The Delhi High Court has suggested using an OTP verification instead of biometric authentication, reports PTI. The HC made this suggestion during a hearing on the misuse of the Aadhaar verification system by mobile shop owners to issue SIM cards. The court has also asked the Centre, Delhi government and UIDAI to file their response to the report and listed the matter for hearing on February 12.
This is a follow up on the suo motu PIL which was filed in the Delhi HC in September seeking the response of the UIDAI, MeitY, and the Ministry of Home Affairs. The order came in response to the arrest of a mobile shop owner in New Delhi who was allegedly using the Aadhaar biometric verification process to issue new SIM cards without the consent or knowledge of customers. The booked individual was further using the SIM cards to defraud individuals with regard to their LIC life insurance policies.
The current suggestion was provided by the amicus curae, a party which assists the court by offering information or expertise in the case, as a part of their report to plug the loopholes in Aadhaar authentication system. Here, senior advocate Dayan Krishnan and advocate Rushab Aggarwal were appointed as amicus curiae. They submitted a joint report to two judge bench of Chief Justice Rajendra Menon and Justice IS Mehta
In their report, they said:
- OTP authentication should be the preferred method instead of biometrics because the security concerns in the latter are more pronounced and loopholes easily accessible.
- Biometrics should be requested where they are essential.
- There should be a cooling off period between authentications. This should be done in order “to ensure that if multiple authentications take place in quick successions, the Unique Identification Authority of India (UIDAI) systems would not respond, and thus effectively blocking loopholes as is highlighted in the instant case.”
- FIRs in such cases should be forwarded to the UIDAI so that it has information of these loopholes and can create methods to address them.
- The UIDAI should file a complaint under the Aadhaar Act to ensure prosecution to the fullest extent.
- Incidents of this nature must be given wide publicity through both UIDAI and the investigation agency to adequately assess the scope of the matter.
- Holding awareness programmes “to ensure that the public at large was aware of the sensitive nature of the data being provided, the potential for its misuse and how to protect itself from the same.”
Noting the scope of misuse of the sensitive personal data, the judge forwarded the matter to the Chief Justice of the Delhi High Court to consider registering the issue as a suo motu PIL.