Over 200 government websites displayed Aadhaar details publically: RTI
Names and addresses of Aadhaar beneficiaries were publicly displayed on 210 Central and state government websites on November 19 for an unknown span of time, an RTI application has revealed.
While responding to the query, The Unique Identification Authority of India (UIDAI) said, “...It was found that approximately 210 websites of Central government, state government departments, including educational institutes, were displaying the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public.” The organisation said that it got the data removed from those websites after taking note of the breach, adding that Aadhaar details have never been made public by them.
The leak assumes significance because the Central government has dramatically increased the push for Aadhaar or the 12-digit Unique Identity Number in every sector. A deadline of March 31, 2018 has been set for linking the number with bank accounts, phone numbers, and permanent account number. The government has issued nearly 22 notifications making Aadhaar mandatory to avail a number of services, like the Mid-Day Meal scheme, maternity benefits, house subsidy benefits, supplemental nutrition program, crop insurance scheme etc. The mandatory linking of Aadhaar to these services has been challenged by a host of petitions which are currently waiting to be heard in the Supreme Court. The petitioners have argued that mandatory requirement of Aadhaar for these schemes “constrict rights and freedoms which a citizen has long been enjoying unless and until they part with their personal biometric information to the government.”
“...It was found that approximately 210 websites of Central government, state government departments, including educational institutes, were displaying the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public.”
After the leak, the UIDAI said in its defence: “It has a well-designed, multi-layer approach, robust security system in place and the same is being constantly upgraded to maintain the highest level of data security and integrity. Various policies and procedures have been defined, these are reviewed and updated continually thereby appropriately controlling and monitoring any movement of people, material, and data in and out of UIDAI premises, particularly the data centres.” The authority added that security audits are conducted on a regular basis to further strengthen security and privacy of data and all possible steps are taken to make the data safer and protected.
Amid rising concern over the security of the biometric data collected by UIDAI, the organisation has decided to introduce dummy numbers that would add an extra security layer to the scheme. It would enable people to have two Aadhaar numbers, a dummy number and an original one. While the original number would be known to the UIDAI and the individual only, the dummy Aadhaar number will be shared with banks, telephone operators and other service providers. However, the framework does not take into account the fate of people who have already linked their original Aadhaar numbers to their phone numbers, bank accounts and various government agencies providing welfare benefits.