Here are some people who exposed flaws in Aadhaar.
Chairman, Skoch Group
In an article titled “Is a Deep State at Work to Steal Digital India” Sameer had described the risk of stored biometrics allowing multiple authentications in the absence of the Aadhaar holder.
The CEO of UIDAI responded to his tweet about the article calling it fake in spite of the UIDAI being forced to take action against AXIS bank and e-Mudhra for exactly the same reuse. An FIR was filed against him for “spreading rumors” about Aadhaar. Perhaps the FIR should have included UIDAI’s name given that it had said the exact same thing about AXIS bank.
Journalist, CNN-News 18
Debayan Roy attempted to show that a person could have two Aadhaars in a 20 minute segment on Aadhaar. He was able to get two enrolment IDs though not two Aadhaars.
Delhi police filed a case against him for “found having the same parameters of biometric information” as himself.
Here is the CEO of UIDAI saying that they received both real and fake information of Debayan Roy and deliberately issued a fake ID and rejected his real one.
The Center for Internet & Society (CIS)
When the CIS published a study showing how Aadhaar data was being leaked on government websites, the UIDAI attempted to intimidate them into revealing the identity of the “hackers” (researchers).
Asking the CIS to reply before May 30, the UIDAI also said, “Aadhaar system is a protected system under Section 70 of the IT Act, 2000, the violation of which is punishable with rigorous imprisonment for a period up to 10 years.” It added that the penalty clauses for violations are also provided in Section 36, Section 38 and Section 39 of the Aadhaar Act.
They also claimed that the data onthe website for the ‘National Social Assistance Program’ was only possible for someone in possession of authorised login details, or if the site (http://nsap.nic.in) was hacked or breached, when in reality it was an open secret that such files were found with simple Google searches for “Aadhaar Number” and file extension .xls (with some variations) and the researchers, Srinivas Kodali and Ambar Sinha, had merely compiled the data available openly on the internet due to irresponsible government services. They got FIRs for their service toward securing the country’s data.
Journalist, The Tribune, Chandigarh
Rachna Khaira exposed that access to the Aadhaar database was being sold for Rs.500 on WhatsApp. The access included personal information of the Aadhaar holders, but not biometrics.
After denying that the Aadhaar database was breached though there was “misuse” without authorized access, as well as claiming that the breach that didn’t happen wasn’t dangerous, and other classic UIDAI nonsense, an FIR was filed against the journalist and the UIDAI is bullying The Tribune to prove that she had access to biometric details – a claim that had never been made in the first place. Because in the tiny, ignorant world of UIDAI, any breach that doesn’t have biometrics isn’t a breach.
We are just beginning the necessary work of compiling unethical and illegal patterns related with Aadhaar and actions taken against those who report vulnerabilities. This page will be updated regularly as information comes in. If you know of a whistleblower on Aadhaar who has been persecuted, please inform us in the comments.