COURTS ON ITS OWN MOTION v. STATE OF NCT OF DELHI AND ORS.

1. This writ petition has been instituted by this Court on its own motion to deal with loophole in the system, whereby fresh mobile connections can be issued in the name of an unwary customer, without his knowledge and consent by using his documents and biometrics. This Court had earlier appointed Mr. Dayan Krishnan, Senior Advocate as well as Mr.Rushab Aggarwal, Ms.Manvi Priya, Ms. Aakashi Lodha and Mr. Sanjeevi Seshadri, Advocates as Amici Curiae to assist us in the matter. Mr. Dayan Krishnan, 2020:DHC:1067-DB Senior Advocate (Amicus Curiae) has very ably assisted this Court with the help and assistance of co-amici curiae and pointed out fine niceties of the probable misuse of customers’ documents and biometric in detail and have also filed detailed written submissions. Paragraphs 8.[1] to 8.[7] of the written submissions filed by Mr. Dayan Krishnan, learned Amicus Curiae reads as under: “SUGGESTIONS AND PROPOSED NEXT STEPS FOR THE KIND CONSIDERATION OF THIS HON’BLE COURT 8.[1] It is submitted that FIRs of this nature should be forwarded by the concerned investigating agencies to the UIDAI so that it has information of loop holes and technical methods maybe created in order to address these issues. 8.[2] Furthermore, in terms of Regulation 25, it is submitted that the UIDAI must conduct an inquiry which apart from addressing disincentives on Requesting Entities would also permit the UIDAI to devise technical or policy solutions to plug loop holes swiftly. 8.[3] Further, it is submitted that the UIDAI must also file a complaint in accordance with Section 47 of the Aadhaar Act to ensure that prosecution to the fullest extent of the law takes place in the case of such incidents. 8.[4] The Respondents should be called upon to file Affidavits in the following terms: (a) Respondent No.4 should also apprise this Hon'ble Court as to whether it would be technically feasible to make OTP Authentication the preferred method of Authentication under E- KYC Authentication as against Biometric Authentication. (b) Respondent No. 4 should also apprise this Hon'ble Court as to whether it would be technically feasible to ensure that there is a cooling off period for authentications, so as to ensure that if multiple authentications take place in quick succession the system UIDAI systems would not respond thus effectively blocking loopholes as is highlighted in the instant case.

(c) Respondent No. 4 should apprise this Hon'ble Court as to whether it has taken any steps under Regulation 25 to adjudicate whether disincentives should be passed against the relevant Requesting Entity in the instant case.

(d) Respondent No.3 should apprise the Court as to whether any steps have been taken under the Information Technology Act, 2000 to adjudicate under Section 46 whether the body corporate has acted in accordance with the mandate under Section 43A. 8.[5] Incidents of this nature must be given wide publicity through both the UIDAI and the investigating agency as the scope/nature of the breach cannot be adequately assessed without all concerned parties being put to notice. This would enable the general public to assess whether they were also victims and to take remedial action if necessary. 8.[6] It is submitted that a revised list of Requesting Entities (AUA and KUA) excluding the telecom operators should be forthwith uploaded on the UIDAI website. Further, in this context, it is submitted that the number of violations made by any of the Requesting Entities and the status of adjudication of the said violation by UIDAI should be reflected in the said lists available on the website of UIDAI. 8.[7] Awareness programmes must be instituted to ensure that the public at large are made aware of the nature of the sensitive nature of data being provided, the potential for misuse and how to protect itself from the same. In this context, it is pertinent to note that Section 3(2) read with Regulation 9 of the Aadhaar (Enrolment and Update) Regulations, 2016, and Section 8(3) of the Aadhaar Act read with Regulation 5 of the Aadhaar (Authentication) Regulations, 2016, mandate that information must be provided to the individual at the time of enrolment and authentication. This information must be read to include awareness on the potential misuses of the data, and how to guard oneself from the same. The information must be provided in a clear manner as discussed by the Justice BN Srikrishna Committee Report, failing which liability would be upon the data requesting entity. [Page 36 and 48 of Justice BN Srikrishna Committee Report]” (Emphasis supplied)

2. Learned Amicus Curiae has pointed out that the aforesaid suggestions which are enumerated in paragraph 8.[1] to 8.[7] are also supported by various rules, regulations and enactments as stated therein. Learned Amicus Curiae further submitted that there cannot be a specific direction from this Court to the respondents because too many technicalities are involved in the issue in hand, but suffice it would be if the respondents are directed to keep in mind the aforesaid suggestions and take necessary steps for prevention of misuse of customers’ documents and biometric in future in accordance with law.

3. Learned counsel for respondent No.4 submitted that respondent No.4 has taken all protective measures to avoid probable misuse of customers’ documents and biometric. A detailed counter affidavit has been filed by the respondent No.4 wherein the measures taken by the respondents to avoid such misuse are mentioned in detail. Nonetheless, we hereby direct the respondents to keep in mind the suggestions given by the learned Amicus Curiae in the aforesaid para Nos. 8.[1] to 8.[7] of the written submissions. The respondents will consider the same and take action in accordance with law, rules, regulations and Government policy applicable to the facts of the present case. We expect from the respondents that if any misuse of the customers’ documents or biometric comes to their knowledge, they will take immediate action to avoid such misuse. The actions suggested in paras 8.[1] to 8.[7] are illustrative in nature. Actions to be initiated by the respondents will depend on the facts of the case and application of the rules and regulations etc. applicable thereto.

4. Before parting with this case, we would like to record our deep appreciation for extremely valuable suggestions and assistance given by Mr.Dayan Krishnan, Senior Advocate, Mr. Rushab Aggarwal, Ms. Manvi Priya, Ms. Aakashi Lodha, Mr. Sanjeevi Seshadri, Advocates and Amici Curiae in this matter.

5. With the aforesaid observations, this writ petition is hereby disposed of.

CHIEF JUSTICE C.HARI SHANKAR, J FEBRUARY 13, 2020 ns