Aadhaar Act is a black act, it declares an open war against citizens’ rights & their sensitive information

Centre, several States & Banks violating Supreme Court’s order on biometric UID/Aadhaar likely to face music  

In a significant development in the matter of Unique Identification (UID)/Aadhaar numbers, Punjab & Haryana High Court has passed an order saying, “Linking Aadhaar Number to direct recruitment should not prima facie be a mandatory condition as it by result in violation of equal opportunity clause in Article 16(1) of the Constitution of India and deny easy access to applying online for jobs.” It observed that if “some other method” is devised citizens “will be confronted with denial of employment opportunity, which is a very serious and sacrosanct right in a country where employment opportunities are fought on war footing”. The order was passed in Pradeep Kumar Vs. Maharishi Dayanand University, Rohtak on 28 February, 2018 by Justice Rajiv Narain Raina and the matter is likely to be heard on 28 March, 2018. Notably, National Human Rights Commission (NHRC) in its submission to the Parliamentary Standing Committee on Finance on National Identification Authority of India Bill, 2010 (Aadhaar Bill, 2010) had apprehended exclusion because of Aadhaar.

It is germane to recollect that Supreme Court’s Constitution Bench comprising of Chief Justice of India Dipak Misra and Justices A.K. Sikri, A.M. Khanwilkar, D.Y. Chandrachud and Ashok Bhushan had passed an order on December 15, 2017 saying Aadhaar “matter stands governed by the judgment of this Court in Binoy Viswam v Union of India”. This is the last order of the Supreme Court which is the law of the land as of now. This Bench is hearing the UID/Aadhaar case since 17 January 2018. So far there has been hearing on 13 days wherein so far three of the petitioner’s lawyers have made their submissions. The next date of hearing is on 6 March, 2018.

In Binoy Viswam case, the Supreme Court observed that Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 does not make UID/Aadhaar mandatory in its order dated 9 June, 2017. This order is available at http://sci.gov.in/supremecourt/2017/11151/11151_2017_Order_09-Jun-2017.pdf.

UID/Aadhhar number is not mandatory for anything in India as per para 90-91 of this 9th June order at page numbers 105-106. This has been reiterated on 27 June, 2017 by the Supreme Court. All forms/circulars/letters/notifications/office memorandum/notices are subservient to the Court’s order. The paragraph 90-91 of Court’s order of June 9, 2017 in the Binoy Viswam v Union of India reads: “it is clear that there is no provision in Aadhaar Act which makes enrolment compulsory….Fact remains that as per the Government and UIDAI itself, the requirement of obtaining Aadhaar number is voluntary. It has been so claimed by UIDAI on its website and

clarification to this effect has also been issued by UIDAI….Thus, enrolment under Aadhaar is

voluntary”. This order was passed in Writ Petition (C) No 247 of 2017.

It is significant to note that a Punjab and Haryana High Court Bench headed by the then Chief Justice A.K. Sikri (currently member of 5-Judge Constitution Bench of the Supreme Court hearing the UID/Aadhaar case) had heard a matter challenging a circular making Aadhaar mandatory for vehicle registration. The moment the High Court raised questions of law, the circular making Aadhaar mandatory was withdrawn by the Union Government.  Chief Justice Sikri headed High Court Bench had passed an order March 2, 2013 after hearing a matter challenging a circular making UID number mandatory. These decisions underline that UIDAI’s UID/Aadhaar related schemes are constitutionally assailable and indefensible.

It must be recalled that a Division Bench of the Andhra Pradesh High Court comprising Chief Justice Kalyan Jyothi Sengupta and P.V. Sanjay Kumar passed an order on November 21, 2013 that Aadhaar cannot be made mandatory. Several High Courts including Jammu & Kashmir High Court have drawn on Supreme Court’s order to ensure that citizens’ rights and entitlements are not made subservient to biometric identification based UID/Aadhaar system.


