Virtual Aadhaar ID: too little, too late?

Joanna Estrada
January 14, 2018

The Unique Identification Authority of India (UIDAI) on Wednesday announced a new two-layer system to strengthen the security of Aadhaar number holders which would do away with the need to share the unique ID for verification purposes.

Taking to his Twitter handle Chidambaram said, "Under compulsion, millions of persons have already shared Aadhaar number with many service providers". For one, the fact that UIDAI has introduced virtual ID is in itself as candid an admission of Aadhaar's severe security flaws, exposed by global tech expert Troy Hunt in a recent lengthy write-up.

A newspaper report had recently brought to the fore alleged Aadhaar data breach.

Till now, Aadhaar number was necessary for verification or e-KYC for using various benefits and services from banks, telcos and other service providers.

The Virtual ID will give the users the option of not sharing their Aadhaar number at the time of authentication. The move comes in as UIDAI expects that it will ensure that no one, except the holder, can access the person's Aadhaar number. It will be revocable number mapped with your Aadhaar number. Afterwards, a new one is generated, the old one will automatically become redundant.

- A "Virtual ID" (VID) can only be generated by the Aadhaar number holder.

While India's top court is yet to give its final verdict on a petition challenging the Aadhar, an English language daily on January 3 published a story claiming it took less than $10 and 10 minutes to access through a middleman every detail of citizens enrolled in the Aadhar program - a claim strongly contested by the Government.

At the same time, UIDAI has introduced the concept of a limited KYC category which does not access the Aadhaar number.

"If virtual IDs are made mandatory (and they aren't) that would address the privacy concern of multiple private entities being able to create detailed profiles of you by using your Aadhaar number. Someone else could be given access to the name and address and another agency, the photograph too".

Further referring to FIR filed in the Tribune case, he said negative views on Aadhaar will have negative reactions and hence, it would be better for people to have a constructive view on it. The complete statement from UIDAI is available here. Subsequently, UIDAI temporarily barred Airtel and its payments bank service from using Aadhaar to verify users.

An Airtel spokesperson, in an email response, said: "We can confirm that the UIDAI has permitted Bharti Airtel to continue Aadhaar based e-KYC till March 31, 2018, subject to compliance to guidelines laid down by the authority".

To avoid a similar fiasco, the UIDAI last month directed banks to seek an explicit consent of the beneficiary before changing the account to which government subsidies are remitted. That remains suspended till final enquiry and audit (here and here).

Other reports by Click Lancashire

Discuss This Article