New Delhi: The Telecom Regulatory Authority of India (TRAI) chief did not know what was about to hit him when he posted his Aadhaar number on Twitter with an open challenge to hackers to ‘harm’ him using his Aadhaar number.
Within hours, Sharma’s personal information — including his phone number, email ID, residential address, his display picture, Air India frequent flyer number and even alleged details about his bank accounts — were abundantly doing the rounds on the microblogging site.
One particular Twitter user who goes by the pseudonym ‘Elliot Alderson’ (Mr Robot, anyone?), claimed to have allegedly used Sharma’s Aadhaar ID to fish out his personal details.
The TRAI chief, who is a strong proponent of Aadhaar, hit back claiming the data that these people had ‘found’ were already existing in the public domain and that the Aadhaar number had nothing to do with it.
However, Sharma’s stunt led many to question the legality of him posting the number on a public platform in the first place.
According to the Aadhaar Act 2016, “no Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly except for the purposes as may be specified by regulations.”
Doing so will incur a three-year jail term.
But how could Sharma post his Aadhaar number on Twitter?
According to lawyer Ranjeev C Dubey, it was perfectly legal of Sharma to post his Aadhaar number anywhere.
“It is his data, if he wants to put it on Twitter, he is absolutely within his rights to do so. The act specifically mentions consent. Maybe it is illegal to post someone else’s Aadhaar number,” said the lawyer, adding that the fuzziness of the law could lead to various interpretations.
Pointing at some of the problems in the Aadhaar Act, Dubey said, “One has to provide Aadhaar details even while receiving couriers these days. There is nothing secret about the number. The biometric information is of course a different story.”
Advocate Zoheb Hossain agreed, claiming that though Aadhaar number is considered “sensitive information” under the Act, it does not specifically say that an Aadhaar holder cannot publish their unique ID on social media.
Hossain is currently defending the Aadhaar Act in front of a Constitutional Bench in Supreme Court on behalf of UIDAI and the Maharashtra government.
“The provision applies to the data collector or the fiduciary more than the general individual. It applies to the authorities or persons related to authorities concerned with data collection such as UIDAI and state government,” the advocate said.
However, he added that the Act nonetheless deems Aadhaar as ‘sensitive private information’ and maybe the TRAI chief had been a bit hasty with his revelations since the matter is still in the realm of speculation.
“The Parliament has deemed the unique 12-digit code as sensitive information and so it may be best to not go about indiscriminately airing one’s unique number to the public.”
“In fact, even if RS Sharma had posted his wife’s number without her consent, it would have been illegal,” Hossaid said.
The fact that the unique number is deemed "sensitive information" is because these numbers are linked with the biometric data of millions of individuals in the country. Unlike password protected data, biometric data is itself the data and the password too. Once stolen, it can lead to a person losing their identity for life with little recourse to getting it back.
Thus, the social media uproar over media reports revealing RS Sharma’s already public Aadhaar number may be justified and newspapers and other platforms that published the number (without seeking explicit consent from Sharma) could in fact be in contravention of the Aadhaar Act.
According to Ranjeev Dubey, vague laws such as these are a cause of concern. Aadhaar regulations that have already faced much debate and criticism are central to the life and identity of millions of Indians trying to avail different services.
With growing number of reported data breach cases, including theft of biometric data such as fingerprints, pulling such stunts on microblogging sites may not be the best response to the problem after all.
While the TRAI chief, who was previously the founding CEO of UIDAI, claimed that no harm could be done to him using his UID. However, the same may not hold true for others if they make their ID public and may not have access to as much technology as Sharma himself.
According to news website Medianama’s founder and tech expert Nikhil Pahwa, Sharma’s act could set about a bad precedent for normalizing leaking of information on public platforms.
Pahwa claimed in an editorial posted on Medianama that such actions may end up promoting doxing – an act of publishing private information about an individual or group, typically with malicious intent – a kind of cybercrime that women specifically fall prey to.
In fact, according to reports, RS Sharma’s own daughter received an email on July 30, in which alleged hackers threatened to reveal all personal documents of the Sharmas if not paid a ransom.
Is UIDAI still as confident about its claim that the Aadhaar number is inviolable? Questions remain.
Comments
0 comment