By Vidyut The UIDAI appears to be having a bad start to 2018 with security flaws crawling out of the proverbial woodwork. The latest in a growing list is a story by tech researcher Anand V in The Wire that follows up on two stories of Aadhaar being issued to questionable entities where the Aadhaar number was known. In case of a Pakistani spy Mehmood Akhtar, who was deported in October 2016, it was found that he had a valid Aadhaar number, and a working LPG connection in the name of Baijnath; the Aadhaar card was invalidated only after The Wire reached out to UIDAI for comment. Two bank accounts were linked to the Aadhaar number in October, a full year after he was deported. In the second case, Lord Hanuman, who was shown to have an Aadhaar card as far back as 2014, still had a linked LPG connection and a bank as recently as November 2017, despite the card being deactivated in 2014. This report raises serious questions about Aadhaar enabling misuse of services while doing nothing to prevent misuse. Some of the questions thrown up by this report are: What is the process of invalidation of Aadhaar cards and what processes are in place to prevent misuse of invalidated cards? How can an Aadhaar Card in the name of Mehmood Akhtar from Delhi be linked to the LPG and bank accounts of Baijnath MR from Agra? There isn't any similarity of names or even addresses whatsoever. Entirely…
