Post the challenge from RS Sharma, Chairman of Telecom Regulatory Authority of India (TRAI) to harm him through his Aadhaar number, it has now come to fore that the helpline number (1800-300-1947) of Unique Identification Authority of India (UIDAI), is getting automatically saved in contact list on several mobile phones. While, some mobile phones, like Realme from Oppo, certainly come preloaded with the UIDAI number, some people are finding this number when they update software of their mobile devices from Motorola, OnePlus, Samsung and Nokia. Few user of iPhone also found this helpline number on their mobiles.

 

Interestingly, this 'default' helpline number found in mobile phones is 'temporarily not available' as UIDAI uses 1947 as its toll free helpline number.  

 

French hacker Elliot Alderson (@fs0c131y) asked people on Twitter if they had the UIDAI helpline in their phonebooks. 

 

A lot of people have @UIDAI in their contact list by default. I’m thinking aloud: What if it is only the top of the iceberg?

I really need to know now. If you have an Indian phone firmware, I’m your man, please send it to me! https://t.co/xRVNM72f1u

— Elliot Alderson (@fs0c131y) August 2, 2018

 

Hi @UIDAI,

Many people, with different provider, with and without an #Aadhaar card, with and without the mAadhaar app installed, noticed that your phone number is predefined in their contact list by default and so without their knowledge. Can you explain why?

Regards,

— Elliot Alderson (@fs0c131y) August 2, 2018

 

Within hours, many people shared screenshots and confirmed it was indeed the case for Android phones. However, it is not clear how the UIDAI helpline number got into their phonebooks without their explicit consent.

 

A lot of people have @UIDAI in their contact list by default. I’m thinking aloud: What if it is only the top of the iceberg?

I really need to know now. If you have an Indian phone firmware, I’m your man, please send it to me! https://t.co/xRVNM72f1u

— Elliot Alderson (@fs0c131y) August 2, 2018

 

Yes, and it magically shows up everytime I reset my phone. Definitely a Google thing, because it happens with different ROMs.

— Soham (@shmsnh) August 2, 2018

 

No Aadhaar app installed, using Idea sim and just noticed the contact exists.

My friends using old phones like Moto E, Redmi Note 3 etc. also have the contact in their phones, some on Jio and some on Vodafone.

— ????? ???? ?? (@pussymonious) August 2, 2018

 

#googlepixel2 user here. The contact has been there since I moved phones from pixel 1 to pixel 2. I do root my phone and everytime I go back to stock firmware after factory reset - UIDAI contact and a service helpline are the only contacts listed. Never thought abt it.. cont..

— AmolG (@Amolecule) August 2, 2018

 

Holy shit. I bought my phone in the US, how the hell do they know I'm an Indian. Something deep is happening here.

— Krishna Deepak (@mskd96) August 2, 2018

 

?? bt i never installed adhar aap??? pic.twitter.com/nAjqvEOt4u

— Anirudha Sohani (@anirudha_sohani) August 2, 2018

 

Earlier in March 2016, as per suggestion from the TRAI, the Telecom Commission allowed use of 112 as single emergency number for all services like police, fire and ambulance. In addition, some emergency numbers, which are allowed in India, are 100 for Police, 101 for fire, 102 for ambulance, 108 for disaster management, 181 for women's helpline, 182 for Railway helpline, 1097 for AIDS helpline, and 1098 for child helpline. 

 

The Department of Telecom (DoT) had directed  all telecom service providers to map 112, the single emergency number with existing emergency numbers in all states and union territories. The project was to be made operational by all States and UTs under the supervision of Ministry of Home Affairs through Public Safety Answering Point (PSAP).

 

When an emergency call is received at the PSAP, it would be answered by a specially trained officer, call taker or operator of respective state and UT that will transfer the call on the type of emergency, dispatchers to police, fire medical and other response mechanisms.

 

However, there is no mention of UIDAI helpline number in any of these mandatory contact numbers in any mobile phones or on the SIM cards. 

 

Even the Draft National Digital Communications Policy-2018, talks about unified emergency response mechanism through 112 services in all areas. There is no mention of UIDIA's helpline number anywhere.

 

Arnav Gupta, co-founder at Coding Blocks, who had earlier worked at Micromax developing handsets, told the Business Standard that phone manufacturers are unlikely to add UIDAI helpline number in mobile devices on their own. “Every Android phone tries to connect to the internet and as soon as it does, it downloads a basic list of emergency contacts of each country. In India, it is distress number 112 and the UIDAI helpline,” Gupta told the newspaper.

