SUMMARY
Disclosure, knowledge, or sharing of the biometric ID number does not increase digital vulnerabilities, says Sharma
On July 28, Sharma published his Aadhaar number challenging hackers harm to him on the basis of his ID
The UIDAI recently asked people to refrain from indulging in Aadhaar hacking challenges
The outgoing Telecom Regulatory Authority of India (TRAI) chairman, Ram Sewak Sharma, has defended his act of revealing his Aadhaar number on Twitter. “The intention behind my Aadhaar number disclosure was never to abet others to publish or disclose their unique biometric numbers,” Sharma told reporters while announcing TRAI apps’ integration on the UMANG (Unified Mobile Application for New-Age Governance) platform to help citizens access government services.
On July 28, Sharma published his Aadhaar number challenging hackers to do any harm to him on the basis of his Aadhaar ID. This was in response to a challenge from a Twitter user to share his Aadhaar details with the public since he had asserted his faith in the system.
While Twitterati reacted instantly by making Sharma’s mobile numbers, WhatsApp profile image and bank account details public, the UIDAI, in a press statement, asserted that even if Sharma had made his Aadhaar public, nobody could actually fetch or mobilise any information that could be directly linked or cooked with his Aadhaar number.
The UIDAI also clarified that any information published on Twitter about Sharma wasn’t “fetched from the Aadhaar database or UIDAI’s servers.” In fact, it said that this “so-called hacked information” — Sharma’s personal details such as his address, date of birth, photograph, mobile number, email, etc — was already available in the public domain as Sharma has been a public servant for decades. It added that this information was easily available on Google and various other sites through a simple search without Aadhaar number.
The next day, the UIDAI warned people not to indulge in activities such as revealing Aadhaar IDs as it is not in accordance with the law. Any person indulging in such acts or abetting or inciting others to do so makes themselves liable for prosecution and penal action under the law, the Authority said.
The UIDAI also said that revealing one’s Aadhaar ID is not in accordance with the draft Personal Data Protection Bill.
TRAI chief RS Sharma, while clarifying that his act was not intended to abet others into disclosing their Aadhaar IDs, told reporters, “I have always maintained that disclosure, knowledge, or sharing of the biometric ID number does not increase digital vulnerabilities.”
The UIDAI has continuously been attacked over Aadhaar IDs’ safety and security. While the biometric records of Aadhaar users are encrypted using a 256-bit symmetric encryption session key, the one-time use session key is then encrypted asymmetrically with a 2048-bit UIDAI-issued public key, making the Central Information Data Repository (CIDR) the sole entity that can decrypt the record.
The phlegmatic UIDAI CEO Ajay Bhushan Pandey even said to the Supreme Court, “Universe’s strength is needed to break Aadhaar encryption.”
However, the Authority can’t shy away from the leaks that have already led to the UIDAI blacklisting and blocking of 49K Aadhaar operators.
