Aadhaar: Why Is Google Again Sneaking UIDAI's Helpline Number into Mobile Phones?
Google India, which had apologised in August for 'inadvertently coding' the helpline number of Unique Identification Authority of India (UIDAI), continues to insert the 1800-300-1947 helpline number in the contact list of the newly introduced mobile phones and operating systems (OS).
 
In a tweet, one Jishu, who claims to be a software enthusiast and to have developed an Indic keyboard, says he found the UIDAI helpline number in the newly introduced Google Pixel 3 mobile phone. Interestingly, Google will be releasing its Pixel 3 in India by the end of this month.
   
 
Earlier in August, after the challenge from RS Sharma, chairman of the Telecom Regulatory Authority of India (TRAI) to harm him through his Aadhaar number, French hacker Elliot Alderson (@fs0c131y) asked people on Twitter if they had the UIDAI helpline in their phonebooks. 
 
While some mobile phones, like Realme from Oppo, certainly come preloaded with the UIDAI number, some people found this number when they updated the software of their mobile devices from Motorola, OnePlus, Samsung and Nokia. A few users of iPhone also found this helpline number on their mobiles.
 
Interestingly, this 'default' helpline number, 1800-300-1947, found in mobile phones is 'temporarily not available' as UIDAI uses 1947 as its toll-free helpline number.
 
After a furore on social media about sneaking the UIDAI helpline into the contact lists without the knowledge of the user, UIDAI distanced itself from the number controversy. However, Google came forward and took the blame.
 
It stated that, in 2014, the UIDAI helpline number was 'inadvertently coded' in the Android release given to the original equipment manufacturers (OEMs) or mobile makers.
 
"Our internal review has revealed that in 2014, the then UIDAI helpline number and the 112 distress helpline number were both inadvertently coded into the set up wizard of the Android release given to OEMs for use in India and have remained there since. Since the numbers get listed on a user's contact list, these get transferred accordingly to the contacts on any new device," Google had said in a statement. 
 
 
This clarification from Google, however, is still hard to believe, at least for people who know how government or the authorities operate. Even if we were to accept Google's clarification, there are some issues with it. How was the UIDAI helpline number revealed only in 2018 and not earlier? And how was this helpline number still there in the system of other manufacturers, who do not use stock Android? Many mobile handset manufacturers make certain changes, add some apps of their own (often referred to as bloatwares) and only  then allow their users to use or update handset and the OS.
 
One person, Anand, said on Twitter that he bought his mobile phone in the US and was using services from a local operator there and yet found the UIDAI helpline number in his contact list. He says, "Is Google saying they distributed that OEM on US shores? I have never bought a smartphone in India. I am asking Google to tell me which OEM inadvertently added this contact into my phone in US."
 
 
As expected, the blame game during August lasted for few days. However, what Jishu had revealed about the recurrence of the UIDAI helpline number in the new handset from Google, appears to be a deliberate attempt from vested interests.
 
 
A more serious question that needs an answer from all players, including government authorities and Google, is: What is the security and protection offered to common users? If anyone can push certain number on any mobile device without the knowledge and explicit consent of the users, what stops them from extracting personal details and data of the same user?
 
Nothing, unfortunately, at least at present, prevents these players from accessing all information from a mobile handset.
 
Do mobile customers need to approach courts to get justice from such unwarranted invasion in their privacy like the Aadhaar case? In the Aadhaar case, the Supreme Court had already struck down Section 57 that had allowed private entities like banks and mobile operators to mandate Aadhaar from users. 
 
You may also want to read...
 
 
 
Like this story? Get our top stories by email.

User

Aadhaar: Here is How You Can Lock or Unlock Your Biometrics
The Unique Identification Authority of India (UIDAI) claims that it had enrolled over a billion residents for its Aadhaar number scheme. If you have an Aadhaar number, this translates to a constant threat of misuse of  biometric data and information on the Aadhaar card. But UIDAI suggests that people can keep their Aadhaar data and biometrics safe from misuse by locking the data online and unlocking it temporarily when required. 
 
