Trai chairman RS Sharma's unseemly act of revealing his Aadhaar number has had one unintended benefit. It has foregrounded the project's mission creep. From being a justified pan-India identifier that would serve as a tool to improve the welfare system, it has evolved into a de facto requirement in a lot of private transactions. This process has downsides. To cite just one example, police in New Delhi recently unearthed an insurance fraud which had its origins in unauthorised collection of Aadhaar demographic details in a mobile phone shop. Aadhaar related legislation disallows public sharing of details to prevent misuse of demo-graphic data. Aadhaar encapsulates demographic and biometric identifiers. UIDAI has said that the biometric identifiers have not been breached. However, unauthorised use of demo graphic identifiers, which the BN Srikrishna data protection report says has happened in several instances, poses problems. One of the reasons UIDAI discourages public sharing of Aadhaar number is that it opens the door to 360 degree profiling. This doesn't need a breach at UIDAI. Weak security protocols at private organisations can open the door to hackers who wish to profile an individual. This is a significant problem because Aadhaar has become a de facto requirement and other identifiers are often not accepted even in transactions unrelated to subsidies. UIDAI has belatedly tried to deal with this situation by introducing virtual IDs. However, this step is inadequate. It is essential to go back to the original mandate where Aadhaar was meant to be a tool to improve the efficacy of the welfare system. It should remain an optional identifier in other transactions. While Aadhaar is a useful addition to the existing basket of identifiers, the best way to realise its potential is by sticking to the spirit of the original mandate. The highlight of the US