Report says you can get Aadhaar details for Rs 500; UIDAI denies breach

A report claims to have bought access to a cheap software, which can be used to print the Aadhaar card of any individual

The Unique Identification Authority of India (UIDAI) has denied the media report published in The Tribune titled "Rs 500, 10 minutes, and you have access to billion Aadhaar details" and has said that it is a case of misreporting.

The UIDAI assured that there has not been any Aadhaar data breach. The Aadhaar data including biometric information is fully safe and secure.

In a statement issued on Thursday, the UIDAI said that UIDAI has given the said search facility for the purpose of grievance redressal to the designated personnel and state government officials to help residents only by entering their Aadhaar number/EID.

The UIDAI maintains complete log and traceability of the facility and any misuse can be traced and appropriate action taken.

The reported case appears to be an instance of misuse of the grievance redressal search facility. As UIDAI maintains a complete log and traceability of the facility, the legal action including lodging of FIR against the persons involved in the instant case is being done.

The UIDAI reiterates that the grievance redressal search facility gives only limited access to the name and other details and has no access to biometric details. UIDAI reassures that there has not been any data breach of the biometric database which remains fully safe and secure with the highest encryption at UIDAI and a mere display of demographic information cannot be misused without biometrics.

Further, the Aadhaar number is not a secret number. It is to be shared with authorized agencies whenever an Aadhaar holder wishes to avail certain service or benefit of government welfare scheme/s or other services. But that does not mean that the proper use of Aadhaar number poses a security or financial threat.

Also, the mere availability of Aadhaar number will not be a security threat or will not lead to financial/other fraud, as for a successful authentication fingerprint or iris of an individual is also required.Anonymous sellers on Whatsapp are said to be providing 'unrestricted' access to the Aadhaar details of more than a billion Indians for just Rs 500, according to an investigation by The Tribune on Wednesday. The paper also claims to have bought access to a software for Rs 300, which can be used to print the Aadhaar card of any individual by entering their Aadhaar number.

Aadhaar is a 12-digit unique identification number that is issued by the UIDAI to every resident Indian citizen, after recording biometric and demographic information about an individual.

The Tribune report says that the racket may have started when over 300,000 Village Level Operators(VLEs), earlier mandated to make Aadhaar cards across India were rendered jobless when post offices and banks were given the job instead, in November 2017. Over 100,000 VLEs, sensing an opportunity to make easy money, might have gained illegal access to UIDAI data and provided “Aadhaar services” to common people for a charge, including the printing of Aadhaar cards.
 

The government's unfettered access to citizens biometric details has already been in the centre of much debate in the civil society.

Earlier, in August, a Supreme Court judgement had deemed 'privacy' as a fundamental right, while dealing with a batch of petitions that claimed the illegality of Aadhaar based on the fundamental right to life and liberty. Most importantly, the government's argument that Aadhaar will be a useful instrument to aid national security be questioned. Justice Sanjay Kishan Kaul, in his judgement on the case, had noted that that big data-fuelled “profiling can also be used to further the public interest and for the benefit of national security”. 

This is not the first time that reports of an Aadhaar breach have emerged. A Right to Information response by the UIDAI in November revealed that personal details of many Aadhaar users were made public on 200 central and state government website. The websites were found to have displayed “the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public”, the authority said. However, the details were removed, after the goof-up was brought to their notice.

The central government has made Aadhaar mandatory for the disbursal of several state subsidies in the past. The government claims that Aadhaar is a panacea to end corruption in public distribution, money laundering, and terror funding. However, with this data breach, tough questions may be asked on whether the biometric repository of individuals' data makes terror funding easier by enabling access of random citizens' personal data to anyone who pays Rs 500.

The Aadhaar card has to be linked with bank accounts, permanent account numbers (PAN), financial services like public provident fund (PPF), national savings certificates (NSC), Kisan Vikas Patra, mobile phone numbers (SIMs) and insurance policies, among other things. The deadline for linking Aadhaar card with all these services is March 31, 2018.