The Unique Identification Authority of India (UIDAI) has done it again. For the fourth time, the authority has filed a police complaint against individuals and agencies highlighting the vulnerability of information leak from the Aadhaar database. The critics point at the dictatorial nature of the present NDA government. 

Well, I believe this government took a cue from the UPA days, when the previous government brazenly defended section 66A of the IT Act, 2000, repeatedly used to silence free speech on the internet. The present government doesn't stop there. It's also competing with the UPA. But first things first. What really happened?  

The UIDAI filed a first information report, FIR, with the Delhi Police against a journalist of the Tribune who reported about this anonymous group selling Aadhaar data for Rs 500. The story dated January 3, 2018 highlighted the anonymous service which offered unrestricted access to details of over a billion Aadhaar numbers. Essentially, the story brought to notice a vulnerability in the access provided to e-kiosks working under CSC SPV, an affiliated body of the ministry of electronics and IT to offer Aadhaar related services. Although this was not the first time CSC SPV has been mired in data leak controversy (read MS Dhoni’s Aadhaar application form posted on social media, and retweeted by no other than minister Ravi Shankar Prasad himself!).  

“Anamika contacted a person on WhatsApp number 7610063464, who introduced himself as Anil Kumar. He was asked to create an access portal. Thereafter Anil Kumar Asked for a name, email ID, mobile number, and also asked for Rs 500 to be created in his PayTm no…7610063464. …the said correspondent received an email saying, ‘You have been enrolled as enrolment agency administrator for CSC SPV’,” said the FIR, quoting the Tribune story.     

These activities are…. “violations of section 36, and 37 of the Aadhaar Act, 2016, section 419, 420, 468 and 471 of IPC 1860 and Section 66, IT Act, 2000”.  

In the past the UIDAI has filed a case against Centre for Internet and Society for shedding light on the Aadhaar details of beneficiaries of various government schemes being made public by over 200 government websites. The government, however, didn't file any complaint against the state or central agencies that revealed data. 

It also filed a police case against Sameer Kochhar, founder of Skoch Group, for producing a video demonstrating how Aadhaar authentication system can be hacked.It filed another FIR against a journalist from CNN-News 18 who highlighted how it is possible to obtain two different enrolment numbers from set off biometrics.  

The Aadhaar law only empowers the UIDAI to file a police case against any data breach. No other person, including victims whose data privacy has been breached, is authorised to file a complaint. In case if the UIDAI officials themselves are involved in any such data leak, the decision to file case against them rests with the authority itself. Now, when journalists and other individuals bring out in public the vulnerabilities in the Aadhaar eco-system, the UIDAI shoots the messenger.  

It is only peculiar of a body like UIDAI which goes after people who report the vulnerabilities. The rest of the world, including small or big corporations, adopt bug bounty programmes: wherein individuals are encouraged to report bugs (vulnerabilities) and are recognised and rewarded, substantially. 

The UPA’s ambitious programme, being aggressively pursued by the Modi government, has often been criticised in the past for the technological lacunae. The criticism ranges from the effectiveness of the biometrics to the security architecture to the vulnerability of applications in the Aadhaar ecosystem. Researchers and academicians from country's prestigious IITs have criticised the authority for not taking a wider approach towards security. 

For the government, the intention behind the Aadhaar project is to root out corruption. The critics, however, have argued against it, not pointlessly all the time. They have repeatedly flagged privacy as a collateral damage in the Aadhaar driven governance and cried time and again that the programme is only meant to benefit and empower the government and not citizens -- as is it made out by the Aadhaar advocates.   

Reacting to the Tribune revelation, whistle-blower Edward Snowden, tweeted: “It is the natural tendency of government to desire perfect records of private lives. History shows that no matter the laws, the result is abuse.” Well, who cares!  

The Editors Guild, Press Club of India, Indian Women’s Press Corps and Press Association have criticised the government’s move to go after journalists.  

“The Guild condemns UIDAI’s action to have the Tribune reporter booked by the police as it is clearly meant to browbeat a journalist whose investigation on the matter was of great public interest. It is unfair, unjustified and a direct attack on the freedom of the press. Instead of penalising the reporter, UIDAI should have ordered a thorough internal investigation into the alleged breach and made its findings public. The Guild demands that the concerned union ministry intervene and have the cases against the reporter withdrawn apart from conducting an impartial investigation into the matter.”

“The UIDAI filing criminal complaints against the reporter and her sources is clearly reflective of its misplaced priorities. We, the undersigned organisations find the UIDAI's move extremely intimidatory, obstructionist and inimical to the pursuit of free, fair and independent journalism. We demand that the complaint and the proceedings related to it should be withdrawn forthwith,” the PCI, WPCI and Press Association said in a statement. 

A supreme court constitution bench would soon begin hearing on all petitions challenging Aadhaar programme and its mandatory linkage to service delivery. Certainly Aadhaar and related issues are much more complex than the section 66A of the IT Act, which was widely considered as a bad law -- although they mock democracy. Let’s wait and watch.