Unique Identification Feature

Posted on by user

Introduction

A “Unique Identification Feature” — a distinctive attribute or marker tied to an individual (examples: Aadhaar number, biometric templates such as fingerprints/iris, mobile device identifiers) — has become central to identity, access, entitlement and surveillance regimes in India. For practitioners, the concept is not merely definitional: it dictates admissibility of evidence, regulatory compliance, constitutional challenges (privacy), procedural tactics in criminal and civil litigation, and remedies for misuse. This article maps the statutory architecture, judicial contours, and practice-oriented strategies lawyers must master when a client’s identity is impugned, relied upon or exposed.

Core Legal Framework

Primary statutes and provisions governing unique identification features

  • Constitution of India, Article 21 — Right to life and personal liberty; foundational for privacy jurisprudence (see Puttaswamy).
  • Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 — the central statute dealing with Aadhaar as a unique identifier and associated biometric/demographic information. Key statutory touchpoints for practice include:
  • Definitions in Section 2 (terminology including Aadhaar number, biometric information and demographic information).
  • Provisions creating and empowering the Unique Identification Authority of India (UIDAI) and governing enrollment, authentication and storage of records.
  • Section 29 (prohibitions on disclosure and misuse of information) and the penal provisions for wrongful disclosure and wrongful authentication.
  • Section 57 (originally permitted authentication for private usage but was read down/struck down by the Supreme Court in parts — see Landmark Judgments).
  • Information Technology Act, 2000 (IT Act):
  • Section 43A — liability for failure to protect “sensitive personal data or information” (used in claims for compensation for data breach).
  • Section 66E — punishment for violation of privacy (intentionally capturing/transmitting image of a private area).
  • Section 72A — penalty for disclosure of information in breach of lawful contract.
  • Rules framed under the IT Act (e.g., Reasonable Security Practices and Sensitive Personal Data Rules, 2011).
  • Indian Evidence Act, 1872:
  • Section 65B — admissibility of electronic records (relevant for authentication logs, e-KYC downloads, confirmation receipts).
  • Provisions on expert evidence (Sections 45–51) and comparison/identification evidence.
  • Digital Personal Data Protection Act, 2023 (DPDP Act) — regulatory regime addressing obligations of data fiduciaries, lawful processing, special protection for biometric and other sensitive personal data, data subject rights (access, correction, grievance redress).
  • Criminal Procedure / Forensics — Criminal Procedure Code read with forensic rules and standards governing collection, preservation and testing of physical/bio-evidence (fingerprints, DNA).

Practical Application and Nuances

How “unique identification feature” operates in daily adjudication and practice

  1. Authentication vs. Identification

  2. Authentication is an attestation (“this token/authenticated response matches the stored record”), while identification is a broader inquiry (“is this person actually X?”). Aadhaar primarily facilitates authentication. Do not treat an Aadhaar authentication response as conclusive identification in contentious proceedings — it is a significant piece of evidence but not always determinative.

  3. Evidence: admissibility, form and the Section 65B trap

  4. Authentication logs, e-KYC XMLs, Aadhaar authentication records are “electronic records”. To admit them, practitioners must comply with Section 65B of the Evidence Act — obtain the requisite certificate attesting to the integrity of the electronic record (unless the court permits secondary form by judicial discretion).

  5. Practical tip: Always seek production of the Section 65B certificate and contemporaneous audit trail from the UIDAI or the agency/agency logs that performed the authentication. Failure to file the certificate is a common fatal procedural flaw.

  6. Biometric evidence (fingerprints, iris, facial recognition) — proof standards

  7. Biometric matches require expert evidence: methods used, standards, probability of error, matching algorithm, and chain of custody. Courts examine:
    • How the biometric template was captured.
    • Where and how it was stored and transmitted.
    • Whether the algorithm is proprietary/black box and the extent to which it can be explained/tested.

  8. Example: In a criminal trial where fingerprint matches are central, the prosecution must produce the original lifting, laboratory reports, chain of custody, and expert testimony to establish identification beyond reasonable doubt.

  9. Chain of custody and integrity

  10. For digital identifiers (Aadhaar logs, mobile IMEI, SIM data) and biometrics alike, preservation and chain of custody are pivotal. Seek early preservation orders under Section 91 CrPC/rules of the court; file applications for injunctions/preservation in civil matters to stop destruction.

  11. Data protection and privacy objections

  12. Invoke Puttaswamy principles (right to privacy) and DPDP Act safeguards to resist blanket disclosure. Courts will balance state/legitimate interest against invasiveness.

  13. When seeking production of unique ID data from third parties, frame requests narrowly: purpose-limited, time-bound, proportional and accompanied by safeguards (in-camera disclosure, limited persons privy).

  14. KYC and commercial disputes

  15. In banking/financial litigation, Aadhaar/e-KYC evidence may demonstrate customer onboarding and contractual consent. But the respondent must still prove the authenticity of the transaction; a mere match does not absolve the bank of its duty of due diligence.

