The main argument of the petitioners in the case was that Aadhaar can result in creation of a surveillance state where daily transactions are recorded and that “profiling” will be used to stifle dissent and influence political decision- making. However, the majority view of Chief Justice Dipak Misra, Justices A K Sikri and A M Khanwilkar concluded that “the architecture of Aadhaar as well as the provisions of the Aadhaar Act do not tend to create a surveillance state”.
“During the enrolment process, minimal biometric data in the form of iris and fingerprints is collected. The Authority does not collect purpose, location or details of transaction. Thus, it is purpose blind. The information collected, as aforesaid, remains in silos. Merging of silos is prohibited. The requesting agency is provided answer only in ‘Yes’ or ‘No’ about the authentication of the person concerned. The authentication process is not exposed to the Internet world,” Justice Sikri said.
To support its conclusion, it further said that law has mandated use of “Registered Devices (RD)” for all authentication requests. The bench pointed out that RD service “encapsulates the biometric capture, signing and encryption of biometrics all within it.” “Therefore, introduction of RD in Aadhaar authentication system rules out any possibility of use of stored biometric and replay of biometrics captured from other source. Requesting entities are not legally allowed to store biometrics captured for Aadhaar authentication under Regulation 17(1)(a) of the Authentication Regulations,” the majority judgment said.
It further pointed out that the unique device code — registered device code used for authentication — “does not get any information related to the IP address or the GPS location”. “The Authority would only know from which device the authentication has happened, through which AUA/ASA etc. It does not receive any information about at what location the authentication device is deployed, its IP address and its operator and the purpose of authentication. Further, the authority or any entity under its control is statutorily barred from collecting, keeping or maintaining any information about the purpose of authentication under Section 32(3) of the Aadhaar Act,” the bench said.
The other main argument of the petitioner was that the law violates fundamental right to privacy. Addressing this, the majority judgment points to the Section 7 of the Act. It states that this provision is “aimed at offering subsidies, benefits or services to the marginalised section of the society for whom such welfare schemes have been formulated from time to time” — which is “an aspect of social justice” as mandated in Constitution.
“…we find that the inroads into the privacy rights where these individuals are made to part with their biometric information, is minimal. It is coupled with the fact that there is no data collection on the movements of such individuals, when they avail benefits under Section 7 of the Act thereby ruling out the possibility of creating their profiles. In fact, this technology becomes a vital tool of ensuring good governance in a social welfare state. We, therefore, are of the opinion that the Aadhaar Act meets the test of balancing as well,” the court said.