If you were away on the weekend, or may be just little unplugged, today morning you must be thinking about all the brouhaha over the fight that is still going on between TRAI chief RS Sharma — his full name is Ram Sewak Sharma, people on Twitter learnt on Saturday — and hackers who claim that Aadhaar is not secure. At the heart of the fight is Sharma’s Aadhaar number, which he willingly — and probably flouting a rule created by UIDAI — shared on Twitter.
So what all happened, how come Sharma is trending on Twitter, what UIDAI is saying about his adventure with Aadhaar number and what was the challenge he threw out to people? Here is a quick look at the story.
- It all started on Saturday when in an interview to a website Sharma, who was the founding boss of the UIDAI earlier and is now the chairman of telecom regulator TRAI, said that sharing Aadhaar number in public is no risk because Aadhaar is safe. He was challenged on his claim on Twitter, with one user asking him to walk the talk share his Aadhaar number.
- Sharma replied to the tweet with his own challenge. “My Aadhaar number is 7621 7768 2740 Now I give this challenge to you: Show me one concrete example where you can do any harm to me,” he tweeted.
- Sharma’s challenge soon reached a number of security researchers and tech savvy social media users. One of the Twitter users who took interest in the whole affair was Elliot Anderson, the same person who earlier found a number of vulnerabilities in Aadhaar app and website.
- With people starting to dig information on Sharma, within hours they found a lot of personal details. They found his phone numbers, his landline number to home, the DP he was using on WhatsApp — apparently his daughter is in the photo — address of his home in Noida, his PAN number and where it was issued and his date of birth.
- It’s not clear how much of this information was found using Aadhaar number and how much of it was already available on government websites because: one, Indian government websites are notoriously leaky and careless with private data; and two, Sharma has been a government official for decades and hence a lot of his information is out on the websites of various government departments.
- After the information was made public, Sharma said that it was just basic information and that all of this was already out in public. Hence, his Aadhaar number has nothing to do with this. He said that leaks only showed that sharing Aadhaar number is safe. His idea of “harm” seems to be physical harm or financial harm.
- The tech-savvy Twitter users continued to dig deeper. One of them used the leaked information to contact Air India, and by supplying Sharma’s address and date of birth managed to get the details of his frequent fliers number, which the TRAI chief also uses as security question for his Gmail. Just to give an example of harm someone can do, a Twitter user also transferred Re 1 to Sharma’s UPI account. This shows that someone can put money in a public servant’s bank account without him knowing and then can frame the government official in a corruption case.
- Sharma, however, still insists that he has not been harmed by sharing on his Aadhaar number. The view is also echoed by UIDAI, the agency that looks after Aadhaar project. The agency on Sunday said: “Aadhaar database is totally safe and has proven its security robustness over last eight years… “This so-called ‘hacked’ information was already available in public domain as he has been a public servant for decades and was easily available on Google and various other sites without Aadhaar number.”
- On Sunday, to show that Aadhaar number can be grossly misused, someone “photoshopped” Sharma’s details on a Aadhaar number and used it to authenticate “himself” on Amazon Web Service and Facebook. Some people commented that using such fake card which has Sharma’s details, one can easily start a porn site in his name.
- The debate, though, is still going on. Sharma’s insists that no harm has come to him after he shared his Aadhaar number in public. He says that he has won the challenge. The interesting bit is that sharing Aadhaar number in public is probably illegal according to UIDAI rules. Also, keep in mind that Sharma’s Aadhaar challenge comes at a time when Supreme Court is deliberating on the merits and legality of Aadhaar and may come out with its verdict any day now.
News credit : Indiatoday