In a bizarre reversal on Sunday, the Union government withdrew a notification from a Unique Identification Authority of India (UIDAI) office cautioning people against sharing photocopies of their Aadhaar card, just two days after the advisory was issued, claiming that it would be “misinterpreted”. The May 27 notification that was issued by the Bengaluru Regional Office of the UIDAI urged people to use the masked Aadhaar number facility — that can be downloaded from the UIDAI website — and which displays only the last four digits of the Aadhaar number. This was a sensible advisory. The masked Aadhaar facility has been in place since 2018 and this came about following a report by the Centre for Internet and Society that publicly available datasets had sensitive details such as full Aadhaar number details and also included bank account details of individuals. The dangers of providing the full Aadhaar number to several agencies — the use of the Aadhaar card and the number for various purposes today has only multiplied exponentially — are evident in the way these numbers have been used by fraudsters for criminal purposes such as identity theft, Know Your Customer (KYC)-related fraud among others in recent years, and which have been documented in news reports. The UIDAI has itself registered far more potential fraud cases related to the issue highlighted above in recent years compared to the past. Other scams that are of a higher order have also been revealed recently, related to biometrics theft that have allowed scamsters to steal welfare benefits at the expense of genuine beneficiaries. The Internet is rife with leaked data and this poses a major threat to user privacy.
The UIDAI has, however, been ambivalent about the inherent dangers in the indiscriminate use of the Aadhaar number or the Aadhaar card by citizens, as evidenced in its series of flip-flops on the issue even before this latest withdrawal notice. There seems to be a contradiction of views within the authority on the issue of potential misuse of the Aadhaar number. On the one hand, in statements advising caution and user discretion in revealing one’s Aadhaar number, it is seeking to treat these as sensitive information just like the biometrics provided by citizens to the authority. Yet, on the other, it has sought to universalise the open use of the Aadhaar as an identity document with missionary zeal and has downplayed the risks of doing so. This ambivalence does not help at all. The UIDAI must popularise the use of the masked Aadhaar facility as a start and rethink ways to tighten the scrutiny over how Aadhaar numbers are issued and utilised even as law enforcement agencies crack down on data leaks and websites carrying unmasked Aadhaar-related information.