A number of journalistic forums including Editors Guild of India have condemned the filing of FIR against Rachna Khaira, a reporter of The Tribune who exposed the data breach of UIDAI that implements Indiia’s coercive and panopticon AAdhaar cards.
Editors Guild of India released this stement:
The Editors Guild of India is deeply concerned over reports that the Deputy Director of the Unique Identification Authority of India (UIDAI) had registered an FIR against Rachna Khaira, a reporter of The Tribune, in the Crime Branch of the Delhi Police. The reporter has been booked under IPC sections 419 (punishment for cheating under impersonation), 420 (cheating), 468 (forgery), 471 (using a forged document) and also under sections of the IT Act and the Aadhar Act.
The Tribune report of January 3 by Khaira had exposed how, for a small sum of money made to a payment bank, an agent of a private group would allegedly create a gateway to access details contained in an individual’s Aadhar card. Using a false identity, Khaira had posed as an interested party and claimed in her report that she had easy access to details that individuals had listed in their Aadhar cards. The UIDAI in a statement had subsequently denied that any data breach was possible.
The Guild condemns UIDAI’s action to have the Tribune reporter booked by the police as it is clearly meant to browbeat a journalist whose investigation on the matter was of great public interest. It is unfair, unjustified and a direct attack on the freedom of the press. Instead of penalising the reporter, UIDAI should have ordered a thorough internal investigation into the alleged breach and made its findings public. The Guild demands that the concerned Union Ministry intervene and have the cases against the reporter withdrawn apart from conducting an impartial investigation into the matter.
Signed
Raj Chengappa, President
Prakash Dubey, Generalk Secretary
Kalyani Shankar, Treasurer
Press Club of India, Indian Women’s Press Corps, Press Association condemned UIDAI attempt to gag the media
The Press Club of India, Indian Women’s Press Corps and Press Association express their strong objection and condemnation at the registration of a FIR against a reporter of The Tribune by an officer of the Unique Identification Authority of India for writing a story exposing alleged loopholes in the system.
The FIR, lodged with the Cyber Cell of the Crime Branch invokes serious charges under the IPC, IT Act and Aadhaar Act. This move runs counter to the UIDAI’s claim that “the Aadhaar data including biometric information is fully safe and secure”. If there is no breach, what is the offence they have supposed to have committed? Rather than addressing the loopholes which would actually ensure safety and security of the data and allay the general concerns about this, the UIDAI has chosen to persecute those whose actions appear to have been only in public interest – i.e, drawing attention to the possibility of data insecurity before someone with ulterior motives is able to exploit them,.
The UIDAI filing criminal complaints against the reporter and her sources is clearly reflective of its misplaced priorities. We, the undersigned organisations find the UIDAI’s move extremely intimidatory, obstructionist and inimical to the pursuit of free, fair and independent journalism. We demand that the complaint and the proceedings related to it should be withdrawn forthwith.
Issued on behalf of –
Gautam Lahiri (President) – Press Club of India
Shobhna Jain (President) – Indian Women’s Press Corps
Jai Shankar (President) – Press Association
Foundation for Media Professionals released this statement
The booking of a criminal case against a reporter of the Tribune for exposing a data breach marks a disturbing trend. In less than a year, it is the fourth reported instance of free speech being assaulted in the context of the much touted Aadhaar. What is even more worrisome is the repeated misuse of provisions in the Aadhaar Act 2016 to deter journalists and other whistleblowers from uncovering any of the problems associated with this project when it is under challenge in the Supreme Court.
Stung by her report on the access she obtained through a racket for Rs 500 to an online Aadhaar data base, the Unique Identity Authority of India (UIDAI) has accused Tribune’s reporter Rachna Khaira of forgery and cheating by impersonation under various provisions of the Indian Penal Code, Information Technology Act and Aadhaar Act. Besides being a travesty of the rule of law, the UIDAI’s narrative in the FIR betrays a perverse intolerance to any interrogation by the media of its claim to have put in place a foolproof system.
By allowing such FIRs to be registered, the government is clearly signaling that the functioning of UIDAI, however controversial, is out of bounds for journalists and other whistleblowers. The Foundation for Media Professionals deplores the government’s desperation to defend Aadhaar at the expense of free speech and accountability.
The Foundation also hopes that the judiciary will at the earliest quash all these FIRs booked at the instance of UIDAI and check this trend of lawlessness before it does any further damage to the public interest. The lawlessness is most evident in the invocation of Section 37 of the Aadhaar Act which imposes a penalty of imprisonment up to three years on whoever is found to have disclosed identity information. It is inconceivable how such an allegation could be made against Khaira when she had, in the best tradition of watchdog journalism, exposed the vulnerabilities in the Aadhaar system.