 

He also explained that the government would have had to issue some guidelines to phone manufacturers to download this specific number, even as some operators seemed to be loading the UIDAI helpline in the SIM card as well.

 

Moneylife sent emails to UIDAI CEO Dr Ajay Bhushan Pandey and senior officials from DoT and TRAI. We will update this article with their responses as and when we receive it. 

 

Meanwhile, UIDAI in a statement on Twitter, clarified that 18003001947 is not its valid toll free number and some vested interest are trying to create unwarranted confusion in the public. "UIDAI has not asked or communicated to any manufacturer or service provider for providing any such facility whatsoever. We have not asked or advised anyone including any telecom service providers or mobile manufacturers or Android to include  18003001947 or 1947 in the default list of public service numbers," it added.

 

The press statement made by @UIDAI on the fact that their number is saved by default is a BIG LIE. Check this press statement made in 2014. pic.twitter.com/CRUTAjEg2w

— Elliot Alderson (@fs0c131y) August 3, 2018

 

You may also want to read...

Aadhaar Helpline Number Mystery: Is Google being made the scapegoat?

 

The Unique Identification Authority of India (UIDAI) has issued an advisory asking people to refrain from sharing their Aadhaar numbers with anyone or anywhere as this is against the law.

 

This follows the fiasco when RS Sharma Chairman of Telecom Regulatory Authority of India (TRAI), shared publicly his Aadhaar number and challenged to reveal his personal details. 

 

In a series of tweets, UIDAI, the authority assigned to tag every resident with a number, says, "People are advised to refrain from publicly putting their Aadhaar numbers on internet and social media and posing challenges to others. Such activities are uncalled for and should be refrained as these are not in accordance with the law."

 

Also, as per the Aadhaar Act, 2016 and IT (Reasonable Security Practices and Procedures and sensitive Personal Data or Information) Rules, 2011 and Justice Srikrishna’s proposed Data Protection Bill, personally sensitive information should not be published or shared publicly. 6/n

— Aadhaar (@UIDAI) July 31, 2018

 

Last week, the TRAI Chairman, who is set to retire in next few days, shared his Aadhaar number on Twitter with a challenge to 'harm him'. However, within moments, several people revealed his personal information, like permanent account number (PAN), his date of birth, mobile numbers, and residential address. Some even claimed to have created a profile of Mr Sharma using his Aadhaar number on e-shopping sites using these credentials.

 

Mr Sharma, former Director General (DG) and Mission Director of UIDAI, neither accepted nor rejected whether the information revealed on Twitter belonged to him or no.

 

Sharing Aadhaar number in public is against the provisions in the Aadhaar (Targeted delivery of financial and other subsidies, benefits and services) Act, 2016. 

 

According to Senior Advocate Arvind P Datar, the disclosure of Mr Sharma's Aadhaar number in a tweet could be in violation of Regulation 6 of the Aadhaar (Sharing of Information) Regulations, 2016, which states that the number of an individual shall not be published, displayed or posted publicly by any person or entity or agency.

 

In addition, Sub-section 4 of Section 29 of the Act says, “No Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations.”

 

Further, organisations that continue to ask for Aadhaar numbers in their forms, displaying or storing it on their documents, certificates, registers and databases would be committing offences under Chapter VII 38, 39, 40, 41, 42 and various sections of the IPC. 

 

"38. Whoever, not being authorised by the Authority, intentionally,— 

(g) reveals any information in contravention of sub-section (5) of section 28, or shares, uses or displays information in contravention of section 29 or assists any person in any of the aforementioned acts; 

 

...shall be punishable with imprisonment for a term which may extend to three years and shall also be liable to a fine which shall not be less than Rs10 lakh."  

 

UIDAI says indiscriminate and unwanted publication of any personally sensitive information whether Aadhaar or any other, may render the concerned person vulnerable and, therefore, should be avoided.

 

Any person indulging in such acts or abetting or inciting others to do so makes themselves liable for prosecution and penal action under the law. Therefore people should refrain from such acts. 9/9

— Aadhaar (@UIDAI) July 31, 2018

 

"In our regular media campaigns, we have been consistently making people aware not to display or publish or share their Aadhaar number in public domain. We emphasise that people should not display or publish their Aadhaar number in public," UIDAI added.

Moments after RS Sharma, Chairman of Telecom Regulatory Authority of India (TRAI), shared his Aadhaar number on Twitter with a challenge to 'harm him' on Sunday, several people revealed his personal information, like permanent account number (PAN), his date of birth, mobile numbers, and residential address. Some even claimed to have created a profile on e-shopping sites using these credentials.

