Aadhaar privacy row: SC raps govt as 134,000 Indians' data leaked; updates

UIDAI accepted in Aadhaar case that there was no Supreme court order to make it compulsory to link Aadhaar with mobile phone number. Find latest news on Aadhaar data breach and privacy issues

BS Web Team  |  New Delhi 

Aadhaar-mobile linking
Illustration: Binay Sinha

Aadhaar privacy row: On reasonable grounds, the benefits that Aadhaar offers to citizens are immense. But the actual costs stem from the possible misuse of Aadhaar data. Despite a robust legislation on data protection by UIDAI, Aadhaar numbers and bank details of over 134,000 beneficiaries on Andhra Pradesh Housing Corporation's website have been leaked. The Andhra Pradesh government’s cyber security researcher Kodali Srinivas has revealed how a state-run agency has disclosed the Aadhaar data, bank accounts information with IFSC codes, caste and religion besides geo-location of 134,000 beneficiaries of housing schemes. The leaked details have now been taken off the website. Even after repeated claims by the Unique Identification Authority of India (UIDAI) that Aadhaar data can never be used for surveillance or to track religious and caste information, this new data leak of sensitive information is likely to bring the authenticity of the nodal agency’s regulations on data protection under question. The latest Aadhaar data breach took place just a day after Chief Minister N Chandrababu Naidu inaugurated the Andhra Pradesh Cyber Security Operations Centre (APCSOC). The Andhra Pradesh government has used Aadhaar to build profiles of their housing beneficiaries. All of this information is in public domain and it could be misused by political parties for voter profiling, reported Free Press Journal. According to an NDTV report, the Andhra Pradesh government said that it adhered to the rules and regulations of the Aadhaar Act, 2016. The leaked data were part of a list titled ‘Beneficiary Details belonging to Entry Report for Scheme Hudhud’ on the housing website. "We are investigating this report and once we understand the full situation we will update you," the government said. Under the Aadhaar law, strict provisions determine how the biometric data collected by the UIDAI can be used. In fact, the country’s nodal agency for data protection needs to bring in tough legislation to prevent other governmental departments from collecting and misusing the database. Here are the top 10 developments on the latest Aadhaar data breach, challenges to its authenticity and privacy issues: 1. Aadhaar data leak of over 134,000 beneficiaries: Andhra Pradesh Housing Corporation's website has allegedly disclosed personal information and bank details of about 134,000 people with several private agencies. An independent cybersecurity researcher Kodali Srinivas brought to light the latest Aadhaar leak case and informed the UIDAI and government officials. The concerned Aadhaar users are anxious over the safety of their leaked data and that eventually the hackers would get their hands on the information and can misuse them. Srinivas told the New Indian Express that he had not hacked the website, but the Aadhaar details were already publicly-available for anyone to see and download. The leaked data can be prone to the misuse by hackers and corporations, especially for voter profiling by the political parties.

2. Not the first Aadhaar data breach: According to a report in the New Indian Express, Kodali Srinivas reasoned that it was not for the first time the data leak has taken place. “This is not the first time. They had done this earlier too. In an order to build a massive database of its citizens, the Andhra Pradesh government is collecting details of each and every citizen in the name of transparency and e-governance. But all these details are not necessary if the purpose is just transparency," the researcher explained. He also clarified that UIDAI has not linked citizen’s Aadhaar data with their caste, religious and occupational information but other governmental units seem to be doing so. UIDAI has no idea what all is being linked to your unique ID, he tweeted with a screenshot. 4. Can govt mandate Aadhaar-mobile linking without SC’s order?: The Supreme Court on Wednesday questioned the Centre's decision on ordering mandatory linking of mobile numbers with Aadhaar and said its earlier order on mandatory authentication of the users was used as a "tool". A five-judge Constitution bench headed by Chief Justice Dipak Misra, hearing a clutch of petitions challenging Aadhaar and its enabling 2016 law, said its order on a PIL filed by 'Lokniti Foundation' had said that mobile users needed to be verified in the interest of national security. "In fact, there was no such direction from the Supreme Court, but you took it and used it as a toll to make Aadhaar mandatory for mobile users," the SC bench said. 5. How can DoT mandate Aadhaar linking with mobile phones: Senior advocate Rakesh Dwivedi, appearing for UIDAI, on Wednesday said the Department of Telecommunication (DoT) notification talked about re-verification of mobile numbers by using e-KYC process and the Telegraph Act gave "exclusive power to the central government to decide license conditions" of service providers.

