Aadhaar safety: Trai chief throws challenge, French expert 'leaks' his data

An all-out war erupted on Twitter after Telecom Regulatory Authority of India (Trai) Chairman R S Sharma on Saturday disclosed his Aadhaar number on the microblogging site and challenged everyone to show how mere knowledge of the unique number could be used to harm him, triggering a deluge of tweets that claimed to disclose his personal details -- from PAN to mobile number.

The challenge by Sharma evoked an immediate response from the Twitterati, with some users claiming to have dug up his mobile number, photographs, residential address, date of birth and even chat threads using the information, while others warned him about the perils of throwing such a dare on the social media platform. 

While much of the information that was dug out might already be in the public domain, the Trai official did not verify whether the details pertaining to his PAN were indeed correct.

When contacted by PTI earlier in the evening, Sharma declined to make any detailed comment on the matter by saying, "Let the challenge run for some time". 

What the Trai chairman's challenge was about

"My Aadhaar number is 7621 7768 2740. Now I give this challenge to you: Show me one concrete example where you can do any harm to me," tweeted Sharma, whose tenure ends on August 9.

A Twitter user had earlier asked Sharma to "walk your talk" after the Trai chief tweeted his interview with an online portal in which he strongly defended Aadhaar and rejected apprehensions that one billion Aadhaar accounts were vulnerable.

He said there had not been a single instance of data being breached and had there been one, the entire Aadhaar database would have been vulnerable.

What happened after that

A French security expert, who goes by the nickname Elliot Alderson and uses the Twitter handle "@fs0c131y", in a series of tweets caused ripples on social media. 

Within hours of the Trai chairman tweeting his Aadhaar number, Anderson replied to Sharma: "The phone number linked to this #Aadhaar number is 9958587977."

"According to an official @nicmeity circular, this phone number is the number of your secretary," Anderson wrote and posted a link to the Ministry of Electronics and Information Technology circular.

The security researcher also posted a picture of Sharma with a portion of it blackened. "I supposed this is your wife or daughter next to you."

Anderson, who is known to have revealed security loopholes in the Aadhaar data system, also posted screenshots of Sharma's leaked details with key areas blackened and hidden.

One of the screenshots even carried his PAN details. But that was also hidden. 

Alderson wrote, "People managed to get your personal address, dob (date of birth) and your alternate phone number. I stop here, I hope you will understand why make your #Aadhaar number public is not a good idea."  

The phone number linked to this #Aadhaar number is 9958587977 https://t.co/ijlxGBBl4Z

— Elliot Alderson (@fs0c131y) July 28, 2018

According to an official @nicmeity circular, this phone number is the number of your secretary https://t.co/lAQZJjJlrH. pic.twitter.com/TiIYYxfQrs

— Elliot Alderson (@fs0c131y) July 28, 2018

I supposed this is your wife or daughter next to you pic.twitter.com/UPSru1PGUT

— Elliot Alderson (@fs0c131y) July 28, 2018

This photo is his WhatsApp profile pic, this is public too

— Elliot Alderson (@fs0c131y) July 28, 2018

People managed to get your personal address, dob and your alternate phone number.

I stop here, I hope you will understand why make your #Aadhaar number public is not a good idea pic.twitter.com/IVrReb4xIM

— Elliot Alderson (@fs0c131y) July 28, 2018

PAN number pic.twitter.com/yKwtT7QuCh

— Elliot Alderson (@fs0c131y) July 28, 2018

If you disagree with this tweet, you probably don’t know what #privacy is...and this ok. Please, try to learn more about privacy and after that I will happy to debate with you to know if #Aadhaar is a privacy nightmare or not https://t.co/7E4nqZ5yfY

— Elliot Alderson (@fs0c131y) July 28, 2018

You probably need to change your gmail account password @rssharma3 #JustSaying

— Elliot Alderson (@fs0c131y) July 28, 2018

How the Trai chairman reacted 

Sharma himself continued to engage in the verbal duel with the Twitterati till late hours, dismissing much information being revealed as 'public information' and seeking to debunk the theory that "Aadhaar compromises the privacy of the person".

"...Yeh details koi state scret nahin hain (These details are no state secret)...," retorted Sharma at one point, even chiding one of the users for disclosing an address that was old and asking if he (the user) would like to have his latest address.

While many on Twitter claimed victory over 'leaking' Sharma's personal details post the challenge, the Trai chief asserted through multiple tweets and replies that the challenge had never been about phone numbers and other information, but for causing harm using knowledge of his Aadhaar number. 

"No I did not challenge them for phone number and other info. I challenged them for causing me harm! So far no success. Wish them luck," Sharma wrote on Twitter.

Sharma, former UIDAI (Unique Identification Authority of India) director general, has been an ardent supporter of the Aadhaar program, vouching for the safety of the system, and dispelling privacy concerns surrounding Aadhaar even during his current tenure as TRAI Chief.

"Data privacy is a big and very important issue in a digital world. I am one of the most vociferous supporter of that. However, the only thing I am saying is that Aadhaar does not violate privacy," Sharma tweeted on Saturday. 

What the Justice Srikrishna committee report says

The high drama played out on the microblogging platform just a day after Justice Srikrishna committee came out with its report on data protection where it mooted changes in the Aadhaar Act and proposed new safeguards to protect information of Aadhaar holders.

The Justice Srikrishna panel on data protection has recommended that the Aadhaar Act be amended "significantly" to bolster privacy safeguards and mooted that only public authorities discharging public functions approved by the UIDAI or entities mandated by law be given the right to request for identity authentication. 

The report, submitted on Friday, assumes significance given that public and private sectors are collecting and using personal data on an unprecedented scale and for various purposes, and instances of unregulated and arbitrary use, especially that of personal data, have raised concerns about privacy and autonomy of an individual.

Over the last one year, there have also been reports of personal information being allegedly compromised with increasing use of biometric identifier Aadhaar in an array of services. Meanwhile, the Supreme Court has reserved its judgement on a clutch of petitions challenging the constitutional validity of the Aadhaar Act.

ALSO READ: Srikrishna panel's predominance of privacy over RTI raises eyebrows    

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel