Aadhaar Leaks: Govt admits 210 of its websites publicly disclosed Aadhaar numbers

Replying to questions raised in the Parliament about Aadhaar data leakages, PP Chaudhary, the Minister of State for Electronics and Information Technology, said that “it was found that around 210 websites of Central Government, State Government Departments including educational institutes were displaying the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public.” Chaudhary was responding to questions raised by MB Rajesh of the CPI(M).

Chaudhary added that there has been no leakage of data from the Unique Identification Authority of India (UIDAI), and that “UIDAI has taken note of the same and is regularly monitoring the status to get the Aadhaar data removed from the said websites.”

The Minister also said that:

Private players have not acquired any Aadhaar Data including biometrics from UIDAI. The sharing of Aadhaar information is done only with authorized KYC User Agencies (KUAs)/ Authentication User Agencies (AUAs) (both can be Government or private agencies), through authorized secure applications after following well established security procedures and protocols.

UIDAI has displayed Aadhaar numbers of citizens in the past too. And in any case if the names, addresses, other personal details, plus Aadhaar numbers of presumably lakhs of beneficiaries were openly available on Government websites, isn’t that in itself a leak? Couldn’t someone have simply copy + pasted this treasure trove of data onto say a Word document? As we had reported earlier, over the months of February, March and April this year, government departments had leaked Aadhaar data by the millions. And these are just the ones we got to know about.

The fact is that we cannot be certain that private players haven’t acquired Aadhaar biometric data, because over the past few months several cases of fabrication and theft of Aadhaar data have been reported:

  • In May this year, in the Malleswaram neighbourhood of Bangalore, residents had complained that a man claiming to be a BBMP official collected Aadhaar card details from several households in the neighbourhood, saying that he was collecting the details to link Aadhaar with voter ID. Following this, two separate complaints had been filed, one with BBMP and the other with the Malleswaram police station, but two months have passed and there has been no progress in this case.
  • In June, a former section officer in the state education department and four others have been charged under the Aadhaar Act for issuing fabricated attestations of identity proof and residential address, at an Aadhaar enrollment centre in Bangalore.
  • While, back in October 2016, the Food and Civil Supplies Department had discovered a racket of linking fictitious Aadhaar numbers with bogus Below Poverty Line (BPL) ration cards in Bangalore.

In fact, these cases forced the Karanataka Government to ban Aadhaar enrollment carried out by private operators across the state from June 28. Some of the fears might have been allayed if UIDAI had revealed the number of fake and duplicate Aadhaar cards currently in circulation. Instead it cited concerns for ‘national security’ to deny data, and also refused to provide details of action (if any) it had taken in such cases.

Note that recently, UIDAI directed states to ensure that all Aadhaar enrollment agencies – including private agencies – are moved to government or municipal premises by August 31, 2017. It also said that any Aadhaar enrollment agency found to be flouting norms will be finedRs 10,000 for the first offence and Rs 50,000 for a repeat offence. Apparently, the enrollment agencies will also have to renew their registration with UIDAI after every 10 days to continue to be eligible for providing enrollment services. Currently, there are about 25,000 enrollment agencies active across the country.

MB Rajesh had asked the following questions:

(a) whether the Government has taken note of leakage of Aadhaar data from various Government Departments;
(b) if so, the number of instances of Aadhaar data leakages noticed from various Government departments and agencies;
(c) whether private players have acquired Aadhaar data including biometric details of customers; and
(d) if so, the details thereof and the steps taken by the Government in this regard?