Paranjoy Guha Thakurta, President
Manoj Mitta, Director
Citizens Forum for Civil Liberties (CFCL) released this statement
New Delhi, 7 January: Citizens Forum for Civil Liberties (CFCL)* denounces & disapproves SLAPP case/FIR against reporter of The Tribune for exposing the truth about Central Identities Data Repository (CIDR) of 12-digit biometric Unique Identification (UID)/Aadhaar Numbers of residents of India who have lived in India for at least 182 days. It appreciates the statements of the Editors Guild of India and Media Association of Punjab that has expressed deep concerns over registration of a case by Unique Identification Authority of India (UIDAI), in the Crime Branch, Delhi Police gains the reporter. This SLAPP case is a strategic lawsuit against public participation (SLAPP) which is intended to censor, intimidate, and silence critics of UID/Aadhaar in the 8th year of UIDAI’s existence.
This act of UIDAI appears to be guided by its diffidence ahead of the hearing in the Supreme Court on 17 January by the Constitution Bench on the constitutionality of world’s biggest database of UID/Aadhaar Numbers merit greater scrutiny given the fact that countries like UK, Australia, China, France, USA, Germany and others have abandoned similar efforts to build citizen’s databases, which becomes one the most vulnerable assets of the country.
Besides several other provisions of law, reporter of the The Tribune has been booked under Section 36 and 37 of Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 because under Section 47 (1) of the Act only a complaint made by the UIDAI or any officer or person authorised by it for any punishable offence.
It is noteworthy that Aadhaar Act does empower any reporter or any person who comes to know of the misuse and abuse of the UID/Aadhaar or related demographic or biometric information to file an FIR herself. This Act has disabled citizens in general and journalists in particular. It is evident that had she undertaken the task she did the government and citizens could have remained in dark about the unprecedented breach of national security and security of citizens. CFCL appreciates the exemplary journalistic work done by The Tribune and its reporter which serves supreme public interest and national interest.
As per Section 36 of the Aadhaar Act “Whoever, not being authorised to collect identity information under the provisions of this Act, by words, conduct or demeanour pretends that he is authorised to do so, shall be punishable with imprisonment for a term which may extend to three years or with a fine which may extend to ten thousand rupees or, in the case of a company, with a fine which may extend to one lakh rupees or with both.”
A joint reading of Section 47 (1) and Section 36 reveals that government and UIDAI wants to remains in dark about unauthorised collection of identity information because no one other than UIDAI itself is authorized to do so and no one other itself can file complaint against unauthorised collection.
As per Section 37 of the Act “Whoever, intentionally discloses, transmits, copies or otherwise disseminates any identity information collected in the course of enrolment or authentication to any
person not authorised under this Act or regulations made thereunder or in contravention of any agreement or arrangement entered into pursuant to the provisions of this Act, shall be punishable with imprisonment for a term which may extend to three years or with a fine which may extend to ten thousand rupees or, in the case of a company, with a fine which may extend to one lakh rupees or with both.”
A joint reading of Section 47 (1) and Section 37 reveals that government wants to remain in dark about intentional disclosures, transmissions, copying and dissemination of any identity information because no one other than UIDAI itself is authorized to take note of such illegal activities and no one other itself can file complaint against unauthorised collection.
The case has also been filed under Section 66 of the Information Technology Act, 2000 which deals with hacking with computer system. This Section of the IT Act reads: “ (1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack: (2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend upto two lakh rupees, or with both.”
If the relevant provisions of Aadhaar Act and IT Act are read together, it is abundantly clear that as far as CIDR of UID/Aadhaar numbers of residents of India is concerned, government and the UIDAI do not wish anyone other itself to file a complaint against any person causing “wrongful loss or damage to the public or any person destroying or deleting or altering or diminishing or affecting or hacking UIDAI’s database injuriously.
While UIDAI has filed cases also under sections 419 (punishment for cheating under impersonation), 420 (cheating), 468 (forgery) and 471 (using a forged document) of Indian Penal Code, the fact is that UIDAI itself has handed over data of all those who have enrolled to foreign companies like Accenture, Safran Group and Ernst & Young who are subservient to laws of their country and under legal compulsion to share it with their governments and other unauthorized private entities. CFCL’s demands disclosure of all the contract agreements which UIDAI has signed with private entities and public institutions.
