconclusive and would resume tomorrow.