Regulator says FIR is against the crime that reporter Rachna Khaira committed to get the story. Reporter says she stands by her story.
Chandigarh/New Delhi: Following a news report by The Tribune claiming that Aadhaar data of millions of citizens can be bought for a small fee, the Unique Identification Authority of India filed a FIR against the newspaper and its Jalandhar-based reporter Rachna Khaira. And despite drawing widespread condemnation for its action, the regulator is standing its ground, stating that the FIR is against the crime the reporter committed under cover.
The report, published on 4 January, found that it was possible to access Aadhaar card details through a login and password, which could be bought for Rs 500. For another Rs 250, cards could also be printed. To prove that a breach was indeed possible, the reporter bought the login and password and also successfully printed an Aadhaar card.
The FIR was registered Friday on the complaint of B.M. Patnaik, who works at the UIDAI’s logistics and grievance redressal department. According to Patnaik’s complaint, the reporter “purchased” an illegal service that was being offered by an anonymous seller on WhatsApp, which provided unrestricted access to details of more than one billion Aadhaar numbers that have been created.
FIR criticised
Social media erupted with support for The Tribune and its reporter, and condemnation for the UIDAI for shooting the messenger.
The Editor’s Guild of India condemned the FIR as “a direct attack on the freedom of the press”. The Chandigarh Press Club, meanwhile, decided to organise a protest march Monday against the move.
Not targeting whistleblowers
The UIDAI issued a press statement Sunday evening, saying an impression was being created that it was targeting the media or whistleblowers.
“…Even though there was no breach of Aadhaar biometric database, because UIDAI takes every criminal violation seriously, it is for the act of unauthorised access (that) criminal proceedings have been initiated,” it stated.
The UIDAI added that it was “duty-bound to disclose all the details of the case which were in its knowledge at the time of filing the FIR, and name everyone who was an active participant in the chain of the events leading to commission of the crime, regardless of whether the person was a journalist or anyone else, so that the police could conduct a proper investigation and bring the real culprit to justice”.
Its statement referred to a Supreme Court judgment underlining that “a crime does not stand obliterated or extinguished merely because its commission is claimed to be in public interest”.
Reporter stands by story
Contacted by ThePrint for her response to the FIR, Khaira said she was waiting to receive a copy before responding, but said she stood by her story.
“I have mentioned in my story the login I created to access the Aadhaar details for the story. Since the UIDAI claimed in the denial note that it can track every single breach, why do they need to know the details?”
She said similar offers were being sent to WhatsApp groups of village-level entrepreneurs. Whistle blower Bharat Bhushan Gupta, a small businessman in Jalandhar, received the message and decided to check out the veracity of the offers.
“Gupta managed to access the data on 29 December, after which he contacted UIDAI twice on its toll free number. He talked to the operator and requested to be connected to an official. But he was refused. After that he contacted the media,” Khaira added.
In national service, says Tribune editor
In a statement posted on The Tribune website, editor-in-chief Harish Khare said: “We regret very much that the authorities have misconceived an honest journalistic enterprise and have proceeded to institute criminal proceedings against the whistleblower.
“We shall explore all legal options open to us to defend our freedom to undertake serious investigative journalism.”
In his weekly column which appeared Sunday, Khare wrote: “Rachna Khaira’s story was in national service. And, what was the government’s response? Deny. Reaffirm the inviolability of the data. File an FIR. Arguably, the government does not want to admit and create any kind of panic.”
Apart from the FIR, in its communication sent to The Tribune on 6 January, the UIDAI has also demanded to know whether the reporter could manage to also access biometrics related to leaked Aadhaar numbers. It has asked whether “it was at all possible for your correspondent to view or obtain fingerprints and iris scan of any person through the aforesaid access to UIDAI portal” and exactly “how many Aadhaar numbers did the correspondent actually enter through the said login ID and password, and whom did these Aadhaar numbers belong to”?
The Tribune has been asked to respond by 8 January, failing which “it will be presumed that there was no access to any fingerprints and/or iris scan”.
First case under Aadhaar Act
The FIR has been registered under Sections 419 (punishment for cheating by impersonation), 420 (cheating), 468 (forgery) and 471 (using as genuine a forged document), as well Section 66 of the IT Act and Section 36/37 of the Aadhaar Act by the Delhi Police Crime Branch. It also names Anil Kumar, Sunil Kumar and Raj Kishore, people whom the reporter contacted for data.
The FIR states: “The above-mentioned persons have unauthorisedly accessed the Aadhaar ecosystem in connivance of the criminal conspiracy… The act of the aforesaid involved persons is in violation of (the various sections mentioned in the FIR)… Hence, an FIR needs to be filed at the cyber cell for the said violation.”
Bhisham Singh, DCP Crime Branch, said notices have been served. The police also said that this is the first time a case under the Aadhaar Act has been registered.
Interestingly, another complaint registered by a UIDAI employee in Chandigarh was withdrawn before the complaint in Delhi was filed. The Punjab Police Cyber Cell had also started its own probe, but has since suspended it because of the case being shifted to Delhi.
Multiple instances
There have been previous instances where an FIR has been filed against a journalist for finding loopholes in Aadhaar. In 2017, a journalist with an English news channel was booked after the channel aired a programme showing how it was possible to get two Aadhaar enrolment numbers with the same biometrics.
Skoch Group chairman Sameer Kochhar too was booked for allegedly spreading rumours about loopholes in the Aadhaar system, after he posted a video showing how the biometric identification system could be vulnerable against replay attacks.
(This article was updated to include The Tribune’s official statement at 9 pm on 7 January)
(With inputs from Anubhuti Vishnoi and Ananya Bhardwaj)