Moneylife: National: Tuesday, August 14, 2018.
Post-infection
by the Aadhaar bug, every organisation in India has been suffering inability to
recognise those that they have recognised for decades. Suddenly, they need an
Aadhaar and an annual know-your-customer (KYC) to allow the relationship of
decades to be continued till yet another KYC next year.
The ministry
of corporate affairs (MCA) is the latest to have been hit by the KYC bug.
Calling for conducting KYC of all directors of all companies annually through a
new e-form, DIR-3 KYC, the MCA mandated the Aadhaar, unique personal mobile
number and personal email ID duly verified by one time password (OTP) using
their own DSC(Class 2) and duly certified by a practising professional
(Chartered Accountant (CA) / Company Secretaryship (CS)/ Certified Management
Accountant(CMA)).
Directors on
various companies for more than a decade, expressed shock as some of them have
changed mobiles and email IDs several times in the Past 20 years and many have
stayed away from Aadhaar for different reasons. Several directors still prefer
landlines and postal services. Some with an Aadhaar have discovered, to their
utter shock, that their biometrics do not work like the science fiction
projected by the Unique Identification Authority of India (UIDAI).
Section 154
of the Companies Act provides for the allotment of a directors identification
number (DIN). It states, “The Central Government shall, within one month from
the receipt of the application under section 153, allot a Director
Identification Number to an applicant in such manner as may be prescribed.”
There is no
provision in the Companies Act to require a director, who has been allotted, a
DIN to undergo KYC process. There are no provisions in the Act to require a DIN
to be validated again once it has been allotted or for it to be cancelled. It
is obvious that the government is infected with the Aadhaar bug that is causing
every ministry to create illegal and invalid procedures and requirements to
include Aadhaar numbers into its databases.
There is no
rule or notification on the MCA website that provides any legal base to the
DIR-3 KYC process. Letters issued to directors registered with the MCA do not
give reference to any legal provision, thus making them ab initio ipso jure
invalid.
RS Sharma,
the chairman of Telecom Regulatory Authority of India (TRAI), in a Twitter
session on Ask TRAI refused to answer a question on the regulator’s policy
about recycling mobile numbers.
Mobile
numbers get recirculated to different subscribers when subscribers do not renew
their subscription or lose their numbers for other reasons. They are neither
bound to a unique subscriber for life nor are they bound to a single user over
the period of subscription. The same is true for email IDs. If the MCA requires
a unique channel for each director isn't it more appropriate for them to just
allot a mobile number and email ID for the life of the director?
If demanding
a unique mobile number and unique email ID are not absurd as demanding a unique
address, the KYC using Aadhaar is even more bizarre.
UIDAI, under
Right to Information (RTI) Act, has stated that the biometric and demographic
information associated with any Aadhaar number is not certified, verified or
audited by anyone. They also state that they have no idea what primary
documents were used as proof of identity or proof of address to obtain Aadhaar
and that they have no idea how many unique biometrics, names, addresses, email
ids or mobile numbers exist in their database. They also state that they cannot
retrieve unique records with any biometrics. (Read: Unique ID is not Unique,
does not certify anything, says UIDAI)
The UIDAI has
also indicated, under RTI, that it does not identify anyone nor is it
responsible for any use or consequences of the use of Aadhaar. Identification
requires the identifier to not only certify and take responsibility for
identification but also be co-present with the person identified to be able to
establish identity.
In fact, the
UIDAI does not even know how many unique biometrics exist in the entire
database. Astonishingly UIDAI’s affidavit to the Supreme Court in the WP 494 of
2012 and associated matters indicates that at least 6 billion Aadhaar numbers
out of 12 billion have never been used to authenticate any transaction ever.
Clearly, there is no merit in any claim that the biometrics can be the basis
for unique entries in the Aadhaar database and the Aadhaar database is free
from ghosts and duplicates. From the looks of it, at least 60 crore numbers in
the database are ghosts and duplicates.
It cannot
serve any KYC or transparency to replace certified IDs that have been the basis
of governance for last seven decades with uncertified, unverified and unaudited
Aadhaar by an agency, the UIDAI that takes no responsibility to any Aadhaar
number turning out to be a ghost or to any transaction undertaken with the
Aadhaar numbers.
Unfortunately,
most bureaucrats have not realised that merely including Aadhaar in the
database makes indistinguishable such records from those that were
painstakingly created through legal processes over decades. What neither the
UIDAI, nor the government seem to have recognised is that the issue, use and
mandating Aadhaar under these circumstances appears to be considered as
offences under various sections of Chapter XI of the Indian Penal Code.
The use of
Aadhaar, therefore, by any stretch of imagination, cannot serve any legitimate
and legal purpose or any national interest.
In India,
where every government document had to be attested by a gazetted officer, the
pendulum has swung to the other extreme. Suddenly, biometric and demographic
data submitted by private operators to UIDAI is being used to replace legally
valid or legitimate identification documents issued and certified by government
officers. Once Aadhaar replaces existing documents, it causes unprecedented
harm to the country as there is no way to distinguish real individuals,
on-boarded through careful legal process by government officials, from those
added through the Aadhaar database.
There is
prima facie enough case, and national security at stake, for the Central Bureau
of Investigation (CBI) to investigate into the use and propagation of the
Aadhaar.
Citizens
across the country have written to various government ministries and agencies
highlighting these issues. Senior bureaucrats, who realise this for the first
time, are utterly shocked. They have never realised how the Trojan Horse of
Aadhaar got into their department or ministry. An uncertified biometric or
demographic has no legal value and causes incalculable harm to the country.
While some
ministries are making an effort to protect their databases from Aadhaar, they
have yet to ensure that the Aadhaar bug is destroyed before it destroys the
country.
The Central
Board of Direct Taxes (CBDT) has already enabled process to allow filing of
income-tax returns (ITRs) without Aadhaar. The MCA has announced that it will
not insist on Aadhaar although it has not yet clarified the legal basis of the
DIR-3 KYC. Directors from at least four different states have been preparing to
challenge the vires of the DIR-3 KYC and the Aadhaar mandate in their
respective High Courts.
This,
however, has become a matter of national security that is far more serious and
important than a misinformed and misplaced case for governmental expediency or
the right of the government to create procedures for its functioning.
(Dr Anupam
Saraph is a renowned expert in governance of complex systems and advises
governments and businesses across the world. He can be reached @anupamsaraph.)
.JPG)
.JPG)
