Mr Dhapre's Aadhaar number has been used by scamsters for obtaining SIM cards, opening bank accounts, and even creating seller accounts on e-commerce portals for duping people. Everyday someone or other lands up at his door seeking 'refund' of his/her money of which Mr Dhapre has no idea whatsoever.
"His case highlights how easy it is to impersonate someone with just a copy of their Aadhaar card, and how important it is to guard it just as one would a credit card or a bank account number," the report says.
Quoting from a first information report (FIR) filed by Mr Dhapre at VP Road Police Station in Mumbai, the newspaper report says, he had registered for his Aadhaar in 2012. "Three years later, an officer from Mundhva police station in Pune arrived at his house, suspecting that he had been harassing a woman over the phone. Mr Dhapre had to travel to Pune to record his statement. It turned out that the man behind the harassment had used Mr Dhapre’s Aadhaar card to get know-your-customer (KYC) done for not just the mobile connection in question, but two others as well."
Not just mobile numbers, fraudsters have even used Mr Dhapre's Aadhaar for opening a bank account, which he came to know only in 2017. Mumbai Mirror says, "...in 2017, he went to a bank to open a joint account with his father. He furnished his Aadhaar card but was told it could not be accepted as it had already been linked with another bank account. Mr Dhapre wrote an email to the bank at once, saying his Aadhaar card had been misused."
When Mr Dhapre searched Google for his name, to his shock, he found a copy of his Aadhaar had been posted on several portals. "He soon learned that someone using his name and Aadhaar number had opened an account on a shopping website and duped several people with the false promise of selling them branded electronic gadgets. Soon enough, victims of these fraudsters began showing up at Mr Dhapre’s door, demanding their money back. Many created a scene and even warned him of ‘consequences’ if he didn’t return their money," the report says.
What is more shocking is Unique Identification Authority of India (UIDAI), the de-facto numbering agency, has almost no mechanism or system to address such grievances.
When Mr Dhapre approached UIDAI, he was told that while his Aadhaar number could not be changed, it could be cancelled and that he should do so. He told Mumbai Mirror that “I approached UIDAI but they have no way of changing someone’s Aadhaar number. They said I should de-activate my account but that is not a solution. They wanted me to lodge a complaint for every single fraudulent transaction. That is an impossible task. They need to have a better solution to my problem as I am suffering for no fault of my own.”
As per the provisions of Sections 27 and 28 of Aadhaar Act, a person's Aadhaar can be cancelled or deactivated if multiple Aadhaar numbers have been issued, or there are discrepancies in the biometric data or supporting documents. But there is nothing in the law about misuse or impersonating of an Aadhaar number-holder at multiple places.
Interestingly, the Aadhaar Act under Chapter IV- 29 prohibits publishing, displaying or posting publicly any Aadhaar number. This is a punishable offence under Chapter VII 38 (g), which says…
(g) reveals any information in contravention of sub-section (5) of section 28, or shares, uses or displays information in contravention of section 29 or assists any person in any of the aforementioned acts;
Last year, UIDAI itself had said, "Do not publish any personal identifiable data including Aadhaar in public domain/ websites etc. Publication of Aadhaar details is punishable under Aadhaar Act.”
This clarification was outcome of a fiasco when RS Sharma, chairman of Telecom Regulatory Authority of India (TRAI), shared publicly his Aadhaar number and challenged to reveal his personal details. Within moments, several people revealed Mr Sharma's personal information, like permanent account number (PAN), his date of birth, mobile numbers, and residential address. Some even claimed to have created a profile of Mr Sharma using his Aadhaar number on e-shopping sites using these credentials.
Mr Sharma, former director general (DG) and mission director of UIDAI, neither accepted nor rejected whether the information revealed on Twitter belonged to him.
According to senior advocate Arvind P Datar, the disclosure of Mr Sharma's Aadhaar number in a tweet could be in violation of Regulation 6 of the Aadhaar (Sharing of Information) Regulations, 2016, which states that the number of an individual shall not be published, displayed or posted publicly by any person or entity or agency.
In its tweet on 31 July 2018, UIDAI had stated "Any person indulging in such acts or abetting or inciting others to do so makes themselves liable for prosecution and penal action under the law. Therefore, people should refrain from such acts."
However, in case of Mr Dhapre, UIDAI has no solution, except for asking him to de-activate his Aadhaar number and face multiple consequences. This means if he deactivates his Aadhar number, all his linked bank accounts, mobile SIMs, and PAN card would become dead, which not just Mr Dhapre, but anyone in similar situation cannot afford or even think about.
According to the report, Mr Dhapre has also filed complaint with the cybercrime police station, but there still is no respite to him since his case was forwarded to the local police station for further investigation.
“There was no relief. People would keep coming to my house. In October a man from Bhiwandi came to my home claiming that I had taken Rs17,000 from him for an iPhone but had never given him the gadget. It was only when I explained everything in detail to him that the man calmed down and left,” Mr Dhapre was quoted by the newspaper as saying in his statement to the police.
He told the newspaper, “My life has become hell. I receive at least two or three authentication-failure emails a day, apart from several anonymous calls and messages, which indicate that people are trying to use my Aadhaar somewhere. Jharkhand, Punjab, Haryana… the list is endless. I also have a toddler at home, and random men turning up at my home every day, sometimes in my absence, is scary.”
“Whenever I inquire with the police, their only response is: ‘We are investigating’. There is no relief in sight. Even the cybercrime cell has not been able to help erase my details online,” Mr Dhapre had said.
On his Facebook, Mr Dhapre has put up a warning message saying, “My name being used for online fraud transaction. Immediately log police complaint against that person.”
It is important to remember that UIDAI has been legally structured in a manner that is not answerable to people, nor is it obliged to complete any updations or explain why something takes so long.
On its website, UIDAI had listed possible criminal penalties from the Aadhaar Act. Two such penalties that can be used in Mr Dhapre's case are "Impersonation by providing false demographic or biometric information is an offence and appropriating the identity of an Aadhaar number holder by changing or attempting to change the demographic and biometric information of an Aadhaar number holder is an offence, both attracts imprisonment for three years and a fine of Rs10,000."
While Mr Dhapre's case is unique, the internet is full of Aadhaar records of many residents. A simple search can reveal Aadhaar data of hundreds, if not thousands, of the UID holders.
Yet, Aadhaar continued to being touted as the biggest tool of empowerment in India by politicians and highly educated tech-czars who stand to profit from its widespread use, doesn’t matter the hardship and nightmares caused to ordinary people.
You may also want to read...