ADVERTISEMENTREMOVE AD

UIDAI Denies Latest Aadhaar Data Leak, Misinforms the Public Again

A point-by-point rebuttal of the UIDAI’s “denial” of the latest Aadhaar data leak.

Updated
story-hero-img
i
Aa
Aa
Small
Aa
Medium
Aa
Large

On Friday, The Quint reported that the Aadhaar details of numerous individuals had been published online by websites including a government site, India’s top football body AIFF, and a private company Starcards India among others. The report did not blame the UIDAI for the data leak.

But predictably enough, the UIDAI felt the need to issue a complete nine-point denial on Twitter and in the process, misinformed the public about the matter. Not to mention the obvious, but a simple Google search “mera aadhaar meri pehchan filetype:pdf” gives access to the data.

So if you want to check the veracity of our article, all you need to do is make one simple online search.

Read on to find out the UIDAI’s nine tweets of reassurance that “all is well”, and our point-by-point counter explaining why it’s really not.
A point-by-point rebuttal of the UIDAI’s “denial” of the latest Aadhaar data leak.
Every single time.
(GIF: Meghnad Bose/The Quint)
ADVERTISEMENTREMOVE AD

UIDAI Cries "Fake News" but Can't Explain Why

Dear UIDAI, when you say that our reports “are intentional and irresponsible acts of some unscrupulous elements” and “are far from the reality”, you’re wrong. They’re not far from reality at all – the reports are stating facts, facts that are verifiable by anyone who searches the internet for the phrase “mera aadhaar meri pehchan filetype:pdf”.

The news was published to bring to light a serious concern – that personal documents of individuals are accessible publicly online. Reporting that is anything but “irresponsible”, and to call us “unscrupulous” for doing so is a ludicrous claim.

Nothing to Do With the Security of Aadhaar?

UIDAI says that the data leak has “nothing to do with the security of Aadhaar and its database. As none of the Aadhaar cards shown are taken from UIDAI database.”

Nowhere in the original article has the UIDAI been blamed for the data leak. Nowhere does it say that the Aadhaar cards shown have been leaked from the UIDAI database.

The report is not about the security of the Aadhaar database. The report is about the danger of Aadhaar details of random people being available online, their loss of privacy and increased vulnerability to online frauds and phishing.

Just because the Aadhaar cards mentioned have not been stolen from the UIDAI database but have been uploaded by individual websites (including a government site), it does not make the problem go away. It is a security concern, even though the Aadhaar database itself has not been breached. That, really, shouldn’t be so difficult to understand.

In fact, what’s needed from the UIDAI, is acceptance that several organisations that are now repositories of Aadhaar-related data of their employees, need education on how to safeguard such data and their employees’ privacy.

ADVERTISEMENTREMOVE AD

People Should Take Precautions, but Govt Sites Shouldn't?

The UIDAI advises that when people share their Aadhaar details online, “they should take due precautions as required in any digital activities.” Yes, UIDAI, thank you for making our point.

That precaution is essential because if the personal documents of individuals fall into the wrong hands, there is immense scope for misuse of that information.

Which is what we have been saying all along! Which is the problem with the personal documents of hundreds of individuals being available online, accessible by anyone with an internet connection.

See, dear UIDAI, the problem would seem a problem to you if you weren’t so intent on denying everything that has the words “Aadhaar” and “leak” in the same sentence.

ADVERTISEMENTREMOVE AD

“Sharing Aadhaar Details” Not the Same as Divulging Them

UIDAI tweeted, “Aadhaar as an identity document by its very nature needs to be shared openly with others as and when required and asked for.”

Dear UIDAI, nobody is refuting that. But there’s a difference between an individual providing his Aadhaar details when needed versus an organisation divulging them online.

For example, I may provide my Aadhaar card as identification while checking into a hotel. The hotel may scan it and keep a copy for their internal records. However, this does not mean that the hotel has the right to upload that scanned copy online, available for public viewing.
ADVERTISEMENTREMOVE AD

Surely You’re Joking, UIDAI!

Among the nine tweets in UIDAI’s vehement denial, the most absurd one has to be the sixth tweet.

The UIDAI claims, “By simply knowing someone’s Aadhaar, no one can impersonate & harm him because Aadhaar alone is not sufficient, it requires biometrics to authenticate one’s Identity.”

It’s time for a fact check.

The following details of people were revealed online in the latest Aadhaar data leak.

  • Name
  • Aadhaar number
  • Parent’s name
  • Address
  • Date of birth
  • Photograph
A clear danger when someone gains access to so much of your personal information is that it makes you more vulnerable to phishing.
ADVERTISEMENTREMOVE AD

Phishing in Troubled Waters

A point-by-point rebuttal of the UIDAI’s “denial” of the latest Aadhaar data leak.
Data leaks of personal information increase the threat from phishing.
(Photo: The Quint)

Phishing is the fraudulent practice of sending emails or making calls claiming to be from reputable companies in order to induce people to reveal their personal information, such as passwords and credit card numbers. The information obtained is then used to carry out credit card frauds, unauthorised transactions and the likes.

If an unauthorised individual to whom you have not provided your personal information can manage to gain access to your identification documents, that information may, in fact, be used to dupe you.

So organisations like the AIFF and government body Indian National Centre for Ocean Information Services are making the people, whose personal details they are divulging online, more vulnerable to online frauds and phishing.

ADVERTISEMENTREMOVE AD

If Only Wordplay Could Make Our Data Safer

The UIDAI’s final two tweets of denial use a clever choice of words to tell a half-truth.

When the UIDAI claims, “there has not been a single breach from its biometric database during that last eight years of its existence”, it conveniently ignores two things.

  1. The report on the latest data leak specifically mentions that biometric details have not been divulged in the leak.
  2. Neither the investigative report by The Tribune in January (Rs 500, 10 minutes, and you have access to billion Aadhaar details) nor the followup by The Quint (Aadhaar’s Dirty Secret Is Out, Anyone Can Be Added as a Data Admin) mentioned that biometric details have been leaked. However, both reports showed how compromised the security of the Aadhaar database was.

So for the UIDAI to boast that “Aadhaar remains safe and secure” by mentioning that “there has not been a single breach from its biometric database” is to quote information in a deliberately misleading manner.

There may be no conclusive reports that show breach of biometric details, but there are conclusive reports to show breach of non-biometric details.

These non-biometric details include an individual’s photograph, full name, parent’s name, date of birth, email address, mobile number, gender and complete residential address.

And as explained above, for reasons like the increased threat from phishing, such data leaks are a cause for concern, aside from the obvious privacy woes that arise.

ADVERTISEMENTREMOVE AD

Living in Denial: Against National Interest

A point-by-point rebuttal of the UIDAI’s “denial” of the latest Aadhaar data leak.
Whom will this denial help? No one.
(Photo: Altered by The Quint)

For the UIDAI to repeatedly brush away legitimate worries about data leaks does not bode well for the country. Their vehement denial to the latest data leak relies on half-truths and faulty reasoning to make its point – that all is well with everyone’s Aadhaar data.

Yet, as we’ve explained in this point-by-point counter, the UIDAI’s assurances seem to be, to use their own words, “far from the reality.”

(The Quint has given up the use of plastic plates and spoons. This Earth Hour, what will you #GiveUp to save the planet? Use the hashtag #GiveUp and tag @TheQuint to tell us.)

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: 
Speaking truth to power requires allies like you.
Become a Member
Read More
×
×