  16. Forensic and statistical considerations

  17. Be conversant with false match rate (FMR), false non-match rate (FNMR), and threshold settings of biometric systems. In cases hinging on biometric evidence, bring an independent expert to critique algorithm thresholds and testing methodology.

Concrete examples (short)
– Civil suit alleging fraudulent transaction where bank relies on Aadhaar e-KYC: seek production of the Section 65B certificate for the e-KYC, demand the authentication audit trail, challenge that a successful authentication alone proves consent for the disputed transaction.
– Criminal investigation using face-recognition from CCTV to arrest suspects: demand disclosure of the algorithm, test dataset and error rates; file for independent testing and preservation order for CCTV footage; challenge identification if chain of custody is weak.
– Data breach after a leak of Aadhaar numbers: initiate complaint under DPDP Act/IT Act, seek interim injunctions, demand forensic audit reports, and pursue compensation under Section 43A (IT Act) and DPDP grievance mechanisms.

Landmark Judgments

Concise statements of doctrine from leading cases

  • K.S. Puttaswamy (Retd.) v. Union of India (2017) 10 SCC 1 — A nine-judge bench recognised privacy as a fundamental right under Article 21. The decision sets the constitutional baseline: any state action involving unique identifiers or biometric data must pass the tests of legality, necessity, and proportionality.

  • Practical implication: challenges to compelled disclosure or indiscriminate use of unique identifiers must be framed under Puttaswamy’s tripartite test.

  • Justice K.S. Puttaswamy (Retd.) v. Union of India — Aadhaar judgments (2018) — While the Supreme Court upheld the constitutional validity of the Aadhaar scheme for certain welfare uses, it read down provisions which allowed unrestricted private use and emphasised limits on storage, linking and disclosure of Aadhaar information. Section 57 (allowing private entities to use Aadhaar for authentication) was struck down/curtailed; strict safeguards and statutory limitations were imposed.

  • Practical implication: Aadhaar authentication is permissible under tightly confined statutory and judicial safeguards. Private parties’ reliance on Aadhaar must be examined against this controlled framework.

  • Other useful authorities:

  • R. Rajagopal v. State of Tamil Nadu (1994) 6 SCC 632 — early privacy dimensions (informational privacy elements).
  • Cases on electronic evidence (e.g., Anvar P.V. v. P.K. Basheer, (2014) 10 SCC 473) — interpreting Section 65B requirements for electronic records.

Strategic Considerations for Practitioners

How to leverage the concept and avoid common pitfalls

For claimants/plaintiffs
– Prioritise preservation. Immediately seek interim preservation orders for authentication logs, CCTV footage, server logs, SIM/telecom records and biometric templates.
– Plead granular allegations: specify what unique identifier was used, when, by whom, and how it connects to the cause of action. Vague pleading invites dismissal or evidentiary disputes.
– Use DPDP/IT Act mechanisms alongside civil/criminal relief: file grievances with designated officers, seek statutory compensation and invoke criminal sections where intentional data disclosure is alleged.

For respondents/defence
– Challenge admissibility early. If the opponent produces electronic records without a Section 65B certificate, move to exclude or question authenticity.
– Attack the quality of biometric evidence: demonstrate chain-of-custody defects, poor capture conditions, degraded samples, lack of calibration and absence of blind testing.
– Argue proportionality: even where data disclosure is sought, invoke Puttaswamy and DPDP safeguards to limit scope.

Cross-cutting tactical steps
– Obtain expert affidavits on biometric reliability and algorithmic opacity. Courts increasingly receive and respect such technical evidence.
– Insist on redaction and limited disclosure protocols; obtain sealing orders or in-camera inspection before any public revelation of sensitive identifiers.
– When seeking production from state agencies (UIDAI, telecom service providers), frame requests under the right statutory provision and seek interlocutory directions to avoid procedural rejection.
– Beware of overreliance on audit logs supplied by parties with interest; seek independent corroboration.

Common pitfalls to avoid
– Failing to seek Section 65B certification for electronic records.
– Treating Aadhaar authentication as conclusive identification without independent corroboration.
– Allowing wide-ranging subpoenas that later get struck down for privacy violations, leading to wasted costs and credibility loss.
– Neglecting to obtain preservation orders early — once logs are purged, reconstruction is difficult or impossible.

Conclusion

Unique identification features occupy a hybrid legal space: they are powerful tools for authentication, entitlement and investigation, yet they impinge on individual privacy and present acute evidentiary and procedural challenges. Practitioners must therefore combine doctrinal mastery (Puttaswamy; Aadhaar jurisprudence), statutory literacy (Aadhaar Act, IT Act, DPDP Act, Evidence Act), forensic awareness (biometric error rates and chain of custody) and tactical urgency (preservation, Section 65B compliance, narrow pleadings). A disciplined, technical and constitutional approach — demand narrow, proportionate disclosures, secure expert testing, and press privacy safeguards — will best protect clients and persuade courts in disputes involving unique identification features.