• RS Sharma tweeted his Aadhaar number, throwing an open challenge to people to do him harm based on the number
• Twitterati, including ethical hacker Elliot Alderson published Sharma’s personal information on Twitter
• The UIDAI said Sharma’s personal details were available online and had not been fetched from Aadhaar database
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
While Facebook, faced with a $5.7 Bn US tax bill, was just hit by a ‘Thanos Snap’ that wiped out over $120 Bn of its market value within 24 hrs, with its shares plunging over 20%, Twitter continues to be a Kurukshetra (battleground) for Orwellian discourses.
Trump apart, Aadhaar data security — which has been continuously challenged by hackers and security analysts — is the centre point of many such discourses on Twitter, with Twitterati trolling policymakers and the Unique Identification Authority of India (UIDAI).
However, this time for a change, an Aadhaar challenge was thrown by none other than the chairman of the Telecom Regulatory Authority of India (TRAI), Ram Sewak Sharma. An IAS, IIT-Kanpur and University of California alumnus, Sharma has also served as the director general of the UIDAI and secretary of the department of electronics and information technology (under the ministry of communications and information technology of the Centre) in the past.
Sharma, reacting to a Tweet challenging him to walk his talk by publishing his own Aadhaar number on Twitter if he had trust in the system, actually shared his Aadhaar number and threw a counter challenge asking anyone to harm him in any manner on the basis of this information.
While Twitterati reacted instantly by making Sharma’s mobile number and WhatsApp profile image public, the UIDAI, in a press statement, asserted that even if Sharma had made his Aadhaar public, nobody could actually fetch or mobilise any information that could be directly linked or cooked with his Aadhaar number.
The UIDAI also clarified that any information published on Twitter about the Sharma was not “fetched from the Aadhaar database or UIDAI’s servers.” In fact, it added that this “so-called hacked information” — Sharma’s personal details such as his address, date of birth, photograph, mobile number, email, etc — was already available in the public domain as Sharma has been a public servant for decades. It added that this information was easily available on Google and various other sites through a simple search without Aadhaar number.
Sharma’s personal details were earlier published by the French security researcher Robert Batiste aka Elliot Alderson and others on Twitter.
Elliot Alderson has often rebuked Aadhaar security by publishing website links containing Aadhaar data on Twitter. The hacker also posted a video explaining, “How to bypass the password protection of the official #Aadhaar #android #app in 1 minute.”
Why Did RS Sharma Share His Aadhaar Number On Twitter?
An anonymous Twitter user tweeting from the handle @kingslyj challenged Sharma to share his Aadhaar number if he had “so much trust in this 13ft wall secured system”. @kingslyj tweet was a reaction to a recent article on ThePrint entitled ‘What harm can you do to me if you have my Aadhaar details, asks Trai chairman RS Sharma’.
In response to @kingslyj’s tweet, RS Sharma, on July 28, published his Aadhaar number challenging people to do him any harm with the information.
Sharma tweeted, “My Aadhaar number is 7621 XXXX XXXX. Now I give this challenge to you, show me one concrete example where you can do any harm to me.”
Following this, Aadhaar detractor and ethical hacker Elliot Alderson, in a series of tweets, posted Sharma’s publicly available information including his mobile numbers, email ID, and his WhatsApp profile images. However, Anderson erroneously claimed that no bank accounts were associated with the Aadhaar ID, to which Sharma responded, “I have linked all my bank accounts with Aadhaar, for your kind information.”
Very soon, some others posted his bank account details too.
Aadhaar Database Is Fully Safe And Secure: UIDAI Statement
The next day, on July 29, the UIDAI, in a thread of 17 tweets, dismissed any possible hacks of Aadhaar data, maintaining that any information published on Twitter about Sharma had not been fetched from the Aadhaar database or the UIDAI’s servers.
The Aadhaar database authority stated, “Certain so-called hackers while responding to a challenge thrown by Sharma to attempt to really ‘harm him by using his Aadhaar’, have claimed to have found his mob no., PAN & other details such as alt. mob no., DoB, email, photo, frequent flight details, etc, through Aadhaar. They boasted that they had got Sharma’s aforesaid personal details by hacking Aadhaar database. This so-called claim is a farce and people should not believe such fraudulent elements active on social and other media.”
“Aadhaar database is fully safe and secure and no such information about Sharma has been fetched from UIDAI’s severs or Aadhaar database. This is merely cheap publicity by these unscrupulous elements who try to attract attention by creating such fake news. Factually anyone can google or visit other sources and find out Sh. Sharma’s personal details without Aadhaar. For example, Sh. Sharma’s mobile number is available on NIC website as he was once Secretary IT, Government of India.”
This is not the first time, or the last, that the world’s largest biometric programme, Aadhaar, has been attacked on Twitter over a series of data leaks and security loopholes. In fact, such attacks on Aadhaar and its supporters are a frequent thing on Twitter. In fact, thanks to the Aadhaar controversy that the Indian government had finally accepted the Right to Privacy as people’s fundamental right after a Supreme Court’s verdict.
It, therefore, had a role to play in the formulation of a draft Personal Data Protection Bill, which was submitted to the government by the Justice Srikrishna committee on Friday, July 27.
However, the point of concern here is not that RS Sharma’s personal details could or could not be hacked out the Aadhaar database. It’s no secret, how Aadhaar data has been fetched right from the application phase to from buying access to its admin login IDs, the fundamental point, therefore, is why to hack Aadhaar if there are multiple leaks in the Aadhaar system! And, the UIDAI can’t shy away from the leaks that have already led to the UIDAI blacklisting and blocking of 49K Aadhaar operators.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.