Aadhaar database is ‘totally safe’, UIDAI conveys in 17 tweets

Justice Srikrishna Committee has come out with its report on data protection mooting changes in Aadhaar Act and proposing new safeguards to protect information.


The Unique Identification Authority of India (UIDAI) has asserted that the personal details of Telecom Regulatory Authority of India Chairman R S Sharma being posted on Twitter are not “hacked” from the Aadhaar database or its servers, as is being claimed by the users putting them out. The UIDAI said these Twitter users were “fraudulent elements active on social and other media”, asking people not to believe them.

It said the “so called hacked information” could be easily accessed with a simple Google search, and you won’t need the 12-digit Aadhaar number for that. The UIDAI reiterated that “Aadhaar database is totally safe, posting a total of 17 tweets to drive home the point. In two additional tweets, the UIDAI tagged a number of media organisations too to take note.

On Saturday, the TRAI chief shared his Aadhaar number publicly, challenging anyone to “harm” him using the number. The move saw a full blown war of words between Sharma, some ethical hackers and other users over the potential misuse of Aadhaar number. The “open challenge” created a flutter, with many users, most of them claiming to be ethical hackers, beginning to put out Sharma’s personal details — from PAN to mobile number to email IDs — one by one.

 

READ | TRAI chief reveals his Aadhaar number, challenges Tweeple to breach his privacy

On Sunday, a few users even claimed to have Sharma’s bank account details, and they deposited money via Aadhaar-Enabled Payment Service (AEPS) using apps like BHIM and Paytm, and also through IMPS. Posting screenshots of the transactions, the users highlighted that depositing money into anyone’s bank account without their knowledge or consent could land the recipient in trouble.

The UIDAI, however, claimed that Aadhaar database “is totally safe and has proven its security robustness over last eight years”, and that “any information published on Twitter” about Sharma was “not fetched from Aadhaar database or UIDAI’s servers”.

“UIDAI strongly dismissed the claims made by certain elements on Twitter and a section of Media that they have fetched personal details of Shri Ram Sewak Sharma who is a public servant using his Aadhaar number. UIDAI condemns such malicious attempts by few individuals to malign the world’s largest unique identity project – Aadhaar,” it tweeted on Sunday evening, adding: “Aadhaar has built the digital trust among people at large and these devious elements are trying to spread misinformation.”

Reiterating that the so called “hacked” information about Sharma personal details was already available in public domain, “he being a public servant for decades”, the UIDAI said the claim was a “farce”.

The UIDAI went on to call these Twitter users “fraudulent elements active on social and other media” and asked people not to believe them.

“This is merely cheap publicity by these unscrupulous elements who try to attract attention by creating such fake news,” the UIDAI tweeted.

It said anyone could find out Sharma’s personal details without using his Aadhaar number as his mobile number was available on the NIC website as he was, at one point, the IT Secretary.

Claiming that his other details like date of birth and postal address, and possibly email ID too, were also in public domain, the statement said: “They clubbed all these inputs and claimed that they have managed to breach Aadhaar database and got his personal details, which is completely false.”

While some users put out tweets saying they managed to get fake Aadhaar card made using the number given out by Sharma, UIDAI said: “In today’s digital world through various search engines such as Google, personal data can be picked from different sources without Aadhaar and a profile can be made.”

 

Stating that PAN details could also be used in a similar way, the UIDAI asked: “Can anyone demand on this basis that PAN number is unsafe and should be abolished? Or, can say that it is the online world and online search which help gather information from different sources and create a profile and therefore, online search should be prohibited?”

The UID Authority said it was a challenge of emerging digital world and personal data protection, which had been sought to be addressed in the recommendations submitted by the Justice Srikrishna Committee.

The matter assumes significance as the Justice Srikrishna Committee came out with its report on data protection only last week in which it mooted changes in Aadhaar Act and proposed new safeguards to protect information of Aadhaar holders.

The UIDAI statement came after many on Twitter claimed victory in response to Sharma’s open challenge by “leaking” his personal details. The TRAI chief too in multiple tweets and replies said the challenge had never been about phone numbers and other information but for causing harm using knowledge of his Aadhaar number.

Sharma, the former UIDAI director general, has been vouching for safety of the Aadhaar programme and dispelling privacy concerns surrounding it.

Many users on Twitter, however, were not convinced as they said Sharma failed to see the “harm” his personal details could do to him if put out in public domain.