Aadhaar governing body, UIDAI, and the Indian government have defended the security of India’s much-hailed unique identity system on many occasions. But reports about data breaches and abuses of Aadhaar data of citizens come just as frequently.
Now, another Aadhaar data leak has cropped up, where the data of nearly 9 million workers employed under NREGA rural employment scheme in the state of Andhra Pradesh have been spilled out in public.
Another day, yet another #Aadhaar data leak of 89,38,138 MNREGA workers. Website maintained by $100 billion company TCS along with another government department. Reported to security agencies. Question: where is the UIDAI bug reporting mechanism? pic.twitter.com/0L4K2YUyl1
— Srinivas Kodali (@digitaldutta) April 26, 2018
The leak on the AP government’s Benefit Disbursement Portal was discovered by independent researcher Srinivas Kodali and showed personal data including the names, Aadhaar numbers, and Job Card numbers of the MNREGA beneficiaries.
Ironically, the Andhra Pradesh government is known to be one of the most advanced in terms of technology, considering its ties as the Cyber City during the Dotcom boom and later.
This breach of data has yet again challenged and tested the trust on the government by citizens of the country. Aadhaar data leaks by such government portals are not new of course, and UIDAI has a habit of blaming the responsible departments instead of bolstering the security of this critical data.
In a recent tweetstorm, it went to the extent of claiming that Aadhaar ID is not a private form of information and then contradicted itself by saying that Aadhaar ID must not be shared.
It has always been said #Aadhaar is being linked to religion and caste information, apart from occupation. While UIDAI is not doing it, other government departments are. Here is proof that UIDAI has no idea what all is being linked to your unique id. Website reported early today. pic.twitter.com/3acEgcA1Qt
— Srinivas Kodali (@digitaldutta) April 24, 2018
In another recent episode of a similar leak by another website belonging to the Andhra Pradesh government, the researcher spotted how Aadhaar information is being used for profiling citizens based on their religion and caste. This is a more severe issue, considering that since independence India has not been able to free itself from the clutches of caste-based violence, discrimination and communal conflicts. And state governments have not exactly proven themselves to be paragons of virtues when it comes to violence involving casteist and communal issues.
So, as we see here, UIDAI is not only compromising the security of private data but also risking the everyday safety of millions by revealing such sensitive data openly.
In another amusing event, Rakesh Dwivedi – the senior lawyer representing UIDAI and Gujarat government in front of the Supreme Court – said that his and his family’s unique ID information was stolen and shared publicly on Pastebin by a researcher. He agreed that many websites and individuals had access to the private data of many citizens but refrained from accepting that these were leaked by UIDAI or its affiliate portals.