I didn’t see it coming, maybe no one saw it coming. Four days back, I was on Twitter when the current chief of TRAI R.S. Sharma suddenly tweeted his Aadhaar number and posed a challenge to the Twitterati to try and access his personal data that could cause him potential harm. His objective may have been to prove that people’s data is safe behind the digital system for Aadhaar he has helped build, but it didn’t go as he had thought.
My Aadhaar number is 7621 7768 2740
Now I give this challenge to you: Show me one concrete example where you can do any harm to me!
— RS Sharma (@rssharma3) July 28, 2018
People managed to get your personal address, dob and your alternate phone number.
— Elliot Alderson aka “Vested Interest” (@fs0c131y) July 28, 2018
Successive governments have tried to make Aadhaar the single identification for people and have been making people link all other identity details to their Aadhaar numbers. The current government has been trying to make it mandatory to use the Aadhaar number wherever people’s identity has to be verified, even for buying a new mobile sim card. What they didn’t seem to have counted was how deep search engines can dig into the internet and unearth data. No one hacked into the Aadhaar database but people were still able to bring out a substantial part of the TRAI chief’s personal information associated with his Aadhaar number to make his life uncomfortable.
Started as an ambitious project in 2009 at the scale of the Social Security Number in the US with the objective of streamlining the country’s public distribution system, I believe Aadhaar has become a good case study for a failed government project. The primary reason for this is the lack of proper privacy laws. The foundation of a well-strategised and executed project lies in the to-do lists which contain the activities to be done before and after the execution of the project. The process of collecting data from people was started before adequate data privacy laws were framed. It is actually weird that in spite of being a democracy, Indians live as if they are under a dictatorship. Whenever governments come out with new regulations or standards, people obey them without questions because we have no awareness of the fact that governments are accountable to the people who vote them to power. In a democracy, people have the right to ask questions till they are convinced. In India, people who ask questions are seen as troublemakers so we have no option but to be part of the crowd.
What is even more disturbing is the fact that UIDAI, the statutory body that issues Aadhaar numbers has outsourced the collection of data and processing of enrollments to contracted bodies. After Aadhaar numbers are allotted, users have the option of modifying their details on the UIDAI website. For this, OTP authentication through their registered mobile numbers is required. A year or so ago, I had logged in and modified my details. But two days ago, I found that I am no longer able to do the authentication because my registered mobile number and email address are both missing from my profile details. I had to go to one of the contracted bodies, pay money, suffer the arrogant behaviour of their staff and put back the data that was already there in my profile. The same happened with my father’s data as well. When I contacted UIDAI customer service on Twitter and asked why my data was deleted, they did not even respond.
Without privacy laws and people’s data so vulnerable, what worries me is – what if people’s data gets manipulated? The Aadhaar Act is riddled with ambiguities. Criminal procedures cannot be invoked against improper use of people’s details. More worrisome is the question of securing people’s data against potential hacks especially because Aadhaar collects biometrics of people for enrollment. People simply don’t know how safe their private data is. More than data getting hijacked, identity theft could become a potent possibility and I cannot even start to think what impact it would have on the society.