The Unique Identification Authority of India told the Delhi High Court on Thursday that there was no security breach of its database or the Central Identity Data Repository and asked the court to dismiss a plea seeking damages for Aadhaar data “leaks”, PTI reported.
In an affidavit filed before a bench of Justices Ravindra Bhat and Prateek Jalan, the UIDAI reiterated that its existing security controls and protocols are “robust and capable of countering any such attempts or malicious designs of data breach or hacking”.
The affidavit by UIDAI was filed in response to a petition by Kerala-based lawyer Shamnad Basheer who claimed that the personal information of individuals had been leaked due to several breaches in the Aadhaar system since January 2018. He also alleged that both the UIDAI and the central government were liable to compensate people whose data had been compromised.
Earlier, the High Court had directed the Centre and the UIDAI to respond to the petition in the wake of several reported leaks of personal data from the Aadhaar database. The petition noted that in one such alleged breach, a media house had managed to gain access to the entire database by paying a sum of Rs 500. The breach was later acknowledged by UIDAI and had led to the lodging of a criminal case against those involved, said the petition.
The petition added that the leaks occurred due to the “negligence and willful recklessness” on part of the UIDAI to adopt reasonable security measures to secure private data.
However, the UIDAI in its affidavit stated that security of Aadhaar was of “critical importance and is given paramount significance”. It added that the UIDAI constantly works to strengthen and review its infrastructure in line with the best international security practices and technological standards. The Aadhaar authority also gives utmost importance to multi-layered security and privacy considerations, it said.
The UIDAI observed that the petition was no longer maintainable after the Supreme Court last year upheld most provisions of the Aadhaar Act. “The writ petition is not maintainable after the Supreme Court’s judgment in K Puttaswamy vs Union of India, by which the Aadhaar Act and scheme were upheld for the most part,” it said. “The issues raised in the petition are squarely covered by the judgement.”
The UIDAI denied the allegations of any data breach as “false and baseless” and said the petitioner has been unable to demonstrate how his rights have been affected.
The State Bank of India last month had alleged that the login and biometric details of several Aadhaar operators, who were penalised last year, were misused to generate unauthorised Aadhaar cards.
The petition also urged the High Court to direct the Centre to either allow people to opt out of the system or delete their existing UIDAI data. UIDAI Chief Executive Officer Ajay Bhushan Pandey on Thursday said the government will seek legal counsel on whether it can delete the biometric data of minors who choose to exit the Aadhaar system once they turn 18.