The Delhi High Court on Thursday suggested incorporating recommendations, like using OTP authentication instead of biometric, given by two amicus curiae to plug a "loophole" in the Aadhaar verification system that had been misused by a mobile shop owner to issue fresh SIM cards in the name of unwary customers for use in fraudulent activities.
The Delhi High Court on Thursday suggested incorporating recommendations, like using OTP authentication instead of biometric, given by two amicus curiae to plug a “loophole” in the Aadhaar verification system that had been misused by a mobile shop owner to issue fresh SIM cards in the name of unwary customers for use in fraudulent activities. The shop owner, during Aadhaar verification of a SIM, used to make the customer give his thumb impression twice by saying it was not properly obtained the first time and the second round of authentication was then used to issue a fresh connection which was handed over to some third party, the high court had earlier noted while initiating a PIL on the issue.
A bench of Chief Justice Rajendra Menon and Justice I S Mehta, on Thursday, took on record the report submitted by senior advocate Dayan Krishnan and advocate Rushab Aggarwal who were appointed as amicus in the case to assist the court. The bench also asked the Centre, Delhi government and the Unique Identification Authority of India (UIDAI) to file their response to the report and listed the matter for hearing on February 12. “We feel it (suggestions) should be incorporated,” the bench said.
In their joint report, the two lawyers have said that OTP authentication should be the preferred method instead of using biometrics where “security concerns are more pronounced” and “loopholes are easily accessible”. They said that biometrics should be only requested where it is essential.
The report also said there should be a “cooling off period” between authentications, “to ensure that if multiple authentications take place in quick succession the UIDAI systems would not respond, and thus effectively blocking loopholes as is highlighted in the instant case”. The other suggestions proposed in the report were that FIRs in such cases should be forwarded by the investigating agencies to UIDAI so that it has information of these loopholes and can create methods to address them.
The UIDAI should also file a complaint under the Aadhaar Act to ensure prosecution to the fullest extent of the persons who carry out such activities, the report said. The two lawyers have also suggested that “incidents of this nature must be given wide publicity through both the UIDAI and the investigating agency as the scope/ nature of the breach cannot be adequately assessed without all concerned parties being put to notice.
“This would enable the general public to assess whether they were also victims and to take remedial action if necessary.” The report also recommended holding awareness programmes “to ensure that the public at large was aware of the sensitive nature of the data being provided, the potential for its misuse and how to protect itself from the same”.
The loophole in question was first noticed by a single judge of the high court while hearing the bail application moved by the shop owner in a cheating case lodged against him. Justice Sanjeev Sachdeva had noted that the “loophole can not only have disastrous consequences for the said individual but also raises serious law and order issues and could have serious repercussions on the safety and security of the nation”.
Noting the scope of misuse of the sensitive personal data, the judge had on September 5 forwarded the matter to the Chief Justice of the Delhi High Court to consider taking up the issue as a Public Interest Litigation (PIL). Justice Sachdeva, on September 17, dismissed the mobile shop owner’s bail plea. The bench headed by the Chief Justice had initiated the PIL on September 12.