Constitute Committee to ascertain the extent of Aadhaar data breach, Prof Shamnad Basheer urges Delhi HC

Constitute Committee to ascertain the extent of Aadhaar data breach, Prof Shamnad Basheer urges Delhi HC

In response to Unique Identification Authority of India’s (UIDAI) claim that there has not been any security breach of Aadhaar data, Academician Prof Shamnad Basheer has suggested the constitution of a neutral, court-ordered committee to independently ascertain the accurate extent of Aadhaar data breaches.

“..If what the Respondent claims is true, namely, that there has been no breach in the Aadhaar database or any violation of privacy rights, it ought not to have any objection to the appointment of a neutral court ordered committee to independently ascertain this.

The statement forms part of the rejoinder affidavit filed in the public interest litigation by Prof Basheer seeking damages for Aadhaar data leaks.

In its counter affidavit filed before the Court, UIDAI had sought the dismissal of the PIL on the ground that the claims of data leak were “completely devoid of any substance or truth” and that till date, there has not been any security breach of its biometric database or Central Identity Data Repository. UIDAI had also challenged the locus of the petitioner to file the PIL.

The rejoinder filed through advocates Rupali Francesa Samuel, Jhanvi Dubey and Siddharth Satija, states that the assertions made by UIDAI were false, vague, and misleading.

Basheer has also vehemently denied UIDAI’s claim that the petition was based on “unsubstantiated news reports and surmises”. Arguing that the grounds made out in the PIL were not frivolous and uncorroborated, it is stated,

(The Pettioner) has relied upon a vast array of credible sources including the report published by a reputed think tank and the reply of the Minister of State for Electronics and Information Technology made in the Rajya Sabha. Newspaper reports have been cited to bolster the allegations of data breaches and highlight the large number of such breaches which have occurred…Indeed in many of the instances of reported breaches, the Respondent through press releases, registration of FIRs and initiation of other proceedings has validated the occurrence of these events.”

It is also reiterated that any suggestion by UIDAI that the petition challenged the constitutional validity of the Aadhaar act, linking of Aadhaar with PAN, bank account etc. was false and misleading.

Prof Shamnad Basheer
Prof Shamnad Basheer

Prof Basheer has further refuted UIDAI’s claims of Aadhaar having a strong security infrastructure by stating that the same is “not supported” by instances of breaches in the public domain.

Specifically, UIDAI’s claim of having a fraud analytics system is said to be uncorroborated and not based on any material record.

Even if the claims were taken to be true, it is clear that the fraud analytics system is only capable of detecting and analysis cases of biometric replay by AUAs. The system is in capable of detecting other forms of data beech and to this extend the system remains vulnerable to misuse and abuse.

Further defending the maintainability of his PIL, Bahseer has claimed that no consequential in personam harm or damage has to be shown in order for such a breach to be actionable. It has been contended that privacy violations are actionable on an injuria sine damnum standard, even assuming no actual damage could be proven to have occurred.

Thus, lack of damage to a person or property does not invalidate the petitioner’s privacy claim.

Notice in the plea was issued to UIDAI and Centre in August 2018.

Apart from damages for data breaches, the petition also seeks the appointment of a neutral ombudsman for addressing all concerns arising out of breaches of the Aadhaar Act.

Bar and Bench - Indian Legal news