A public online dashboard on a website maintained by the Andhra Pradesh government allows anyone with an internet connection to use "religion" or "caste" as a search criterion to identify the homes of 5,166,698 families in 13 districts in Andhra Pradesh. The vulnerability was first spotted by Srinivas Kodali, a security researcher.
HuffPost India is not revealing the website to protect the privacy of those listed in its database.
On using the dashboard, HuffPost India found the precise latitude and longitude of homes inhabited by Muslim families, Dalit families, Hindu homes and even Zorastrian families. When HuffPost India checked back on the database, the number of families enrolled had increased, suggesting the database continually updated and the privacy implications are growing every hour. HuffPost India is not publishing the exact numbers, as this is sensitive information.
The dashboard uses Aadhaar numbers as a unique identifier to compile detailed information about beneficiaries of a widely-promoted government subsidy programme.
The Andhra Pradesh case illustrates that the real value of Aadhaar for state governments is not biometric authentication, as is commonly assumed, but rather the Aadhaar number itself. And the real risk to citizen privacy isn't the security of UIDAI's biometric database, but the relentless, and unsecured, seeding of Aadhaar numbers into every single database including income tax, property records, bank loans, phones, bank accounts, and beneficiary records.
Aadhaar-seeding, privacy advocates say, showcases the ability of using Aadhaar to create giant, detailed, searchable citizen databases and confirms their worst fears about how India's big-data governance revolution can be subverted to target vulnerable citizens.
"Creating public, searchable, digital profiles of minorities makes them potential targets of attack," said Kavita Srivastava, who has investigated scores of communal riots as National Secretary of the People's...