 

The TRAI Chairman neither accepted nor rejected whether the information revealed on Twitter belonged to him or no. 

  

In a series of tweets on Saturday, a French security expert, who goes by the nickname Elliot Alderson and uses twitter handle @fs0c131y, caused ripples on the social media, leaking "personal address, DoB, your alternate phone number" and explaining to Mr Sharma, the TRAI chairman, how risky it was to make the Aadhaar number public.

 

"People managed to get your personal address, DoB and your alternate phone number. I stop here, I hope you will understand why make your Aadhaar number public is not a good idea," Alderson wrote.

 

If you disagree with this tweet, you probably don’t know what #privacy is...and this ok. Please, try to learn more about privacy and after that I will happy to debate with you to know if #Aadhaar is a privacy nightmare or not https://t.co/7E4nqZ5yfY

— Elliot Alderson (@fs0c131y) July 28, 2018

 

Mr Sharma, former Director General (DG) and Mission Director of Unique Identification Authority of India (UIDAI), has been maintaining that Aadhaar does not violate privacy and the government reserved a right to create such a database of residents since it gives subsidies on state-run welfare schemes. He and all other supporters of Aadhaar, however, keep quite on why Aadhaar is enforced upon citizens who does not receive any subsidy from the government.

 

It is illegal for even Mr Sharma to publish his Aadhaar number, under the Aadhaar Act. Section 29 of the Aadhaar (Targeted delivery of financial and other subsidies, benefits and services) Act, 2016 prohibits public sharing Aadhaar number. Sub-section 4 of Section 29 of the Act says, “No Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder shall be published, displayed or posted publicly, except for the purposes as may be specified by regulations.”

 

In this situation, it would be interesting to see if UIDAI takes any action against Mr Sharma, its former chief for publishing own Aadhaar number on a public platform. 

 

Amid a debate on privacy concerns, which has also reached the Supreme Court, activists and people in general fear that the 12-digit biometric number is harmful to citizen's privacy.

 

"My Aadhaar number is 7*** **** ***0. Now I give this challenge to you: Show me one concrete example where you can do any harm to me," tweeted Mr Sharma, whose tenure as chief of TRAI ends on 9 August 2018. He is holding the position since August 2015. 

 

Earlier, a Twitter user had asked Mr Sharma to "walk your talk" after the TRAI chief tweeted his interview with an online portal in which he strongly defended Aadhaar and rejected apprehensions that one billion Aadhaar accounts were vulnerable. 

 

He had said there had not been a single instance of data being breached and had there been one, the entire Aadhaar database would have been vulnerable.

 

Within hours of tweeting his Aadhaar number, Anderson replied to Sharma: "The phone number linked to this #Aadhaar number is 9********7. According to an official @nicmeity circular, this phone number is the number of your secretary," Anderson wrote and posted a link to a circular issued by the Ministry of Electronics and Information Technology (MeitY). 

 

One question here is how Mr Sharma linked his secretary's mobile number with his own Aadhaar number? Also, in that case, which number is used by Mr Sharma's secretary to link to own Aadhaar?  

 

The security researcher also posted a picture of Mr Sharma with a portion of it blackened. "I supposed this is your wife or daughter next to you."

 

Anderson, who is known to have revealed security loopholes in the Aadhaar data system, also posted screenshots of Mr Sharma's leaked details with key areas blackened and hidden.

 

One of the screenshots even carried his PAN details. But that was also hidden.

 

PAN number pic.twitter.com/yKwtT7QuCh

— Elliot Alderson (@fs0c131y) July 28, 2018

 

While personal information of Mr Sharma was being spread on the social media, his previous employer, UIDAI came out with its ‘standard’ denial. Dismissing claims made by ‘certain elements’ on Twitter and a section of media, UIDAI said, “they have fetched personal details of Ram Sewak Sharma, who is a public servant using his Aadhaar number. Any information published on Twitter about RS Sharma was not fetched from Aadhaar database or UIDAI’s servers. In fact, this so–called ‘hacked’ information was already available in public domain as he being a public servant for decades and was easily available on Google and other sites.”

 

Alderson, however says, “If your phone numbers, address, date of birth, bank accounts and others personal details are easily found on the Internet you have no #privacy. End of the story.” 

 

If your phone numbers, address, dob, bank accounts and others personal details are easily found on the Internet you have no #privacy. End of the story.

— Elliot Alderson (@fs0c131y) July 28, 2018

/div>