New Delhi: Fingerprints found at a scene of crime cannot be matched against the Aadhaar database to identify a criminal, the Unique Identification Authority of India (UIDAI) has told the Delhi High Court.
Doing so would not only be against the Aadhaar Act, but is also not possible on account of technology-related constraints, the UIDAI, the authority tasked with issuing Aadhaar cards, told the court in an affidavit filed on 29 April.
The UIDAI was responding to a query from the Delhi High Court in connection with a 2018 robbery and murder at a jewellery shop in Delhi.
In an order passed in February, the high court asked the UIDAI to respond, explaining that the “issue in the present petition is, whether the Aadhaar Act 2016 permits the respondent to inform an investigating agency as to whether the chance prints and photographs retrieved by it from the place of occurrence matched with the biometric particulars of a person in the data of the respondent (UIDAI) and provide details with regard to his identity”.
The query came after the prosecution sought to know if potential fingerprints and photographs of unknown accused could be matched with the Aadhaar database to identify the culprits.
The UIDAI said in its affidavit that sharing or use of biometric information for any use other than the generation of the Aadhaar number, and authentication, is “impermissible”.
The UIDAI, it added, does not have the technology to match fingerprints etc found at the scene of a crime with those available on its database. It does not collect biometric information, including iris scans and fingerprints, based on technology or procedures suitable for forensic purposes, it said.
The UIDAI said the request is not “technologically feasible”, because its “technological architecture… does not allow matching of the biometric information unless the Aadhaar number is provided”.
Also Read: Why we made Aadhaar a number, and not a card
Aadhaar Act & UIDAI affidavit
The request in question fell foul of the Aadhaar (Targeted Delivery of Financial & Other Subsidies, Benefits and Services) Act, 2016, the UIDAI said.
For one, the authority stated, it would be “squarely contrary” to Section 29 of the Act, which places restrictions on sharing information collected or created under the Act.
It says that no “core biometric information” collected under the Act shall be shared with anyone for any reason, or used for any purpose, other than generation of Aadhaar numbers and authentication under the law.
The Act says core biometric information includes fingerprints and iris scans.
The UIDAI also referred to regulation 3 of the Aadhaar (Sharing of Information) Regulations, 2016, which says “core biometric information collected by the Authority under the Act shall not be shared with anyone for any reason whatsoever”.
“Therefore, there is clear prohibition under the law against sharing or using core biometrics for any reason whatsoever,” the affidavit said.
Section 33 of the Aadhaar Act allows disclosure of information in certain cases. It says that identity information or authentication records can be disclosed if such an order is made by a high court or Supreme Court judge, after giving an opportunity of hearing to the UIDAI and the Aadhaar-holder.
However, this provision also says that “core biometric information shall not be disclosed under this subsection”.
Referring to this provision, the UIDAI pointed out that “such information cannot be provided without giving an opportunity of hearing to the concerned Aadhaar number-holder”.
The affidavit said that even though the photograph, demographic information and authentication records of an Aadhaar-holder may be shared by the authority under Section 33, “in absence of the Aadhaar number it is technically not feasible to provide the photograph of the unknown accused as sought through this petition”.
In its affidavit, the UIDAI explained that — under the Aadhaar Act — the enrolment of a resident is carried out after collecting their demographic and biometric information.
While mandatory demographic information includes the applicant’s name, address, date of birth and gender, biometric information includes 10 fingerprints, 2 iris scans, and a photograph.
“The biometrics information is used for de-duplication of residents and to ensure uniqueness of Aadhaar number,” the affidavit explained, saying that biometric information ensures that any second attempt for an Aadhaar by the same person is rejected.
What other courts have said
On 26 February 2014, the Bombay High Court passed an order regarding a data request made to the UIDAI by the CBI for investigation in a case involving the alleged rape of a seven-year-old in a school toilet.
The CBI wanted to match the fingerprints found at the scene of the crime with UIDAI data.
In this case, the judicial magistrate first class had, in October 2013, directed the UIDAI to provide the necessary data to the CBI. The UIDAI challenged this order in the Bombay High Court at Goa, taking the defence of privacy of its card-holders. It also claimed that its database does not permit such a comparison.
The high court demanded a report on the capability of the UIDAI’s database software, to ascertain whether it was possible to compare the fingerprints given in electronic form by the CBI and those collected by the Aadhaar authority.
This order was stayed by the Supreme Court on 24 March 2014.
The case was then tagged by the Supreme Court with the petitions that challenged the constitutional validity of the Aadhaar Act.
In September 2018, a five-judge bench of the Supreme Court upheld the law as constitutional, while striking down a few individual provisions of the Act. The bench also set aside the orders of the magistrate and the high court, calling them violative of Section 33 of the Act.
(Edited by Sunanda Ranjan)