Lately, Aadhaar seems to have been in the news for all the wrong reasons. Internet activists and lawyers have been raising security concerns about the central biometric database of over a billion Indians.

Meanwhile, one individual — Sameer Kochhar, an entrepreneur-writer who runs a Gurgaon-based think tank called Skoch Development Foundation — has reportedly attracted the ire of the authorities. According to an Asian Age report, the Unique Identification Authority of India (UIDAI) has filed an FIR against Kochhar for violating the Aadhaar Act. UIDAI is the body that issues 12-digit Aadhaar numbers to citizens for targeted delivery of subsidies, benefits and services.

We could not independently verify which clause of the Aadhaar Act Kochhar has “violated”. Delhi Police and UIDAI officials did not returns calls or respond to emails sent by FactorDaily.

According to the Asian Age report, the police complaint was regarding an article entitled ‘Is a deep state at work to steal digital India’ that Kochhar had published in his magazine, Inclusion, on February 11. The article, which talked about security loopholes in Aadhaar, also contained an embedded video showing how unauthorised transactions can be carried out on the system. In the video, a woman demonstrates that it’s possible to save the biometric data of an Aadhaar cardholder and later use without that concerned person being physically present.

Recently, the UIDAI also filed a complaint with the Delhi Police against Axis Bank, its business correspondent Suvidhaa, and eMudhra (a firm that issues digital signature certificates) over concerns that the they had saved biometric data. The Aadhaar Act bars storing of biometric data in any system or device. Violation can attract jail time of up to three years along with a fine.

ABP Pandey, UIDAI CEO, in a series of tweets, however, claimed that “the video is fake” and went on to say that Aadhaar is “fully secure”.

#AadhaarHacked deep state steals #DigitalIndia @narendramodi Shocking Video @arunjaitley @TimesNow @ashwani_mahajan https://t.co/P8YPMSyvzn pic.twitter.com/x78T2e8Yzw

— Sameer Kochhar (@SkochSameer) February 11, 2017

The Twitterati is aghast at the UIDAI filing a police complaint rather than rewarding the person who tried to expose loopholes in the system for it to be strengthened.

Shoot the messenger instead of understanding the message. This is #ModiSarkar. @SkochSameer @Vidyut @sonaliranade @vaidehisachin @bainjal https://t.co/mnLFyOTC1r

— Prof. Satish Pandey (@SatishPan2013) March 1, 2017

@aparatbar What should have been a Bug Bounty Reward by @UIDAI is a FIR against @SkochSameer? truly disappointing for vulnerability testers

— _eMeNeF_ (@_eMeNeF_) March 1, 2017

Has any government agency really filed a FIR against @SkochSameer for saying Aadhaar can be misused or is vulnerable ? If true: terrible !

— Tehseen Poonawalla (@tehseenp) February 28, 2017

FactorDaily spoke to (and emailed) Kochhar, who finds himself in the middle of a storm, and here’s what he had to say.

Q: You have been pointing out security loopholes in Aadhaar for a while. Is that why you’re being targeted and the FIR was filed against you by an UIDAI official?

A: I don’t know if I am being targeted. I have only read that there is a FIR. As per one newspaper, I have already been arrested.

Q: Do you think the FIR could have anything to do with the recent Axis Bank-Aadhaar incident that was exposed. Could it have acted as a trigger?

A: Absolutely.

Q: Have you been approached by the police yet?

A: No one has approached me, neither police nor the UIDAI.

Q: You have apparently violated the Aadhaar Act. Do you know which clause in the Act the FIR refers to? Surely, the Act can’t penalise citizens for raising security concerns.

A: My knowledge of the act is limited and you’d surely hope that there is no provision about the media and citizens reporting concerns (about Aadhaar).

Q: In a nutshell, what are the biggest threats that Aadhaar poses in its current form? And what can the UIDAI do to plug the holes?

A: The omnipresence of Aadhaar and the resultant security issues. I believe now even Skype may require Aadhaar.

Q: In your article ‘Is a deep state at work to steal digital India?’ you raise a number of questions. Are the authorities trying to stop you from following up on these questions and do you think the FIR is a veiled threat to you?

A: I have nothing to say on the subject currently. The authorities have been apprised of my concerns and I am awaiting their response to my confidential letter.

Q: Do you feel free speech is under threat in the country?

A: Well, no one has stopped me from speaking yet.

Q: In this backdrop, how important do you think is the speech bill, which Odisha MP Tathagata Satpathy has been trying to push in Parliament? Also, India does not have a privacy law yet — what are your thoughts on that?

A: India needs to have the strongest possible privacy and cybersecurity laws and yet uphold civil liberties. It is a tough one to balance.

---