While the legal battle on Aadhaar continues full-fledged in the Supreme Court, the UIDAI (Unique Identification Authority of India) has decided to allow virtual IDs as valid authentication for mobile service users. The virtual ID feature will be enabled on the UIDAI website from July 1 and people can use it to get a new SIM card or to re-verify an existing connection.
At present, other valid authentication options for mobile service users are rental agreements and bank passbooks, based on a limited know-your-customer (KYC) concept, where only the information required for authentication is shared with an agency and not the full details or the Aadhaar number.
In a report, ET cited a notice by the telecom department to telcos dated June 12 as stating, “All licensees shall implement the changes proposed by the UIDAI regarding use of virtual ID as an alternative to Aadhaar number, UID tokens, and limited KYC concept in their systems, networks subject to adherence of existing Aadhaar based e-KYC processes for issuing new mobile connection to subscribers and re-verification of existing mobile subscribers.”
In March, the department of telecommunication (DoT) had extended the deadline for re-verifying mobile numbers through Aadhaar until the Supreme Court decides on its validity and an enabling law.
At the time, the government had clarified that Aadhaar was not mandatory for issuing new SIMs.
“After implementation of such changes in Aadhaar ecosystem, licensees shall give the option to the subscriber of feeding either Aadhaar number or virtual ID as per his/her choice,” the DoT said in the notice.
Further, the telecom department has asked telcos to replace the Aadhaar numbers of existing subscribers with UID tokens as a one-time measure.
What Is Virtual ID For Aadhaar?
In January, the UIDAI had launched a two-layered safety net feature to avoid data breaches. This consists of a 16-digit Virtual ID and limited know-your-customer (KYC) for Aadhaar number holders.
Later, in April, the UIDAI introduced the beta version of the virtual ID feature, wherein residents can go to the UIDAI website and generate a VID number, which service providers will soon start accepting.
Also, recently reports surfaced that the UIDAI has imposed restrictions on digital payment companies accessing its database by classifying them as local authentication user agencies and citing concerns over their security systems.
The UIDAI has segregated authentication user agencies (AUAs) into two — local AUAs, which can access limited information, and global AUAs, which can access the complete information in the repository. Global AUAs cover banks while all payment companies and other entities in the authentication business fall under local AUAs.
With the virtual ID, there will be no need to share the real unique identification number at the time of authentication. Instead, a randomly generated 16-digit code will be shared with the agency every time. This ID, along with the biometrics of the user like the name, address, and photograph can provide the necessary details to the concerned agency, which won’t be able to track the actual unique identification number of the user.
A user can generate multiple virtual IDs as per his/her need.
The limited KYC feature will provide the agencies with only the essential details, thus avoiding the chance to track and store a user’s Aadhaar number.
As stated by the UIDAI in a media statement, “Agencies that undertake authentication would not be allowed to generate the Virtual ID on behalf of Aadhaar holder.”
The UIDAI has been in a full-drawn battle in the Supreme Court to defend the Aadhaar system, claiming there are 13ft high and 5ft thick walls protecting Aadhaar data, which continues to witness major leaks. The implementation of Virtual ID for user authentication might be the first real solution to address the security concerns of Aadhaar.