The Free Software Movement of India (FSMI) has expressed serious concerns on the safety of users’ Aadhaar data. The association has written a letter to the Unique Identification Authority of India (UIDAI) on YouTube videos that demonstrate methods to bypass security layers in Aadhaar enrolment.

“There are WhatsApp messages circulating about a patched version of the Enrollment Client Management Platform (ECMP) software used for offline Aadhaar enrolment. This can potentially be used to bypass geo-location and bio-metrics, and also change the mapping between personal data of Aadhaar holders and their biometric data,” the FSMI has said in the letter.

It wanted to know what are the steps the UIDAI is taking to make the Aadhaar system safe, as the security problems seem to emanate from inherent design flaws in the Client Server architecture of Aadhaar.

There are also many videos uploaded to YouTube too were available that show how to use a software patch to the ECMP software can help bypass geo-location and biometric security protection.

“These videos claim that new Aadhaar enrollments can be made without any verification and that personal information pertaining to existing Aadhaar numbers can be changed, bypassing any security checks including OTPs (one-time passwords) and bio-metric verification.

“If this is true, then it is a matter of very serious concern as it endangers the sanctity of the entire Aadhaar database. We would like to know whether UIDAI authority has carried out any examination of these claims, and if there is any merit to these claims regarding the security of the Aadhaar enrolment software being compromised,” the FSMI said.