The Delhi High Court on Thursday directed the Centre to "keep in mind" the suggestions like having OTP authentication, instead of using biometrics, given by a court-appointed amicus curiae to prevent misuse of Aadhaar information.
"You (Centre) keep in mind the suggestions given by the amicus," a bench of Chief Justice D N Patel and Justice C Hari Shankar said.
The court also directed the Unique Identification Authority of India (UIDAI), which issues Aadhaar numbers, that in instances of misuse, it should take action in accordance with the law and facts of each case.
With the direction, the bench disposed of a PIL initiated by the high court on its own while hearing a criminal case wherein a mobile shop owner had misused Aadhaar details of unwary customers to issue fresh SIM cards for use in fraudulent activities.
The shop owner, during Aadhaar verification of a SIM, used to make the customer give his thumb impression twice by saying it was not properly obtained the first time; the second round of authentication was then used for issuing a fresh connection to some third party, the high court had noted while initiating the PIL.
Subsequently, the high court had appointed senior advocate Dayan Krishnan and advocate Rushab Aggarwal as amicus curiae (friends of the court) to assist it in the matter.
The amicus, during the hearing, suggested that UIDAI should consider having OTP authentication instead of using biometrics where "security concerns are more pronounced" and "loopholes are easily accessible".
They also said that the authority should create awareness among the general public about the possible misuses of Aadhaar.
Besides that, they suggested putting in place a "cooling off period" between authentications, "to ensure that if multiple authentications take place in quick succession the UIDAI systems would not respond, and thus effectively blocking loopholes as is highlighted in the instant case".
The other suggestions proposed were that FIRs in such cases should be forwarded by the investigating agencies to UIDAI so that it has information of these loopholes and can create methods to address them.
The UIDAI should also file a complaint under the Aadhaar Act to ensure prosecution to the fullest extent of the persons who carry out such activities, they said.
The two lawyers also suggested that "incidents of this nature must be given wide publicity through both the UIDAI and the investigating agency as the scope/ nature of the breach cannot be adequately assessed without all concerned parties being put to notice."
"This would enable the general public to assess whether they were also victims and to take remedial action if necessary," they said.
The loophole in question was first noticed by a single judge of the high court while hearing the bail application moved by the shop owner in a cheating case lodged against him.
Justice Sanjeev Sachdeva had noted that the "loophole can not only have disastrous consequences for the said individual but also raises serious law and order issues and could have serious repercussions on the safety and security of the nation".
Noting the scope of misuse of the sensitive personal data, the judge had forwarded the matter to the Chief Justice of the Delhi High Court to consider taking up the issue as a Public Interest Litigation (PIL). The court had also dismissed the mobile shop owner's bail plea.