ZDNet, the tech news site that is facing a discrediting campaign by the Unique Identification Authority of India after reporting about a security vulnerability in the system, is sticking by its report.
According to Reuters, ZDNet reported that the Unique Identification database system, otherwise known as Aadhaar, had a data leak on a system run by a state-owned utility company that could enable access to private information on those that are part of the biometric identification system, exposing names, identity numbers and bank account details. The Unique Identification Authority of India (UIDAI), which manages the Aadhaar program, told Reuters in a statement that “there is no truth in this story.” It said that even if the claims in the report were true, it would raise worries about the utility company and its database — not the security of the Aadhaar database. It went on to say that it is “contemplating legal action against ZDNet,” reported Reuters.
Despite that claim, Larry Dignan — global editor-in-chief at ZDNet — said in an email in response to the Reuters report that the tech news website spent weeks gathering evidence and confirming the facts of its report. “We spent weeks reaching out to the Indian authorities, specifically UIDAI, to responsibly disclose the security issue, and we heard nothing back — and no action was taken until after we published our story,” said Dignan. ZDNet isn’t the first to report about vulnerabilities in India’s national identity database, and that has raised worries about privacy in addition to security concerns. Indians have been asked to provide all sorts of information for transactions ranging from accessing bank accounts to paying taxes, acquiring a mobile phone and selling a property, among other things. The system is being challenged in the Supreme Court in India. In January the government of India said it had started looking into a report that a database with information on its more than 1 billion citizens was being sold online. UIDAI, which is in charge of the biometric identity card scheme, told Reuters it appeared to be a case of misuse — but that crucial data, such as biometric information, was “safe and secure.”