Irrespective of what happens later in the complaint of UIDAI against Mr Abhinav Srivastava, a software engineer working at Ola Cabs (ANI Technologies Pvt Ltd), the fact is that he has now been booked as a “Prime Accused” in a “Conspiracy” which resulted in the theft of 40000 aadhar records and has been remanded for custody by a magistrate recognizing the prima facie commission of offence. This remains a stigma in his career and would hurt him throughout his life.
The offences according to the media reports have been alleged under two sections of Aadhar Act (Sections 37,38), two sections of ITA 2000/8 (Sections 65/66) and three sections of IPC (Sections 120B,468 and 271). Cumulatively the total imprisonment under these 7 sections could be 19 years and 6 months with a maximum sentence of 7 years under Section 468 of IPC.
In view of the section 468, he could not get immediate bail and we need to see whether he would get Bail when it comes up for hearing in the Court when the remand ends. It all depends on whether the complainant UIDAI and the Prosecution on their behalf opposes the bail or not.
Some of the criminal cases booked under ITA 2000 around the year 2000 and later are still pending in courts in Karnataka and hence it should take at least 5 to six years (if not more) for this case to be decided one way or the other. If convicted, he may get a minimum of 3 years imprisonment.
Even if the person gets acquitted, it will not help him to resurrect his career since he will be unemployable by any organized sector companies.
Mr Abhinav’s LinkedIn profile says
“High impact software engineer with strong zeal for innovation and entrepreneurship. Selfdriven individual passionate for solving challenging technology problems in corporate or individual context. Successful track record of building complex multi-tiered distributed systems from concept to launch. Expertise in web application security, cutting edge cloud and mobile technologies and front end development.”
I wish he does not get frustrated and develop negative thoughts in using his technical skills because of this experience and comes out of it stronger and maintaining the ethical balance of mind.
So, with this complaint of UIDAI (which they may later withdraw since they now say that there is no “Breach” or “Data Loss”) and the enthusiastic response of the Police in hoisting sections from all known laws to get Mr Abinav arrested, the official career of one of the promising software engineers is considered as over.
Ola will also have to find a replacement and also deal with the shock and demoralizing impact it will leave on its entire technical team….unless their stars are bad in which case the impact could me more adverse.
It may be noted that the Company Qarth Techologies Pvt Ltd which is also the co-accused in this case is reported to have been acquired by Ola and is therefore a subsidiary company under the management of Ola. If this company is now accused of offences then by virtue of the operation of Section 85 of ITA 2000/8, it would be natural for the offence to be escalated to the “Persons in charge of Business”, including “CEO” and “Directors” of the “Company”. The “Company” in this case hopefully is only “Qarth technologies” and does not extend to the holding company “ANI Technologies Pvt Ltd”.
Qarth Techologies Pvt Ltd was acquired by Ola in March 2016 and the Ola Money application is the result of this acquisition. It is an important component of Ola which has added value to ANI Technologies Ltd from the investor’s perspective. In the process co founders of Qarth Abhniav Srivastava and Prerit Srivatsava both IITans from Kharagpur joined Ola. It is perhaps a relief to note that they might not have joined the Board of ANI Technologies which should be a blessing in disguise now. It is also interesting to note that the Board of ANI Technologies has among others a familiar name “Avnish Bajaj”. ( I suppose he is the same Avnish Bajaj who was once the CEO of bazee.com and was haunted by another IIT Kharagpur student in the infamous DPS video case). Hence the Board must have adequate exposure and experience to the consequences of “Non Compliance of ITA 2000/8 and this should come in handy now.
If however, the Directors of ANI Technologies are considered the ultimate bosses of Abhinav Srivastava, there is a possibility that Police may extend the case to Ola as the “owner of Qarth”. In that case there would be a serious erosion of the value of Ola in the VC market.
