www.shre.co.in
The Indian Government has laid down a new set of rules to ensure data security and privacy for the Aadhaar Project. Aadhaar is the national biometric project launched in 2010 by the Government of India.
The Unique Identification Authority of India (UIDAI), under five new norms, will set up an online system for an Aadhaar number holder to “lock” his biometrics for a specific duration or permanently. The user can also unlock it temporarily when needed for biometric authentication.
Also, under the new norms, an individual with an Aadhaar number will have permission from the Government authorities to access his authentication records online. These records would facilitate the information along the lines of usage of Aadhaar.
To further secure online payments via Aadhaar, users can also opt for ‘multi-factor authentication’, wherein the combination of fingerprint and iris scan with One Time Password (OTP) would further strengthen the platform against fraud.
According to Ajay Bhushan Pandey, CEO, UIDAI, “The most important regulation is that any agency requiring an individual to furnish Aadhaar to get a service will ensure his enrolment for one, in case he does not have an Aadhaar. This takes care of the concern that people without Aadhaar risk losing out on benefits or that people without an Aadhaar will have to run around to get one to get a service. Now, the responsibility has been cast on the agency to provide Aadhaar.”
The regulatory organisation, UIDAI also plans to install a system of audits which will facilitate the auditing process of all the citizens via an agency to determine their rightful usage.
Pandey stated that around 37,000 enrollment centres of UIDAI are operational around India to provide an Aadhaar. Now all agencies providing Aadhaar-based services – like Ministries, states and private entities – can also become UIDAI Registrars to dole out Aadhaar at their own level.
“If a person claims wrongly before the agency that he does not have an Aadhaar to procure a service, his immediate Aadhaar enrolment will expose the lie. So it addresses concerns of both sides,” he added.
In accordance with these new norms, citizens will also be enabled to share a digitally signed e-KYC with banks or other agencies which accept Aadhaar-based KYC, instead of keeping a physical copy of Aadhaar while performing transactions.
Commenting upon the new regulations, an official of UIDAI said, “By opening up a person’s authentication history to him, the system will be much more secure. It will be a statement of sorts so that there is no confusion. If a person didn’t consent to any transaction, he has the ability to go back and check for it.”
In another development, under the new regime of Aadhaar-based transactions, tech-based companies like Apple and Google have been reportedly approached by the Government to make their phones and operating systems synced with Indian registration, encryption, and security technology.
In order to initiate discussions with these organisations, Government officials invited executives from companies including Apple Inc., Microsoft Corp., Samsung Electronics Co. and Alphabet Inc’s Google. The Government asked the attendees to embed Aadhaar’s encryption into their technology.
Convener of the meeting, Ajay Bhushan Pandey, stated that the industry representatives listened politely and were non-committal. The Government, on the other hand, had a very decisive front and told the companies, “Go to your headquarters and work this out so that we can have Aadhaar-registered devices.”
Under this new scheme, Indian citizens will still log into their smartphones using the manufacturer’s biometric authentication. But once their systems are embedded with Aadhaar encryptions, manufacturing companies will lose their hold over the ability to track users online. This will then lead to their inability to use that data for advertising or other purposes.
Earlier this week, Noida-based ecommerce platform, Paytm introduced Aadhaar-based eKYC (E-Know Your Customer) to make customer verification a real-time, paperless process.
The Indian Railways has also mandated the use of Aadhaar card for booking train tickets throughout the country. Users will now have to link their Aadhaar cards to the IRCTC.
This development was first reported in ET.
