It was foolhardiness unmitigated for TRAI chairman RS Sharma to have published his Aadhaar number in response to an ethical hacker’s challenge. Already certain things have been done using the information gleaned from the number. And it may be too early to know what exactly he has gotten himself into. Twitter users have reportedly managed to dig up Sharma’s mobile numbers, email IDs, physical address, date of birth, and even his frequent flier number.
Apparently, his frequent flier number was linked to the security question relating to his Gmail password. Also made public are his bank account numbers and someone has even deposited one rupee in his bank account. The amusing part about the misadventure is that someone has ordered a OnePlus 6 phone for him via Amazon, cash on delivery.
Not everyone is in the position of the TRAI chairman, who has huge resources at his command to counter misuse of his personal data to indulge in serious criminal activities. But the developments that followed his action show the extent of abuse an ordinary Aadhaar holder is vulnerable to on account of the details becoming known to public. As the former CEO of UIDAI, the agency responsible for issuing Aadhaar cards, Sharma may have done this to prove the security of the national ID, but it is clear that the results are not exactly what he had bargained for.
There are also ethical issues involved in his action. Like Modi’s fitness video challenge, it has already encouraged a number of people to publish their Aaadhaar details and most of such people may not have even a fraction of the technological understanding of the TRAI chairman to be aware of the implications of what they have done.
Sharma’s action amounts to trivialising the recommendations of the Srikrishna Committee to treat Aadhaar number as sensitive personal data and secure it against breaches. According to Aadhaar Act, it is illegal to publish the numbers and as such the TRAI chairman may have committed an illegal act. It is like challenging someone to commit suicide. That the Supreme Court has expressed in favour of decriminalising suicide does not justify encouraging someone to the act. In fact, Sharma has exhibited the culture of technological jingoism that he has inherited from UIDAI.
As expected, the authority has denied that the TRAI chairman’s Aadhaar number was at fault. Not many would have forgotten what the authority did to a reporter who had breached the Aadhaar ecosystem with the help of an agent to establish its vulnerability. While filing a criminal case against the reporter for the breach, in a clear case of shooting the messenger, UIDAI immediately ordered additional layers of security to the system, thus vindicating the reporter’s claim. And yet UIDAI put up a brave face.