Social media has been agog over much of the past few days over a story in the Chandigarh-headquartered ‘Tribune’. The newspaper’s reporters had ‘purchased’ complete access to more than a billion Aadhaar accounts in India. All it took was a transfer of `500 through Paytm to an ‘agent’ communicating over WhatsApp, and a ‘gateway’ with a login and password was sent to the Tribune reporters in a jiffy. Using the gateway, they were able to access the account details of whosoever they wanted, including the photo, address, phone numbers and email IDs.
As the storm raged over compromised privacy, the Unique Identification Authority of India (UIDAI) issued a denial stating “Aadhaar data including biometric information is fully safe and secure,” and claimed “the reported case appears to be instance of misuse of the grievance redressal search facility.”
Break-ins and data misuse But the damage had been done. Misgivings have been building up and thousands of bank account holders and mobile phone users are worried that ‘linking’ Aadhaar to their accounts might lead to digital theft.
Barely six weeks ago, Bharti Airtel opened accounts of customers in its Airtel Payments Bank without authorisation, while carrying out Aadhaar verification of their mobile numbers. Airtel was exposed when payments for cooking gas subsidy landed into the Airtel Payment Bank accounts of some customers instead of their regular, notified bank accounts. The UIDAI has launched an investigation but we are yet to hear who are the culprits and how has Airtel been penalised.
There have been cases where even biometrics have been stolen. The Authority was forced to file a criminal complaint on February 24, last year, admitting that an employee of a private vendor, Suvidhaa Infoserve, had used an Axis Bank gateway to illegally access UIDAI servers. Using a stored fingerprint, the hacker was able to conduct as many as 397 biometric transactions between July 2017 and February 2017.
There are two waves of rising anger. The first argues that by the government’s process of collecting and storing citizens’ data has been so callous, that its data banks are a virtual sieve allowing information to slip through with the click of a mouse. The work on collating and banking the mountains of data and printing and issuance of Aadhaar cards was given to private vendors and their employees like the Suvidhaa Infoserve hacker.
Lakhs of village-level operators were hired under the government’s Common Service Centres Scheme and given access to UIDAI data to generate, print and distribute Aadhaar cards. It is through these insecure nodes in the Aadhaar network that the mafia has broken in to peddle Aadhaar data.The other angry group, mostly netizens, point out that such a volume of identity details of an entire nation in government hands is bound to lead to compromise of individual freedom and safety. Leading the charge is the famous hacker Edward Snowden. In 2013, at the risk of life and limb, he exposed how easy it was to break into US government servers and steal identity details. Now, seeing the breach of Aadhaar’s security walls, he tweeted: “It is the natural tendency of government to desire perfect records of private lives. History shows that no matter the laws, the result is abuse.”
The Aadhaar scheme kicked off by the UPA was implemented by the Narendra Modi government as a scheme to combat corruption, ensuring gas and farm subsidies are received directly in the bank accounts of beneficiaries. Now with its soft underbelly exposed, the legal challenge to Aadhaar has become even more important. It started with a bunch of petitions challenging the constitutional validity of the identification scheme. The government argued that there was no Fundamental Right to Privacy and so Aadhaar is a scheme that the government could implement at its discretion.
So the Supreme Court had to first decide whether ‘privacy’ was indeed a ‘Fundamental Right’. After two years, on August 24, the Supreme Court held that all citizens enjoy the Fundamental Right to Privacy, protected by Article 21 of the Constitution. If the apex court had held there was no ‘Fundamental Right of Privacy’ the matter would have ended there. Over the next three months the Supreme Court will now decide whether or not the UIDAI programme violates the Fundamental Right of Privacy. If the court goes with the naysayers, the Aadhaar card will become just another voluntary identity card; if the government wins, Big Brother will become Bigger.