A deputy director of the Unique Identification Authority of India (UIDAI) has registered an FIR against The Tribune newspaper and its reporter Rachna Khaira following her report on how anonymous sellers over WhatsApp were allegedly providing access to Aadhaar numbers for a fee.
The FIR also names Anil Kumar, Sunil Kumar and Raj, all of whom were mentioned in The Tribune report as people Khaira contacted in the course of her reporting.
Joint Commissioner of Police (Crime Branch) Alok Kumar confirmed that an FIR had been registered and an investigation launched. The FIR has been lodged with the Crime Branch’s cyber cell under IPC Sections 419 (punishment for cheating by impersonation), 420 (cheating), 468 (forgery) and 471 (using as genuine a forged document), as well Section 66 of the IT Act and Section 36/37 of the Aadhaar Act.
When contacted, The Tribune’s editor-in-chief Harish Khare refused to comment on the FIR. In the FIR, the complainant, B M Patnaik, who works with UIDAI’s logistics and grievance redressal department, states: “An input has been received through The Tribune dated January 3, 2018, that the ‘The Tribune purchased’ a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details for any of the more than 1 billion Aadhaar numbers created in India thus far.”
The FIR details how the reporter got in touch with the other persons named in the FIR and goes on to state: “The above-mentioned persons have unauthorisedly accessed the Aadhaar ecosystem in connivance of the criminal conspiracy… The act of the aforesaid involved persons is in violation of (the various sections mentioned in the FIR)… Hence, an FIR needs to be filed at the cyber cell for the said violation.”
The UIDAI’s media unit did not respond to calls and texts from The Sunday Express. The UIDAI CEO, when contacted, said he was in a meeting. The Tribune report, dated January 3, had stated: “It took just Rs 500, paid through Paytm, and 10 minutes in which an ‘agent’ of the group running the racket created a ‘gateway’ for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email.”
Late on Saturday, UIDAI’s Chandigarh regional office, wrote to The Tribune’s Editor-in-Chief, asking if “was at all possible for your correspondent to view or obtain Fingerprints and Iris scan of any person through the aforesaid access to UIDAI portal” and “how many Aadhaar numbers did the correspondent actually enter through the said login user id and password and whom did those Aadhaar numbers belong to”. The letter asked for these details to be sent by January 8, “failing which it will be presumed that there was no access to any Fingerprints and/or Iris scan”.
After the report appeared, the UIDAI had in a statement said that there “has not been any Aadhaar data breach”.
“The Aadhaar data, including biometric information, is fully safe and secure,” it had said, adding, “There has not been any data breach of the biometric database, which remains fully safe and secure with the highest encryption at UIDAI and a mere display of demographic information cannot be misused without biometrics.”