While the manner in which authorities have reacted to the cricketer’s issue is commendable, similar attention needs to be paid to other, less prominent breaches of privacy.
New Delhi: The Unique Identification Authority of India (UIDAI), on Wednesday, blacklisted the entity that had carried out the Aadhaar enrolment for Indian cricketer MS Dhoni after a central government Twitter handle inadvertently leaked his personal Aadhaar information.
The issue, ironically, was brought to public notice and attention after Dhoni’s wife, Sakshi Singh, tweeted out at IT minister Ravi Shankar Prasad, asking if there was “any privacy left”.
Prasad at first appeared to be confused and replied asking whether his tweet (the minister had also tweeted out a photo of Dhoni signing up for Aadhaar number) divulged any personal information.
It was then that Singh drew Prasad’s attention to a set of photos tweeted out by the government’s CSC E-Gov handle, which included a photo that contained Dhoni’s personal information in the form of his Aadhaar receipt.
On Wednesday morning, the UIDAI announced that it had taken action.
“We have blacklisted VLE (Village Level Entrepreneur) who enrolled MS Dhoni for leaking Aadhaar receipt which carried his personal information. At UIDAI, we are very strict on the privacy issue. We have ordered further inquiry on the matter and action will be taken against all those involved in the leak,” UIDAI CEO Ajay Bhushan Pandey said in a statement.
Who is at fault?
The UIDAI appears to have taken action against the VLE that actually signed Dhoni up – which in this case is VLE Mariya Farooqui’s CSE at Ranchi in Jharkhand.
However, the picture which violated Dhoni’s privacy was tweeted out by the Common Services Centre’s (CSC) primary handle. The CSC initiative is part of the central government’s national e-governance mission and comes under the Ministry of Electronics and Information Technology.
It’s unclear at this point whether the picture was also tweeted out by the village-level entrepreneur. If the VLE didn’t publicly post this information, then why should he/she be blacklisted?
UIDAI’s Pandey has also assured that action will be taken against “those involved in tweeting the picture of the Aadhaar enrolment receipt through the CSC e-governance’s official Twitter account”.
As multiple privacy advocates have pointed out, these are mostly scapegoat measures. A culture that respects privacy and a strict operating manual must be adopted.
What can be done with this personal info?
The Dhoni-Sakshi episode comes just weeks after news broke that multiple central and state government departments expose the personal details of lakhs of Indian citizens through poor security standards, abysmal information security practices and plain negligence.
The Wire had reported how personal information such as Aadhaar numbers, bank account details, case, gender and addresses are available on government websites and can be accessed with a simple Google search.
The recent bank breach involving the UPI payment service at the Bank of Maharashtra shows how easily fraudulent transactions can be carried out with very minimal personal information. And yet, the Centre appears to be moving slowly. While UIDAI authorities have been quick to take action when it comes to the issue of Dhoni privacy, they still haven’t gotten back to The Wire on the issue of government website data breaches.
Basic questions still need to be answered: if an Aadhaar number is made public, should the UIDAI issue a new one? Does Dhoni need to be issued a new one?
As Sakshi Singh put it, after thanking people who had reached out to her, we need to #MakeIndiaSecure.