Aadhaar data can’t be used in police investigations
- The UIDAI, which issues the unique Aadhaar number to residents of India, is prohibited by law from sharing any core biometric information with police.
Unique Identification Authority of India (UIDAI)
- The Unique Identification Authority of India (UIDAI) is a statutory authority established on 12 July 2016 by the Government of India under the jurisdiction of the Ministry of Electronics and Information Technology, following the provisions of the Aadhaar Act 2016.
- The UIDAI is mandated to assign a 12-digit unique identification (UID) number (Aadhaar) to all the residents of India.
- The UIDAI was initially set up by the Government of India in January 2009, as an attached office under the aegis of the Planning Commission.
Current Situation
- UIDAI has opposed a petition by Delhi Police seeking directions from the High Court that would allow investigators to match a suspect’s picture and biometric information.
The Delhi Police plea
In a first-of-its-kind case, Delhi Police approached Delhi High Court in February under Section 33(1) of The Aadhaar Act.
- A judge of a High Court can order the disclosure of information on identity in certain cases.
- Sections 28(2) and 28(5) of The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 - UIDAI “shall ensure confidentiality of identity information and authentication records of individuals.”
The Data UIDAI collects
The authority collects demographic and biometric information of residents at the time of enrolment.
- Demographic information includes name, address, date of birth, gender, mobile phone number, and email address,
- Biometric information includes 10 fingerprints, two iris scans, and the resident’s photograph.
- The unique 12-digit Aadhaar issued after successful enrolment is a proof of identity to obtain a subsidy or service.
Confidentiality of data
The Aadhaar Act requires the UIDAI to ensure confidentiality and security of the identity information it collects.
- According to UIDAI, the Delhi Police’s prayer is contrary to Section 29 of the Act, which prohibits sharing core biometric information - fingerprint, iris scan or any such biological attribute.
- The court cannot pass the order without giving an opportunity of hearing to the Authority [and the concerned Aadhaar number holder].
Technological Barriers
- UIDAI: “1:N” sharing of data is possible, it has to be done on a 1:1 basis only.
- The Aadhaar technology only permits biometric authentications which are done on a 1:1 basis for which it is necessary to have the Aadhaar number of an individual.
- Using the biometric data for random matching purposes may not be technologically feasible and shall be beyond the purview of the Act.
Conclusion
The technological architecture of UIDAI or its mandate for Aadhaar based authentication does not allow for any instance of 1:N matching. Under this finger prints including latent and chance fingerprints are matched against the other finger prints in the UIDAI database, except for generation of Aadhaar number.