Concerned over “major loopholes” in the Aadhaar verification and linkage system, the Delhi HC has sought registration of a suo motu PIL (pdf) seeking the response of the UIDAI, MeitY, and the Ministry of Home Affairs, reports LiveLaw.

The order comes in response to the arrest of a mobile shop owner in New Delhi who was allegedly using the Aadhaar biometric verification process to issue new SIM cards without the consent or knowledge of customers. The booked individual was further using the SIM cards to defraud individuals with regard to their LIC life insurance policies.

“This loophole can not only have disastrous consequences for the said individual but also raises serious law and order issues and could have serious repercussions on the safety and security of the nation,” says the petition calling for registration of a PIL.

Modus operandi

“The modus operandi that has surfaced during preliminary investigation in this case highlights a major loophole in the system, whereby fresh mobile connections can be issued in the name of an unwary customer, without his knowledge and consent by using his documents and bio metrics,” the order states.

  • The mobile shop owner issued new SIM cards and also undertook verification and linkage of Aadhaar with existing SIM cards through a biometric verification machine.
  • Per the FIR, new connections were obtained in the name of individuals who had come to link their Aadhaar with their existing numbers. For linking Aadhaar with the SIM, the holder has to place his thumb on the biometric verification machine.
  • The mobile shop owner would then claim that the biometric has not been captured and asked the customer to place the thumb on the capture system once again.
  • He would then use the second verification to issue a fresh SIM card in the name of the holder, without their consent or knowledge.
  • The new cards would then be used for fraudulent practices.

The order notes that the HC has called for a PIL after a similar case (separate from this case) of misusing the Aadhaar linking process emerged in New Delhi’s Vasant Kunj.

The order further notes that mobile shop owner was not responsible for the fraud, and that the misuse was “the sole responsibility of the employee of the Telecom company who was deputed by the Telecom Company at the shop of the petitioner.”

Vulnerabilities in the Aadhaar system revealed

A recent HuffPost India investigation revealed that the Aadhaar enrollment software, which allowed private parties to enroll people for Aadhaar has been compromised.

  • The investigation has revealed among other things that the compromise allowed people to be enrolled into the Aadhaar database from anywhere in the world, by disabling the GPS tracking, which would have helped identify the location of the enrolment centre.
  • The compromise annulled the role of authorised enrollment operators by bypassing the biometric authentication of enrolment operators, and allowing enrollment using their photograph
  • Operators whose license was canceled can still use the enrollment software

Also read: On the UIDAI software compromise: the UIDAI seems incapable of fixing this mess

Photo by NEC Corporation of America with Creative Commons license.