It is noteworthy that UIDAI awarded contracts to three companies namely, Satyam Computer Services Ltd. (Mahindra Satyam), as part of a “Morpho led consortium”, L1 Identity Solutions Operating Company and Accenture Services Pvt. Ltd of USA for the “Implementation of Biometric Solution for UIDAI”. Sagem Morpho Security Pvt. Ltd of French Safran Group was awarded contract for the purchase of Biometric Authentication Devices on February 2, 2011 by the UIDAI. On July 30, 2010, in a joint press release, it was announced that “the Mahindra Satyam and Morpho led consortium has been selected as one of the key partners to implement and deliver the Aadhaar program by UIDAI. UIDAI Chief was given ID Limelight Award at the ID World International Congress in 2010 held in Milan in November 2010. One of the two Platinum Sponsors of this Congress was Morpho (of Safran group), a French high-technology company with three core businesses: Aerospace, Defense and Security in which French Government has a 30 % stake. This company has a 40 year partnership with China. Coincidentally, this Global Summit on Automatic Identification in 2009 had awarded Tariq Malik, Deputy Chairman of Islamabad based National Database & Registration Authority (NADRA) too for implementing UID project in Pakistan.
It is alarming to note that Unique Identification Authority of India (UIDAI) will have residents/ citizens of India believe that the three transnational biometric technology companies working with foreign intelligence agencies namely:1) Mahindra Satyam Computer Services/Sagem Morpho, 2) L1 Identities Solutions and 3) Accenture Services who have been awarded contracts by UIDAI that “There are no means to verify whether the said companies are of US origin or not” in a reply to Right to Information (RTI) application. Didn’t UIDAI know the country of origin of the award and their sponsors who were awarded contract by UIDAI prior to taking the award inform UIDAI Chief the “means to verify” the country of the origin of three companies in questions?.
The first company Morpho’s website is: http://www.morpho.com/qui-sommes-nous/implantations-internationales/morpho-en-inde/?lang=en
It Press Release at http://www.morpho.com/evenements-et-actualites-348/presse/mahindra-satyam-and-morpho-selected-to-deliver-india-s-next-generation-unique-identification-number-program?lang=en reveal its partnership with Mahindra Satyam. Its parent company’s website is www.safran-group.com
The second company, L1 Identities Solutions is headquartered in Stamford, Connecticut, U.S website and its press releases at http://ir.l1id.com/releases.cfm?header=news reveal that the company received $24.5 Million in Purchase Orders in the Initial Phase of India’s Unique Identification Number Program for Certified Agile TP(TM) Fingerprint Slap Devices and Mobile-Eyes(TM) Iris Cameras. (http://ir.l1id.com/releasedetail.cfm?ReleaseID=509971).
On July 19, 2011, L-1 Identity Solutions and Safran, Paris announced that in connection with the pending acquisition of L-1 by Safran, the parties have reached a final agreement on the terms of a definitive mitigation agreement with the United States government. L-1 and Safran were notified by the Committee on Foreign Investment in the United States (CFIUS) on July 19, 2011 that the investigation of the merger transaction is complete and that there are no unresolved national security concerns with respect to the transaction. With CFIUS approval for the merger, and having satisfied all other conditions required prior to closing, the parties completed the merger transaction. As a consequence of Safran’s purchase of L-1 Identity Solutions, the de-duplication contracts of UIDAI’s CIDR which was given to two companies, both contracts are with one company now.
While Committee on Foreign Investment in the United States (CFIUS) resolved national security concerns, has the same been done in India?
Following Central Information Commission (CIC)’s intervention in the matter of application filed by Col Mathew Thomas, an octogenarian defence scientist, and submissions by the author on his behalf, UIDAI shared its contract agreement with French and US biometric technology companies but crucial pages are missing from the contract agreement after the CIC heard the matter on 10 September 2013. After examining these documents with regard to the Accenture for Biometric Technology, it has come to notice that the first 237 pages appear to be in order but after that there is a one pager titled Annexure J Technical Bid (Technical Bid as submitted by M/s Accenture Services Pvt Ltd). The Technical Bid document is missing. After that there is a one pager titled Annexure K Commercial Bid Commercial (Bid as submitted by M/s Accenture Services Pvt Ltd). The Commercial Bid document is missing.
With regard to the L-1 Identity Solutions for Biometric Technology, one noticed that the first 236 pages appear to be in order but after that there is a one pager titled Annexure I non-disclosure agreement as submitted by L-1 Identity Solutions Operating Company Pvt Ltd. But this document is missing. After that there is a one pager titled Annexure J Technical Bid as submitted by L-1 Identity Solutions Operating Company Pvt Ltd. The Technical Bid document is missing. After that there is a one pager titled Annexure K Commercial Bid as submitted by L-1 Identity Solutions Operating Company Pvt Ltd. The Commercial Bid document is missing.
