Aadhaar breach: UIDAI denies reports of cheaply available biometric data

Mumbai: Unique Identification Authority of India (UIDAI) denied media report saying that Aadhaar cards can be bought on WhatsApp for nominal charges.

Denying media reports UIDAI said: “Rs 500, 10 minutes, and you have access to billion Aadhaar details” is a case of misreporting.

UIDAI assures that there has not been any Aadhaar data breach and that the data is fully safe and secure.

An investigation report in The Tribune revealed Thursday that anonymous sellers on Whatsapp are offering Aadhaar details of more than a billion Indians in exchange of a meagre sum of Rs 500.

The paper reported the existence of a software, available in the market for only Rs 300, which can print the Aadhaar card of any individual by entering their Aadhaar number.

The report suggested the racket could have been started by over 300,000 Village Level Operators (VLEs) who were earlier in-charge of making Aadhaar cards pan-India and were rendered jobless when post offices and banks replaced them.

Over 100,000 VLEs may have spotted this as an opportunity to make easy money, gaining illegal access to UIDAI data and provided common people with Aadhar cards for a charge, including printing the cards. 

Since UIDAI has linked Aadhar to biometric details of individuals, this might mean a massive breach of national security if proven true and more so, since the Union Government's unrestricted access to citizens' details has already been in much debate.

In August 2017, a Supreme Court judgement had declared that 'privacy' is a fundamental right, while addressing petitions that questioned the legality of Aadhaar, on grounds of fundamental right to life and liberty.

Later in November 2017, a Right to Information response by the UIDAI revealed that Aadhaar details of many citizens were already public on as many as 200 central and state government websites.

These websites displayed "the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public," and were later removed, after the situation was brought into notice. 

The government has made Aadhaar mandatory for accessing subsidies earlier and continues to insist that it is crucial for ending malpractices in public distribution systems, money laundering and terror funding.

If reports of the breach are true, however, questions will be raised on whether the easy access to random citizens' personal data for meagre amounts makes terror funding easier.

The Aadhaar card has to be linked with bank accounts, permanent account numbers (PAN), financial services like public provident fund (PPF), national savings certificates (NSC), Kisan Vikas Patra, mobile phone numbers (SIMs) and insurance policies, among other things. The deadline for linking Aadhaar card with all these services is March 31, 2018.