Security researcher Srinivas Kodali has reported another leak of Aadhaar numbers, this time, of school going children, along with details of their school, class, medium (language) and date of birth.

Security researcher Srinivas Kodali has reported several leaks of data in the past. Notably the leak of over 130 million Aadhaar linked details last year and the leaks of surveillance enabling data and data of MNREGA workers this week.

This isn’t the first time that government websites have leaked data of citizens. Srinivas Kodali has also reported a leak of 500,000 to 600,000 Aadhaar details of children by a Telangana Government website last year.

The government has repeatedly denied leaks and breaches of Aadhaar data, including in replies to direct questions in the Parliament:

As on date, no incident of data breach has been reported from Central Identities Data Repository (CIDR) of Unique Identification Authority of India (UIDAI).

MediaNama’s take

Children in India are legally not able to consent, and making the providing of Aadhaar mandatory in schools forces enrollment with the “consent” of the guardian. However, in reality the parent or guardian has no choice but to get the Aadhaar made, so the consent is illusory. This had been a point of argument by petitioners in the constitutional challenge to Aadhaar being heard by a 5 judge bench in the Supreme Court of India.

Leaks of information of this sort further compromise the privacy of children and can make them vulnerable to criminals who can use such information to gain their trust. Children, for example are usually taught to not trust strangers, but if the stranger knows their school, class, and even their birth date, perhaps the names of some friends and challenges them to recognize them?

There is increasing aggregation of data of children due to Aadhaar. An example is the Government of Haryana recording not just the names and Aadhaars of students, but their religions, castes, parents names and Aadhaar, their occupations, income and more.

Additionally, the usual problems with data leaks apply. Insecure websites making confidential data public, lack of appropriate reporting mechanisms and ongoing government denials and lack of engagement on the seriousness of breaches of privacy caused due to inefficient government websites as well as government policies that force citizens to give up their information.