Delhi HC Recognises a Major Loophole in Aadhaar

The Delhi High Court initiated a suo motu Public Interest Litigation (PIL) regarding a security concern in Aadhaar yesterday. This action arose out of a bail application filed by Manish Bansal, a mobile phone shop owner. When hearing the bail application, the facts of the case – as revealed in the First Information Report (FIR) – were grave enough for the Court to raise them independently of the initial application.

The facts as revealed in the Order passed by the High Court are that the mobile phone shop in question was engaged in issuing Subscriber Identity Module (SIM) cards as well as carrying out Aadhaar verification for existing customers. However, at the time of Aadhaar verification – whether for a new SIM or for verifying an existing SIM – the employee would take the thumb impression twice, claiming that the machine did not read the thumb impression correctly the first time. After taking the thumb impression twice, a second SIM card would be issued on the same identity, which was retained by the shop. Subsequently, these new SIM cards were used to carry out fraud with an aim on Life Insurance Corporation of India policies. The shop owner claimed that the employee of the SIM-issuing company, who was deputed to his shop, was the only one to carry out Aadhaar verification.

Also Read: Why Facial Recognition for Aadhaar Authentication Will be a Failure 

However, the criminal case apart, the core issue that the Court has highlighted is that the security of Aadhaar, vis-a-vis identity theft has demonstrably been breached. The breach itself is not due to software failure, hacking or any hi-tech intrusions, but rather, old fashioned social engineering. This, once again, demonstrates that the weakest link in any system is always a human being.

The Assistant Public Prosecutor (APP) appraised the Court that this was not the only instance of such an occurrence. Another case had been registered under section 420 (fraud) of the Indian Penal Code involving the same modus operandi in Vasant Kunj. Though the APP informed the Court that the two cases were unrelated, what he wished to highlight was the manner in which Aadhaar verification is liable to misuse.

Also See: We’re Stuck With It, Even Though It Is Collapsing All Around Us: Usha Ramanathan 

What is interesting is that in 2016, a petition filed by Lokniti Foundation in the Supreme Court sought to ensure 100 per cent verification of SIM card subscribers. A Bench comprising of the then Chief Justice of India, JS Kehar, and Justice NV Ramana agreed with the petitioner that unverified SIM cards posed a potential security threat. The then Attorney General, Mukul Rohatgi, informed the Court in 2017 that the government had initiated an Electronic-Know Your Customer process for new SIM cards. However, at present, Aadhaar verification for existing SIM card subscribers has been halted until the Constitutional validity of the project has been decided by the Supreme Court.

(Also See: We’re Stuck With It, Even Though It Is Collapsing All Around Us: Usha Ramanathan )

Ironically, in 2018, the High Court of Delhi has responded to the implementation of this process by stating: “This loophole can not only have disastrous consequences for the said individual, but also raises serious law and order issues and could have serious repercussions on the safety and security of the nation.”

The Court directed the Registry to place a copy of the Order before the Chief Justice of the High Court for considering whether the matter should be taken up as a PIL.