Given this unequivocal judicial position UID/Aadhaar cannot be made compulsory.

In view of these orders Central Government is under legal compulsion to advise its agencies, State Governments and Banks to revise their orders making UID/Aadhaar mandatory.

The making of Central Identities Data Repository (CIDR) of UID/Aadhaar is contrary to the principle of decentralisation in cybersecurity.

Notably, Aadhaar Act 2016 lists breaking into CIDR as an offence but this law criminalises a technological impossibility. In a bizarre act, it provides that only UIDAI can file a complaint when the data of a resident of India is misused or abused instead of the victim of abuse.

As per Section 47, “Courts will take cognizance of offences under this Act only upon complaint being made by the UIDAI or any officer authorised by it.” This deprives the victim of a right to file complaint although Section 34 of the Act provides that “Impersonating or attempting to impersonate another person by providing false demographic or biometric information will punishable by imprisonment of up to three years, and/or fine of up to ten thousand rupees.”

Victims cannot file complaint even when someone changes or attempts to change any demographic or biometric information of an Aadhaar number holder by impersonating another person (or attempting to do so), with the intent of i) causing harm or mischief to an Aadhaar number holder, or ii) appropriating the identity of an Aadhaar number holder although it is punishable under Section 35.

Victims of abuse cannot file complaint in cases wherein collection of identity information is done by one not authorised by this Act, by way of pretending otherwise despite the fact that the Act makes it punishable under Section 36.

Unless authorized by UIDAI or any officer authorised by it, victims cannot file complaint even when there is “Intentional disclosure or dissemination of identity information, to any person not authorised under this Act, or in violation of any agreement entered into under this Act” under Section 37 although it is punishable.

Unless authorised by the UIDAI, the intentional acts like accessing or securing access to the CIDR; downloading, copying or extracting any data from the CIDR; introducing or causing any virus or other contaminant into the CIDR; damaging or causing damage to the data in the CIDR; disrupting or causing disruption to access to CIDR; causing denial of access to an authorised to the CIDR; revealing information in breach of (D) in Section 28, or Section 29; destruction, deletion or alteration of any files in the CIDR; stealing, destruction, concealment or alteration of any source code used by the UIDAI , will be punishable under Section 38. Even in such cases victims cannot file complaint without authorization by UIDAI.

Section 39 reads, “Tampering of data in the CIDR or removable storage medium, with the intention to modify or discover information relating to Aadhaar number holder will be punishable”. Thus, it admits that such acts are possible and imminent but the Act does not empower the victims of such tampering or removal instead it empowers UIDAI.

While Section 40 makes “Use of identity information in violation of Section 8 (3) by a requesting entity will be punishable with imprisonment up to three years and/or a fine up to ten thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company)”, it is incomprehensible as to how a company or an individual feel deterred by such meager punishment when they can harvest big database of personal sensitive information which is admittedly a “national asset” and “rich asset”.

Section 43 visualize a situation wherein offences can be committed by a Company but they can be excused “if they can prove lack of knowledge of the offense or that they had exercised all due diligence to prevent it.” It also underlines the possibility of an offence committed by a Company with the consent, connivance or neglect of a director, manager, secretary or other officer of a company but they too can be excused if they can prove their ignorance, inability and inevitability.

In a stark admission of the involvement of foreign locations and persons, Section 44 states that the Act “will also apply to offences committed outside of India by any person, irrespective of their nationality, if the offence involves any data in the CIDR.”

These questionable provisions of the Aadhaar Act make it a Black Act.

In the meanwhile, Secretary Government of India, Ministry of Communication and Information Technology wrote a letter to the Secretary Department of Defence Production asking him to introduce Aadhaar enabled Biometric Attendance System in the department of defence production. The system would enable an employee with an Aadhaar number to register his/her attendance (arrival/ departure) in the office through biometric authentication. It also says that a web based application software system will enable online recording of attendance and that the dash board relating to real time attendance and related statistics, can be viewed by everyone.

