Thomas, who received the RTI reply in 2013, said the UIDAI’s foreign vendors' contract stated that they can “collect, use, transfer, store and process the data” of a third party or any resident of India.
“The data access was provided to a US based L-1 Identity Solutions Operating Co Pvt. Ltd, which was later bought by the French defence major Safran,” said Thomas, who is also one of the petitioners in the Right to Privacy case in the Supreme Court. The access was apparently given for two years from 2010 to 2012.
“In course of the Agreement, the Biometric Solution Provider may collect, use, transfer, store or otherwise process (collectively, "process") information that pertains to specific individuals and can be linked to them ("personal data"). Biometric Solution Provider warrants that it shall process all personal data in accordance with applicable law and regulation. Biometric Solution Provider further warrants that it shall process such personal information only for the purposes of this Agreement, and shall not use or disclose such information, otherwise pursuant to purposes of the Agreement,” the content of the contracts between the UIDAI and its vendor said.
Mathew alleged that the US government has already entered into contracts with its tech companies for accessing their servers. “Moreover the same foreign vendor was employed by both India and Pakistan. We can only assume that the vendor may have shared the data with Pakistan, which may have given access to China. Imagine a situation where enemies trace the position of our defence personnel through their Aadhaar and mobile numbers,” Mathew said. Mathew, however, was not sure whether data has been shared by the foreign vendor with the others.
Business Standard could not independently verify the allegations and a phone call to UIDAI CEO A.B Pandey’s office didn’t solicit a response. Vikas Shukla, General Manager - Media, Communications & Public Outreach at UIDAI, said he would get back with a comment by the end of the day.
The UIDAI has come under criticism after various government websites inadvertently leaked data of beneficiaries under various schemes. A five-judge bench of SC is due to hear various petitions, including breach of privacy by Aadhaar.