NEW DELHI: Telecom Regulatory Authority of India (TRAI) chairman RS Sharma was left in an awkward situation on Saturday after he shared his 12-digit Aadhaar number on Twitter and issued a challenge to show that how mere knowledge of the number could be misused. Hours later, his personal details like PAN number and alternative phone number were put out on public domain by hackers triggering a debate on Aadhaar data security.
Sharma had tweeted: "Now I give this challenge to you: Show me one concrete example where you can do any harm to me!". The challenge by Sharma had got 577 retweets, and 745 likes by late evening.
The tweet was sent as a reply to one @kingslyj’s post at around 1.45 pm. By 6 pm, however, French security expert and Aadhaar critic, who goes by the nickname Elliot Alderson, in a series of tweets had revealed the mobile number linked to the Aadhaar number. Soon, Sharma’s PAN number, alternative phone number, email ID, the phone he was using, his WhatsApp profile pic and some other sensitive data was out in the open.
"People managed to get your personal address, DoB and your alternate phone number. I stop here, I hope you will understand why make (sic) your Aadhaar number public is not a good idea," Alderson wrote.
Alderson replied to Sharma: "The phone number linked to this #Aadhaar number is 9*********.
"According to an official @nicmeity circular, this phone number is the number of your secretary," Alderson wrote and posted a link to the Ministry of Electronics and Information Technology circular.
The security researched also posted a picture of Sharma with a portion of it blackened. "I supposed this is your wife or daughter next to you."
Alderson, who is known to have revealed security loopholes in the Aadhaar data system, also posted screenshots of Sharma's leaked details with key areas blackened and hidden.
Another hacker, meanwhile, discovered that Sharma was using an iPhone with the said number.
One of the screenshots even carried his PAN details. But that was also hidden.
A few others claimed Sharma's email security question was his frequent flyer number.
They also discovered that Sharma had not linked his Aadhaar number to a bank account. “I probably need to say it again: I’m not against #Aadhaar. I’m only against people who think that #Aadhaar is unhackable,” Elliot added.
To another users' comment seeking legal indemnity in case the Aadhaar number was indeed misused, Sharma wrote, "Show me friend! I promise that I will take no action against you".
When contacted by PTI, Sharma declined to make detailed comment on the matter saying "let the challenge run for some time".
Around 2 am, Sharma tweeted that he was still 'waiting'.
I am waiting!— RS Sharma (@rssharma3) July 28, 2018
However, some Twitter users also disputed the claims of Aadhaar data breach, stating that most of the data disclosed was in public domain as Sharma is a high ranking official.
RS Sharma, a champion of the Aadhaar
Sharma, a known defender of Aadhaar, has been maintaining that the unique ID does not violate privacy and the government reserved a right to create such a database of residents since it gives subsidies on state-run welfare schemes.
(translation: Why you so scared? What's the use of a disclaimer? These details are not any state secret. My DOB is on the Indian govt's portal for 40 years. The address is of my old house. If you want the new one's , I will give you. Want it (address of new house)?
A Twitter user had earlier asked Sharma to "walk your talk" after the TRAI chief tweeted his interview with an online portal in which he strongly defended Aadhaar and rejected apprehensions that one billion Aadhaar accounts were vulnerable.
He said there had not been a single instance of data being breached and had there been one, the entire Aadhaar database would have been vulnerable.
The Aadhaar privacy debate
Amid a debate on privacy concerns, which has also reached the Supreme Court, activists and people in general fear that the 12-digit biometric number was harmful to citizen's privacy.
The high drama played out on the micro-blogging platform just a day after Justice Srikrishna committee came out with its report on data protection where it mooted changes in Aadhaar Act and proposed new safeguards to protect information of Aadhaar holders.
The Justice Srikrishna panel on data protection has recommended that Aadhaar Act be amended "significantly" to bolster privacy safeguards, and mooted that only public authorities discharging public functions approved by the UIDAI or entities mandated by law be given the right to request for identity authentication.
The report, submitted yesterday, assumes significance given that public and private sectors are collecting and using personal data on an unprecedented scale and for various purposes, and instances of unregulated and arbitrary use, especially that of personal data, have raised concerns about privacy and autonomy of an individual.
Over the last one year, there have also been reports of personal information being allegedly compromised with increasing use of biometric identifier Aadhaar in an array of services, and the Supreme Court has reserved its judgement on a clutch of petitions challenging the constitutional validity of Aadhaar Act.
(With inputs from PTI, IANS and online desk)