Citizens Forum for Civil Liberties (CFCL) had sent a legal notice to Department of Electronics and Information Technology (DeitY), Ministry of Communications and Information Technology. DeitY responded stating, “Aadhaar is being used for Biometric Attendance System and this does not form part of Defence application”. DeitY is now been renamed as Ministry of Electronics and Information Technology (MeitY).

The fact is that the application of biometric UID/Aadhaar was restricted to ‘civilian application’ and was not meant for defence application. Central Government’s Biometrics Standards Committee had categorically stated that UID/aadhaar’s is meant only for “civilian application” but the order on aadhaar enabled biometric attendance system has been extended to defence employees as well. The fact remains UID was first adopted by USA’s Department of Defence, later by NATO. It has subsequently been pushed through World Bank’s etransform Initiative in partnership with France, South Korea, Gemalto, IBM, L1, Microsoft, Intel and Pfizer. L1 was a US a company when it got a contract from UIDAI but it got purchased by French Conglomerate Safran Group after security clearance by US Government. This constitutes breach of national security as no such clearance was granted by Government of India. Some of these companies have partnership with Chinese Government as well.

Across the globe very stringent data privacy law has been framed wherein one’s personal data cannot be used by anyone including the government without your specific consent. But in India there is no data protection law. Aadhaar is akin to a piece of collar which the transnational powers want to tie on the neck of Indian citizens. Government has allowed itself to be misled and it has failed to protect personal sensitive information which has already gone to foreign companies and continues to flow in their direction.

The entire information of the employees working in the department of defence production, which will include related statistics, will be stored online and on cloud will be available to everybody. Besides application of UID in the Department of defence production not being in national interest making it available to everyone and on the cloud, including to the foreign companies like Safran Group, its L1 Solutions, Accenture and Ernst & Young will violate the order of Hon’ble Court.  It is evident that the coverage of defence employees under Aadhaar enabled Biometric Attendance System does establish conclusively that it Aadhaar is being put to defence application contrary to the claim of the government.

Government argues, “Attendance of Govt. employees is already being maintained and the Biometric Attendance System, maintained by the attendance.gov.in is just digital equivalent of the age-old attendance register. This is part of contractual relationship between the Public Servant and the Employer, viz. the Government of India, wherein the former has consented to/agreed to the terms of service and is therefore, contractually bound to follow the rules and regulations as specified for him by his/her employer.”

Government will have us believe that there is no difference between “age-old attendance register” and UID/Aadhaar enabled Biometric Attendance System.

In order to comprehend the sophistry involved in such averments, it is germane to recall the intervention of National Human Rights Commission (NHRC) in the case wherein Indian students in USA were made to wear radio collars. NHRC ensured that the government acted to ensure that the human rights of students are protected. It is germane to note that radio collar is based on biometric data like voice print. If making Indian students wear biometric radio collar constitutes an act which Government of India admitted as an act of violation of human rights, indiscriminate biometric profiling is also an act of violation of human rights. As per Section 2 (G) of Aadhaar Act 2016, “biometric information” means photograph, fingerprint, Iris scan, or any other biological attributes specified by regulations. Thus, it clearly includes biological attributes like voice print and DNA.

If UID/Aadhaar enabled Biometric Attendance System is indeed a “digital equivalent” of “age-old attendance register”, why did NHRC object to radio collar which can also be argued by sophists to be “digital equivalent”. If the “digital equivalent” means biometric equivalent as well then it makes DNA based identity and attendance will also be deemed equivalent to “age-old attendance register”. It is quite evident that such is deeply misleading.

