Aadhaar data breach story: UIDAI slammed for 'ridiculous' FIR against reporter
A deputy director of the Unique Identification Authority of India (UIDAI) has registered an FIR against The Tribune and its reporter Rachna Khaira for a story on alleged breach of Aadhaar data security, that was published in the newspaper recently. The FIR has also been registered against three people – Anil Kumar, Sunil Kumar, and Raj – who the reporter spoke to during the course of her investigation.
Reportedly, the "FIR has been lodged with the Crime Branch's cyber cell under IPC Sections 419 (punishment for cheating by impersonation), 420 (cheating), 468 (forgery) and 471 (using as genuine a forged document), as well Section 66 of the IT Act and Section 36/37 of the Aadhaar Act."
In an investigative piece published on January 3, 2018, Rachna reported that anonymous sellers over WhatsApp were allegedly providing unrestricted access to details for any of the more than 1 billion Aadhaar numbers created in India thus far. The Tribune for its reporting had "purchased" one such service.
The FIR states, "The above-mentioned persons have unauthorisedly accessed the Aadhaar ecosystem in connivance of the criminal conspiracy… The act of the aforesaid involved persons is in violation of (the various sections mentioned in the FIR)… Hence, an FIR needs to be filed at the cyber cell for the said violation."
Outrage over FIR
Many online users have since criticised UIDAI's move of filing an FIR against a journalist who exposed a vulnerability in its system, instead of addressing the issue.
Sunil Jain, Managing Editor of Financial Express, tweeted saying that had not the Tribune published the story, the UIDAI may not have even known about a possible breach.
Instead of thanking Tribune reporter who exposed gap in Aadhaar security -- biometrics safe but y should email/phone/address be available? --so it can be plugged @uidai files FIR against reporter!Bad idea @ceo_uidai Had it not been for report,Uidai wouldn't even know about breach pic.twitter.com/iCdwvyFoIB
— Sunil Jain (@thesuniljain) January 7, 2018
And it is a breach, albeit not of the core database. If it is was not, no reason for @uidai @ceo_uidai to file an FIR
— Sunil Jain (@thesuniljain) January 7, 2018
Others have slammed the FIR calling it "ridiculous".
Thank you UIDAI, for being so utterly predictable, petty, cocky, vengeful and so full of yourself - FIR against Tribune reporter over Aadhaar data breach story https://t.co/pa9bhrAB5N 10 years from now, I hope you and your people will run pillar to post in courts. https://t.co/3YnxIBcRGM
— Karthik (@beastoftraal) January 7, 2018
The FIR against Tribune and its reporter by @UIDAI is ridiculous and should be slammed by all journalists - regardless of our stand on Aadhaar. https://t.co/G8C6kgPEtp
— Nitin Sethi (@nit_set) January 7, 2018
Totally wrong for UIDAI to file an FIR against the journalist who exposed #AadharLeaks If a loophole is pointed out Govt should work on fixing the flaw rather than try to shoot the messenger. Don’t intimidate journalists. Not on. https://t.co/6mxDrZlrLC
— Rahul Kanwal (@rahulkanwal) January 7, 2018
We should be thanking the @thetribunechd reporter who brought us the #Aadhaar breach story. Instead. Instead, @UIDAI lodges an FIR against Rachna Khaira. This is unacceptable & against the public interest. @PMOIndia https://t.co/b1efnQJv58
— Salman Anees Soz (@SalmanSoz) January 7, 2018
As expected @UIDAI has filed an FIR against the Tribune journalist for exposing the vulnerability.
— Chinmayi Sripaada (@Chinmayi) January 7, 2018
However we as citizens cant file FIRs on UIDAI for negligence. The Aadhaar Act absolves them of any responsibility https://t.co/NqApHARads
Hi @UIDAI, could you please confirm whether there was a data breach or not ?
— Arvind Gunasekar (@arvindgunasekar) January 7, 2018
You first say no data breach but next day give a police complaint saying data breach https://t.co/qgwgpUb6Uc
So this is the UNIQUE MODEL OF ENSURING SECURE DATABASE by UIDAI..
