Collecting an image of a man's iris for Aadhaar. Photo by Kannanshanmugam, via Wikimedia Commons. CC BY 3.0
The debate on interception of private communications in India took a new turn recently after the Unique Identification Authority of India (UIDAI) — a federal agency responsible for India's national ID database, Aadhaar — denied inputting a UIDAI helpline number in several Android user's devices.
The Aadhaar Sampark Kendra (helpline in Hindi) number, 1-800-300-1947, was intended to provide automated and agent-based support to users. But it no longer works. It was replaced [1] with the simpler four-digit 1947 about two years back.
While there is no inherent harm in having the phone number in one's phone contacts, some Indians were unhappy that they were not asked for their consent before the number was added to their devices. While some found that it was there from the time they obtained the device, others report that the phone number appeared following a software update.
These instances have left people suspicious that UIDAI might be capable of accessing personal data from their devices.
Hi @UIDAI [2],
Many people, with different provider, with and without an #Aadhaar [3] card, with and without the mAadhaar app installed, noticed that your phone number is predefined in their contact list by default and so without their knowledge. Can you explain why?
Regards,
— Elliot Alderson (@fs0c131y) August 2, 2018 [4]
After more than a week of discussions in many media publications and social media, Google admitted [5] that in 2014 it had “inadvertently [6] coded [6]” two numbers into the Android SetUp Wizard — distress helpline number 112 and the general helpline number, 1-800-300-1947.
pic.twitter.com/vlASMAW7AR [7]
— Google India (@GoogleIndia) August 3, 2018 [8]
The Aadhaar system is now used widely for identity authentication in myriad public and private institutions, from banking to healthcare to employment. While it is not intended to be used for individual profiling, this could be an outcome of the massive use (and misuse [9]) the system, a reality that has elevated fears of India slowly becoming a surveillance state [10]. With a growing list of incidents of system malfunctions and personal data leaks [11], Aadhaar has failed to gain public trust.
In a recent attempt to prove the strength of Aadhaar to the public, Telecom Regulatory Authority of India (TRAI) chairman Ram Sewak Sharma on July 28 shared [12] his Aadhaar number publicly on Twitter, hoping to show that no harm could be done by revealing the same.
This impulsive step provoked hackers and developers, who soon found Sharma's cellphone number, email and physical addresses, date of birth, airline miles number, an alleged photograph with a family member, and a prank of ordering a phone in his address with a cash on delivery [13] option.
He nevertheless continues to defend [14] Aadhaar as being leak-proof and protective of privacy.
This probably was the best of the lot. #Aadhaar [3] #RSSharma [15]
???? pic.twitter.com/58BLoVXHRO [16]
— Arijit (@SaintIGNUtius) July 29, 2018 [17]
Despite of UIDAI's tweet asking users to not reveal their Aadhaar numbers publicly, Ravi Shankar Prasad [18], Minister of Electronics and Information Technology and of Law and Justice, followed the lead of Sharma and revealed [19] his own Aadhaar number during a public meeting.
This is brutal. Prof. Sandeep Shukla also calls @rssharma3 [20] clueless. pic.twitter.com/xt8lKm4a5Q [21]
— V. Anand | வெ. ஆனந்த் (@iam_anandv) August 6, 2018 [22]
Aadhaar has been criticized [23] largely for what technical experts say is a defective design that in many cases has made the privacy of many Indian citizens vulnerable.
That might be true if banks, landlords, hospitals, schools, telephone & internet companies were prohibited by law from asking for your #Aadhaar [3] number. But any Indian can tell you they're asked for their number by non-government entities––and those companies have databases too. https://t.co/WsKC9wR6sj [24]
— Edward Snowden (@Snowden) January 21, 2018 [25]