The UIDAI has declined to provide the list of private agencies whose license to do eKYC has been cancelled. This was in response to an RTI filed by Srikanth L, which asked for a list of all the Aadhaar enabled private authentication agencies whose licenses were cancelled after the Supreme Court’s verdict on the constitutional validity of the Aadhaar Act. (The RTI responses at the end of the story.)
The UIDAI declined to share the information on the ground that the request “falls under exemption as mentioned in section 8(1)(d) and (1)(e) of the RTI Act, 2005.”
The RTI also sought the list of privately owned sub-AUAs whose licenses were cancelled and a list of
– AUA (Authentication User Agency),
– ASA (Authentication Service Agency),
– KUA (KYC User Agency),
– KSA (KYC Service Agency)
that were live as on November 15, 2018.
The UIDAI used the same grounds to not provide this information. However, the information about active AUA, ASA and KUA was accessible in public domain previously. The last list available in the public domain was updated on August 31, 2018 and the others can be accessed here, here and here.
Srikanth, in his RTI, also asked about the list of notices UIDAI sent to private entities following the SC order. The UIDAI, in its response, invoked the same section of RTI Act to decline the information request.
UIDAI withholding information
What is an AUA?
According to UIDAI, an AUA is an entity engaged in providing Aadhaar authentication services to entities. This authentication is facilitated by the Authentication Service Agency (ASA). An AUA may be government, public, private or legal agency registered in India, which uses Aadhaar authentication services of the UIDAI and sends the authentication requests to enable its services and business functions.
AUAs serve applications that need Aadhaar authentication and might include ePDS systems that are used in government owned PDS outlets as well as SIM card distributors who use fingerprint authentication to do eKYC and give SIM cards.
What does the Supreme Court judgement say about authentication by private parties?
Supreme Court in its judgement struck down Section 57 of the Aadhaar Act that allowed for use of Aadhaar authentication and eKYC by private companies.
Section 8(1)(d) and (1)(e) of the RTI Act
According to 8(1)(d) of the RTI Act, “information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information,” Amrita Johri, an RTI activist with Satark Nagrik Sangathan, told MediaNama.
She added that, (8)(1)(e) of the RTI Act refers to the “information available to a person in his fiduciary relationship, unless the competent authority is satisfied that the larger public interest warrants the disclosure of such information.”
Can the UIDAI use section 8(1)(d) and (1)(e) of the RTI Act to not provide the requested information?
“The information is being denied by illegally invoking these exemptions,” explained Johri. “Past practice of the UIDAI itself, of publicly disclosing names of AUAs etc shows that such information is not exempt from disclosure. In fact such information is of immense public interest. It will enable the public at large to ensure that only authorised agencies are claiming to be thus,” she added.
“Further since the SC has given specific directions regarding the use of Aadhaar, especially by private companies, the UIDAI as the nodal regulator must ensure that all the directions are complied with and details of the compliance are made public,” Johri said.
She further added, “regulators are to act on behalf of the public and not as profit maximising agents of private companies. Public trust in regulators is directly linked to the level of transparency and public disclosure followed by regulators. Information about these agencies is not held by the UIDAI in a fiduciary capacity and disclosure will certainly not harm the competitive position of these agencies.”
“The RTI response shows the poor comprehension of the provisions of the RTI Act within the UIDAI and raises questions about the level of competence in the authority. Senior level officials must immediately ensure that officials are properly oriented vis-a-vis the RTI act,” she added.