- Andhra Housing body allegedly exposed Aadhaar numbers of 1.3 lakh people
- Website's search could generate lists of people based on religion, caste
- Database on Andhra's housing body website has been shut down for now
Still worse, some of them have placed this private information on its websites for anyone to see.
The Andhra Pradesh State Housing Corporation this week joined the list of organisations called out for exposing private information about individuals after a cyber security researcher complained that the state-run body had exposed Aadhaar numbers of 1.3 lakh people and allowed targeting of over 50 lakh individuals by caste, religion and locality.
This is what made the leak more dangerous. It also had a search feature which could generate targeted lists of people based on their religion and caste and even show their exact location because of geo-tagging. For example, one could simply search for "Dalits" or "Muslims" and get to know how many Dalits live in Vishakhapatnam or Muslims live in Kurnool.
Srinivas Kodali, the Hyderabad-based cyber security researcher, says this was contrary to what the centre had been telling the Supreme Court.
"The UIDAI has informed the Supreme Court that Aadhaar can never be used for surveillance or to track religious and caste information. But the fact is the Andhra Pradesh government has used Aadhaar to build profiles of their beneficiaries. All of this information is in public domain and it could be misused by political parties for voter profiling."
The Aadhaar law has strict provisions how the biometric data collected by UIDAI can be used. As UIDAI chief ABP Pandey famously told the Supreme Court, its data was secured using encryption that would take billions of years to crack.
The database on Andhra's housing corporation website - it has been shut down for now - was part of an ambitious project launched by the Andhra Pradesh government in 2017 called the People's Hub. It used the Aadhaar number to merge data from 29 different departments. Other states are planning to follow the same footsteps and that would only lead to a bigger crisis for data privacy in this country.
Amba Kak, a policy analyst who has taken a hard look at India's privacy provisions, suggests there are many ways in which such data can be misused.
"The question to be asked is the ways it can be used and misused. This could mean financial fraud but it can also mean targeting of minorities in this country. This argument that we keep hearing about how privacy is not so important for socially and economically disadvantaged populations. This (database leak) is a reminder that these marginalised communities are ones who are at most risk," she told NDTV.
Reached out for its comments, the Andhra Pradesh government said the government adheres to the rules and regulations of the Aadhaar Act 2016 and the orders from the Hon'ble Courts in the context of data privacy. "We are investigating into this report and once we understand the full situation we will update you," the government said.
The state of Andhra Pradesh is the first State to form 'core data authority' following guidelines of Aadhaar Act 2016 that frame the guidelines for executing and regulating the application of Aadhaar.
Get Breaking news, live coverage, and Latest News from India and around the world on NDTV.com. Catch all the Live TV action on NDTV 24x7 and NDTV India. Like us on Facebook or follow us on Twitter and Instagram for latest news and live news updates.