This refers to the filing of FIR by UIDAI against reporter and news house for reporting breach of security in Aadhaar system. While companies like Facebook, Google, Twitter, PayPal have “bug bounty programs” wherein they offer recognition and prize money for reporting security bugs, the UIDAI offers recognition for reporting security breaches by filing criminal case against the reporter. Apart from being an immature action by UIDAI, it also puts its prospects of being a strong sturdy system to a premature death. In absence of a closed loop feedback system, the system remains vulnerable to exploits. Such an act would dissuade cyber experts from exploring issues in Aadhaar. Incidentally, India has the second largest number of bug hunters in the world. In recent past, the Election Commission (EC) too came under similar allegations. Instead of shutting doors on the charges, the EC organised a hackathon so that its systems be tested under clear skies. Indeed, UIDAI has a lot to learn from the EC.
Sachin V K Washim