Moments after RS Sharma, Chairman of Telecom Regulatory Authority of India (TRAI), shared his Aadhaar number on Twitter with a challenge to 'harm him' on Sunday, several people revealed his personal information, like permanent account number (PAN), his date of birth, mobile numbers, and residential address. Some even claimed to have created a profile on e-shopping sites using these credentials.
The TRAI Chairman neither accepted nor rejected whether the information revealed on Twitter belonged to him or no.
In a series of tweets on Saturday, a French security expert, who goes by the nickname Elliot Alderson and uses twitter handle @fs0c131y, caused ripples on the social media, leaking "personal address, DoB, your alternate phone number" and explaining to Mr Sharma, the TRAI chairman, how risky it was to make the Aadhaar number public.
"People managed to get your personal address, DoB and your alternate phone number. I stop here, I hope you will understand why make your Aadhaar number public is not a good idea," Alderson wrote.
Mr Sharma, former Director General (DG) and Mission Director of Unique Identification Authority of India (UIDAI), has been maintaining that Aadhaar does not violate privacy and the government reserved a right to create such a database of residents since it gives subsidies on state-run welfare schemes. He and all other supporters of Aadhaar, however, keep quite on why Aadhaar is enforced upon citizens who does not receive any subsidy from the government.
It is illegal for even Mr Sharma to publish his Aadhaar number, under the Aadhaar Act. Section 29 of the Aadhaar (Targeted delivery of financial and other subsidies, benefits and services) Act, 2016 prohibits public sharing Aadhaar number. Sub-section 4 of Section 29 of the Act says, “No Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations.”
In this situation, it would be interesting to see if UIDAI takes any action against Mr Sharma, its former chief for publishing own Aadhaar number on a public platform.
Amid a debate on privacy concerns, which has also reached the Supreme Court, activists and people in general fear that the 12-digit biometric number is harmful to citizen's privacy.
"My Aadhaar number is 7*** **** ***0. Now I give this challenge to you: Show me one concrete example where you can do any harm to me," tweeted Mr Sharma, whose tenure as chief of TRAI ends on 9 August 2018. He is holding the position since August 2015.
Earlier, a Twitter user had asked Mr Sharma to "walk your talk" after the TRAI chief tweeted his interview with an online portal in which he strongly defended Aadhaar and rejected apprehensions that one billion Aadhaar accounts were vulnerable.
He had said there had not been a single instance of data being breached and had there been one, the entire Aadhaar database would have been vulnerable.
Within hours of tweeting his Aadhaar number, Anderson replied to Sharma: "The phone number linked to this #Aadhaar number is 9********7. According to an official @nicmeity circular, this phone number is the number of your secretary," Anderson wrote and posted a link to a circular issued by the Ministry of Electronics and Information Technology (MeitY).
One question here is how Mr Sharma linked his secretary's mobile number with his own Aadhaar number? Also, in that case, which number is used by Mr Sharma's secretary to link to own Aadhaar?
The security researcher also posted a picture of Mr Sharma with a portion of it blackened. "I supposed this is your wife or daughter next to you."
Anderson, who is known to have revealed security loopholes in the Aadhaar data system, also posted screenshots of Mr Sharma's leaked details with key areas blackened and hidden.
One of the screenshots even carried his PAN details. But that was also hidden.
While personal information of Mr Sharma was being spread on the social media, his previous employer, UIDAI came out with its ‘standard’ denial. Dismissing claims made by ‘certain elements’ on Twitter and a section of media, UIDAI said, “they have fetched personal details of Ram Sewak Sharma, who is a public servant using his Aadhaar number. Any information published on Twitter about RS Sharma was not fetched from Aadhaar database or UIDAI’s servers. In fact, this so–called ‘hacked’ information was already available in public domain as he being a public servant for decades and was easily available on Google and other sites.”
Alderson, however says, “If your phone numbers, address, date of birth, bank accounts and others personal details are easily found on the Internet you have no #privacy. End of the story.”