SUMMARY
The Unidentified Groups Are Selling Login, Password And Even The Aadhaar Software, Essential To Print Aadhaar Cards
While arguing for the central government’s stand on Aadhaar case at the Supreme Court, the Attorney General (Now, Former) Mukul Rohatgi had once stated, “The arguments on so-called privacy and bodily intrusion are bogus.”
In line with the same argument, it appears that the government is least bothered about the people’s privacy and their data. Despite the repeated clarifications issued by the Government of India, the privacy concerns over Aadhaar leaks remained a major concern. In a recent report by The Tribune, some unidentified groups were found selling the Aadhaar data of over one billion people at just $7.88 (INR 500).
The link shared by these unidentified group on WhatsApp provided the login and password details to access all the necessary details of one billion Indians. One just needed to enter the Aadhaar number, and bang! It showed the rest of the details, claims the report.
After paying $4.73 more, the group even shared the entire Aadhaar software which one needs to print one’s Aadhaar details.
This is not the first-ever Aadhaar leak. The Aadhaar details have been leaking all over. It has already been widely reported that how Aadhaar data of 130 Mn people were compromised; how Jharkhand government. had accidentally leaked more than 1 Mn Aadhaar records of pensioners. Also, how various Common Service Centres across the country were involved in leaking the information, right from the collection to storage, accuracy and use of Aadhaar data.
With a database of over one billion Indians, Aadhaar is the largest biometric programme in the world, and so is this database leak.
The Aadhaar card detail is not limited to one’s biometric, but it has got the entire personal details including name, father’s name, DoB, mobile no., email id and address too.
With Aadhaar, one can, not only access the personal details but can also easily crack the other details such as tax returns, and other professional details too.
As the government has been continuously forcing everyone to link Aadhaar with their mobile phones, PAN Cards, bank accounts, with Aadhaar software and login details selling at $12.5, one can easily access to all the other related details such as PAN card no. bank accounts, ITR details, employment history and so on.
Speaking to the Tribune Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, accepted the lapse, “Except the Director-General and I, no third person in Punjab ‘SHOULD’ have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach.”
The report also reveals that the racket might have started around six months ago when some anonymous groups were created on WhatsApp. These groups targeted over 300K village-level enterprise (VLE) operators hired by the Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS) across India, offering them access to UIDAI data.
The hackers appeared to have gained access to the website of the Rajasthan government, as the “software” provided access to “aadhaar.rajasthan.gov.in”, through which one could access and print Aadhaar cards of any Indian citizen.
Devangshu Datta, Contributing Editor-Business Standard had opined, “Given excellent facial recognition programmes and off-the-shelf image converters, a digital photo can be instantly converted and compared to databases of base-64 images.” He, thus, suspected, “Then such an agency will be able to trawl public pictures downloaded from wherever, and recognise random people and tie mugshots to Aadhaar data.” This way, the enrolling agencies will have much more information linking to an Aadhaar number than even the UIDAI database can ever have.
Such agencies which are found often trading database for professional uses such as sales pitching etc. might misuse the same for a large range of activities. Hence the question is: passed under the Money Bill, where exactly Aadhaar Aadhaar is heading to, in absence of basic laws pertaining to people’s privacy and data protection?
