Trai chief’s personal details not taken from Aadhaar database: UIDAI
Twitter users said they had accessed Trai chief RS Sharma’s private details. Hee said they didn’t get them from his Aadhaar number.Updated: Jul 29, 2018 22:54 IST
Hindustan Times, New Delhi
The Unique Identification Authority of India (UIDAI) said on Sunday Telecom Regulatory Authority of India (TRAI) chief RS Sharma’s personal details shared on Twitter were not accessed from the Aadhaar database, a day after users took on Sharma’s challenge to access his private information by using his 12-digit biometric ID.
On Saturday, Sharma shared his Aadhaar number on Twitter, challenging anyone to show him “one concrete example where you can do any harm to me”.
A French security researcher, who goes by the Twitter name of Elliot Anderson, later tweeted: “People managed to get your personal address, dob (date of birth) and your alternate phone number. I stop here, I hope you will understand why make your #Aadhaar number public is not a good idea.”
While other Twitter users, too, said they had accessed Sharma’s private details, he posted multiple tweets to say the challenge had never been about phone numbers and other information, but to cause harm using his Aadhaar number.
He added that those posting his details did not get them through his Aadhaar number.
In its statement on Sunday, the UIDAI said it “strongly dismissed the claims made by certain elements on Twitter and a section of media that they have fetched personal details of Shri Ram Sewak Sharma.”
“UIDAI condemns such malicious attempts by few individuals to malign the world’s largest unique identity project - Aadhaar… this so called “hacked” info (about Sh. Sharma’s personal details such as his add., dob, photo, mob no., email etc.) was already available in public domain…,” the authority said.
Responding to Sharma’s challenge on Saturday, Anderson and other Twitter users posted Sharma’s phone number, home address, PAN number and personal email account, without specifying how they obtained the information. The answer to the secret question to recover Sharma’s email account password was his Air India frequent flyer number, which a Twitter user claimed to have obtained from the airline’s customer care by impersonating him. This triggered some support for Sharma, as users pointed out it was an illegal way to acquire his details.
Sharma was the director general of UIDAI from 2009 to 2013 before he moved on to the role of the chief secretary of Jharkhand and then served as a secretary in the central government. Promising that he would not take legal action against anyone who revealed his details, the TRAI chairman tweeted in reply to a post: “I am just saying that by knowing my Aadhaar number, which by the way, is a random 12-digit number, you cannot cause any harm to me.”
Nikhil Pahwa, an activist and founder-editor of MediaNama, said: “Essentially, because RS Sharma is a public personality, it was easier to build a profile for him, pulling out information from old government records. Thus, there can be an assertion that Aadhaar is not necessary to build profiles. This ignores the fact that not everyone’s mobile number is publicly available, and profiling can only be done once an identifier is known and linked to multiple activities.”
On Saturday, a Twitter user also prepared a fake card with Sharma’s Aadhaar number and used it as a proof of identity with Facebook and Amazon Cloud Services. They accepted the proof of identity, Rahul Dhiman said.
“I think it’s a little early. If someone actually gets information that’s secret, then we should see. Someone needs to show that such information can be obtained using the Aadhaar number,” said Rahul Matthan, a partner-lawyer in technology and media practice at the law firm Trilegal.
While UIDAI said the response to Sharma’s tweet was “merely cheap publicity by these unscrupulous elements who try to attract attention by creating such fake news”, he did not respond to calls seeking a comment.
Many users had claimed that the they got Sharma’s personal details “by hacking Aadhaar database”, but UIDAI added such a claim was “farce” and that no such information about Sharma has been fetched from either its severs or Aadhaar database. The database is safe, UIDAI added.
“Can anyone demand on this basis that PAN (permanent account number) number is unsafe and should be abolished? Or, can say that it is the online world and online search which help gather information from different sources and create a profile and therefore, online search should be prohibited? Of course, this is not the answer,” the statement said.
The issue is not about Aadhaar, PAN or mobile number, the UIDAI said, adding that this is a challenge of emerging digital world and personal data protection, which have been sought to be addressed in the recommendations submitted by the Justice Srikrishna committee.
Recommending what it termed a “fourth way to privacy, autonomy and empowerment” that was distinct from other international experiences, the Justice BN Srikrishna Committee last week proposed a draft Personal Data Protection Bill that could form the basis of India’s first data privacy law.
Though the bill does not mention it directly, the report also suggests changes to the Aadhaar Act.
Marathon hearings in the Aadhaar case, which went on for 38 days spread across four months, ended in May, with the Supreme Court reserving its verdict on petitions challenging the constitutional validity of the unique identification project.
The main thrust of the case brought by petitioners was that Aadhaar encroached on the privacy of citizens because it entailed collection of fingerprints, iris scans and other details of citizens. UIDAI CEO Ajay Bhushan Pandey has said that data collected under Aadhaar is encrypted and even “the fastest computer on earth will take more than the age of the universe” to break the encryption key.
First Published: Jul 29, 2018 19:48 IST