When this was pointed out to the new Information Commissioner, he ordered the Registrar, CIC to check compliance by UIDAI’s earlier order. The Registrar then informed that the new Information Commissioner has allowed UIDAI to furnish limited financial information. In effect, he changed the earlier order of the CIC without authority to do so. The Writ Petition (Civil) No. 9143/2014 (Mathew Thomas V Union of India and Ors) in this regard is pending in Delhi High Court. The next date of hearing has been fixed for 4 May, 2018 by Justice Vibhu Bakhru’s order of 15 September, 2017. Till 21 February, 2017 it was before Justice Sanjeev Sachdeva. So far there have been 10 hearings in the case since December 22, 2014. The companies in question have argued that the copies of their technical bids should not be given to the petitioner. Justice Sanjeev Sachdeva’s order of 22 December, 2016 revealed that M/s. L-1 Identity Solutions Operating Company Private Limited and M/s. Accenture Services Private Limited have been impleaded in the case.
In the aftermath of 11th Ministerial of WTO which concluded in December 2017, media should be vigilant about the forces which are promoting citizens’ surveillance in the name of promotion of Innovation in the Global Digital Economy and e-commerce. It should take note of the fact that ministries that drafted India’s written position on e-commerce opposed demand for negotiations on e-commerce by US and its allies have not been kept in loop in the matter of database of Indian residents. US and its allies who are deeply interested in access to Aadhaar database are have been demanding access to citizens’ database for free as per their written submissions. The WTO has a 1998 Work Programme on e-commerce. This Work Programme provides for the discussion of trade-related issues relating to e-commerce to take place in the relevant WTO bodies like the Council for Trade in Services; the Council for Trade in Goods; the Council for TRIPS; and the Committee for Trade and Development. The WTO’s General Council was envisaged to play a review or oversight role.
In recent times, proposals are being pushed by some developed countries to negotiate new rules in addition to the existing ones in the WTO Agreements with regard to e-commerce amidst vehement opposition by many developing countries including India because it goes beyond the 1998 mandate. Since the 1998 WTO Ministerial Conference when Members adopted a temporary moratorium of not imposing customs duties on electronic transmissions, this moratorium has been renewed at the WTO Ministerial Conferences. Global trade remains open and closed for strategic reasons. It is increasingly evident that trade in services and non-agricultural products is going to acquire electronic route in near future in a dramatic manner. This will result in huge financial losses when investors, rather than establishing local presence, prefer to provide services online. Countries like India will experience losses from taxation foregone.
The online databases including CIDR of UID/Aadhaar is admittedly on cyber cloud beyond the jurisdiction of India which will facilitate foreign investors and compromise Indian’s economic interest of Indians. Unmindful of such imminent economic disruptions the proposed data protection law framework by Government of India remains foreign digital entrepreneur centric, not citizen centric and is not geared up to keep pace with emerging future Internet which is going to be invisible and which is being embedded into everything.
In such a backdrop, The Tribune report of January 3 by Rachna Khaira has exposed the vulnerability of UIDAI’s database in great public interest and Editors Guild of India has aptly described the FIR as “unfair, unjustified and a direct attack on the freedom of the press. Instead of penalising the reporter, UIDAI should have ordered a thorough internal investigation into the alleged breach and made its findings public.” CFCL endorses Guild’s demand that the concerned Union Ministry to intervene and have the cases against the reporter withdrawn apart from conducting an impartial investigation into the matter.
Due to all around concerns about denial of right to life and personal liberty by UIDAI and related agencies, a Joint Citizens Protest is planned in cities and districts across the country. In Delhi, the protest is planned on 12 January, at 3 PM on Parliament Street by concerned citizens, trade unions and student organizations. CFCL expresses its solidarity with the Joint Citizens protest.
For Details: Gopal Krishna, Citizens Forum for Civil Liberties (CFCL)*, E-mail:[email protected], Mb: 9818089660, 08227816731
* Citizens Forum for Civil Liberties (CFCL) had appeared before the Parliamentary Standing Committee on Finance that examined and trashed the Aadhaar Bill, 2010, which was reshaped and introduced in Rajya Sabha and it remain pending there till 3rd March 2016 when it was withdrawn and supposedly a new Bill was introduced as Money Bill that got enacted as Aadhaar Act 2016 amidst vociferous objection by Rajya Sabha and peoples movements. It faces constitutional challenge before Supreme Court’s Constitution Bench.