PLUGGING THE AADHAAR LEAKS
Abig controversy erupted around the vulnerability of Aadhaar data following media reports that the personal details of a billion Indians, who have been enrolled by the Unique Identification Authority of India (UIDAI), were on sale for a song. On January 3, The Tribune said that its correspondent was given access to personal data, including names, addresses, postal codes (PIN), photos, phone numbers and emails of Aadhaar cardholders for as little as Rs 500 over WhatsApp. What’s more, with an additional Rs 300, illegal operators provided her ‘software’ that could facilitate the printing of the Aadhaar card upon entering the Aadhaar number of any individual.
The report created a storm, with the Opposition attacking the government for failing to protect the private details citizens have shared with the UIDAI. But what raised a bigger storm was the UIDAI’s move to file a first information report (FIR) against Tribune correspondent Rachna Khaira and the ‘unknown agents’ who had provided her access to Aadhaar’s demographic database. In a statement, the Editors Guild of India condemned the UIDAI’s move and said it was “clearly meant
to browbeat a journalist whose investigation on the matter was of great public interest” and termed it an “unfair, unjustified and a direct attack on the freedom of the press”. It also demanded a thorough investigation into the alleged breach and a withdrawal of all cases against the reporter. American whistleblower Edward Snowden also criticised the Indian government for a textbook enactment of ‘shooting the messenger’.
The government stepped in to control the damage, with Union law minister Ravi Shankar Prasad stating on January 8 that the government was committed to the freedom of the press and “to maintaining the security and sanctity of Aadhaar for India’s development”. Clarifying that the FIR was against “unknown” people, he said he had suggested that the UIDAI “request The Tribune and its journalist to assist the police in investigating (the) real offenders”. In a recent development, to restrict the use of the Aadhaar number, the UIDAI has introduced virtual IDs that can be generated for a short period and used instead of Aadhaar. The UIDAI has also restricted the access of around 5,000 officials to the Aadhaar portal, following the uproar over the breach.
The controversy could not have come at a worse time for the government, which has been widely criticised for making Aadhaar compulsory for the most commonplace of benefits and purchases, right from distribution of subsidies to paying income tax to purchasing mobile SIM cards and insurance, or even procuring a death certificate. The Supreme Court is hearing a slew of petitions relating to privacy issues around Aadhaar, including whether privacy is a fundamental right. The next hearing is scheduled on January 17. The apex court has referred all Aadhaar-related cases to a five-judge Constitution bench.
The latest Aadhaar breach also brings to the fore the need to strengthen privacy laws in line with the 2012 recommendations of the Justice A.P. Shah-led Group of Experts on Privacy. In its report, the panel had said that a framework on the right to privacy must include privacy concerns around data protection on the Internet, appropriate protection from unauthorised interception, audio and video surveillance, use of personal identifiers, bodily privacy, including DNA as well as physical privacy.
“It (the move to link Aadhaar with most services) is a fait accompli, and unless the Supreme Court finds it unconstitutional or something, I don’t think things are going to change,” says a privacy expert.
The breach reiterates the need to strengthen laws on lines advocated by the A.P. Shah expert panel