"How can you (DoT) impose a condition on service recipients for seeding Aadhaar with mobile phones," the bench said, adding that license agreements were between the government and the service providers.

Dwivedi said the direction to seed mobile with Aadhaar was taken in pursuance of TRAI's recommendation. Besides, the government was entitled and had legitimate state interest to ensure that a sim card is given to only those who applied, he said, seeking to allay apprehensions that the State would will surveil the people 24x7. "My submission is that the government had a legal basis to link Aadhaar with SIM by virtue of section 4 of the Telegraph Act and also, the measure is reasonable in the interest of national security," the lawyer stressed. Dwivedi, at the outset, alleged that the Aadhaar scheme was being unfairly targeted as nobody was questioning the banks and the telecom firms on a collection of information. 6. Banks, telecom companies have much bigger database: The banks and telecom companies have much "bigger database" about the citizens, senior advocate Rakesh Dwivedi said, adding, "For example, Vodafone has a much bigger data base of information even without Aadhaar. The Aadhaar data is immaterial for them." "Appreciate the fact as to how much information a bank possesses about its customers. Every transaction as to what I purchase by using cards, where and when, all this information is with banks. Aadhaar does not tell all this. This information are already there and is being used for commercial purposes," he said, adding that a person starts getting numerous calls before their car insurance expire. He said people are being "scared" about Aadhaar but "nobody questions the telecom companies, banks.... Their single target is Aadhaar". Dwivedi informed the bench about an app, available on Google Playstore and said it has so many personal information about a person. He gave details, procured by using the app, about him, his family members to the bench. The bench was pleasantly surprised. Dwivedi said it has details regarding how much he charged from the Jammu and Kashmir government for appearing in a case. The lawyer referred to the control being enjoyed by the UIDAI over entities, private and government which seek Aadhaar authentication for providing services and benefits to citizens. meta data of citizens, asks SC: The Supreme Court, on April 24, asked the Unique Identification Authority of India (UIDAI) why it needed to collect ‘meta data’ of personal transactions of citizens which go for Aadhaar authentication to avail services and benefits. “Why do you (UIDAI) have to retain meta data of personal transacations of persons entered through Aadhaar authentication”, asked the SC bench that was responding to the submission of UIDAI that it collected only “limited technical meta data” to have control over the requesting entities. Meta data is a set of data that describes and gives information about other data. 8. Aadhaar supported by UPA, NDA, says UIDAI: the UIDAI counsel on Wednesday said the Aadhaar scheme has the support of two successive governments and senior advocate Kapil Sibal, who had opposed it for a party in the Supreme Court, was part of the empowered Group of Ministers which had dealt with the 12 digit unique national identifier issue. 9. UIDAI introduces new QR code for offline Aadhaar verification: To shield the crucial information and add an extra level of privacy to Aadhaar against tampering, the Unique Identification Authority of India (UIDAI) has introduced an updated digitally signed 'QR code' on e-Aadhaar that will now contain the photograph of the Aadhaar user with other non-sensitive details like name, address and birth date. The new 'QR code' can be used for offline user verification without disclosing the 12-digit identification number, according to a PTI report. This new feature is available through Aadhaar downloads and contains the photograph of the Aadhar user in addition to the existing availability of demographic information. Aadhaar, PAN cards mandatory for opening bank accounts, says RBI: The Reserve Bank of India (RBI) has made Aadhaar and PAN cards mandatory for opening bank accounts. The RBI said the updated know-your-customer (KYC) requirement was subject to the Supreme Court’s final judgment on Aadhaar, for which the hearing is underway.
With agency inputs

First Published: Thu, April 26 2018. 18:54 IST