Coincidentally, NHRC’s views on National Identification Authority of India Bill, 2010 (Aadhaar Bill, 2010) helped Parliamentary Standing Committee on Finance in its recommendation to trash the Bill and the biometric data based UID/Aadhaar programme. Fearing further censure from Rajya Sabha, the Central Government withdrew the pre-existing Aadhaar Bill from Rajya Sabha and inappropriately introduced the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 as a Money Bill. It faces legal challenge in the Supreme Court.

There is a logical compulsion for withdrawing the letter and all consequential letters by which UID is made applicable to defence application i.e. Department of Defence Production in the interest of supreme national security.

It is possible that such civilian and non-civilian applications are being bulldozed by some commercial entities in order to store and read biometric and DNA script of Indian population in the aftermath of the sequencing of Human Genome for epigenetics, medicine, big data, social control, inheritance, eugenics and genetic determinism.

Under the tremendous influence and unprecedented onslaught from unregulated and ungovernable technology companies, Central Government and State Governments have failed to national security and safeguard citizens’ privacy which is part of their right to life. The role of opposition parties of all shades leaves a lot to be desired because their State governments are naively implementing a project which a grave threat to federalism as well. The sterile political and legal imagination of opposition parties is a case study.

As to the ruling parties, it has righty been said that “Office-holding is a necessary but not a sufficient condition of governing.” In The Problem of Party Government, Prof Richard Rose wrote, “Where life of party politics does not affect government policy, the accession of a new party to office is little more significant than the accession of a new monarch; the party reigns but does not rule.” The colossal breach of trust by BJP on the issue of UID/Aadhaar demonstrates how a party reigns but fails to rule.

In such a backdrop, all eyes are on the 5-Judge Constitution Bench which is hearing some 30 petitions including those filed by a former judge, a former defence scientist and a former Major General from engineering branch are among the petitioners in supreme national interest. Besides them Prakash Katoch, former Lieutenant General from Special Forces has expressed his concerns citing KC Verma, former Director R&AW who said “Aadhaar is being abused by banks, telcos, and transport not to police entitlements, but as a proxy for identity-an improper gate to service. Such demands must be criminalized.” In face of unprecedented propaganda Lieutenant General Katoch recollected what Paul Joseph Goebbels, Hitler’s Propaganda Minister had said. Goebbels said, “If you tell a lie big enough and keep repeating it, people will eventually come to believe it. The lie can be maintained only for such time as the state can shield the people from the political, economic and/or military consequences of the lie. It thus becomes vitally important for the state to use all its powers to repress dissent”. Indeed the misinformation campaign by proponents of UID/Aadhaar is drawing lessons from Goebbels.

It is noteworthy that the Parliamentary Standing Committee on Finance in its report placed before Parliament on December 13, 2011 observed that UID/Aadhaar project has been conceptualized “with no clarity of purpose” and “directionless” in its implementation, leading to “a lot of confusion”. It is noteworthy that 3.57 crore signatures against Aadhaar/UID were submitted to the Prime Minister on March 14, 2012.

It may be recalled that at a brainstorming cum workshop on “Understanding Aadhaar and its New Challenges” held at the Centre for Studies in Science Policy, Jawaharlal Nehru University (JNU) in May, 2016, the scholars critically examined the robustness of the official discourse and the current status of the project, the technology, the law, the constitutional position and the safeguards. It explored the implications of the exploitation of biometrics (facial recognition, fingerprints and iris) for identification of individuals and authentication of their identities and underlined how UID/Aadhaar presents new scientific, technological as well as social and political challenges. It might be useful for the Supreme Court to seek the proceedings of the workshop to ascertain the far reaching implications of this project.

For Details: Gopal Krishna, Citizens Forum for Civil Liberties (CFCL)*, Mb: 08227816731, 09818089660, [email protected]

  • CFCL has been working on the issue of surveillance and biometric Unique Identification (UID) Number branded as “Aadhaar” since 2010. It had appeared as an expert to give testimony in front of Parliamentary Standing Committee on Finance which examined the National Identification Authority of India Bill, 2010 (Aadhaar Bill, 201