📜 Introduction:

In State of Karnataka vs. Ministry of Electronics and Information & Another, WP No. 25182/2024 (2025 LiveLaw (Kar) 387), the Karnataka High Court, presided over by Justice Suraj Govindaraj, dealt with a unique and sensitive question emerging from a murder investigation: whether the police, in their attempt to identify an unknown deceased woman whose body had been discovered in a canal, could legally and technically compel the Unique Identification Authority of India (UIDAI) to match the dead woman’s fingerprints with the Aadhaar database, thereby revealing her identity and allowing the investigation to progress. The petitioner in this matter was the State of Karnataka, represented through the Bengaluru City Police, while the respondents included the Ministry of Electronics and Information Technology and the UIDAI, represented by Deputy Solicitor General of India Shanthi Bhushan H. The petition arose from the inability of the police to identify the victim despite all conventional methods, leading the Station House Officer of Byatarayanapura Police Station to formally request UIDAI to conduct a fingerprint match against the Aadhaar biometric database. UIDAI declined the request, citing statutory constraints under the Aadhaar Act, technological design limitations within the Aadhaar authentication architecture, and the fundamental requirement that biometric authentication under Aadhaar requires live biometric data rather than biometrics taken from a deceased body. Faced with this refusal, the police approached the High Court seeking a mandamus order directing UIDAI to conduct the fingerprint search and assist in identifying the deceased victim; however, the High Court was required to consider not only the investigational importance of such identification but also the statutory boundaries of the Aadhaar system, the technological and algorithmic constraints of biometric authentication, and the constitutional concerns related to privacy and security of personal data.

Arguments:

The police argued that since the Aadhaar database was the most extensive biometric repository in the country, containing fingerprints of more than a billion residents, and since identification of the deceased was vital for the progression of the murder investigation, UIDAI should be compelled to match the fingerprints of the deceased woman against the Aadhaar database. They emphasized that without knowing the identity of the victim, the investigation had reached a dead end, making the Aadhaar matching request not only reasonable but essential in the interest of justice. The police further submitted that UIDAI’s refusal was unwarranted, especially when the court’s authorization could legitimately permit disclosure of relevant details under the Aadhaar Act. In essence, their argument was that when life, liberty, and justice are at stake in a criminal investigation—particularly in a homicide—the Aadhaar database should be available for limited investigational use, provided that the request comes with judicial sanction and is aimed solely at identifying the deceased and delivering justice. They requested the court to recognize that the Aadhaar ecosystem, despite privacy considerations, should not override the compelling societal interest in solving a murder.

On the other hand, the arguments presented by Deputy Solicitor General Shanthi Bhushan H on behalf of UIDAI and the Ministry of Electronics & Information Technology were rooted both in the technological architecture of Aadhaar and the legal framework governing it. He explained to the court that Aadhaar is not designed to function as a general search database that allows one-to-many fingerprint comparisons. Instead, Aadhaar authentication strictly follows a one-to-one matching principle: a fingerprint or biometric input is matched only when accompanied by the specific Aadhaar number of the individual. Without the Aadhaar number, the system cannot perform a search across the entire database. This crucial architectural feature was deliberately incorporated into Aadhaar to protect individuals’ privacy, prevent mass surveillance, and ensure that residents’ biometrics cannot be used by any authority—police or otherwise—to conduct broad, exploratory searches that could risk data misuse. The DSG emphasized that Aadhaar authentication is strictly dependent on live biometrics, meaning that the system is engineered to detect real-time biological signs such as warmth, moisture, and natural conductivity that only a living person can exhibit. These features are part of the anti-fraud mechanisms built into the Aadhaar system to prevent impersonation, misuse, unauthorized duplication, and the creation of fake biometric identities. Therefore, a fingerprint taken from a deceased individual cannot be authenticated under the Aadhaar architecture, not merely because of legal restrictions but because the Aadhaar authentication system will reject such an input at the technical level. The DSG further clarified that UIDAI holds no statutory authority under the Aadhaar Act to perform the kind of biometric search the police were requesting. Sections 29 and 33 of the Aadhaar Act impose strict limitations on sharing of biometric information, and even when judicial orders are involved, the sharing of such data is allowed only to the limited extent authorized by the Act. UIDAI maintained that the police request was beyond legal authorization because the Aadhaar database does not permit reverse search or fingerprint-to-identity matching without a corresponding Aadhaar number. He also assured the court that while fingerprints could not be matched, UIDAI was willing to share usage details of the deceased’s Aadhaar card if and only if the police were able to provide the Aadhaar number through some other investigative channel.

Judgement:

Upon evaluating the submissions and examining the statutory framework, Justice Suraj Govindaraj delivered a reasoned judgment dismissing the petition. The court acknowledged the seriousness of the murder investigation and sympathized with the police’s difficulty in identifying the deceased, yet it held that the judicial system cannot compel an authority to perform an act that is technologically impossible and statutorily prohibited. The court noted that UIDAI’s refusal was not based on unwillingness but on structural impossibility. It highlighted that Aadhaar’s architecture intentionally prevents the misuse of biometric data, and allowing a fingerprint-to-database search—even judicially ordered—would set a dangerous precedent that could compromise privacy and national data security. The judge also emphasized that the requirement for live biometric authentication is an integral safeguard under the Aadhaar system, and courts cannot override such built-in technological restrictions. The court recognized that the Aadhaar framework was not created as a forensic identification tool and cannot be repurposed contrary to legislative intent. Consequently, the High Court held that issuing a writ of mandamus would serve no purpose since UIDAI cannot technically or legally comply with the requested fingerprint match. Nevertheless, the court granted liberty to the police to continue attempts to identify the deceased by any alternative lawful method, including using Aadhaar card information if the Aadhaar number is independently discovered. Therefore, the petition was dismissed, reaffirming both the privacy safeguards within the Aadhaar ecosystem and the limits of judicial intervention when confronted with technological constraints.