When American whistleblower-in-exile Edward Snowden tweeted in the wee hours that the “UAIDAI is responsible for policies that destroyed the privacy of a billion Indians”, within minutes it was trending on twitter, essaying the mood of the nation. His tweet that the journalist (referring to the Tribune) exposing the Aadhaar breach deserved an award, not an investigation, got thousands of retweets and likes within a jiffy.
The newspaper investigation had recently exposed the vulnerability of citizens’ data which is being sold by unscrupulous people for a paltry sum of Rs 500. The report suggested that any buyer can take full advantage of one’s entire information because the government is hell-bent on linking virtually everything with the Aadhaar. We are forced to link our PAN cards, bank accounts, provident funds, etc. with our Aadhaar numbers because threats keep pouring in by way of SMSs from banks, telecom companies and tax authorities to get our accounts linked with Aadhaar numbers or lose them.
Ironically, instead of addressing the cyber security concerns, the Unique Identification Authority of India (UIDAI) rubbished the report as “a case of misreporting” and denied any breach but at the same time lodged an FIR against the persons involved including the journalist who did the story. Why an FIR if there was no data breach? The silence of the IT Ministry, and clarification by Union Law Minister Ravi Shankar Prasad arguing that the FIR was “against unknown persons”, seems worrisome as it appears to be an attempt to muzzle the whistleblower. There is need to understand the sensitivity of the issue because hackers can play havoc with the personal details of people. Fragile technology needs care and regular monitoring because a tearing hurry and its forced insistence while ignoring its cyber misuse would put people at risk of financial fraud and data breach thus putting public interest to jeopardy. It is a travesty of justice to file FIR against the media house and the reporter by treating them as accused under charges like cheating and impersonation.
The UIDAI should order a thorough internal investigation into the alleged breach and make its findings public. There is an urgent need for enacting data protection legislation to reform the policies for the sake of privacy of people. It is good that UIDAI has recognised the need for a 16-digit temporary Virtual ID (VID) instead of Aadhaar number to authenticate identity for availing services from March 1. The introduction of KYC (Know Your Customer) and UID tokens to secure security concerns are steps in the right direction.