How Aadhaar KYC is Destroying Government Databases
Post-infection by the Aadhaar bug, every organisation in India has been suffering inability to recognise those that they have recognised for decades. Suddenly, they need an Aadhaar and an annual know-your-customer (KYC) to allow the relationship of decades to be continued till yet another KYC next year. 
 
The ministry of corporate affairs (MCA) is the latest to have been hit by the KYC bug. Calling for conducting KYC of all directors of all companies annually through a new e-form, DIR-3 KYC, the MCA mandated the Aadhaar, unique personal mobile number and personal email ID duly verified by one time password (OTP) using their own DSC (Class 2) and duly certified by a practising professional chartered accountant (CA) / company secretary (CS)/ certified management accountant (CMA).
 
Directors on various companies for more than a decade expressed shock as some of them have changed mobiles and email IDs several times in the past 20 years and many have stayed away from Aadhaar for different reasons. Several directors still prefer landlines and postal services. Some with an Aadhaar have discovered, to their utter shock, that their biometrics do not work like the science fiction projected by the Unique Identification Authority of India (UIDAI).
 
 
Section 154 of the Companies Act provides for the allotment of a directors identification number (DIN). It states, “The Central Government shall, within one month from the receipt of the application under section 153, allot a Director Identification Number to an applicant in such manner as may be prescribed.” 
 
There is no provision in the Companies Act to require a director, who has been allotted, a DIN to undergo KYC process. There are no provisions in the Act to require a DIN to be validated again once it has been allotted or for it to be cancelled. It is obvious that the government is infected with the Aadhaar bug that is causing every ministry to create illegal and invalid procedures and requirements to include Aadhaar numbers into its databases. 
 
There is no rule or notification on the MCA website that provides any legal base to the DIR-3 KYC process. Letters issued to directors registered with the MCA do not give reference to any legal provision, thus making them ab initio ipso jure invalid.
 
RS Sharma, the chairman of Telecom Regulatory Authority of India (TRAI), in a Twitter session on #AskTRAI, refused to answer a question on the regulator’s policy about recycling mobile numbers.
 
 
Mobile numbers get recirculated to different subscribers when subscribers do not renew their subscription or lose their numbers for other reasons. They are neither bound to a unique subscriber for life nor are they bound to a single user over the period of subscription. The same is true for email IDs. If the MCA requires a unique channel for each director, isn't it more appropriate for them to just allot a mobile number and email ID for the life of the director?
 
If demanding a unique mobile number and unique email ID are not absurd as demanding a unique address, the KYC using Aadhaar is even more bizarre. 
 
UIDAI, under Right to Information (RTI) Act, has stated that the biometric and demographic information associated with any Aadhaar number is not certified, verified or audited by anyone. They also state that they have no idea what primary documents were used as proof of identity or proof of address to obtain Aadhaar and that they have no idea how many unique biometrics, names, addresses, email ids or mobile numbers exist in their database. They also state that they cannot retrieve unique records with any biometrics. (Read: Unique ID is not Unique, does not certify anything, says UIDAI)
 
The UIDAI has also indicated, under RTI, that it does not identify anyone nor is it responsible for any use or consequences of the use of Aadhaar. Identification requires the identifier to not only certify and take responsibility for identification but also be co-present with the person identified to be able to establish identity.
 
In fact, the UIDAI does not even know how many unique biometrics exist in the entire database. Astonishingly UIDAI’s affidavit to the Supreme Court in the WP 494 of 2012 and associated matters indicates that at least 600 million Aadhaar numbers out of 1,200 million have never been used to authenticate any transaction ever. Clearly, there is no merit in any claim that the biometrics can be the basis for unique entries in the Aadhaar database and the Aadhaar database is free from ghosts and duplicates. From the looks of it, at least 600 million numbers in the database are ghosts and duplicates.
 
It cannot serve any KYC or transparency to replace certified IDs that have been the basis of governance for last seven decades with uncertified, unverified and unaudited Aadhaar by an agency, the UIDAI that takes no responsibility to any Aadhaar number turning out to be a ghost or to any transaction undertaken with the Aadhaar numbers.
 
Unfortunately, most bureaucrats have not realised that merely including Aadhaar in the database makes indistinguishable such records from those that were painstakingly created through legal processes over decades. What neither the UIDAI, nor the government seem to have recognised is that the issue, use and mandating Aadhaar under these circumstances appears to be considered as offences under various sections of Chapter XI of the Indian Penal Code.
 
