This refers to the filing of FIR by UIDAI
against reporter and news house for reporting breach of security in Aadhaar
system. While companies like Facebook, Google, Twitter, PayPal have “bug bounty programs” wherein they offer recognition and prize money for reporting security bugs, the UIDAI
offers recognition for reporting security breaches by filing criminal case against the reporter. Apart from being an immature action by UIDAI, it also puts its prospects of being a strong sturdy system to a premature death. In absence of a closed loop feedback system, the system remains vulnerable to exploits. Such an act would dissuade cyber experts from exploring issues in Aadhaar.
Incidentally, India has the second largest number of bug hunters in the world. In recent past, the Election Commission
(EC) too came under similar allegations. Instead of shutting doors on the charges, the EC organised a hackathon
so that its systems be tested under clear skies. Indeed, UIDAI
has a lot to learn from the EC.
Sachin V K Washim