Aadhaar lessons from Trai

By: |
New Delhi | Published: August 2, 2018 1:54:27 AM

Trai chief RS Sharma, also a former chairman of UIDAI, set the cat among the pigeons when he gave out his Aadhaar number and invited people to see how it could be misused.

Aadhaar lessons from Trai

Trai chief RS Sharma, also a former chairman of UIDAI, set the cat among the pigeons when he gave out his Aadhaar number and invited people to see how it could be misused. In response, many put out details of his mobile number, e-mail, date of birth and even some bank account numbers that belonged to him. In response to this, UIDAI put out a note saying that none of these details were accessed from UIDAI and were probably accessed from various government websites which routinely contain such information on bureaucrats. As for his bank account details, Sharma tweeted to say the account numbers were all incorrect. Since NPCI’s UPI allows people to deposit money in bank accounts, or to request payments from them by just using the Aadhaar number—the bank account number is hidden—Sharma tweeted screenshots to show how he had declined various requests for money made using his Aadhaar number. Where Sharma was wrong, though, was in saying that people had not been able to deposit even one rupee into his account—the UPI-Aadhaar ecosystem allows anyone to deposit money into an account using an Aadhaar number, without the account-holder needing to authenticate this. It is true that anyone who has your bank account details can also deposit any money in it without your permission, but this is something NPCI needs to fix.

As for UIDAI’s assertions of getting personal details from various public websites, as this newspaper has pointed out several times, the Election Commission website allows you to download voter rolls for every area—it also gives you the person’s age and the name of the father/husband, apart from the address. Put in any surname in the municipal records, and you get the property ID of everyone in a colony with that surname—enter that ID and, if the tax has been paid online, you can even know how much tax was paid; even if it has not been paid online, you can get details like the phone number and email ID for the owner of each property. As for bank records, when a bank transaction requires an Aadhaar authentication—say, when you pay for your groceries via AadhaarPay—the details of the bank account do not travel to the UIDAI servers, but remain on the bank servers.

None of this is is to absolve UIDAI for leaking personal data when its vendors have leaked this information as an India Today sting found. But, were the same sting to be done on, say, a phone vendor, several personal details will also be available since people submit passports, etc, as address proof. Similarly, various government departments also put out personal details of ration-shop or pension beneficiaries, say, in the open. Once the government comes out with a privacy law, hopefully, much of this will stop. Meanwhile, Sharma has done well with this dare since it shows how robust the Aadhaar eco-system is.

Get live Stock Prices from BSE and NSE and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Next Stories
1Reliance wins case govt should never have filed
2Reservations politics’ violence will rise – Is another Mandal around the corner?
3Explained: Why the ecosystem of political donations needs greater transparency