The government may have shot the messenger where the Aadhaar data breach is concerned, but there is enough dirt that the UIDAI has tried to brush under the carpet, as per a PIL in the Supreme Court.

Petitioner Kalyani Sen Menon's affidavit - filed on Friday - lists a series of violations by the Aadhaar authority. Her plea is likely to come up for hearing on January 17.

For instance, I-T minister Ravi Shankar Prasad admitted in Parliament in April last year that 34,000 Aadhaar operators had been blacklisted or cancelled since the inception of the Aadhaar project.

One such operator is accused of selling secure Aadhaar data to a Tribune news paper journalist.

Since April 2017, the number of such rogue operators, enlisted with capturing the biometrics of 1.3 billion Indians, has shot up to 49,000 as per latest reports, the petitioner states.

There have been other breaches of data privacy, the government has admitted in Parliament. The IT ministry, in response to a Parliament question provided a list of 210 government websites that have displayed data, including a list of beneficiaries and their personal details.

And how serious is the government about the security infrastructure of the scheme has also come in for serious question. The Rajat Moona Committee set up for this actually gave a report in exactly 17 days.

WHAT THE PETITION SAYS

The petition points out that, "The committee was formed on 21.08.2017, the first meeting took place on 28.08.2017 and then a final meeting took place on September 14, 2017, culminating in a report that recorded the claims made by the UIDAI through its officials."

"Further, the report discloses no details of any attempted or actual breaches and the exact standards of security that have been implemented at various stages of the scheme. It is manifestly clear that the same has not been prepared with due application of mind."

The government has been insisting that no data has been breached as the bio-metrics are safe. But the truth is that the government can actually reveal this data, including biometrics. All that it requires is either a court order or a "national security" issue.

The affidavit points out that "the provision fails to lay down any meaningful safeguards for the exercise of this power and the phrase 'national security' has been left undefined. It also does not provide the affected individual with a right to notice or an opportunity of being heard before this information is shared."

Whether there has been a data breach in the past is also not known, because Aadhaar data was collected without legislative backing, without the Aadhaar Act coming into force.

"The Counter Affidavit filed by the Respondents is silent on the bio-metric information already compromised and retained by a host of several public and private entities alike", the affidavit points out.

The affidavit also debunks several claims made by the UIDAI. For instance, it helps reduce corruption.

Citing the case of Orissa, the affidavit says, "It was found that Aadhaar itself is responsible for deleting only 27,000 out of 6.6 lakh ineligible ration cards. The total number of PDS cards in Orissa in 2014 was 85.39 lakh."

"Therefore, Aadhaar's fraud detection rate was only about 0.32 per cent. It may help weed out duplicate PAN cards. The total number of duplicate PAN cards in the country is not more than 0.4 per cent," the affidavit points out.

ALSO WATCH | Operation Aadhaar leaks: How safe is your Aadhaar card?