The Andhra Pradesh government has potentially made public the Aadhaar data of at least 1.34 lakh citizens in the state, along with their other details like their religion, caste and bank details among other things.
The names were part of a list titled ‘Beneficiary Details belonging to Entry Report for Scheme Hudhud’ and were available on the website of the Andhra Pradesh State Housing Corporation.
The page clearly showed the father’s name, address, Panchayat, mobile number, ration card number, occupation, religion, caste, Aadhaar number, along with other details including their bank details like bank branch, IFSC code and account number.
The issue was brought to light by Srinivas Kodali, an independent researcher and Aadhaar whistle-blower.
Speaking to TNM, Srinivas said, "AP has always been at the forefront of implementing Aadhaar, but in a larger context, this is not just about Aadhaar numbers being public. This shows that they have linked it with other private details."
This is in conflict with the Unique Identification Authority of India's (UIDAI) stand that it does not link any of these details with the Aadhaar number.
"While UIDAI is not doing it, other government departments are. Here is proof that UIDAI has no idea what all is being linked to your unique id," Srinivas had tweeted, when he first exposed the website.
It has always been said #Aadhaar is being linked to religion and caste information, apart from occupation. While UIDAI is not doing it, other government departments are. Here is proof that UIDAI has no idea what all is being linked to your unique id. Website reported early today. pic.twitter.com/3acEgcA1Qt
— Srinivas Kodali | శ్రీనివాస్ కొడాలి (@digitaldutta) April 24, 2018
The website which was leaking all the sensitive information today was of Andhra Pradesh State Housing Corporation. Here are two images with details one showing last four digits of #Aadhaar after fix & other masked by me showing first two. Around 1,34,193 Aadhaar numbers leaked pic.twitter.com/pr2RwO3C5f
— Srinivas Kodali | శ్రీనివాస్ కొడాలి (@digitaldutta) April 24, 2018
"This is not the first leak and it won't be last. The site was very easy to access and it was also possible to download all the files as a sheet," Srinivas said.
He has since reported the issue to the authorities.
"While they fixed the Aadhaar numbers which were made public, other details of the citizens are still on the site in the name of transparency. It would still be an invasion of the right to privacy," Srinivas added.
This information could potentially be used to profile people, especially by political parties and corporations.
"Telangana and Andhra had conducted a survey a massive survey after bifurcation and collected a lot of data. Andhra went much ahead and let people carry phones and biometric readers when the private information of almost every citizen was collected," Srinivas says.
In May 2017, a report by The Centre for Internet and Society (CIS) revealed that the Aadhaar details along with demographic details and financial information of around 135 million people in the country has been leaked by four government portals.
The report also pointed to the Andhra Pradesh portal of the NREGA, which carried information on Aadhaar numbers and disbursal amounts on a simple text file, with no encryption or other security measures, potentially endangering the data of 2 crore people in the state.
Despite all this, authorities in Andhra Pradesh could get away easily, due to The Andhra Pradesh Core Digital Data Authority (Effective Delivery of e-services) Act, which was passed by the state’s Legislative Assembly in May last year.
Nobody is responsible for today's #Aadhaar data leak from AP govt. AP has it's own Aadhaar Act which says no official is responsible for security of the data. Act came into force after a 20 million Aadhaar numbers leak in May 2017.https://t.co/KpGq8dbOoH
— Srinivas Kodali | శ్రీనివాస్ కొడాలి (@digitaldutta) April 24, 2018
“AP has its own Aadhaar Act, which was issued through a Government Order, weeks after the massive leak was reported. While other states like Karnataka also have this, it is usually a ‘copy-paste’ job from the Act passed by the Central government,” Srinivas explains.
“However, AP added its own version with a unique number called UNICORE. While one can still approach the court, there are a few provisions that could absolve them of responsibility,” he says.
Srinivas also states that in this particular case of the Housing portal, it is not the details of beneficiaries of the scheme alone, but the details of all the citizens who participated in the survey.
“When we ask for the personal details of public figures like politicians, it is for transparency to ensure that no corruption takes place. However, we can’t expect the same from every citizen of the state,” Srinivas says.