Before knowing how to lock or unlock biometric data, let us understand how data is collected by UIDAI. While enrolling for an Aadhaar number, one is required to provide full name, address, mobile number, date of birth and so on. The UIDAI also captures a photograph of the person enrolling for Aadhaar but this does not constitute a part of your biometrics.  Biometric data covers your 10 fingerprints and iris. So for locking and unlocking Aadhaar, you can only allow or disallow use of data related with your fingerprints and iris but not the other information that is collected for enrolment.  In order to use this facility, you need to have your mobile number or email ID registered with UIDAI. You need to visit nearest centre and register or update your mobile number and email ID. 
 
One your biometrics are locked, you cannot use them again for authentication unless you unlock your data from time to time.
 
Here is how you can lock or unlock (temporary) your biometrics.
 
How to lock biometrics in Aadhaar?
 
1. Visit https://resident.uidai.gov.in/biometric-lock
 
Here enter your Aadhaar number, the security code (number from the image). Click on the send OTP (one time passcode). 
 
 
2. You will receive the OTP in the SMS on your registered mobile number. Enter the OTP and click on login.
 
 
3. Enter the security code and then click on ‘Enable Biometric Locking’.
 
 
4. The next screen will display if you have successfully ‘Enabled’ biometric locking on your Aadhaar number or no.
 
 
5. Your Aadhaar biometric information will remain locked. You can, however, unlock it temporarily if required. 
 
How to Unlock biometrics in Aadhaar?
 
Unlocking Aadhaar details gives you two options, which are unlocking on temporary basis and on permanent basis. Here you need to follow similar process as mentioned above. Only difference is the duration for which you want to unlock the biometrics. 
 
1. If you want to unlock your biometric details for temporary then click on “Unlock it”.
2. And if you want to unlock your biometric details permanently then uncheck the check box of “lock” and click on “disable locking”. But be careful as keeping biometrics unlocked may lead to its misuse. 
 
While locking and unlocking your biometric data may seem like a painful process, it is best to be safe than sorry, once you have opted to have an Aadhaar. So make the effort to lock it after each authentication!
 
You may also want to read…
 
 
Like this story? Get our top stories by email.

User

COMMENTS

VRakesh Das

2 weeks ago

Rakesh das [email protected],com

Aadhaar: Are UIDAI and DoT Misleading Mobile Users on SC order?
With the five-judge Constitution Bench of the Supreme Court terming Section 57 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, as 'unconstitutional', there is clear panic among government authorities and private entities who were insisting on Aadhaar for each and every purpose. 
 
Surprisingly, government agencies, like the Unique Identification Authority of India (UIDAI) and the department of telecom (DoT), seem to be more afraid than private entities and have come out with a clarification on media reports about disconnection of over 500 million mobile subscribers who had used only Aadhaar for know-your-customer (KYC) while buying a new SIM.  
 
However, under the pretext of clarification, what both, DoT and UIDAI, have done is to mislead mobile subscribers by playing with words. Plus, in the press release, they have added one more 'authentication' for issuing new SIM cards through a mobile app. 
 
One thing is clear: Those mobile subscribers, who have obtained new SIM cards by using only Aadhaar as KYC, will not face any disconnection. There are two reasons for this. First, nobody, including mobile operators and the government, wants to reduce by almost 50% the number of mobile subscribers in the country. And, secondly, such subscribers can submit photocopies of officially valid documents (OVD) like passport, driving licence, permanent account number (PAN) card, voter's ID card issued by the Election Commission of India, job card issued by NREGA duly signed by an officer of the state government, and letter issued by UIDAI. 
 
On 26 September 2018, the Supreme Court, while upholding the constitutional validity of Aadhaar, struck down Section 57 of the Aadhaar Act, disallowing private entities from possessing the Aadhaar numbers of individuals. The judgement also barred telecom companies and online wallet services from seeking the unique identity number of consumers.
 
Section 57 of the Act permits private entities to use Aadhaar information to authenticate identity of the person. 
 
After the judgement, DoT secretary, Aruna Sundararajan, had said that the DoT, UIDAI and telecom operators would make sure that the telecom regulations and service-providers are in compliance with the Supreme Court verdict on Aadhaar.
 
According to the common media release from DoT and UIDAI, there are news reports which state that almost half the total number of mobile subscribers are at the risk of disconnection. It says, "The joint statement clarifies that the Supreme Court in its judgement in Aadhaar case has nowhere directed that the mobile number, which has been issued through Aadhaar e know-your-customer (eKYC), has to be disconnected. Therefore, there is absolutely no reason for panic or fear at all. People should not believe in such rumours."
 
