Saturday, June 6, 2020
Home News Reports Beyond outrage - What's the Tribune Aadhaar hack and consequent FIR is all about

Beyond outrage – What’s the Tribune Aadhaar hack and consequent FIR is all about

Also Read

On 4th Jan, The Tribune published a story titled “Rs 500, 10 minutes, and you have access to billion Aadhaar details”. The story claimed that you can “purchase” a “service” being offered by anonymous sellers over WhatsApp that provides unrestricted access to all details of every Aadhaar number generated in India so far.

This is how it worked: the journalist anonymously contacted an Aadhaar agent who installed a software on her computer using “Team Viewer”, a remote desktop software. The journalist also received an username and password on her mail. And bingo, she had access to “all Aadhaar details”.

If true, this is a very serious security flaw. This should be brought to the authorities notice as soon as possible to fix the lapses before the data ends up in wrong hands. Also, the report suggests that the journalist was able to access the Aadhaar data using credentials generated specifically for her. Now this is pretty embarrassing.

Sensitive data should always be protected using multiple layers of security and not just a user id and password. This is a standard practice in banks where apart from the credentials, an employee has to punch his fingerprint to log in into the core banking system. What this means is, even if you get an SBI employee’s credentials and get access to SBI’s intranet, you still can’t log into the system unless you are an employee of SBI authorized to use the system you are trying to log into.

Systems that deal with sensitive data are always authenticated through multiple layers to ensure no foul play. To think that something like Aadhaar data, where security is being questioned day in and day out, will leave the security perimeter for the agents to just an user id and password. This is some serious lackadaisical approach from the authorities towards privacy & data security.

However, some of the claims of the news report is questionable. For example, the report then claims that, using this security vulnerability, one can get a SIM on someone else’s name or withdraw money from someone else’s account. Both these require biometrics and as per UIDAI claims, biometrics data was not breached, though it agrees that some details (non biometric) may have been exposed, which is a security flaw nonetheless.

UIDAI press note on the said security breach

UIDAI maintains that this is a case of “misuse” of the grievance redressal search facility provided to some designated personnels. Subsequently, on 4th Jan, UIDAI registered an FIR with cyber cell, Delhi Police in this matter, under Aadhaar act [pdf] 36 and 37 and other IPC sections which names Unknowns, Anil Kumar & Sunil Kumar (the people who installed the app on the journalist’s machine and gave her access privileges), Rachana Khaira (the journalist who installed the “app” and allegedly accessed UIDAI details) and Tribune newspaper. As law bound, UIDAI has disclosed all the details of the case that is known to it in the FIR. The FIR names everyone in the chain of events leading to commission of the crime.

Section 36 and 37 of the Aadhaar act

Everyone, who thinks this is an attack on press freedom, here are few submissions.

  • Some quarters in the press maintain that the people are actually whistleblowers who exposed the vulnerabilities in the system. However, Sunil Kumar and Anil Kumar (assumed names I believe) are not whistleblowers. They are authorised agents by UIADI, who have misused their access privileges to allow access to a 3rd party for exchange of money. This is not whistleblowing, this is rather monetising the known vulnerability of the system to their own benefit, without bringing it to authorities notice. Even if we consider them whistleblowers, there could be others like them (referred to as the ‘Unknowns’ in the FIR, I will presume) doing the same, whose actions need to be investigated to find out and address any misuse of data.
  • A reading of above mentioned sections of Aadhaar act clearly establishes that a crime has been committed. UIDAI neither has investigating nor prosecution power. The natural course of action demands an investigation for which FIR is the first step in the process. For the investigating agency to conduct a free and fair investigation, it is imperative for them to know the full details of the case. Hence, the FIR had to name all of them. Whether everyone is actually charged or not will be decided by the investigating team while filing chargesheet. However, a proper enquiry demands the journalist and her team to be questioned to understand the modus operandi and chain of events. Do the journalist fraternity expect UIDAI to partially report the crime so that a fellow journalist is not named? Won’t that jeopardise the investigation? As UIDAI rightly points out, if someone is named in the FIR, it doesn’t necessarily mean he is guilty or is being targeted. That will be decided only after police investigations are over.
  • At times, to unearth scams or expose vulnerabilities, occasionally law has to be bypassed. Sting operations where journalist try to offer bribe to govt officials are an example. Though bribing a govt official is a crime under PCA, this is done in larger public interest to expose the malaise. However, who gets to decide whether the wrong you committed to bring out the “bigger wrong” is actually in public interest? The honourable Supreme Court in Rajat Prasad vs C.B.I case makes it clear that, a crime does not stand obliterated or extinguished merely because its commission is claimed to be in public interest. It will depend on the facts and circumstance of the case. So, let the court decide on the public interest part.

SC judgement on Sting operation and criminality

While we all want the Aadhaar system to be foolproof, we also need people to be punished for misusing their privileges and violating Aadhaar act. So, before making a hue and cry about journalistic freedom being trampled, please go through the merits of the case and understand the intention of filing the FIR. Union Minister for Information Technology Ravi Shankar Prasad and UIDAI too have clarified that the FIR is not about prosecuting the journalist or the newspaper but to seek their assistance in nabbing real culprits.

We all want a foolproof resilient system and at the same time we also want the culprits to be brought to the book. One would expect the newspaper to cooperate with the authorities to nab the culprits and tighten the loose screws. That will be some public service, a cause you dedicate yourself to.

