TAKEAWAYS FROM TRAI CHIEF’s AADHAR DISCLOSURE MISADVENTURE
All Stakeholders need to learn a few lessons
All Stakeholders need to learn a few lessons
The AADHAR Disclosure Dare
The Argumentative Indian, the Netizen of “Digital India”, has almost imperceptibly morphed into a Digital Being. No, not in relation to Internet dependency but in trying to answer all questions in the binary format: yes or no; right or wrong; true or false. It is perhaps the manifestation of this paradigm that the debate surrounding the TRAI Chief’s AADHAR number has degenerated into a cacophonous set of unilateral discourses, with each stakeholder trying to assert that his stand is correct and all other perspectives are absolutely wrong. Unless you have been living in the Stone Age, you ought to have learnt by now that following Mr Ram Sewak Sharma’s voluntary disclosure of his AADHAR number, accompanied by an open challenge on Twitter to cause him any harm, quite a few of his very personal particulars have been fished out of the Internet by the so-called ethical hackers.
UIDAI’s knee-jerk denial
This elicited, as expected, an immediate and animated defence from the Unique Identification Authority of India (UIDAI), the public-sector behemoth responsible for creating and managing AADHAR. UIDAI, in an official Press Note dated 29th July, 2018 was at pains to point out that the entire information had been siphoned out of or culled from web-sites of other organizations, rather than UIDAI. It maintained that the UIDAI servers had not been hacked and the system remained robust and impregnable.
TRAI Boss’s version
The man in the eye of the storm, Mr Sharma, continued to maintain his obdurate stance, claiming in The Indian Express[1] that no palpable damage had been caused to him merely because the Twitterati were able to access his mobile number, alternate mobile number, current and previous residential address, PAN number and his Bank Account particulars. His write-up was also aimed at giving the rationale behind his divulging his AADHAR number — to expose the nefarious designs of and motivated scare-mongering by self-styled “privacy activists” whose basic objective was to sabotage the AADHAR project. He concluded, with a bit of bravado: “My point is simple: Aadhaar does not contribute to increasing any of your other digital vulnerabilities.” Sharma was thus trying to act as a Good Samaritan qua the UIDAI of which he had served as the Director-General for nearly three and a half years as an IAS officer, before his retirement and appointment as the TRAI Chief.
UIDAI’s belated advice: Don’t disclose your AADHAR
While he did so, UIDAI came up with another detailed Press Note/ Public Advisory on 31st July, 2018 exhorting “people to refrain from publicly putting their Aadhaar numbers on internet and social media and posing challenges to others.” Without naming Sharma, the official version of UIDAI now became that one should not publicly share one’s AADHAR number and it ought to be done on purely “need-to-know” basis. It was also a climb-down from its earlier Press Note that had categorically denied any breach in UIDAI servers or security and reiterated that overall AADHAR Scheme continued to be robust.
The “ethical hackers” and the Twitterati were essentially saying that it’s a scenario like in the story of “The Emperor’s Clothes”, where the naked (pun intended) truth of serious breach of personal privacy continued to be denied both by Sharma, the original dare-author, as well as the official agency, namely the UIDAI. The celebrations were, however, slightly muted since no one wanted to be slapped with criminal cases at the behest of the concerned official authorities.
Truth lies somewhere in the middle
To be fair to the UIDAI, no one has been able to gain unauthorized access to the AADHAR computer network. Any such ingress could have permitted the hacker to change particulars like mobile number, address, email id and even bio-prints stored therein in an unauthorized manner. In that limited sense, UIDAI’s servers and system continued to “be impregnable”. On the other hand, Mr Sharma too is perhaps right that no damage or harm has been caused to him, even though sensitive personal particulars were skimmed very easily by social-media users from the Internet in matter of just a couple of hours. He’s entitled to his own definition of personal privacy; I, for one, would have felt very exposed, nay violated, had similar particulars of mine found their way into the public domain. The Twitterati also seem to have succeeded in their mission to disseminate the message that indiscriminately disclosing of one’s AADHAR number can lead to leakage of very sensitive personal information. The public is perhaps a little less confused and a tad more wary of divulging their AADHAR details in future.
However, the fact remains that once AADHAR had been issued to a nearly 100% of the eligible population, not only the Governments , both at the Centre as well as in the states, but also the various subordinate organizations began to insist on this number, irrespective of whether the scheme pertained to a government dole/ subsidy or not. Various commercial organizations with clients running into tens of millions, like banks and telecom companies, also pushed for the same. Petty vendors, with no access to an internet system have also started asking for a hard-copy of your AADHAR. As long as the manual procedures or the computer systems of these organizations remain insecure, leaky or vulnerable, AADHAR will continue to provide an easy “tag” or “unique identifier” to fish out the personal particulars of the individual. AADHAR may not have been infected or become a source of infection, but it potentially could unwittingly become the “carrier” of infection, till the systems using it are fully secured. In a word, the Governments as well as user organizations and private citizens need to tread with care while asking for or giving the AADHAR number. We may all have a little to learn from this episode, which should not be brushed aside as a mere ill-advised bravado.
_______________________________________________________________
K.B.S. Sidhu. The author is an IAS officer of 1984 batch of Punjab cadre. The views expressed are his own.
He can be reached on kbs.sidhu@gmail.com or @kbssidhu1961 or https://www.facebook.com/kbs.sidhu
[1] https://indianexpress.com/article/opinion/columns/rs-sharma-aadhaar-number-challenge-trai-chairman-twitter-5283781/