Hot News

Challenge Goes Haywire

Challenge Goes Haywire

The social media is the in-thing these days, in the sense, that someone, who is not on Twitter, Facebook or Instagarm, is treated as if he does not belong to this world. And a number of questions are usually asked, “Why are you not on Facebook?”, “Why do you deprive yourself of a great thing?”

The virtual world has its own beauty and challenges as well. You can have more than a thousand friends, can play games, can enhance knowledge and, also, challenge people and become a sudden hero.

Those who are on Facebook must have seen people challenging others to post a unique picture in a particular pose or with a friend everyday for 21 days. Another challenger asks you to post a particular text without a picture and see how many read and share it. These challenges evoke a good response.

Of late, a challenge that has been making the rounds is the  Kiki challenge. While you click on #kikiChallenge, you may see people jumping out of a moving car, dancing on the road on the popular song “In my feelings” by Drake, a Canadian rapper, and then getting into the moving car again. The word Kiki comes from its lyrics.

The video of this song became so popular that the renowned Internet comedian, Shiggy, posted a similar video on June 30. It showed him dancing on the streets but without a vehicle. He used the #ShiggyChallenge or #DoTheShiggy, while asking others to repeat. Another star, Odell Beckham, took the challenge and posted a video but with a stationary car. The post had a ripple effect with many celebrities posting similar videos with little changes, challenging others to post similar ones.

One can imagine how risky it would be, especially, for untrained people, who would just think of having such a video as thrilling and adventurous. The media have published several reports of mishaps that took place because of such challenges. This became popular in India too. Police in Delhi, Mumbai, Bengaluru, UP and Jaipur issued warnings and cautioned people against taking part in such challenges.

Another challenge that has gained a lot of attention was the Aadhar challenge announced by none other than the Chairman of the Telecom Regulatory Authority of India (TRAI). While the debate on safety of Aadhar data has been there ever since the 12-digit identity number was conceptualized and initiated by the government, suddenly R S Sharma, posted his Aadhar number on his Twitter account and challenged people to do harm to him.

“My Aadhaar number is 7621 7768 2740. Now I give this challenge to you: Show me one concrete example where you can do any harm to me!” tweeted Sharma.  Within a few hours, a French researcher, Elliot Alderson, tweeted Sharma’s date of birth, address, mobile number etc.  A few people also tweeted his bank account details, including the IFSC code.

A day after the details were leaked, UIDAI supported R S Sharma’s claims and issued a statement that the UIDAI database is safe and its data has not been breached so far. It also said that the information that has been shared on Twitter was easily accessible on Google as R S Sharma is a public servant.

In its official statement, the UIDAI, claimed, "Aadhaar has built the digital trust among people at large and these devious elements are trying to spread misinformation. Aadhaar database is totally safe and has proven its security robustness over the last eight years. 

"This so-called claim is a farce and people should not believe in such fraudulent elements active on social and other media. Aadhaar database is fully safe and secure and no such information about Mr Sharma has been fetched from UDAI's servers or Aadhaar database. This is merely cheap publicity by these unscrupulous elements who try to attract attention by creating such fake news," the release said.

In a fit of enthusiasm, Sharma could not understand that the information that has been shared on Twitter has already breached his privacy. So much so a user also tweeted that “everything including the colour of your commonly used underwear can also be pulled out and shared.” Another person tweeted Sharma’s email addresses, claimed that the Gmail id is linked to the Yahoo account and the security question of Gmail was his frequent flyer number, which he got from Air India by connecting with customer care executive through the chat window. The user also posted the screen shot of the chat that happened with Air India customer care executive Vinodhini.

The debate did not end there as Sharma was still not convinced with the “harm” that an Aadhar number could do. Another ethical hacker soon posted a picture showing that he transferred Rs. 1 to Sharma’s account using the UPI app. “My donation to @rssharma's Aadhaar via BHIM to build Govt systems with better engineering to protect user privacy. You can also join in this #DonateToRSS / #GiveToRamSewak”, he tweeted.

To rebut the claims, Sharma posted certain pictures claiming that so far not even a single rupee has been debited from his bank account. In fact, people are trying to deposit money in his account but to no avail. Unfortunately, Sharma did not even notice that images that he was posting were actually withdrawal requests.

The story did not end there. Two days later, Sharma’s daughter, Kavita Sharma, received a threat mail, warning of “regretful consequences, if she does not respond.” Incidentally, the email was copied to two journalists working with “The Wire”.

Despite all this, Sharma did not budge from his stand. Instead, he wrote a column in the Indian Express, explaining why he disclosed his Aadhar number and he is firm on his stand that disclosing his Aadhar number has not done any harm to him.

Needless to say, he has set a dangerous precedent for millions of people in India who are still not aware about what is privacy. While Sharma tweeted his Aadhar number, there were many, who followed suit and blindly shared their number as well on Twitter. Of course, not many were interested in their details, but the fact is that it took just a few hours for ethical hackers to publish information like the bank account number of a person. It shows the vulnerability of our data.

Sharma has certainly exposed himself and is on a dangerous path. Even if one believes in the claims made by UIDAI, the fact that his account was credited with Rs. 1 shows that people can easily deposit money in his account. Also, there are third party entities that are accepting Aadhar as a valid ID proof, exposing millions to several vulnerabilities, as one may not be aware how safe their database is.

In fact, in India, people do not understand that even your phone number is very important and the moment it is revealed, it breaches a person’s privacy or allows someone to share that personal space.

Be that as it may, the Aadhar challenge has exposed several loopholes that are required to be plugged, including the UPI app. Incidentally, the challenge came at a time, when Justice B N Srikrishna committee on data protection in India has recommended amendments in the Aadhar Act, imposition of penalties on data fiduciaries and compensation to data principals for violation of data protection law.

Meanwhile, like the cops in #kikiChallenge, UIDAI has issued a warning and advised people not to disclose their Aadhar number publicly. In a series of tweets, the authority said that the 12-digit number "has personally sensitive information like bank account number, passport number, PAN number, etc., which should be strictly shared only on a need basis for a legitimate use for establishing identity and for legitimate transactions."

It also said that public disclosure of such information may render the concerned person “vulnerable”. Sharma was second in command after Nandan Nilekani at UIDAI, but the way he exposed himself and triggered this challenge, does not put him in good light. 

It also shows that despite being so closely associated with the project, he could not realise that information stored in this unique id is not only stored in 13 ft-walled security, as shown in a video presented before the Supreme Court recently, but is also with those who have been authorised to take Aadhar as a valid id proof.

As far as this writer knows, a person can only change the details of his/her Aadhar number like address, phone number etc., but the Aadhar number will remain the same throughout life. What will Sharma do now as his number is in public domain and has been published several times in newspaper reports, Twitter etc.? Hope he now understands how critical Aadhar can be. It is equally suicidal as the #kikiChallenge

(The writer, a company secretary, can be reached at jassi.rai@gmail.com)