The aggressive response of the Unique Identification Authority of India (UIDAI) to a journalistic expose of the flaws and vulnerability of the Aadhaar architecture shows that the concern of the authority is to prevent any such disclosures and punish those who make them. Ideally, it should be investigating any such failing which has come to light and take action against those who actually compromised the system. A recent report in the newspaper The Tribune showed how easy it is to get at the so-called confidential information on our Aadhaar cards. The report said that it took just 500 rupees and 10 minutes for the correspondent to get a login name and password, gain entry into the Aadhaar portal and access the particulars of any individual. The money was paid to a group running a racket related to Aadhaar. The UIDAI has filed an FIR against the newspaper and the reporter but skirted the issue brought to the fore by the report.
To proceed against the journalist and the newspaper for exposing chinks in the Aadhaar data security amounts to shooting the messenger. It is an act of highhandedness unacceptable in a democracy with a free press. It is the duty of the media to bring to light the falseness of claims made by the government, official organs and other agencies on any matter of public interest. To act against the media for doing its duty is to curb its freedom. The UIDAI has shown that it is more interested in covering up the flaw exposed by the journalist than in investigating the breach of the much claimed high security of Aadhaar data. What was needed was action against the racket, not a case of fraud, forgery and other imagined offences against the reporter who exposed it. In 1981, journalist Ashwini Sarin 'bought' a woman, Kamla, in the Dholpur flesh market in Rajasthan to expose a trafficking racket. The journalist was honoured, not hounded, in that case.
The two issues that have dominated the debate on Aadhaar are privacy and security of data. They are interrelated. Despite repeated claims by the UIDAI and the government, doubts over these issues have not been cleared. This is not the first time that a security breach has been noticed. Last year, the Aadhaar numbers along with bank details of a large number of people were leaked through government portals. The UIDAI says that biometric data was not accessed though the reporter could obtain demographic data. But no Aadhaar detail should be available to unauthorised persons. The dangers of such access were seen recently when Aadhaar data was misused by a telecom company. Neither should the government and UIDAI forget that the constitutional validity of Aadhaar is still to be finally decided by the Supreme Court.