IIT grad detained for illegal access of Aadhaar data

The police are in the process of finding whether an accomplice at an AUA facilitated the unauthorised use of Aadhaar by Srivastava, sources said.

sedition, sedition charges, arrests on sedition charges, NCRB data, national crime, parliament, monsoon session, indian express

A BENGALURU-BASED techie accused by the Unique Identification Development Authority of India (UIDAI) of accessing the central identities data repository of Aadhaar scheme without authorisation through an online app was detained by Bengaluru city cyber crime police on Tuesday.

Abhinav Srivastava, an IIT-Kharagpur graduate and software security expert who now works with taxi hailing company Ola here, has been accused by UIDAI of illegally accessing the Aadhaar data repository through ‘eKYC Verification’, an app he developed and placed on Google Play Store at the beginning of the year.

Police sources familiar with the questioning of Srivastava said the techie has claimed that he gained access to Aadhaar data through an Authentication User Agency (AUA) for UIDAI, which had official access to the data. The police are in the process of finding whether an accomplice at an AUA facilitated the unauthorised use of Aadhaar by Srivastava, sources said.

AUAs are entities providing access to Aadhaar-enabled services to people with Aadhaar numbers. An AUA can be a private or government agency which uses Aadhaar authentication services and sends authentication requests to the UIDAI data repository for services and transactions.

There were 326 active AUAs in the country as of July 31.

“The main accused has been secured and he is being questioned. He has claimed to have obtained the Aadhaar access code from an agency,’’ a police source acquainted with the probe said.

Ashok Lenin, a deputy director at UIDAI’s regional office, filed a complaint with Bengaluru police on July 26 alleging unauthorised access of UIDAI data by Abhinav Srivastava of Qarth Technologies Pvt Ltd, a start-up he had founded on the IIT-Kharagpur campus in 2012. The complaint said that Srivastava and an unidentified accomplice had accessed UIDAI data without authorisation between January 1, 2017 and July 26, 2017 for the app ‘eKYC Verification’.

Story continues below this ad

The app delivered demographic data such as names, addresses, phone numbers of individuals from the central identities data depository to authenticate unique identity numbers. The app was placed on Google Play Store with the claim that it was developed by an entity called myGov, linked to the start-up Qarth Technologies.

Ola had acquired Qarth Technologies last year. The company has earlier clarified, “Ola has neither commissioned nor is involved in any such activity.”

According to screenshots of the app, it had between 50,000 and 1 lakh users until June 2017. The app carried a disclaimer, stating, “This is not an official application from Ministry of Unique Identification Authority of India… we don’t store any of your Aadhaar data on our server. The app is well funded by ads and we don’t need to reuse user’s Aadhaar data in any form.”

Stay updated with the latest - Click here to follow us on Instagram

Tags:
Aadhaar