Bengaluru-based engineer ‘gets to Aadhaar database’ to develop App 

Bengaluru-based engineer, whose start-up was acquired by Ola, named in FIR for separately building an application that purported to retrieve enrolment data with name, Aadhaar number as input. The Aadhaar project has been criticised for impinging on the right to privacy.

Police are investigating how a Bengaluru-based engineer gained access to the Aadhaar database to develop an Android application that seemed to be able to pull out confidential details, bring back into focus concerns over the programme’s security.

Engineer:

• The engineer, Abhinav Srivastava, has been accused illegally accessing the Aadhaar database.
• Sources say that the way he did it could involve either the collusion of people who had authorised access or a hack.
• Srivastava has been booked under sections of the Aadhaar act that outlaws access.
• In addition, distribution of Aadhaar data, and sections of the Information Technology act that deal with hacking.
• Srivastava headed Qarth Technologies, which built a mobile payments app called X-Pay which was acquired by Ola in March 2016.
• Sources said the app Aadhaar KYC was developed in his personal capacity.
• In addition, queries on Android application mirroring websites showed that the programme was uploaded using a developer account titled “MyGov”.
• Screenshots on the website showed the programme would show Aadhaar enrolment data after taking a person’s name and UID number as input.
• MyGov is used as an affix by the government for its digital services.
• Srivastava’s mobile phone was switched off and attempts to contact him failed.
• A statement issued by Ola said,Ola has neither commissioned nor is involved in any such activity.
• No such complaint has been brought to our notice.

Aadhaar KYC:

• KYC which means know your customer.
• It refers to a process of establishing a person’s identity with data such birth date, address and phone numbers.
• The application developed by Srivastava appeared to pull those details out using Aadhaar numbers.
• The USP of his application named Aadhaar KYC .
• Furthermore,which was taken down from Google’s Play store was to provide KYC verification using Aadhaar data.

Unique Identity Development Authority of India (UIDAI) Official:

• An official of the UIDAI at the headquarters in Delhi.
• Speaking on the condition of anonymity.
• Furthermore,denied that its servers could have been hacked.
• In addition,suggested the information may have been leaked from the National Informatics Centre, or any of the agencies authorised to provide KYC services.
• “The UIDAI database is very secure,” the official said.
• This seems to have happened at the level of the Authentication User Agency (AUA) or e-KYC User Agency (KUA).
• AUA and KUA refer to agencies such as those providing rations.
• To access the Aadhaar database so that they can deliver services based on UID verification.
• “The matter is now with the police and let us wait for the investigation to be completed,” the UIDAI official added.
• Declining to comment on how many, if at all, such cases were registered at the national level.
• Generally, we encounter malpractice cases, where some false documents have been submitted.
•  Also said,this is the first such technical case.
• Bengaluru Police Commissioner Praveen Sood said two people had been identified.
• Furthermore, no arrests had been made till Thursday evening.
• “The app has been deactivated,” he added.