Police Arrest Engineer For Hacking Indian Identity PlatformBy
Case marks first prosecution for alleged Aadhaar data theft
Arrest comes amid criticism about security and privacy
Police have arrested a software engineer for stealing sensitive information on more than 50,000 people from India’s Aadhaar biometric identity program, the first criminal charges stemming from a government initiative that’s been criticized for lacking privacy protections.
In a Bangalore police complaint, the engineer was accused of gaining information from the nationwide platform from January to July by using an app to mimic another initiative that lets Aadhaar holders set up appointments online with Delhi hospitals.
Launched in January of 2009, Aadhaar’s overseers are already grappling with accusations of inadequate security for data gathered from more than a billion Indians, as well as potential violations of personal privacy. The country’s Supreme Court is about to rule on a separate case that seeks to uphold privacy as a fundamental right, in a challenge to the program’s legality.
Though data leakages have been reported in the local press, the case involving the engineer marks the first prosecution related to the system.
“The person is in police custody and has been charged with criminal conspiracy and forgery under the Indian Penal Code as well as the Information Technology Act,” said Suneel Kumar, police commissioner of Bangalore.
According to the complaint, the engineer farmed details including names, addresses and phone numbers through an app. If proven guilty, the engineer faces three years in jail and a hefty fine.
Conceived as a program to curb the siphoning-off of welfare meant for the poor, Prime Minister Narendra Modi has pushed the system’s adoption into uses spanning buying a phone, getting utilities connected or conducting financial transactions online.
Ajay Bhushan Pandey, chief executive officer of the Unique Identification Authority of India, which oversees the program, said in a statement that Aadhaar data is completely secure and asked users not to disclose their individual numbers to unknown persons, callers or websites.