New Delhi: The Unique Identification Authority of India (UIDAI), a central government agency that manages the Aadhaar authentication programme, has filed a first information report (FIR) against a CNN-News 18 journalist, after the television network aired a segment showing that it was possible to obtain two separate Aadhaar enrollment numbers with the same set of biometrics.

According to multiple reports, the Delhi police registered what is possibly the first case filed under the Aadhaar Act after two separate persons were “found having the same parameters of biometric information”.

“The incidents, prima facie, imply that a single person with the same parameters of biometric information has got himself enrolled under two different identities thereby impersonating in either or both the incidents presumably using fabricated documents. It is a violation of the provisions of the Aadhaar Act and certain sections of the Indian Penal Code,” said UIDAI Deputy Director Ramesh Kumar was quoted as saying.

When The Wire contacted CNN News-18 managing editor Radhakrishnan Nair, he pointed out that the company’s legal team was looking into the issue and that they had not yet been sent a copy of the FIR.

What happened?

The claims made in the 20-minute segment – reported by journalist Debayan Roy against whom the FIR has been filed – are perhaps slightly overblown. “A scam in the name of identity, a scam that gives legitimacy to those who are not supposed to get one, a scam, where just for a few quick bucks, the country’s payment gateways and security are being compromised,” the text accompanying the video reads.

Before Indian residents receive Aadhaar card or number, they are first issued an Aadhaar enrolment ID number. What Roy showed is that a number of enrolment centres are less than scrupulous when it comes to the the various identification proofs required to get an Aadhaar enrolment ID.

In his news report, Roy applied for an Aadhaar enrolment number twice – once on March 13, using fake demographic information, and the other on March 17, using his own biometrics. He did this under two different names – Debayan Roy and Raj Kishore Roy.

What is important to note, however, is that Roy did not receive two Aadhaar cards, only two enrolment ID numbers.

The UIDAI has, in the past, acknowledged that the Aadhaar enrolment centres are vulnerable to corruption, but that the core biometric system in theory should not issue two Aadhaar cards to one person. In that sense, the CNN news report reaffirms the core biometric safeguards, but also expose security concerns at the enrolment level.

The Delhi police and the UIDAI acknowledge this. “However, upon UIDAI’s internal scrutiny, it was found that Debayan Roy 16A, had already enrolled for Aadhaar under EID 14099657144574 by using the same biometric information as that of ‘Raj Kishore Roy’, Kumar reportedly said.

Trigger-happy

The Internet is littered with numerous anecdotes of various persons having received two Aadhaar enrolment numbers and in some cases even two Aadhaar cards. The fact that the UIDAI’s first official act of legal enforcement comes against a journalist looking to make the system stronger raises questions about whether the government’s priority is improving the security of Aadhaar or its public image.

Nevertheless, this seems to be consistent with the way the UIDAI has acted so far. The first FIR complaint filed by the Aadhaar agency was against Skoch group chairman Sameer Kochhar who posted a video and blogpost showing that the biometric identification system could possibly be vulnerable against replay attacks.

The FIR against Skoch, however, was registered under the IT Act as the Delhi police’s crime branch had not updated their systems to file cases under the Aadhaar Act.