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

Trending now

Congress mouthpiece says ‘Muslims have sat quiet and subdued’: Here is how they are wrong and how their dog-whistling might not work

National Herald published an article that said that the first year of Modi Sarkar 2.0 has been the 'worst possible year' for Muslims in the country.

Is Safoora Zargar being unfairly kept in jail while she is pregnant? Here is what the law says

Safoora Zargar was denied bail and liberals on social media have been calling the order 'remorseless' and 'shameful'.

Media furthers a dangerous narrative, wrongly portrays scuffle between cops and a thug in Rajasthan as ‘India’s George Floyd moment’

There is a stark difference between the George Floyd murder and what happened in Jodhpur when police tried to control a thug who assaulted them

Justice for Bramsh Baloch: An Echo Of Revolution

The current incident of Bramsh Baloch has not only exposed the relation of Pakistani state with the burglars, killers, death squad members, but it also unveiled the hidden dirty faces of Parliamentarians

From December 2019 to Delhi riots 2020: Here is how Islamist mobs tampered with CCTV cameras to avoid detection as they went on rampage

During the Delhi anti-Hindu riots, Islamists broke CCTV cameras. Police also confirmed no CCTV footage was recovered fro Tahir Hussain's house

Muslim mob torched properties of Hindus till 24th Feb night, burnt Dilbar Negi alive: Fresh charge sheet against 12 in Delhi riots

According to the charge sheet, a Muslim mob came from Brijpuri Pulia side in northeast Delhi and unleashed violence, targeting properties of Hindus. The mob continued damaging Hindu shops and burnt them till late night on February 24.

Recently Popular

Times of India journalist Samina Shaikh tries to shame Hindus over the killing of pregnant elephant in Kerala

In Hinduism, Lord Ganesha has the head of an elephant and elephants are also considered holy.

Woman ‘protestor’ poops on an overturned police car in middle of riots in America. Watch the video (or maybe not)

A woman was seen defecating on a damaged police car in USA, an act video recorded and photographed by onlookers

GoAir fires trainee officer Asif Khan after screenshots of his Hinduphobic comment went viral on social media

GoAir has terminated the employment of one Asif Khan after his anti-Hindu offensive comments on social media went viral.

“Your mother was Hindu, how can we trust you?” Read shocking revelations by the niece of Nawazuddin Siddiqui

Nawazuddin Siddiqui and his family refused to believe the niece's allegations stating that they cannot trust the daughter of a Hindu.

One suspect arrested in Kerala pregnant elephant death case, autopsy report reveals she could not eat for two weeks after cracker explosion in mouth

The forest department in Kerala has arrested one suspect in the case of death of a pregnant wild elephant in Kerala

After trying to rope in 2nd, 3rd-year MBBS students to manage Coronavirus patients, Maharashtra govt to punish medical interns if they get coronavirus

Medical interns in Maharashtra will be liable to repeat the internship for the quarantine period if they are infected with Coronavirus

Second Pinjra Tod activist Devangana Kalita booked under UAPA in the Delhi riots case

Pinjra Tod activist and JNU student Devangana Kalita booked under UAPA for Delhi riots, she is under judicial custody after her arrest

Hackers take down website of Maneka Gandhi’s NGO after she blamed people of Malappuram district for the death of pregnant elephant

The hackers put a message on the web page saying that Maneka Gandhi used the matter of elephant's death for dirty politics.

Former Indian cricketer Yuvraj Singh apologizes for casteist remark against Yuzvendra Chahal

Yuvraj Singh took to Twitter and expressed regret for the comment which was made during a conversation with Rohit Sharma.

Darbhanga, Bihar: Massive explosion in one Nazir’s house, locals suspect bombs and not firecrackers responsible for blast

Local residents in Darbhanga claimed that the explosion took place at Nazir's house while making bombs and not due to fire crackers.

Markaz management deliberately disregarded police instructions to send back its members, central govt tells SC

Markaz management did not inform about the Tablighi Jamaat gathering to authorities, centre tells SC in affidavit

Meerut police find that more than 13000 phones of Chinese manufacturer Vivo operating on single IMEI number, case registered against the company

When one Meerut Police officer gave his phone to cyber cell for checking, they found that more than 13000 phones have same IMEI number

Central audit team finds JNU officials guilty of committing fraud worth Rs 57 lakhs in the financial year 2017-2018

The DGCAE has recommended that criminal cases be lodged against the JNU officials for availing LTCs using fake bills.

Facebook user narrates the harrowing tale of his struggle to get tested for Coronavirus in Arvind Kejriwal’s Delhi

Delhi man narrates how he was told by multiple hospitals and laboratories that Delhi govt has stopped Coronavirus testing for 2-3 days

Udaipur: Tribal youth Mukesh stabbed to death over a minor fishing dispute, Zafar, Saeed, Firoz and others arrested after 1000 villagers agitate

As the mob started swelling Udaipur police, fearing communal tension, went on high alert. Internet was snapped for 24 hours

Delhi riots case: Delhi police investigating the assets of accused Faisal Farooq and his links with Nizamuddin Markaz

Delhi riot accused Faisal Farooq was in contact with the people involved with the PFI and Hazrat Nizamuddin Markaz

Connect with us

229,696FansLike
363,542FollowersFollow
246,000SubscribersSubscribe