INSUBCONTINENT EXCLUSIVE:
UIDAI, the body that governs Aadhaar, has told the Supreme Court that its database cannot be breached or used to profile citizens
A new data leak suggests that there may be no need for hackers to go that far
Government departments are already using the unique identification number to aggregate data from different departments, complete with the
individual's religion, caste, bank account numbers and their exact location.Still worse, some of them have placed this private information
on its websites for anyone to see.The Andhra Pradesh State Housing Corporation this week joined the list of organisations called out for
exposing private information about individuals after a cyber security researcher complained that the state-run body had exposed Aadhaar
numbers of 1.3 lakh people and allowed targeting of over 50 lakh individuals by caste, religion and locality.This is what made the leak more
It also had a search feature which could generate targeted lists of people based on their religion and caste and even show their exact
location because of geo-tagging
For example, one could simply search for "Dalits" or "Muslims" and get to know how many Dalits live in Vishakhapatnam or Muslims live in
Kurnool.Srinivas Kodali, the Hyderabad-based cyber security researcher, says this was contrary to what the centre had been telling the
Supreme Court."The UIDAI has informed the Supreme Court that Aadhaar can never be used for surveillance or to track religious and caste
But the fact is the Andhra Pradesh government has used Aadhaar to build profiles of their beneficiaries
All of this information is in public domain and it could be misused by political parties for voter profiling."The Aadhaar law has strict
provisions how the biometric data collected by UIDAI can be used
As UIDAI chief ABP Pandey famously told the Supreme Court, its data was secured using encryption that would take billions of years to
crack.But there is nothing to stop private and government departments from creating such database that can be abused
In previous instances, UIDAI has washed its hands off such leaks or database suggesting that its responsibility stopped at securing its
database.The database on Andhra's housing corporation website - it has been shut down for now - was part of an ambitious project launched by
the Andhra Pradesh government in 2017 called the People's Hub
It used the Aadhaar number to merge data from 29 different departments
Other states are planning to follow the same footsteps and that would only lead to a bigger crisis for data privacy in this country.Amba
Kak, a policy analyst who has taken a hard look at India's privacy provisions, suggests there are many ways in which such data can be
misused."The question to be asked is the ways it can be used and misused
This could mean financial fraud but it can also mean targeting of minorities in this country
This argument that we keep hearing about how privacy is not so important for socially and economically disadvantaged populations
This (database leak) is a reminder that these marginalised communities are ones who are at most risk," she told
TheIndianSubcontinent.Reached out for its comments, the Andhra Pradesh government said the government adheres to the rules and regulations
of the Aadhaar Act 2016 and the orders from the Hon'ble Courts in the context of data privacy
"We are investigating into this report and once we understand the full situation we will update you," the government said.The state of
Andhra Pradesh is the first State to form 'core data authority' following guidelines of Aadhaar Act 2016 that frame the guidelines for
