Lawsuit challenges Chandigarh's unencrypted admissions portal
A public interest litigation alleges Chandigarh's Directorate of Higher Education e-admission portal lacks SSL/HTTPS encryption, exposing sensitive applicant data like bank details and Aadhaar numbers.

A public interest litigation (PIL) has been filed against Chandigarh's Directorate of Higher Education (DHE) e-admission portal, alleging it operates without essential SSL/HTTPS encryption. Filed by advocate Raja Vikrant Sharma, the petition states that applicants are required to submit sensitive information, including bank details, Aadhaar numbers, and biometric data, over an insecure, unencrypted system.
Information obtained via an RTI request reveals that the IT department lacks a specific budget for SSL/HTTPS certificates, cybersecurity infrastructure, or security audits. These costs are reportedly subsumed within a broader "e-Governance and IT infrastructure" budget. Furthermore, much of the UT's IT infrastructure has reached its end-of-life, with procurement for upgrades still in progress.
The PIL contends that the portal's architecture violates several articles of the Indian Constitution and various IT laws, including Articles 14, 19, 21, and 38 of the Constitution, Section 43A of the IT Act, 2000, the Rights of Persons with Disabilities Act, and the Digital Personal Data Protection Act, 2023.
In response filed with the High Court, the Chandigarh Administration stated that implementing SSL on the current admission server is "not feasible" due to "legacy infrastructure." They claim applicant data is protected by application-level and database-level encryption. The administration also noted that 94 of its 127 government websites are HTTPS-secured, with the remaining 33 slated for migration to an upgraded State Data Centre within an estimated five to six months.