NEW DELHI - Indian police have started investigations into a possible breach of India's massive biometric ID system following a report that data of registered citizens could be bought for as little as 500 rupees (S$10).
This has revived ongoing concerns about citizens' privacy and the safety of the database.
The unique ID system called Aadhaar, launched nine years ago, gives every citizen a 12-digit identity number with biometric details like fingerprint and iris details along with demographic data like address and phone numbers. ID cards are also issued.
The government has collected the personal information of one billion citizens out of a population of 1.25 billion, including those of the elderly as well as babies.
A Jan 3 report in The Tribune newspaper said for 500 rupees, a journalist was able to log in to the database and access personal information such as phone numbers and addresses.
According to the Tribune report, an unnamed seller got in touch over WhatsApp and allowed correspondent Rachna Kaira to access the database. The small fee was paid through a digital payment method.
Ms Kaira was provided an ID and password with which she was able to key in any identification number and get a person's name, address, photo, phone number and e-mail address.
While the police initially filed a case against the correspondent, government authorities yesterday clarified this was not the case following an uproar in the Indian media.
"Govt. is fully committed to freedom of Press as well as to maintaining security & sanctity of #Aadhaar for India's development...I've suggested @UIDAI to request Tribune & its journalist to give all assistance to police in investigating real offenders," tweeted Law Minister Ravi Shankar Prasad.
UIDAI is the Unique Identification Authority of India (UIDAI), the authority behind Aadhar, which was launched in 2009 with the aim of giving unique IDs to every individual in a country where the poor often do not have any form of identification.
It is one of the largest undertakings in the world, allowing millions of poor Indians to access welfare schemes, open bank accounts and get funds directly from their bank accounts instead of going through middlemen, which has fuelled corruption in the system.
While it started as a voluntary exercise, it has become mandatory, with the government linking a range of services, including access to bank accounts and income tax filing, to Aadhar.
Critics have argued that the ID system violates the privacy of citizens and that biometric data is unsafe in the absence of a data protection law. They said the latest breach was an example of what could go wrong.
The Unique Identification Authority of India, however, said the biometric data remained safe. In a statement on Sunday, it called the breach an "act of unauthorised access".
"This is a case in which even though there was no breach of Aadhaar biometric database, because UIDAI takes every criminal violation seriously, it is for the act of unauthorised access, criminal proceedings have been initiated," it said.
The mandatory linking of Aadhaar to services has also been contentious. A case is currently pending in the Supreme Court over the government's decision to make it compulsory to link one's Aadhaar number to income tax returns.
Issues of privacy are also being argued in court over the case.
Social activist Nikhil Dey noted that the current episode highlighted the problems in the system.
"It shows how little control there is over the data. This was information available under a login," said Mr Dey.
The Editors' Guild, a top editors' body, noted: "UIDAI should have ordered a thorough internal investigation into the alleged breach and made its findings public."
