The crimil cases filed by the Unique Identification Authority of India (UIDAI) against a newspaper and a jourlist for exposing Aadhaar security flaws reeks of sinister intent. Press bodies across the country, including the Press Club of India, Press Association, the Editors Guild, Indian Women’s Press Corps and many others, have dubbed the move as “a direct attack” on the freedom of the press. The outcry is over the UIDAI lodging a police complaint against the Chandigarh-based daily The Tribune and its reporter Rach Khaira. The issue has begun to snowball and assume political overtones, with the Congress accusing the rendra Modi government of displaying “arrogance of power at its worst”. BJP lawmaker from Pat Sahib Shatrughan Sinha has once again wrong-footed his party by wondering whether “we are living in a ba republic”. Considering that the BJP’s first reaction to the Tribune report published on January 3 this year was that it was ‘fake’, the party is now decidedly on the backfoot. Union Law Minister Ravi Shankar Prasad — while assuring that the government “is fully committed” to press freedom as well as maintaining Aadhaar security — has said that the FIR is against “unknown” people. “I’ve suggested UIDAI to request The Tribune and its jourlist to give all assistance to police in investigating the real offenders,” he has tweeted. On its part, the UIDAI has said it respects free speech and freedom of the press, while contending that its FIR should not be viewed as “shooting the messenger”. However, the FIR, lodged with the cyber cell of Delhi Police Crime Branch, indicates otherwise. It invokes serious charges like cheating under impersotion (Sec 419), cheating (Sec 420), forgery (Sec 468) and using forged document (Sec 471) under Indian Pel Code (IPC), as well as sections of IT Act and Aadhaar Act. So what was this news report by The Tribune that has attracted such a harsh response from the Aadhaar authority?
A Sinister Move
Published with the headline ‘Rs 500, 10 minutes, and you have access to billion Aadhaar details’, this news report showed that hackers have committed a major breach of the Aadhaar tiol database, and the racket may have started about six months back when some anonymous groups were created on WhatsApp. These shady groups are believed to have joined hands with some 1 lakh operators of the 3 lakh village level enterprise (VLE) operators hired by the Central government under Aadhaar Common Service Centres Scheme (CSCS) across the country. After the Supreme Court last November restricted the government to assign Aadhaar work only to post offices and desigted banks to avoid security breach, these operators were overnight rendered jobless. According to The Tribune report, many of these operators have helped shadowy groups gain illegal access to UIDAI data. Posing as a buyer under a pseudonym, reporter Rach Khaira contacted an ‘agent’ of one such group on his WhatsApp number, and transferred to him Rs 500 through Paytm. The agent then created a gateway for her, gave a login ID and password, and she was enrolled as ‘Enrolment Agency Administrator’ for a Common Service Centre. Within 10 minutes, Khaira gained access to Aadhaar details of every Indian citizen registered with UIDAI, including their me, address, postal code (PIN), photo, phone number and email. In addition, she paid another Rs 300 for which the agent provided a software through remote access, using which The Tribune team could print the Aadhaar card of any individual after entering his/her Aadhaar number. The implications of such rackets going on are staggering. Not only is it a matter of outright violation of privacy, it also ebles cyber crimils to engage in identity theft and fincial fraud. In this context, The Tribune report mentions a recent incident in Jalandhar, in which a man was arrested for withdrawing money from someone’s bank account by submitting a fake Aadhaar card.
In its defence, the UIDAI has been claiming that its Central Identities Database Repository (CIDR), containing the biometric details of citizens like their fingerprints and iris patterns, are totally safe. But complacency could be fatal, with reports of UP Police recently bbing a gang making attempts to access such biometric data. On the issue of The Tribune report, the UIDAI has argued that the FIR against the jourlist has been filed on the ground of “uuthorized access”. Such response shows an unfortute ignorance of, if not intolerance to, how investigative jourlism is carried out on a matter of vital public interest. After all, the Supreme Court’s landmark verdict last August that the right to privacy is a fundamental right intrinsic to Right to Life and Persol Liberty — came on a batch of petitions challenging the Centre’s move to make Aadhaar mandatory for availing benefits of various social welfare schemes. The government’s stand has throughout been that all aspects of a citizen’s privacy cannot be seen as a fundamental right, that privacy can at best be only a ‘qualified’ right. The apex court’s constitution bench on January 17 next is slated to give fil hearing on petitions challenging the validity of Aadhaar Act and related notifications. As such, it should have been in the interest of UIDAI authority to take the news report of The Tribune in right spirit and seriously go about ensuring that the Aadhaar ecosystem has not been compromised. By choosing instead to prosecute whistleblowers from the press, it has merely revealed its hidebound attitude. For Assam, a leaking Aadhaar will be serious cause for concern, with its rollout set to begin next month in all its 33 districts.