The use of Aadhaar, therefore, by any stretch of imagination, cannot serve any legitimate and legal purpose or any national interest. 
 
In India, where every government document had to be attested by a gazetted officer, the pendulum has swung to the other extreme. Suddenly, biometric and demographic data submitted by private operators to UIDAI is being used to replace legally valid or legitimate identification documents issued and certified by government officers. Once Aadhaar replaces existing documents, it causes unprecedented harm to the country as there is no way to distinguish real individuals, on-boarded through careful legal process by government officials, from those added through the Aadhaar database.
 
There is prima facie enough case, and national security at stake, for the Central Bureau of Investigation (CBI) to investigate into the use and propagation of the Aadhaar.
 
Citizens across the country have written to various government ministries and agencies highlighting these issues. Senior bureaucrats, who realise this for the first time, are utterly shocked. They have never realised how the Trojan Horse of Aadhaar got into their department or ministry. An uncertified biometric or demographic has no legal value and causes incalculable harm to the country.
 
While some ministries are making an effort to protect their databases from Aadhaar, they have yet to ensure that the Aadhaar bug is destroyed before it destroys the country.
 
 
The Central Board of Direct Taxes (CBDT) has already enabled a process to allow filing of income-tax returns (ITRs) without Aadhaar. The MCA has announced that it will not insist on Aadhaar although it has not yet clarified the legal basis of the DIR-3 KYC. Directors from at least four different states have been preparing to challenge the vires of the DIR-3 KYC and the Aadhaar mandate in their respective High Courts. 
 
This, however, has become a matter of national security that is far more serious and important than a misinformed and misplaced case for governmental expediency or the right of the government to create procedures for its functioning. 
 
(Dr Anupam Saraph is a renowned expert in governance of complex systems and advises governments and businesses across the world. He can be reached @anupamsaraph.)
Comments
Suresh Deshmukh
6 years ago
After reading, I felt that this is another article replete with anti-Aadhaar arguments, rather than containing what the title connotes. Let us look at them closely:
1. Some statements made in third paragraph about Directors appear to be superficial.
‘Directors … … … have changed mob nos / email IDs several times …’
So what? The current valid ones only matter. So provide them and stick to them. Whenever any changes are made, it is incumbent on the person to make commensurate amendments to the appropriate records.
‘Several directors still prefer landlines and postal services’ - a very flimsy, laughable argument!
‘Some with an Aadhaar have discovered … … their biometrics do not work …’ – this is not a dead - end, remedies can be / are being found.
' many have stayed away from Aadhaar for different reasons' – this is the crux – why? Under the garb of privacy?
2. Provisions in Companies Act wrt DIN and legality of DIR-3KYC Process – this is an area obviously the Government needs to move, keeping the proceedings in Supreme Court in mind.
3. Mobile numbers may get changed, but it is incumbent on the current User to keep a track of which all records have this number registered and make changes whenever he changes the number. Even changing the Mobile Number in Aadhaar is simple procedure. A person working at the Director level knows importance of being organised. He will also have resources at his command for ensuring it.
4. UIDAI statement - ‘the biometric and demographic information associated with any Aadhaar number is not certified, verified or audited by anyone’.
Question is - How does it matter, as long as this information in Aadhaar Database matches the actuals of the Person claiming that Identity.
5. That ’60 crore numbers in the database are ghosts and duplicates’ is a far-fetched deduction. To consider an Aadhaar number as ‘ghost’ just because it was not used for a transaction, is preposterous. Hordes of people – including those of different age-groups, kids, very advanced in age, home-maker women - were seen queuing up and getting themselves registered for Aadhaar. A large number from them may not have an occasion or need to carry out any transaction to warrant authentication.
6. Unfortunately seven decades of governance has yielded proliferating cases of multiple Pan Cards, Fake Pan Cards, fake Ration Cards – which was considered to be THE most important proof in many government processes. So the very basis of governance for last seven decades is a highly questionable basis. There has never been any dearth of super brains in Legal and Accounting domains to find and exploit loop holes in the processes and the men managing these processes.
7. The objection ‘Suddenly, biometric and demographic data submitted by private operators …… issued and certified by government officers’ is irrelevant, in light of what is stated in 7 above – no need to repeat it.
8. Many ministries, CBDT, MCA are obviously waiting for the Supreme Court decision on the issue of Aadhaar.

