Amid privacy concerns linked to the Aadhaar project, the Unique Identification Authority of India aka UIDAI has launched a two-layered safety net feature to avoid data breaches. This consists of a 16 digit Virtual ID and limited know-your-customer (KYC) for Aadhaar number holders.
Reportedly, the changes will come into effect from March 2018 and all agencies will have to adapt to the new authentication system by June 2018.
The basic concerns around Aadhaar were raised around the right to privacy and security of data. With the virtual ID, now the Indian citizens will not have to share the real Aadhaar number at the time of authentication. Instead, a randomly generated 16-digit code will be shared with the agency every time. This ID along with biometrics of the user, like name, address, and photographs, can provide the necessary details to the concerned agency, without being able to track the actual Aadhaar number of the user.
A user can generate multiple virtual IDs as per the need. The older IDs will get cancelled once a fresh ID is issued to the user. Since the virtual ID would get mapped to individual’s aadhar number, the need to share original aadhar number would be done away.
Further, the limited KYC will provide the agencies only the required details, thus avoiding the chance to track and store a user’s Aadhaar number. Agencies can do their own KYC and will identify users with ‘tokens’. Also, as stated by UIDAI in a media statement, “agencies that undertake authentication would not be allowed to generate the Virtual ID on behalf of Aadhaar holder.”
Reportedly, agencies which will not adhere to the new authentication system will have to face “financial disincentives”. They may even face discontinuation of authentications services.
Aadhaar: The String Of Controversies
The immediate measure by UIDAI to improve the security layers in Aadhar project comes days after a newspaper report in The Tribune claimed a major breach in Aadhaar database. The report had stirred the debate over the safety of personal data collected via Aadhaar. Following the report, another media house The Quint also found wide-scale data breach at several level in its separate investigation. The investigation report claimed that any random person could not only have access but become admins of the official Aadhaar database. Another independent investigation conducted by India Today has revealed the involvement of agents of enrollment agencies in Aadhar data breach.
Responding aggressively to the report of The Tribune, UIDAI has denied any possibility of the data breach in the Aadhaar model and registered an FIR against the reporting journalist. However, the editors guild has come in support of the reporter and condemned the action taken by UIDAI against the reporter. American whistleblower Edward Snowden in support of the reporter stated that the journalist deserves an award for her work, not a government probe.
With a database of over one billion Indians, Aadhaar is the largest biometric programme in the world. Earlier today, news also surfaced that around 20 countries have shown interest in developing the Aadhaar kind of identification system in their own territories. Also, the rate at which the Indian government is aligning Aadhar data with several agencies, the misuse of the information cannot be avoided. Thus, proper security checks at the preliminary level is the need of the hour.
[The development was reported by ET]