Here is what the Supreme Court had stated in its order, especially on Section 57...
"The decision to link Aadhaar numbers to SIM cards and to enforce a regime of eKYC authentication clearly does not pass constitutional muster and must stand invalidated. All telecom services providers (TSPs) shall be directed by the Union government and by the Telecom Regulatory Authority of India (TRAI) to forthwith delete the biometric data and Aadhaar details of all subscribers, agencies or private sector operators. Moreover, this provision within two weeks. The above data and Aadhaar details shall not be used or purveyed by any TSP or any other person or agency on their behalf for any purpose whatsoever." (Page 961/962 of the SC Order)
 
The Order further said: "Insofar as Section 57 in the present form is concerned, it is susceptible to misuse inasmuch as: (a) It can be used for establishing the identity of an individual ‘for any purpose’. We read down this provision to mean that such a purpose has to be backed by law. Further, whenever any such 'law' is made, it would be subject to judicial scrutiny. (b) Such purpose is not limited pursuant to any law alone but can be done pursuant to ‘any contract to this effect’ as well. This is clearly impermissible as a contractual provision is not backed by a law and, therefore, first requirement of proportionality test is not met. (c) Apart from authorising the State, even ‘any body corporate or person’ is authorised to avail authentication services, which can be on the basis of purported agreement between an individual and such body corporate or person. Even if we presume that legislature did not intend so, the impact of the aforesaid features would be to enable commercial exploitation of an individual’s biometric and demographic information by the private entities. Thus, this part of the provision, which enables body corporate and individuals also to seek authentication, that too on the basis of a contract between the individual and such body corporate or person, would impinge upon the right to privacy of such individuals. This part of the Section, thus, is declared unconstitutional," the apex court had stated.
 
The Aadhaar judgement also mentions about a letter issued by TRAI on 6 January 2016 on the new procedure (Aadhaar linked eKYC) for subscriber verification. Following these recommendations, the DoT, on 16 August 2016, issued a direction to launch an Aadhaar eKYC service across all licensed service areas for issuance of mobile connections.
 
The apex court says, "TRAI and DoT do have a legitimate concern over the existence of SIM cards obtained against identities, which are not genuine. But the real issue is whether the linking of Aadhaar cards is the least intrusive method of obviating the problems associated with subscriber verification. The state cannot be oblivious to the need to protect privacy and of the dangers inherent in the utilization of the Aadhaar platform by telecom service providers. In the absence of adequate safeguards, the biometric data of mobile subscribers can be seriously compromised and exploited for commercial gain. While asserting the need for proper verification, the state cannot disregard the countervailing requirements of preserving the integrity of biometric data and the privacy of mobile phone subscribers. Nor can we accept the argument that cell phone data is so universal that one can become blasé about the dangers inherent in the revealing of biometric information." (Page 960)
 
Later, on 23 March 2017, the DoT directed all telecom licensees to re-verify all existing mobile subscribers (prepaid and post-paid) through Aadhaar based e­KYC process. 
 
The Supreme Court, stated, "...we do not find that the decision to link Aadhaar numbers with mobile SIM cards is valid or constitutional. The mere existence of a legitimate state aim will not justify the means, which are adopted. Ends do not justify means, at least as a matter of constitutional principle. For the means to be valid, they must be carefully tailored to achieve a legitimate state aim and should not be either disproportionate or excessive in their encroachment on individual liberties." (Page 961) 
 
The Bench also mentioned the contention submitted by senior advocate Shyam Divan. In his submission, Mr Divan had stated, "Section 57 is also patently unconstitutional inasmuch as it allows an unrestricted extension of the Aadhaar platform to users who may be government enables the seeding of the Aadhaar number across service providers and other gateways and thereby enables the establishment of a surveillance state. The impugned provision enables the spread of applications and Aadhaar dependent delivery systems that are provided not from Consolidated Fund of India resources but through any other means." 
 
He also submitted that Section 57 also enables commercial exploitation of an individual’s biometrics and demographic information by the government as well as private entities.
 
