Post-infection by the Aadhaar bug, every organisation in India has been suffering inability to recognise those that they have recognised for decades. Suddenly, they need an Aadhaar and an annual know-your-customer (KYC) to allow the relationship of decades to be continued till yet another KYC next year.
The ministry of corporate affairs (MCA) is the latest to have been hit by the KYC bug. Calling for conducting KYC of all directors of all companies annually through a new e-form, DIR-3 KYC, the MCA mandated the Aadhaar, unique personal mobile number and personal email ID duly verified by one time password (OTP) using their own DSC (Class 2) and duly certified by a practising professional (Chartered Accountant (CA) / Company Secretaryship (CS)/ Certified Management Accountant(CMA)).
Directors on various companies for more than a decade, expressed shock as some of them have changed mobiles and email IDs several times in the Past 20 years and many have stayed away from Aadhaar for different reasons. Several directors still prefer landlines and postal services. Some with an Aadhaar have discovered, to their utter shock, that their biometrics do not work like the science fiction projected by the Unique Identification Authority of India (UIDAI).
Section 154 of the Companies Act provides for the allotment of a directors identification number (DIN). It states, “The Central Government shall, within one month from the receipt of the application under section 153, allot a Director Identification Number to an applicant in such manner as may be prescribed.”
There is no provision in the Companies Act to require a director, who has been allotted, a DIN to undergo KYC process. There are no provisions in the Act to require a DIN to be validated again once it has been allotted or for it to be cancelled. It is obvious that the government is infected with the Aadhaar bug that is causing every ministry to create illegal and invalid procedures and requirements to include Aadhaar numbers into its databases
There is no rule or notification on the MCA website that provides any legal base to the DIR-3 KYC process. Letters issued to directors registered with the MCA do not give reference to any legal provision, thus making them ab initio ipso jure invalid.
RS Sharma, the chairman of Telecom Regulatory Authority of India (TRAI), in a Twitter session on #AskTRAI refused to answer a question on the regulator’s policy about recycling mobile numbers.
Dr RS Sharma, Chairman, TRAI will answer questions in a live Q&A session over Twitter. Please use the hashtag #AskTRAI to ask your questions.
3 pm on 24th of July, 2018 pic.twitter.com/9GndyyTJVq
— TRAI (@TRAI) July 23, 2018
Mobile numbers get recirculated to different subscribers when subscribers do not renew their subscription or lose their numbers for other reasons. They are neither bound to a unique subscriber for life nor are they bound to a single user over the period of subscription. The same is true for email IDs. If the MCA requires a unique channel for each director isn’t it more appropriate for them to just allot a mobile number and email ID for the life of the director?
If demanding a unique mobile number and unique email ID are not absurd as demanding a unique address, the KYC using Aadhaar is even more bizarre.
UIDAI, under Right to Information (RTI) Act, has stated that the biometric and demographic information associated with any Aadhaar number is not certified, verified or audited by anyone. They also state that they have no idea what primary documents were used as proof of identity or proof of address to obtain Aadhaar and that they have no idea how many unique biometrics, names, addresses, email ids or mobile numbers exist in their database. They also state that they cannot retrieve unique records with any biometrics. (Read: Unique ID is not Unique, does not certify anything, says UIDAI)
UIDAI has also indicated, under RTI, that it does not identify anyone nor is it responsible for any use or consequences of the use of Aadhaar. Identification requires the identifier to not only certify and take responsibility for identification but also be co-present with the person identified to be able to establish identity.
In fact></di, the UIDAI does not even know how many unique biometrics exist in the entire database. Astonishingly UIDAI’s affidavit to the Supreme Court in the WP 494 of 2012 and associated matters indicates that at least 60 crore Aadhaar numbers out of 120 crore have never been used to authenticate any transaction ever. Clearly, there is no merit in any claim that the biometrics can be the basis for unique entries in the Aadhaar database and the Aadhaar database is free from ghosts and duplicates. From the looks of it, at least 60 crore numbers in the database are ghosts and duplicates.
It cannot serve any KYC or transparency to replace certified IDs that have been the basis of governance for last seven decades with uncertified, unverified and unaudited Aadhaar by an agency, the UIDAI that takes no responsibility to any Aadhaar number turning out to be a ghost or to any transaction undertaken with the Aadhaar numbers.
Unfortunately, most bureaucrats have not realised that merely including Aadhaar in the database makes indistinguishable such records from those that were painstakingly created through legal processes over decades. What neither the UIDAI, nor the government seem to have recognised is that the issue, use and mandating Aadhaar under these circumstances appears to be considered as offences under various sections of Chapter XI of the Indian Penal Code.
The use of Aadhaar, therefore, by any stretch of imagination, cannot serve any legitimate and legal purpose or any national interest.
In India, where every government document had to be attested by a gazetted officer, the pendulum has swung to the other extreme. Suddenly, biometric and demographic data submitted by private operators to UIDAI is being used to replace legally valid or legitimate identification documents issued and certified by government officers. Once Aadhaar replaces existing documents, it causes unprecedented harm to the country as there is no way to distinguish real individuals, on-boarded through careful legal process by government officials, from those added through the Aadhaar database.
There is prima facie enough case, and national security at stake, for the Central Bureau of Investigation (CBI) to investigate into the use and propagation of the Aadhaar.Citizens across the country have written to various government ministries and agencies highlighting these issues. Senior bureaucrats, who realise this for the first time, are utterly shocked. They have never realised how the Trojan Horse of Aadhaar got into their department or ministry. An uncertified biometric or demographic has no legal value and causes incalculable harm to the country.
While some ministries are making an effort to protect their databases from Aadhaar, they have yet to ensure that the Aadhaar bug is destroyed before it destroys the country
The Central Board of Direct Taxes (CBDT) has already enabled process to allow filing of income-tax returns (ITRs) without Aadhaar. The MCA has announced that it will not insist on Aadhaar although it has not yet clarified the legal basis of the DIR-3 KYC. Directors from at least four different states have been preparing to challenge the vires of the DIR-3 KYC and the Aadhaar mandate in their respective High Courts
This, however, has become a matter of national security that is far more serious and important than a misinformed and misplaced case for governmental expediency or the right of the government to create procedures for its functioning.
(Dr Anupam Saraph is a renowned expert in governance of complex systems and advises governments and businesses across the world. He can be reached @anupamsaraph.)