— James Wilson (@jamewils) January 7, 2018
Threaten, coerce and shut any reports against the flaws and leaks in the system. If you point out the vulnerabilities, they will entangle you in a legal mesh!https://t.co/xPBobRAegI
Disgrace.
— Hartosh Singh Bal (@HartoshSinghBal) January 7, 2018
If there was no data breach what is UIDAI filing this FIR for?
They should be thanking the reporterhttps://t.co/vlhMUZeIUa
I can confirm that @UIDAI registered an FIR last year against @CNNnews18 reporter @droynews18 for his story exposing #Aadhar. Pattern here? Intimidating journalists will not make the problem go away. https://t.co/DFHgtxcFBd
— Zakka Jacob (@Zakka_Jacob) January 7, 2018
Dear @rsprasad - how does filing FIR against journalist make sense? Shdnt FIR be against @UIDAI for allwng ds loophole 2 b left unguarded n 4 allwng violatn of privacy of enrollees whch is their fundamental right? Copy: @PMOIndia https://t.co/Eze4OFHAQr
— Rajeev Chandrasekhar (@rajeev_mp) January 7, 2018
If this is true, this is really the stupidest thing I've heard in a while. The journalist was doing her job reporting a public policy/institution story. This is completely against the principles of democracy @UIDAI - this bullying won't work. https://t.co/VkKsuUUQDv
— HindolSengupta (@HindolSengupta) January 7, 2018
This is not the first case of FIR being filed against those who expose @UIDAI . Earlier a FIR was filed against @SkochSameer . Unfortunate how we are just no longer a Democracy . The Tribune FIR by an unconstitutional @UIDAI proves it
— Tehseen Poonawalla (@tehseenp) January 7, 2018
Why is govt. anxious to intimidate media inquiring into possible Aadhaar data misuse, when it has not restrained all and sundry from asking for such data to provide services? Does @UIDAI have unlimited liability if fraud is committed? https://t.co/uI5cfpQZBz
— G.Ananthakrishnan (@ganant) January 7, 2018
Withdraw the FIR against @thetribunechd reporter, UIDAI. You can refute what you find unfair or wrong. But throwing cops at reporters is, as stupid as it is unsustainable https://t.co/o3vNtqFUsq
— Shekhar Gupta (@ShekharGupta) January 7, 2018
OUTRAGEOUS and totally UNACCEPTABLE. Textbook case of shooting the messenger if ever there was one. Utter madness by @UIDAI.
— Anand Ranganathan (@ARanganathan72) January 7, 2018
THIS is the time for the PCI to stand with Rachna Khaira instead of what it usually does - stand with compromised, corrupt journos https://t.co/utJmXl748Y
The moment that story came out, first thing I thought of was that UIDAI is going to behave like a mafia and file an FIR.
— Meghnad (@Memeghnad) January 7, 2018
And that's exactly what they did. Hiding their incompetence by threatening those who expose flaws.https://t.co/7fITLPRsFs
Aadhaar is completely safe. No possibility of data breach. But if someone reports of a data breach, we will file an FIR against the reporter - UIDAI.https://t.co/8WSc0kcB4n
— V (@ivivek_nambiar) January 7, 2018
UIDAI's 'shoot the messenger' policy in full swing. #Aadhaarhttps://t.co/dphqmJtFWC
— Ramnath (@rmnth) January 7, 2018
One was of the view that the organisation should in fact encourage ethical hackers to find flaws in the system.
That said, @UIDAI should put in place, if not already, a policy to encourage white hacker to find flaws and share vulnerabilities if any. Google, Facebook and most tech cos. have policies.
— raverantreflect (@HKarandikar) January 7, 2018
The Tribune report
In the report, the reporter stated that she had to pay Rs 500 through Paytm, and in 10 minutes "an 'agent' of the group running the racket created a 'gateway' for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email."
Soon after, the UIDAI said that its search facility for grievance redressal may have been misused but denied any breach or leak of Aadhaar data.
The authority that collects and maintains biometric and other details for the unique ID holders called The Tribune report "a case of misreporting". But the newspaper stood by its story, saying the UIDAI claiming no breach of Aadhaar data "flies in the face of that".
(IANS input)