Here is a quick refresher on the Government’s Aadhaar Scheme, its purpose, and execution.
As the video explains, one of the biggest concerns with this Aadhaar is data security and privacy. If we’re going to connect our personal information, biometrics, contact details, financial information, and familial connections to one database, that database better be secure. If it were to get into the wrong hands, the possibilities for abuse are endless – from something as small as annoying customer service calls to something as incriminating as financial identity theft. So far, there have already been many reports of how the security of the Aadhaar database has been compromised. And if these tales are anything to go by, there is a lot left to be desired from Government to beef up the data security of UIDAI.
1. With just someone’s Aadhaar number, you could find all their personal information
On 28th July 2018, the Chief of the Telecom Regulatory Authority of India (TRAI), R.S. Sharma very boldly tweeted out his Aadhaar number to showcase his trust in the security of the Aadhaar system. His ‘do your worst’ declaration went down south very quickly. People on Twitter were able to access his phone number, alternate numbers, date of birth, and residential address. Since he had linked his Aadhaar to his voting card and PAN card, even his polling station and PAN number were made public. Claiming to have his bank details, some Twitter users even posted screenshots of Re. 1 fund transfers that they had made to his bank account. His Air India frequent flyer number also became public. The Government’s defense to this entire debacle was that since R.S. Sharma is a public official, his details were public anyway. However, the ease and speed with which people could access Sharma’s Aadhaar and Aadhar-linked information still proved loopholes in the system’s security. This will probably become a cautionary tale for anyone who is asked to link-to-Aadhaar from here on out.
2. Creating an ‘inaccurate’ Aadhaar card could be as easy as creating an accurate one
One of the main objectives of putting the Aadhaar system in place was to keep an account of all Indian citizens through a universal ID system. With this, the government could also indirectly keep a track of illegal immigrants entering the country, especially those from Bangladesh and Myanmar. But they should probably have specified that the universal ID was meant for all ‘human’ Indian citizens, not pets and Gods. Back in 2015, Azam Khan, a supervisor at an Aadhaar card enrollment facility in Umri, Madhya Pradesh, was arrested for creating an Aadhaar card for his dog ‘ Tommy Singh’ s/o Sheri Singh, Date of Birth: 26/11/2009. The incident came to light when locals complained that they were being inconvenienced because the agency was creating cards for dogs and other animals.
Meanwhile, in Rajasthan, Lord Hanuman was assigned an Aadhaar card. The name on the card is registered as ‘Hanuman-ji’ and clearly shows a passport size photo of him wearing a string of pearls around his neck, it also lists ‘Pawan-ji’ (the God of Wind) as Lord Hanuman’s father. The mobile number submitted along with the application for the card lead the police to the person behind the order – Vicky Kumar. A computer operator by profession, he claimed he only decided to make this ‘Hanuman’ card out of spite when his own fingerprints weren’t accepted. This brings up the additional problem of biometrics not being a foolproof format. If Vicky Kumar could use his biometrics for Lord Hanuman, anyone could create a false identity using their biometrics.
These examples also show how easy it might be for an immigrant to get their hands on a card, which negates the purpose of keeping a track of such immigrants.
3. Aadhaar information could be accessed and misused for the benefit of private companies
In 2017, Ola employee and co-founder of Qarth Technologies, Abhinav Srivastava hacked into the UIDAI (Unique Identification Authority of India) server and accessed secured Aadhaar information. He did this by exploiting a pretty big loophole in the Aadhaar website, which is the absence of Hypertext Transfer Protocol Secure (HTTPS). Unlike the Twitterati in R.S. Sharma’s case, the hack was not to prove the laws the in Aadhaar system’s privacy, but was for personal gain. Srivastava had developed a mobile application hosted on the Google PlayStore for Aadhaar e-KYC verification via which he illegally accessed the Aadhaar database without the government’s approval. This incident is truly scary because it shows how easy it would be for any company to access information for their benefit. What stops corporates from using our data just like Cambridge Analytica used Facebook’s user information?
4. You could replicate someone’s Aadhaar card for just Rs. 800
On January 2018, the Tribune during it’s investigative report on loopholes in UIDAI data security ‘purchased’ a service from an anonymous WhatsApp user that allowed them to access the details of anyone from the 1-billion large Aadhaar database for just Rs. 500. What’s worse? For an extra Rs. 300, you could even download a software that allows you to print any Aadhaar card yourself. The money had to be transferred via Paytm and the anonymous person would create a login for you to access any Aadhaar card number in the portal, all within 10 minutes. When the authorities were contacted about this, they were shocked this was possible, because apart from the Director-General and the Additional Director-General, no one should have login access to the database. The possible misuse of this ‘service’ reveals how dangerous linking your Aadhaar could become. Someone using this service could access your bank account, get mobile numbers linked to your identity, etc.
5. Government officials could post your details ‘by mistake’
As if things weren’t bad enough, some Aadhaar-related fiasco were due to negligence on the part of the authorities. In July 2017, the details on 1.4 million pensioners from Jharkhand – all of whom had linked their Aadhaar numbers to their bank accounts, to receive direct bank transfers – became available to anyone who logged into the Aadhaar website. The authorities blamed this leak on a technical glitch. Then in August 2017, the Aadhaar numbers of over 20,000 people who had applied for low-cost housing in Ludhiana was leaked by mistake on the Punjab Government Aadhaar website. And in what was perhaps the silliest of these blunders, the government agency in charge of processing Aadhaar numbers tweeted a picture of M.S. Dhoni undergoing the Aadhaar process along with a photograph of his application form. Thanks to this, everyone who could access Twitter could access Dhoni’s personal details. This wasn’t even a database leak, it was literally an image of his details, tweeted out by the government officials themselves.
These instances prove that although linking Aadhaar means swifter government procedures, it could even result in third-parties getting their hands on your details. Taking note of these privacy concerns, Supreme Court is in the process of deciding whether or not Aadhaar should be made mandatory. But, according to the Government, if Aadhaar is not made mandatory, it’s effectiveness would diminish drastically.
So if you’re deciding whether or not to link your Aadhaar, the thumb rule is – Linking your Aadhaar is voluntary and at your discretion. Watch the video to understand what you can link your Aadhaar to and how you can do it.