On Wednesday - Day 33 of the Aadhaar final hearing, senior counsel Rakesh Dwivedi discussed the DoT circular dated March 23, 2017, calling upon all the telecom operators to conduct an Aadhaar-based re-verification exercise of all existing pre-paid and post-paid mobile connections ‘in the light of the order dated February 6, 2017, of the apex court in Lokniti Foundation v. UOI’.
Justice Chandrachud remarked that the Aadhaar-based e-KYC process had not been ordered by the apex court in Lokniti Foundation v UOI, while the DoT circular cites the aforesaid observation of the court, stating that “this amounts to a direction”.
Dwivedi agreed, saying that the Aadhaar-SIM card linkage has been recommended by the TRAI.
He advanced that the Centre has the power to direct the same by virtue of the First Proviso to Section 4(1) of the Indian Telegraph Act of 1885 which lays down that the Central government may grant a licence, on such conditions and in consideration of such payments as it thinks fit, to any person to establish, maintain or work a telegraph.
In Lokniti, the Supreme Court was dealing with a prayer that the identity of each mobile phone subscriber, as also his/her address, should be verified so that no fake or unverified phone subscriber can misuse a mobile phone. It was contended that the prayer was imperative as mobile phones are used not only for domestic criminal activity but also for known terrorist activity (sometimes with foreign involvement).
The court, disposing off the said writ petition, had noted the averment by the Union of India that the DoT had launched `Aadhaar-based e-KYC for issuing mobile connections' on 16 August, 2016, wherein the customer, as well as Point of Sale (PoS) Agent of the Telecom Service Provider (TSP), will be authenticated from UIDAI based on their biometrics and their demographic data received from UIDAI is stored in the database of TSP along with time stamps.
The Centre had also told the court that as over 90 percent of subscribers are using prepaid connections, it would put in place a mechanism similar to the one adopted for new subscribers so that when prepaid connections come up for renewals, the verification could be insisted upon.
In its order, the court had observed, “In view of the factual position brought to our notice during the course of hearing, we are satisfied, that the prayers made in the writ petition have been substantially dealt with, and an effective process has been evolved to ensure identity verification, as well as, the addresses of all mobile phone subscribers for new subscribers. In the near future, and more particularly, within one year from today, a similar verification will be completed, in the case of existing subscribers. While complimenting the petitioner for filing the instant petition, we dispose of the same with the hope and expectation that the undertaking given to this Court, will be taken seriously, and will be given effect to, as soon as possible.”
Meanwhile on Wednesday, Dwivedi submitted that the UIDAI adequately monitors the ‘requesting entities’. He said that there being hundreds of ‘requesting entities’, there is no question of accumulation of the data pertaining to a resident.
In response to a query from the bench in this behalf, he explained that the records of any single ‘requesting entity’ are not sufficient for the profiling and surveillance of an individual, with these entities not possessing ‘authentication records’. “Telecommunication companies gather more commercially viable demographic data than Aadhaar...banks maintain records of all transactions engaged in by account holders, including the place of transaction...Facebook and Google collect detailed information which is analysed by their algorithms...a groceries and vegetable delivery software application processes data about the customers’ eating habits based on their orders...,” he continued. Regulation 18 of the Aadhaar (Authentication) Regulations stipulates the content of the logs of authentication transactions to be maintained by ‘requesting entities’, forbidding the retention of Personal Identity Data (PID Block), including necessary demographic and biometric information.
Elaborating on the procedure followed by the UIDAI to regulate ‘requesting entities’, Dwivedi submitted that the biometric scanning machine of the entity is examined and certified by the STQC, the machine is so prepared to ensure that the sensitive data is encrypted and transferred to the CIDR and their operations are audited by an approved information systems auditor. He indicated Regulations 19(1)(g) and 21 of the Aadhaar (Authentication) Regulations of 2016 in this regard.
On Tuesday, Justice DY Chandrachud had inquired about the necessity for the collection and retention of metadata. Dwivedi explained on Wednesday that metadata aids the UIDAI in verifying the identity of the ‘requesting entity’ from which an authentication request is received.
The senior counsel also asserted that the Central government has no access to the data in the CIDR, the UIDAI being an autonomous body. He submitted that a centralised database is preferred as it weeds out fraudulent IDs and assists in deduplication.
ASG Tushar Mehta, on Wednesday, sought to justify the linkage of bank accounts with Aadhaar under the Prevention of Money Laundering Act (PMLA) and the Rules framed thereunder, in view of Article 300A restraining any deprivation of one’s property unless with the ‘authority of law’. He submitted that rules also qualify as ‘law’ for the purpose of Article 300A.
Senior counsel Jayant Bhushan drew the attention of the Supreme Court’s five-judge bench to RBI’s ‘Master Direction - Know Your Customer (KYC) Direction, 2016’ as updated on April 20. In terms of the provisions of Prevention of Money-Laundering Act, 2002 and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, Regulated Entities (REs) are required to follow certain customer identification procedures while undertaking a transaction either by establishing an account based relationship or otherwise and monitor their transactions. In exercise of the powers conferred by Sections 35A of the Banking Regulation Act, 1949 read with Rule 9(14) of Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, the RBI, being satisfied that it is necessary and expedient in the public interest to do so, has issued the directions.
Advocate Gopal Sankaranarayanan also commenced his submissions on the validity of the Aadhaar Act of 2016 on Wednesday. The hearing shall resume on Thursday.