The audit of Unique Identification Authority of India (UIDAI) by Comptroller Auditor General (CAG) of India reveals that UID/Aadhaar has put privacy of present and future residents, PMs, CMs, judges, legislators, soldiers, civil servants and intelligence officials and their families at risk. It shows how contracts awarded by UIDAI in the name of President favour private entities. The audit report can be read here: CAG's Audit Report No.24 of 2021 - Ministry of Electronics and Information Technology
A case pertaining to such questionable contracts is pending in Delhi High Court since 2014. It seems the beneficiaries of the contract have overwhelmed the public institutions through electoral bonds.
The audit report concludes that "There were flaws in the management of various contracts entered into by UIDAI. The decision to waive off penalties for biometric solution providers was not in the interest of the Authority giving undue advantage to the solution providers, sending out an incorrect message of acceptance of poor quality of biometrics captured by them."
The report reveals that "UIDAI had not ensured that the client applications used by its authentication ecosystem partners were not capable of storing the personal information of the residents, which put the privacy of residents at risk. The Authority had not ensured security and safety of data in Aadhaar vaults. They had not independently conducted any verification of compliance to the process involved."
CAG's audit has vindicated the position which Citizens Forum for Civil Liberties (CFCL) has been articulating since 2010. CFCL has been demanding UIDAI's audit for long. The audit report records that "statistical information on generation, update and authentication services of Aadhaar and financial information referred to in the Report have been updated upto March 2021, to the extent as furnished by UIDAI." It seems to indicate that UIDAI has not furnished all the statistical information on generation, update and authentication services of Aadhaar and financial information in its entirety. Parliamentary Standing Committee on Finance and Public Account Committee ought to seek all the information that has been withheld from CAG by UIDAI.
CAG has detected that although the "Aadhaar Act stipulates that an individual should reside in India for a period of 182 days or more in the twelve months immediately preceding the date of application for being eligible to obtain an Aadhaar. In September 2019, this condition was relaxed for non-resident Indians, holding valid Indian Passport. However, UIDAI has not prescribed any specific proof/ document or process for confirming whether an applicant has resided in India for the specified period and takes confirmation of the residential status through a casual self-declaration from the applicant. There was no system in place to check the affirmations of the applicant. As such, there is no assurance that all the Aadhaar holders in the country are ‘Residents’ as defined in the Aadhaar Act."
Notably, Banks and Telecom operators are not mentioned in the Aadhaar Act. All advertisements, SMSs and demands for Aadhaar number are illegitimate and illegal. Supreme Court has declared Section 57 of Aadhaar Act as "Unconstitutional", outlawing Aadhaar "use for other purposes".