Delhi high court

NEW DELHI: The Delhi high court has advised Centre to examine recommendations such as using OTP authentication instead of biometrics to make Aadhaar verification safer.

Taking on record a report containing recommendations made by two court-appointed amici, HC said the authorities should study these as they relate to plugging a “loophole” in the Aadhaar verification system that had been misused earlier by a mobile shop owner in Delhi to duplicate SIM cards and used it for fraudulent activities.

The shop owner, during Aadhaar verification of a SIM, took a thumb impression of an unsuspecting customer twice by saying it was not properly obtained the first time and the second round of authentication was then used to issue a fresh connection, which was handed over to a third party.

A single judge of HC had come across the incident and urged the chief justice to treat the issue as a PIL, after which the court appointed amici curiae in the matter.

A bench of Chief Justice Rajendra Menon and Justice I S Mehta, on Thursday, took on record the report submitted by senior advocate Dayan Krishnan and advocate Rushab Aggarwal who were appointed as amicus in the case to assist the court. The bench also asked the Centre, Delhi government and the Unique Identification Authority of India (UIDAI) to file their response to the report and listed the matter for hearing on February 12.

In their joint report, the two lawyers have said that OTP authentication should be the preferred method instead of using biometrics where “security concerns are more pronounced” and “loopholes are easily accessible.” They said that biometrics should be only requested where it is essential.

The report also said there should be a “cooling off period” between authentications, “to ensure that if multiple authentications take place in quick succession the UIDAI systems would not respond, and thus effectively blocking loopholes as is highlighted in the instant case”. UIDAI should also file a complaint under the Aadhaar Act to ensure prosecution to the fullest extent of the persons who carry out such activities, the report said.

The amici also suggest that “incidents of this nature must be given wide publicity through both the UIDAI and the investigating agency as the scope/ nature of the breach cannot be adequately assessed without all concerned parties being put to notice.

