Abhinav Srivastav, the 31-year-old IIT graduate accused of illegally accessing Aadhaar card details, could walk away free with a fine and no imprisonment as the app developer neither had criminal intentions nor is there any offence committed.
Srivastav was arrested after the Unique Identification Authority of India (UIDAI) officials lodged a complaint of unauthorised access to know your customer (KYC) details of Aadhaar cardholders. According to cyber-law experts and police insiders, the IITian had no criminal intent when he developed the App to access KYC details.
“Srivastav, through his app, facilitated access of details of a given Aadhaar cardholder to get his/her Aadhaar details and not those of anybody else. Thus, it does not amount to cheating. If there was mala fide intention, he would have designed, developed the app and written codes for it from proxy-IDs, leaving no digital footprints of his involvement. But that is not the case here,” said Na Vijayashankar of Naavi-Cyber Law Educationist.
A few police officials privy to the investigation told DH the app actually helped downloaders avail hospital services conveniently as the doctor/hospital appointments were confirmed after the e-hospital portal procured Aadhaar data from the National Informatics Centre (NIC) server. The portal has around 150 hospitals under it and fixing appointments is just a click away for users.
It looks like the police adopted an over-aggressive approach towards the IITian because his ‘Aadhaar e-KYC’ app fiddled with the Centre’s UIDAI server. Srivastav has been booked under Section 468 of the IPC - forgery for purpose of cheating, which is a non-bailable offence to keep him under custody, as though he has committed a heinous crime. But investigation so far has not established that he had cheated anybody.
Though he may have committed forgery by way of ‘impersonation,’ using e-hospital’s channel to access and retrieve information from UIDAI, there is no evidence of Srivastav cheating anybody for financial or other gains.
He had earned Rs 40,000 through advertisements on his app, but that is from a different source and not from UIDAI, National Infomatics Centre or e-hospital, the expert said.
May be penalised
Ideally, Srivastav will only face charges of an oversight offence and ignorance for the law and will be penalised accordingly, he said. The police are technically trying to build a watertight case and submit the charge sheet. Though the complainant has indicated offences committed under Aadhaar Act (Sections 37 and 38 read with 29(2) of the Aadhaar Act), it appears the police have not considered them relevant and hence, not included them in the FIR.
Likely to fix flaws
In hindsight, the IITian’s app helped discover a loophole (security breach) in the system, so that it can be fixed. There are hackers employed by large organisations across the world to hack into secure systems and fix loopholes, an expert said.