UIDAI Registers FIR Against Tribune Reporter Over Aadhaar Data Breach Report

An FIR was registered by deputy director of the Unique Identification Authority of India (UIDAI)  against The Tribune newspaper and its reporter, Rachna Khaira, for a report published earlier this week on how demographic data associated with Aadhaar numbers was being sold by anonymous sellers over WhatsApp for just Rs 500.  

The FIR also names Anil Kumar, Sunil Kumar and Raj, all of whom were mentioned in The Tribune report as people Khaira contacted in the course of her reporting, reported The Indian Express.

The FIR was lodged with the Crime Branch’s cyber cell under IPC Sections 419 (punishment for cheating by impersonation), 420 (cheating), 468 (forgery) and 471 (using as genuine a forged document), as well Section 66 of the IT Act and Section 36/37 of the Aadhaar Act.

(What Section 36/37 of the Aadhaar Act say)

“An input has been received through The Tribune dated January 3, 2018, that the ‘The Tribune purchased’ a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details for any of the more than 1 billion Aadhaar numbers created in India thus far, ” states the FIR registered by complainant B M Patnaik, who works with UIDAI’s logistics and grievance redressal department.

According to The Indian Express, the FIR notes how the reporter got in touch with the other persons named in the FIR and goes on to state: “The above-mentioned persons have unauthorisedly accessed the Aadhaar ecosystem in connivance of the criminal conspiracy… The act of the aforesaid involved persons is in violation of (the various sections mentioned in the FIR)… Hence, an FIR needs to be filed at the cyber cell for the said violation.”

The investigative report titled "Rs 500, 10 minutes, and you have access to billion Aadhaar details"by The Tribune had revealed that details of Aadhaar is easily accessible, that too just by paying Rs 500.

According to the newspaper, its reporter purchased a service by anonymous sellers on WhatsApp and paid Rs 500 via Paytm to an agent of the group running a racket. The agent then created a “gateway” for the reporter and gave a login ID and password, thus giving unrestricted access to details, including name, address, postal code (PIN), photo, phone number and email, of more than 1 billion Aadhaar numbers submitted to the UIDAI, the Aadhaar issuing body.

Not only this, the newspaper team paid another Rs 300, for which the agent provided “software” that could facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual.

Denying the allegation, the UIDAI statement said that it has "given the said search facility for the purpose of grievance redressal to the designated personnel and state government officials to help residents only by entering their Aadhaar number/EID".

"UIDAI maintains complete log and traceability of the facility and any misuse can be traced and appropriate action taken. The reported case appears to be instance of misuse of the grievance redressal search facility. As UIDAI maintains complete log and traceability of the facility, the legal action including lodging of FIR against the persons involved in the instant case is being done," said the statement.

Earlier also, the UIDAI had filed an FIR against a CNN-News 18 journalist after the television network aired a segment showing that it was possible to obtain two separate Aadhaar enrollment numbers with the same set of biometrics.

Last year, the Delhi police had registered the first case under violation of Aadhaar Act 2016 against Sameer Kochhar, an entrepreneur-writer who runs a Gurgaon-based think tank called Skoch Development Foundation , for allegedly spreading rumours on various social networking sites that the Aadhaar ecosystem is vulnerable. The complaint said that wrote a misleading article against the Aadhaar ecosystem and also uploaded a video to substantiate his claims.

The UIDAI found the video and the article to be misleading and filed an FIR with the cyber cell of the Delhi police. In his article Kochhar had claimed that the Aadhaar ecosystem is flawed, vulnerable, has very poor security, and can be easily hacked.

He had also written that India was being taken for a ride by those with vested interest on Aadhaar enabled payment. He has further stated that the national security is at stake.