The Unique Identification Authority of India (UIDAI), the government agency in charge of Aadhaar database of over a billion Indians, stepped in to defend the unique ID project after Twitter users publicly shared personal details, including bank accounts, email IDs, PAN and frequent flyer number of Telecom Regulatory Authority of India (Trai) chairman R.S. Sharma, after he posted his 12-digit Aadhaar number and dared people to harm him. Sharma, himself a former chairman of Unique Identification Authority of India (UIDAI), had on Saturday revealed his Aadhaar number on Twitter, prompting many of his followers to dig up information about him.
One person claimed he ordered a smartphone at Sharma’s residential address on cash-on-delivery, while another said he made a fake Aadhaar card using Sharma’s number and available information and used it to authenticate himself on Facebook and Amazon Cloud Services.
The veracity of these claims could not be ascertained.
In its statement, UIDAI said personal details including address, date of birth, photo, mobile number and email address cannot be obtained from the Aadhaar database or UIDAI’s servers. Sharma’s personal details are already available in the public domain as he is a public servant for decades and is easily available through a simple Google search without Aadhaar number, UIDAI claimed.
“UIDAI condemns such malicious attempts by (a) few individuals to malign the world’s largest unique identity project, Aadhaar," it said.
The Trai chief’s Saturday dare followed a tweet asking Sharma to publish his Aadhaar details if he has “so much trust in this 13ft wall secured system".
Sharma, whose tenure ends on 9 August, asked people to show a “concrete example where you can do any harm to me".
Sharma remained unfazed. “I am not trying to prove anything. I am just saying that by knowing my Aadhaar number, which by the way, is a random 12-digit number, you cannot cause any harm to me. Please understand that I am merely trying to dis-abuse the mis-information around Aadhaar," he tweeted.
“One cannot prove that the details were out due to an Aadhaar leak. There needs to be further investigation (on) how the Twitter account claims to have got these details to arrive at a conclusion. Also, with little social engineering attack, anyone can easily gather personally identified information of government employees," a Mumbai-based security expert said on condition of anonymity.
Calling the issue “a challenge of emerging digital world", UIDAI reiterated that it is not an issue of data leakage through one’s Aadhaar number or PAN or mobile number.
“Can anyone demand on this basis that PAN number is unsafe and should be abolished? Or, can say that it is the online world and online search, which help gather information from different sources and create a profile and therefore, online search should be prohibited?" the UIDAI said.
According to UIDAI, the issue highlights the need for personal data protection and a draft bill on it has been submitted to the government by the expert panel headed by former Supreme Court judge B.N. Srikrishna.
The committee submitted its report and the draft Personal Data Protection Bill, 2018 to the government on Friday.
The bill deals with collection, storage and processing of personal data, consent of individuals, penalties and compensation, code of conduct and an enforcement model.
Navadha Pandey contributed to this story.