The Centre is currently facing two strong arguments against Aadhaar in the Supreme Court, where a Constitution Bench is expected to hear the challenges against the unique identity project this month. First, activists have argued that the 12-digit unique identification number violates the fundamental right to privacy of a citizen by making this biometric-based tool compulsory for accessing government services. Second, petitioners argue, India does not currently have a strong data protection law to guard the information the citizen gives up to the state under the Aadhaar scheme.

So, every time a news organisation exposes chinks in the Aadhaar armour that indicate how its security system is not watertight, the Centre’s case for Aadhaar gets a bit more diluted. In each of these cases, the government has chosen to deny all accusations and attempt to curtail reporting on the weaknesses of Aadhaar rather than remedy the problems themselves.

Denial and FIR

It is in this pattern that the latest action against The Tribune’s reporter Rachna Khaira falls. The Indian Express reported on Sunday that the Unique Identification Authority of India, which manages the Aadhaar infrastructure, has filed a First Information Report against the journalist for an investigative article the newspaper published last week. The report said that all it took was Rs 500 and 10 minutes to break into the Aadhaar system and mine the demographic details of the entire database through agents.

The UIDAI’s initial response was the now characteristic denial, accusing the newspaper of “misreporting”, claiming that no security breach has happened and that the biometric data remained safe. Indeed, the authority argued that what had happened was just a misuse of a grievance mechanism and insisted that the leak of demographic data was not dangerous – even though conmen have used it to commit fraud.

Despite claiming nothing untoward had happened, days later, the UIDAI has proceeded to file cases under IPC Sections 419 (punishment for cheating by impersonation), 420 (cheating), 468 (forgery) and 471 (using as genuine a forged document), and under Section 66 of the IT Act and Section 36 and 37 of the Aadhaar Act. The Aadhaar Act sections seek to punish those who pose as authorised agents to collect information and who disclose identity information collected during enrollment. A prison term of three years has been prescribed for these.

Familiar pattern

This is not the first time the UIDAI is going after journalists who report on the loopholes in the Aadhaar infrastructure. In March 2017, the UIDAI filed cases against CNN News 18 reporter Debayan Roy, who reported that it was possible to get two different Aadhaar numbers with the same biometric details. This struck at the heart of the Aadhaar scheme, which has been used by the Centre to claim that the unique identification number will help weed out duplicate beneficiaries under various schemes, especially when it is linked to other documents like Permanent Account Numbers.

Writer-entrepreneur Sameer Kochhar also found himself on the receiving end of an FIR from UIDAI for pointing out that unauthorised transactions were possible using the replay of stored biometrics.

The motivation behind these cases, that deal a severe blow to freedom of press and expression, is clear. Through them, the Centre is hopeful that a chilling effect will set in, preventing journalists from pursuing investigative reports that exposes loopholes in the Aadhaar scheme.

Constitution bench

This is essential because the UIDAI and the Centre are fighting a do-or-die battle in the Supreme Court, a Constitution bench of which is currently hearing cases that have challenged the legality of the Aadhaar project. During the course of the proceedings in various Aadhaar-related cases over the last two years, the Supreme Court has pointed to the lack of a strong data protection law that would guard private data of citizens. Lawyers want such a law to ensure those enrolled for Aadhaar have legal provisions to take criminal action if their data is compromised. Under the Aadhaar Act, it is only the UIDAI that can file cases and not those whose data has been compromised.

Secondly, there is also a pattern of targeting individual reporters and not the newspaper management. In both these cases, it is not clear whether the editors of the news organisations or the publishers have been booked, despite the known fact that it is the editor of a news organisation who is responsible for selection of news. It is nobody’s argument that criminal action should be wide in its scope and drag as many people as possible. Ideally, any action against the media, for the sake of freedom of expression, should be civil action and not criminal action. But to keep the management away from the charges would mean that the Centre and the UIDAI are looking for soft targets as the legal cost for an individual reporter fighting such cases would be high, especially if the news organisation decides not to provide help. There have been many such cases in Indian media, like this one of a former NDTV reporter.

Of course, the UIDAI will defend such a strategy by claiming that the provisions under Aadhaar Act could only be used against individuals who illegally accessed the data. But it is a fact that a news report is a collaborative project of a news organisation, which involves various levels of the editorial department.

Such efforts to label all genuine criticism of the Aadhaar project as criminal is bad news even for those who believe in the project, since it means that fewer newsroom will have the incentive to point out genuine vulnerabilities. It is also important to note that lawyers arguing against Aadhaar in the Supreme Court have been unsuccessful in persuading the court to take media reports on Aadhaar loopholes seriously. With more such exposes being published, this situation could change. This is exactly what the Centre does not want and it continues to prove that it more than willing to use criminal cases in order to stop such reports from being telecast or published.