Here is what Section 57 is:
“57. Act to prevent use of Aadhaar number for other purposes under law. 
­ Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect:
Provided that the use of Aadhaar number under this section shall be subject to the procedure and obligations under section 8 and Chapter VI.”
 
The five-judge Bench, in its ruling said, "Section 57, to the extent, which permits use of Aadhaar by the State or any body corporate or person, in pursuant to any contract to this effect is unconstitutional and void. Thus, the last phrase in main provision of Section 57, i.e., ‘or any contract to this effect’ is struck down."
 
 
The release issued by DoT and UIDAI also talks about no restrictions on telcos for keeping authentication data. It says, "The Court has also not asked to delete all the eKYC data of telecom customers after six months. What the apex Court has asked that UIDAI should not keep authentication log for more than six months. The restriction of not keeping authentication log beyond six months is on the UIDAI and not on the telecom companies. Therefore, there is no need for telecom companies or authentication user agencies (AUAs) / KYC user agencies (KUAs) to delete authentication logs at their end. They are, in fact, required to keep authentication logs at their end as per Aadhaar regulations to resolves any consumer grievances."
 
Here is what the Supreme Court orders states: "Retention of data beyond the period of six months is impermissible. Therefore, Regulation 27 of Aadhaar (Authentication) Regulations, 2016, which provides archiving a data for a period of five years is struck down."
 
As per Aadhaar (Authentication) Regulations 20(2) and 20 (3), authentication logs needs to be maintained by the ASA for two years. Upon the expiry of the period of two years, the authentication logs should be archived for five years. Upon the expiry of five years or the number of years required by the laws or regulations governing the entity whichever is later, the authentication logs should be deleted except those logs, which are required to be retained by a court or for pending disputes.
 
 
This makes it clear that nobody is allowed to retain authentication logs beyond the stipulated timeframe and must delete them after that period. The release from DoT and UIDAI, however, tries to claim that there is no need to delete authentication log which, as per the Regulations mentioned above, is not true.  
 
The release also talks about a new process for issuing new SIM cards through a mobile app which it claims will be fully compliant of the SC order in Aadhaar. For the proposed process, the release says, "...live photograph of the person with latitude, longitude, and time stamp will be captured. The photo of her ID such as Aadhaar card, voter ID, etc, will be captured. The SIM card agent will be authenticated through OTP and SIM card will be issued. This process will be completely hassle-free and digital."
 
While discarding Section 57 of the Aadhaar Act, the Supreme Court has explicitly banned private entities from using Aadhaar. The SC order states, "Allowing the Aadhaar platform for use by private entities overreaches the purpose of enacting the law. It leaves bare the commercial exploitation of citizens’ data even in purported exercise of contractual clauses. This will result in a violation of privacy and profiling of citizens."
 
Capturing latitude, longitude, time stamp and live photograph of a person is similar to creating a profile and tracking movements of the individual. This is called as surveillance. 
 
The Supreme Court order says, "We may reiterate that the argument of surveillance also has the reflections of privacy and in fact the argument is structured on the basis that the vital information which would be available with the Government can be utilised to create the profiling of individuals and retention of such information in the hands of the respondents is a risky affair which may enable the State to do the surveillance of any individual it wants." (Page 234)
 
Interestingly, the same UIDAI had vehemently denied Aadhaar can be used for creating profile and, thus, can lead to mass surveillance. May be its new tool is aimed at that.

 

Like this story? Get our top stories by email.

User

COMMENTS

Rajesh Jha

3 weeks ago

Good

We are listening!

Solve the equation and enter in the Captcha field.
  Loading...
Close

To continue


Please
Sign Up or Sign In
with

Email
Close

To continue


Please
Sign Up or Sign In
with

Email

BUY NOW

online financial advisory
Pathbreakers
Pathbreakers 1 & Pathbreakers 2 contain deep insights, unknown facts and captivating events in the life of 51 top achievers, in their own words.
online financia advisory
The Scam
24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
Moneylife Online Magazine
Fiercely independent and pro-consumer information on personal finance
financial magazines online
Stockletters in 3 Flavours
Outstanding research that beats mutual funds year after year
financial magazines in india
MAS: Complete Online Financial Advisory
(Includes Moneylife Online Magazine)