UIDAI may be tasked with collecting and securing Aadhaar data, but these days the organisation is more concerned with fighting back allegations of leaks and data breaches.

UIDAI’s latest denial comes in the wake of reports which claim that tampered versions of the software used by UIDAI for Aadhaar enrollment are being sold illegally for as low as Rs. 1000. This modified software allows anyone, anywhere to create an Aadhaar card and account bypassing the geolocation and biometric checks in place.

As is customary for UIDAI, it went into a tweetstorm today to refute the reports of the software being available illegally in the underground market, calling them “baseless, false and irresponsible.”

UIDAI claims that a request for enrollment or updating Aadhaar information cannot be processed until the genuine biometrics are not furnished, and same is implemented for operators. In case a discrepancy is discovered in verifying any of the mandatory parameters at UIDAI’s backend systems, the request is rejected, and necessary action is taken to block and penalize such operators.

The tweets are fairly standard, but UIDAI does not actually address the real issue and fails to convincingly refute the reports. UIDAI says that its systems strictly verify biometrics and other details, but the malicious parties actually bypass the same biometric and geo-location safeguards to access the Aadhaar database.

It appears that UIDAI has instinctively gone into a defensive mode without addressing the points the reports are making, which is the software needs to be overhauled. It tried to subdue the concerns with a mix of new and old responses.

UIDAI  further claims that over 50,000 operators have been blacklisted for malpractices, which again indicates that the Aadhaar system is not as secure as UIDAI claims. UIDAI also does not explain the numerous incidents of fake Aadhaar cards being used for fraudulent activities, which could also have been created using such software.

UIDAI did not mention anything about the issue of fake Aadhaar cards in its latest tweetstorm. Cybersecurity experts have said in the past that the enrollment software’s security protocols have already been breached, allowing even a foreign national to enroll in the Aadhaar database from any location in the world.