Let us just ignore the tags ‘utterly shocked’, ‘Trojan Horse’, ‘incalculable harm’, ‘Aadhaar bug …. destroys the country’ etc. I rather wish the author had dilated more on his concerns on ‘a matter of national security’. That would help the concerned authorities to create a formidable defence system.
Saravanan R
Replied to Suresh Deshmukh comment 6 years ago
Not surprisingly, most of "renowned" "experts" argue against logic and common sense when political interest or threats drive them from behind.
B Dhanasekaran
6 years ago
See bambay high court order saying mere possession of birth certificate, passport and even aadhhar card you are entitled for indian nationality. If it is issued such a way why govt is insisting these cards.
B Dhanasekaran
Replied to B Dhanasekaran comment 6 years ago
Read as not entitled
Ca Bhavesh
6 years ago
The article is opposing just for the sake of opposing and some of the arguements are ridiculous and childish. The article says that many Directors prefer landlines over mobile phones. Show me a single Director who does not use mobile phone. And where is the question of using mobile phone for life? If you change mobile phone, you can use DIR -6 to intimate the authorities that the same has been done. and KYC is an annual process and so you will get opportunities to intimate change in mobile number next year also.

Further, the author has either not done his homework or is lying plainly and on purpose when he says that there is no rule or notification for DIR -3 KYC. KYC for Directors has been notified vide Companies(Appointment and Qualification of Directors) Fourth Amendment Rules, 2018 dated 5th July 2018.

I respect Moneylife as a gutsy magazine but Moneylife should have done some basic due diligence before permitting such an article on its website.






svgopal
Replied to Ca Bhavesh comment 6 years ago
The article seems to be deceptive and intends to put breaks on identifying the culprits. The magazine should not only spread negative propaganda against Govt. If it is doing some good work try to appreciate and have conviction for the same.
Abhishek Luthra
6 years ago
We should not over react over use of Aadhar if it is a mandate for LPG cylinder then why not for DIN, are directors not citizens of this country?
Also news headline doesn't match with content of the report, it's illusionary.
More over why directors want such a secracy are they doing something illegal ?
Why directors change mobile phone numbers and email ID's are they trying to avoid some perticular issues. Please introspect.
Paul Ebenezer
6 years ago
With Aadhaar, it's the typical case of the blind leading the blind. The UIDAI didn't get the basic security research done or failed to recognize the risks; most of the nation are unaware of the security risks this technology poses. It's not just national security but much more at stake. But like always, before anyone recognises the huge evil this will end up being, the damage would have already been done. Aaadhaar has the potential of becoming as rooted in our system as corruption is. We are a nation ruled by thugs, thieves, murderers and completely corrupted people. To give them the additional far reaching power of Aadhaar without any actual checks and balances will ultimately spell our doom! "Vinaash Kaale Vipareet Buddhi" - that's our current state of existence. It's very sad, when will we ever have strong incorruptible, courages and balanced leaders at the helm of this country? Perhaps never...
B. Yerram Raju
6 years ago
Dir-3 KYC compliance regulation is truely a harassment experienced by me and colleague directors.
Abhishek Luthra
Replied to B. Yerram Raju comment 6 years ago
What is your take on directors having multiple Pan and multiple DIN? Do you have any solution for such bastards and crook directors.
Saravanan R
Replied to Abhishek Luthra comment 6 years ago
Good shot
Shrik S
6 years ago
Even school college admissions are forcing students, prospective students without Aadhar no admission. It's like we want to emulate the SSN of USA so badly that we take the ills also along.
Abhishek Luthra
Replied to Shrik S comment 6 years ago
People want facilities like US but without SSN (INDIA) called Aadhar.
Saravanan R
Replied to Abhishek Luthra comment 6 years ago
Good shot
Rishi Garg
6 years ago
What about the ills of the existing system? How come no views on its shortcomings, basis which it's misused. Also, disagree that Aadhaar causes old relationships to get derecognized. Its an additional authentication and dies not create a disconnect with older KYC based on PAN, etc.
Sriramareddy Nachappa
6 years ago
It is another ploy to derail the aadhaar unfortunately. Many directors having mulriple DINs PANs and with different KYCs and evading taxes and cheating banks. Or else you tell how to weed out multiple DINs and PANs
Abhishek Luthra
Replied to Sriramareddy Nachappa comment 6 years ago
I agree and we must pin down such crooks , this is the only reason these directors are getting panicky
Ramesh Poapt
6 years ago
OMG!
ArrayArray
Free Helpline
Legal Credit
Feedback