I suppose Qarth Technologies has been made the Co-accused because the Ad revenues arising out of the Abhinav App must have been received and used through Ola Money account. Abhinav would be one of the customers of Ola Money and Ola Money (Qarth) would be perhaps accused of not following “Due Diligence” just like baazee.com was accused of lack of due diligence in the DPS-MMS case where Mr Ravi Raj, the student of IIT Kharagpur used the bazee.com as a platform to sell an obscene video.
The indications are therefore that this case may become one of the landmark cases in Cyber Crime investigation and prosecution in which UIDAI and NIC and the Government hospitals will defend their right to follow discretionary security practice while the private sector companies like Ola and Qarth along with its employees will be expected to follow strict levels of “Due Diligence”.
However, for those who have heard me speaking on “Cyber Law Compliance” either at Engineering Colleges or in Companies, this experience of Mr Abhinav would be precisely what I would have stressed time and again as a possibility if the techies donot understand the law and learn to be compliant.
I would have also given the examples of the IRCTC hack in which a Satyam senior executive would have faced a similar fate as Abhinav but escaped since he responded to the alert sent from my end and fortified by a TOI journalist from Chennai. I would have also given the example of another senior techie from Chennai who could have got entangled in the Trisha Video case had be not been Cyber Law aware.
Many of the organizations in which I have tried to get ITA 2008 compliance program going might not have become fully compliant but the employees who have heard me would not have missed the examples of people in high places who have lost their career because they transgressed law out of ignorance (not out of malicious intentions).
I suppose that this awareness would have saved a few careers though it could not help Abhinav since Ola like many start ups perhaps did not consider “Cyber Law Compliance” as part of its Information Security requirements. There are many more such organizations all over the country and we will have many more Abhinav’s also.
However, a “Wise man always learns from other’s mistakes” and Abhinav’s mistake should be a lesson for all techies on what they should not do. It is also the responsibility of all HR professionals and Corporate CEOs and Directors to ensure that “ITA 2008 compliance” be part of their corporate Governance policy at the Board level.
There is a proverb in Kannada ” KambaLinOnige hodedare, shalinOnu echchettugonDa” (ಕಂಬಳಿನೋನಿಗೆ ಹೊಡೆದರೆ, ಶಾಲಿನೋನು ಎಚ್ಚೆತ್ತುಗೊಂಡ) (Meaning, if the person in a rug is hit, the person in a Shawl woke up).
Accordingly seeing the plight of Abhinav Srivastava and Ola, it is expected that other IT employees and Companies would now realize the importance of understanding what is the likely impact of ITA 2008 ignorance and non compliance on its business. Just as the Bazee.com incident created a high level of awareness around 2004 in Delhi, the Abhinav incident is likely to create a new sense of awareness in Bangalore.
This is unfortunate and perhaps a cynical view but still could be the positive impact of the incident for which Mr Abhinav has sacrificed his career.
Whenever I write about the Suhas Katti case in which I was part of the Police team in getting the person prosecuted as the “First Prosecution in India under ITA 2008”, and I as well as others keep quoting this as a historical case, I also feel discomfort that the poor Suhas Katti must be turning in his chair and wishing that he would be forgotten. However since “Right to be Forgotten” is not a recognized right in India, the only option for him is to change his name and identity rather than expect the history of Cyber Crime in India to be re-written by erasing his name.
Similarly, Abhinav would also wish that his name does not become a liability for himself (in future) and others in the IT job market. Unfortunately it is in the public space now and nothing can be done to protect the Privacy of the accused. My sincere apologies to him for making his name a center of public debate. But I hope this debate would save many other techies from similar plight.
7th August 2017: 19.00 hrs: PS: I have just accessed the FIR copy and would like to make a correction in the sections used in the case. As against the earlier asianet report based on which the sections have been indicated in the above article, the FIR indicates the following sections now: Sections 65 and 66 of ITA 2000, Sections 34, 120B, 471 and 468 of IPC. The complaint has been made by UIDAI but the sections of aadhar act seems to have been removed. Some of the comments made in the articles therefore stand corrected.
The earlier report of the sections used was based on the following news report in asianetnews.