It just takes Rs 500 and 10 minutes for you have access to a billion Aadhaar details. The central government is in the process of making a 12-digit unique identification number mandatory for people to avail benefits of various social service schemes but data security issues relating to Aadhaar refuse to die down.
UIDAI asserted only last November that the “Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI.” A reporter at The Tribune “purchased” a service being offered today by anonymous sellers over social media application WhatsApp that provided unrestricted access to the buyer details for any of the more than 1 billion Aadhaar numbers created in India thus far.
Investigative reports have more than once revealed the security breaches even though Unique Identification Authority of India (UIDAI), the Aadhaar issuing body has time and again said that architecture of the Aadhaar ecosystem has been designed to ensure privacy and data security.
The Tribune, in an investigation into the Aadhaar security loophole, has shown that details of the 12-digit unique identification number are easily accessible. The paper said that its reporter purchased a service by anonymous sellers over WhatsApp. The reporter paid Rs 500 via Paytm to an anonymous agent. After the payment was confirmed, within 10 minutes the agent gave a login ID and password, thus giving unrestricted access to details of over 1 billion Aadhaar numbers. Through the login gateway, one can enter any particular Aadhaar number in the portal and access all details of the individual like name, address, photo, phone number, postal code (PIN) and email.
Another 300 rupees has been paid by the Tribune team to the agent for which one could get a software which could facilitate the printing of the Aadhaar card after entering the 12-digit UID number of any individual. UIDAI officials in Chandigarh expressed shock over the full data being accessed when contacted and they admitted it seemed to be a major national security breach. They immediately took up the matter with the UIDAI technical consultants in Bengaluru.
Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, accepted that this was a lapse. He said “Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is a major national security breach and it is illegal.”
“Leakage of Aadhaar data reveals that the project has failed the most important privacy test. India submitted a written position on e-commerce at the recently concluded 11th WTO Ministerial Conference, opposing the demand for negotiations on e-commerce by the US and its allies. The latter were demanding access to citizens’ database for free. The revelation by The Tribune also means that as the data has already been breached, the proposed data protection law will now hold no purpose. The state governments should cancel the MoU signed with UIDAI” said Gopal Krishan. He is New Delhi-based convener of the Citizens Forum for Civil Liberties, who appeared before the Special Parliamentary Committee that examined the Aadhaar Bill in 2010.
