The Uttar Pradesh Special Task Force (STF), yesterday, arrested a gang of ten people from Barra locality, Kanpur who were allegedly involved in the production of counterfeit Aadhaar cards. The gang leader, Saurabh Singh said that they resorted to this method for completing biometric parameters for the fake Aadhaar enrollments. The perpetrators were found with fingerprint and retina scanners, laptops, stamps and GPS devices. They successfully bypassed the extensive security mechanisms set by the Unique Identification Authority of India (UIDAI) which is the statutory body that issues the ID cards.
The STF stated that the felons adopted a very complex mechanism which involved cloning fingerprints of UIDAI center operators. They used the cloned fingerprints to gain access to the Aadhaar website and carry out fake enrolments. The STF further said that they found the information security practices directed by the UIDAI were being broken at many levels, including registrars, enrolment agencies, supervisors, verifies and operators, and that they will audit the entire Aadhaar enrolment process.
In a recent fiasco, about 210 websites of the Central and State government displayed Aadhaar details and personal information of its beneficiaries. Also, a database containing data of millions of Reliance Jio users was leaked online. The Aadhaar card is required to authenticate identities for multiple processes such as buying a SIM card, enrolling children in schools, operating bank accounts and more. Data as sensitive as Aadhaar has to be treated with a high level of security as in the wrong hands, it could wreak havoc.
Also, a recent WikiLeaks report exposed details about how the CIA may already have access to biometric information of India’s Aadhaar users thanks to a covert information collection tool called ExpressLane deployed at the end of a UIDAI-approved biometrics provider.
Last month the Supreme Court of India declared that privacy is a fundamental right for Indians. This verdict by the SC is expected to have some repercussions on the fake Aadhaar card case. The petitioners of the Aadhaar case say that sensitive data such as iris scans and fingerprints, taken by the state violates citizen privacy. This new development poses some serious concerns about the security that UIDAI promises for the Aadhaar system.