- 12:30 pm: This correspondent posing as ‘Anamika’ contacted a person on WhatsApp number 7610063464, who introduced himself as ‘Anil Kumar’. He was asked to create an access portal.
- 12:32pm: Kumar asked for a name, email ID and mobile number, and also asked for Rs 500 to be credited in his Paytm No. 7610063464.
- 12:35 pm: This correspondent created an email ID, email@example.com, and sent mobile number ******5852 to the anonymous agent.
- 12:48 pm: Rs 500 transferred through Paytm.
- 12:49 pm: This correspondent received an email saying, “You have been enrolled as Enrolment Agency Administrator for ‘CSC SPV’. Your Enrolment Agency Administrator ID is ‘Anamika_6677’.” Also, it was said that a password would be sent in a separate mail, which followed shortly.
- 12:50 pm: This correspondent had access to the Aadhaar details of every Indian citizen registered with the UIDAI.
And for a further Rs 300 the Tribune correspondent, Rachna Khaira, got the same agent to install on her computer software that allowed her to print out anyone’s Aadhar card.
By any yardstick, this is a security breach of the grossest sort. In a well-ordered society, people would be up in arms; in a well-run government, a flat-out effort would be initiated to not merely plug this leak, but to revamp the infrastructure bottom-up and build in place sufficient checks and balances to ensure that your privacy, the security of your personal information, is sacrosanct. Judging by the lukewarm response to the story, though, we are neither a well-ordered society, nor do we have a well-run government. Vide this official response from the UIDAI:
That is the best the organization in charge of Aadhar can do? Say that “mere display” of your information is ok and cannot be misused? Stripped of jargon, the UIDAI will have you believe that it is okay for someone to know your Aadhar number, your PAN, your telephone numbers, the full details of your bank accounts, and whatever else you have linked to your Aadhar card, and it is okay, no harm, no foul.
Really? Remember this story?
The police in Delhi and the neighbouring township of Noida are investigating several complaints of fraud in which money was suspected to be siphoned out of bank accounts of victims with the help of a Unified Payment Interface-supported application linked to Aadhaar, the 12-digit biometrically linked unique identification number that the government wants every Indian resident to have.
And yet the UIDAI insists that a third party acquiring details of your Aadhar is A-okay. The ruling party, meanwhile, goes one better; this is what the BJP’s official Twitter handle says in response:
How is the story a “fake”? More so, when the officials concerned call it a national security breach? From the story:
When contacted, UIDAI officials in Chandigarh expressed shock over the full data being accessed, and admitted it seemed to be a major national security breach. They immediately took up the matter with the UIDAI technical consultants in Bangaluru.Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, accepting that this was a lapse, told The Tribune: “Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach.”
In fact, the dangers of Aadhar have increasingly become so obvious that one-time apostles have begun questioning its various applications — as for instance Arun Mohan Sukumar who, in mid-2017, was advocating the expansion of the identity document into a foreign policy tool, but more recently had this to say:
“Surveillance” is a word that keeps cropping up whenever Aadhar comes up for discussion. The other is “fake”. Remember this story from May 2017 of Pakistani nationals getting fake Aadhar cards for a payment of just Rs 100 apiece? Or this, also from May, of the Pakistani hiding out in an ISKCON temple in Haryana with a fake Aadhar? Or this one from July 2017 of a Pakistani drug smuggler who had two fakes in his possession? Remember how Lord Hanuman got an Aadhar card? Or how they issued one to Tommy the dog? Remember how the Swachch Bharat website was found leaking Aadhar numbers? Remember how, as late as November 2017, over 200 government websites were found leaking Aadhar details? Oh and by the way, this happened yesterday:
Any one of these instances should have sufficed for the government to do a rethink, to revamp the UI scheme top to bottom, to take these security threats seriously? And yet, even cumulatively, these instances and dozens more continue to be ignored by a government that chants “All is well”.
Heck, as far back as 2011, a Parliamentary Standing Committee had ripped the project to bits. Inter alia, the committee said:
“In the absence of data protection legislation, it would be difficult to deal with the issues like access and misuse of personal information, surveillance, profiling, linking and matching of data bases and securing confidentiality of information etc.”
In less than three years, in course of which he became prime minister, the same Modi has gone from criticizing Aadhar to becoming its fervent champion; using the muscle of his government to ram it down everyone’s throat while ignoring well-documented instances of security breaches.
In journalism school they teach you a lesson that is also a cornerstone of police and legal procedures: When something is done that prima facie makes no sense, that seems to defy logic, and you want to make sense of what is happening and why, ask yourself this question: cui bono?
PostScript: This is for fans of crime fiction. Last year, I had asked Twitter for recommendations of new books/authors in the crime fiction category, and the magic of Twitter kicked in. Here is a link to the resulting thread, filled with dozens of brilliant recommendations.
Also, the first Test between India and South Africa begins tomorrow. I’ll do a stop-start live blog during play — see you guys here then.