UIDAI authenticates Aadhaar No. of key UID/Aadhaar opponent who never applied for it

The case of UIDAI authenticating the UID/Aadhaar No. of a key UID/Aadhaar opponent who never applied for it is not an isolated case wherein despite never having been registered, he got the message that he has been authenticated. 

The Central Identities Data Repository (CIDR) of UID/Aadhaar Numbers of residents of India is one of the most vulnerable databases. The making of CIDR is contrary to the principle of decentralisation in cybersecurity.

As per Section 47 of the Act, “Courts will take cognizance of offences under this Act only upon complaint being made by the UIDAI or any officer authorised by it.” This deprives the victim of a right to file complaint although Section 34 of the Act provides that “Impersonating or attempting to impersonate another person by providing false demographic or biometric information will punishable by imprisonment

of up to three years, and/or fine of up to ten thousand rupees.”

Victims cannot file complaint even when someone changes or attempts to change any demographic or biometric information of an Aadhaar number holder by impersonating another person (or attempting to do so), with the intent of i) causing harm or mischief to an Aadhaar number holder, or ii) appropriating the identity of an Aadhaar number holder although it is punishable under Section 35.

 Victims of abuse cannot file complaint in cases wherein collection of identity information is done by one not authorised by this Act, by way of pretending otherwise despite the fact that the Act makes it punishable under Section 36.

Unless authorized by UIDAI or any officer authorised by it, victims cannot file complaint even when there is “Intentional disclosure or dissemination of identity information, to any person not authorised under this Act, or in violation of any agreement entered into under this Act” under Section 37 although it is punishable. 

Unless authorised by the UIDAI, the intentional acts like accessing or securing access to the CIDR; downloading, copying or extracting any data from the CIDR; introducing or causing any virus or other contaminant into the CIDR; damaging or causing damage to the data in the CIDR; disrupting or causing disruption to access to CIDR; causing denial of access to an authorised to the CIDR; revealing information in breach of (D) in Section 28, or Section 29; destruction, deletion or alteration of any files in the CIDR; stealing, destruction, concealment or alteration of any source code used by the UIDAI , will be punishable under Section 38. Even in such cases victims cannot file complaint without authorization by UIDAI.

Section 39 reads, “Tampering of data in the CIDR or removable storage medium, with the intention to modify or discover information relating to Aadhaar number holder will be punishable”. Thus, it admits that such acts are possible and imminent but the Act does not empower the victims of such tampering or removal instead it empowers UIDAI.

 While Section 40 makes “Use of identity information in violation of Section 8 (3) by a requesting entity will be punishable with imprisonment up to three years and/or a fine up to ten thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company)”, it is incomprehensible as to how a company or an individual feel deterred by such meager punishment when they can harvest big database of personal sensitive information which is admittedly a “national asset” and “rich asset”.

Section 43 visualize a situation wherein offences can be committed by a Company but they can be excused “if they can prove lack of knowledge of the offense or that they had exercised all due diligence to prevent it.” It also underlines the possibility of an offence committed by a Company with the consent, connivance or neglect of a director, manager, secretary or other officer of a company but they too can be

excused if they can prove their ignorance, inability and inevitability.

In a stark admission of the involvement of foreign locations and persons, Section 44 states that the Act “will also apply to offences committed outside of India by any person, irrespective of their nationality, if the offence involves any data in the CIDR.”

The authentication of a non-existent UID/Aadhaar Number holder like me demonstrates for the umpteenth time that UID/Aadhaar is a tried, tested and failed project. This failure was apprehended and indicated by the Parliamentary Standing on Finance in its report to both the Houses of Parliament. 

that guarantees embedded in the Constitution be manipulated out of existence.

In the light of this verdict, it is quite evident that the implementation of UID/Aadhaar is an exercise which is forbidden by our Constitution. If this could be done, constitutional guarantees, so carefully safeguarded against direct assault, are open to destruction by the indirect, but no less effective, process of requiring a surrender, which, though in form voluntary, in fact lacks none of the elements of compulsion. State does not have the constitutional power to discontinue benefits due to citizens. State’s power to withhold recognition or affiliation altogether does not carry with it unlimited power to impose conditions which have the effect of restraining the exercise of fundamental rights. Infringement of a fundamental right is nonetheless infringement because it is accomplished through the conditioning of a privilege. If a Legislature attaches to a public benefit or privilege restraining the exercise of a fundamental right,

the restraint can draw no constitutional strength whatsoever from its being attached to benefit or privilege. This is applicable to the Aadhaar Act, 2016.

Notably, Re Kerala Education Bill (1958) was the first case in India to lay down the doctrine of the prohibition of “unconstitutional conditions“. The doctrine of unconstitutional conditions prohibits the State from denying citizens a benefit by making access to that benefit conditional upon citizens’ abstaining from exercising any or all of their fundamental rights. This is despite the fact that there is no antecedent right to that benefit in the first place. It emerges that no Central or State Government can coerce citizens to access subsidies by sacrificing their private data by enrolling for UID/Aadhaar given the fact that they have a right to subsidy. No Government has the constitutional power to make right to have rights condition precedent.

Apparently, under some external influence, Central Government’s stance has been insincere from the every outset. The total estimated budget of the biometric UID/Aadhaar number project has not been disclosed till date. In any case unless total estimated budget of the project is revealed all claims of benefits are suspect and untrustworthy.

After the trashing of UID/Aadhaar by Lok Sabh a’s Parliamentary Standing Committee on Finance and later by Rajya Sabha, the Division Bench of Supreme Court too will now have the opportunity to see through the coercive and unconstitutional nature of UID/Aaadhaar Number project when it decides the case filed by Shanta Sinha and Kalyani Menon Sen.