ADVERTISEMENT
Aadhaar dare: what it bared
Rajitha Menon
Last Updated IST
R S Sharma is engaged in an online war over security of Aadhaar. After he dared hackers to use his number to breach security, and they did, he says no harm will come to him if some details are published online.
R S Sharma is engaged in an online war over security of Aadhaar. After he dared hackers to use his number to breach security, and they did, he says no harm will come to him if some details are published online.

A wealth of personal detail is out in the open after TRAI chief posts his ID number online

The online world can be an unforgiving place. Telecom Regulatory Authority of India chairman R S Sharma found this out the hard way when he published his Aadhaar number on Twitter in an open challenge to hackers to ‘harm’ him with this information.

While ‘harm’ is a subjective term here, Twitterati were more than happy to oblige. In an online tweetstorm, they posted the following details of the top bureaucrat, saying they had used his Aadhaar number to dig out his mobile number, alternative phone number, home address, date of birth, PAN, photographs, chat threads, Gmail and Yahoo addresses, frequent flyer number with Air India and bank account numbers.

ADVERTISEMENT

A person said he ordered a OnePlus 6 phone and sent it to Sharma’s residential address for cash-on-delivery while another said he had made a fake Aadhaar card using his number and used the details to authenticate himself on Facebook and Amazon Cloud Services.

One hacker said he had deposited Re 1 into one Sharma’s accounts via Aadhaar-enabled payment services using apps such as BHIM and PayTM.

However, an unfazed Sharma claimed that all these details were easily available in the public domain and wanted to know what harm a knowledge of Aadhaar number could result in.

The Unique Identification Authority of India (UIDAI), the government agency in charge of Aadhaar database of over a billion Indians, stepped in to defend him. Sharma is a former UIDAI director-general and has been an ardent supporter of the Aadhaar programme.

Joke pal

Sharma’s dare made for much mirth online, but many are worried he is dumbing down an issue with multiple serious implications. With the back and forth on Twitter, it looks like a policy question has been hijacked by practical pranks.

Protection law

The Twitter games played out just a day after the Justice Srikrishna committee came out with its report on data protection, where it proposed changes in the Aadhaar Act and recommended new safeguards to protect information collected from Aadhaar holders.

Compromised for life?

Independent security expert Anand V says loss of control over one’s data is ‘harm’ in today’s digitally enabled world. “Say someone uses the plethora of personal information linked to your Aadhaar to create a Facebook profile for you. Not a problem. What if they post something objectionable on that profile a day later? What if they use your email ID to subscribe to
random adult websites? The consequences can be financial, professional, reputational and so on, whether immediate or otherwise,” he explains.
There is little that the average citizen can do to prevent this. There should be a restriction on who can ask for your Aadhaar number so that the chances of security being compromised are minimised, he suggests.
“An Aadhaar number can’t be changed or revoked so if someone has access to that number, they have access to your details for life,” Anand says.
But what if the person changes his mobile number, bank account or email ID? “The new details can be traced to your Aadhaar ID since that never changes. Your identity is permanently
compromised for life. In Sharma’s case, people can keep sending him Re 1 for the rest of his life…or withdraw from his account,” he says.

Metrolife take: This is just not done, Sharmaji

The Aadhaar Act says that it is illegal to make Aadhaar IDs public. The disclosure of the TRAI chairman’s number is voluntary, and hence may not result in prosecution. But it is irresponsible and may cause others to become lax about the safety of their Aadhaar numbers. A man occupying a powerful position in the government and having high connections may
not be ‘harmed.’ If he faces any threat, he has powerful official machinery to rush to his rescue. But others are vulnerable. What if a single woman’s contact details are gleaned from her
Aadhaar number? She becomes vulnerable to stalking and harassment.
A senior citizen texting or emailing children about being alone similarly becomes vulnerable. If the communication is hacked with help from his Aadhaar number, it could make him a target of robbery or worse.

ADVERTISEMENT
(Published 31 July 2018, 18:13 IST)