Context:

The Unique Identification Authority of India (UIDAI), which is facing criticism in the light of alleged data breaches, recently, announced a new method of identification called Virtual Identity

Introduction:

  • The Unique Identification Authority of India recently introduced the concept of a virtual ID that can be used in lieu of the Aadhaar number at the time of authentication, thus eliminating the need to share and store Aadhaar numbers.
  • It can be generated only by the Aadhaar number-holder via the UIDAI website, Aadhaar enrolment, or its mobile application.
  • The citizens will also have the choice for the reverse — which is to not generate their virtual IDs and continue using their Aadhaar numbers each time.
  • Even to the income tax department or other agencies required by law to map Aadhaar, people don’t have to give their Aadhaar number and can authenticate using the Virtual ID
  • It also limited the information visible to authentication agencies.
  • The citizens will also have the choice for the reverse — which is to not generate their virtual IDs and continue using their Aadhaar numbers each time.

What is virtual ID? 

  • Virtual ID, the 16-digit randomlygenerated number that people can share instead of their Aadhaar number
  • It is an extra layer of security to protect privacy of people and does not imply there were gaps in the existing security architecture.
  • Virtual ID can be used for authentication of individuals’ identity.
  • Virtual ID can be changed any number of times.
  • No documents or proof will be needed to generate a VID. But an Aadhaar number will be essential.

Rationale behind this move:

  • To address security concerns over Aadhaar database.
  • The measures are expected to strengthen privacy
  • The new VID system will hide the Aadhaar number from the authenticating agency, while still confirming the identity of the user.
  • These steps will ensure greater privacy and limit access to its database
  • Prevent profiling of people by combining dozens of databases linked to Aadhaar in the country.
  • Virtual ID would address this concern by giving people the option to generate a random number from a mobile application or the Unique Identification Authority’s website.
  • It will enable users to undergo Aadhaar authentication without having to furnish their 12-digit Unique Identity Number (UID), also known as Aadhaar number.
  • VID will be a temporary number that will be automatically revoked once the Aadhaar holder generates a new VID or after the validity of the current VID lapses
  • Only the Aadhaar holder would be able to generate a VID.
  • The new VID system will hide the Aadhaar number from the authenticating agency, while still confirming the identity of the user.
  • It also introduced what it described as a system of “Limited KYC” (Know Your Customer) to reduce the storage of Aadhaar numbers with the Authentication User Agencies (AUAs).

How will it be different from the Aadhaar number itself?

  • VID will be a 16-digit number, which will be temporary in nature.
  • Unlike the 12-digit Aadhaar number that is permanent, the VID will have a certain period of validity, at the end of which it will expire, and the user will have to generate a new one.
  • A VID will automatically expire when a user generates a new one, as there can only be one valid VID number against a particular Aadhaar number at any given point in time.
  • The VID can only be generated by the user in question and, according to UIDAI’s circular, it is not possible to “derive Aadhaar number from the VID”.
  • The VID cannot be used by agencies for duplication, and it cannot be generated by the Authentication User Agency (AUA) either.

How will VID help with Aadhaar-linking? Does this mean most agencies will no longer store your Aadhaar data?

  • UIDAI has also introduced a Limited KYC, which is supposed to allow “paperless” authentication, while ensuring at the same time that the Aadhaar database is not accessed.
  • But it appears that AUAs will be divided into two separate categories: “Global AUAs” and “Local AUAs”.
  • The Global AUAs will have complete access to the full eKYC (Aadhaar number), and will also be able to store Aadhaar numbers in their systems. This is something privacy activists have been cautioning against, because the number can used to reveal various other signifiers about an individual.
  • Local AUAs, on the other hand, will have “Limited KYC”, and will only get a UID token which they can use to identify customers.
  • According to the UIDAI, all agencies will need to set up the UID token system. However, Global AUAs will have the freedom to use the UID token as “per their need for authentication and database usage”,

What is Aadhaar?

  • The Aadhaar is the brand name of the Unique Identification Number that the Unique Identification Authority of India (UIDAI) issues to every resident of India.
  • It is a twelve digit number which is linked the resident’s demographic and biometric information
  • Each number relates to a set of information stored in a centralized database which aids in real time verification.

About UIDAI:

  • The Unique Identification Authority of India (UIDAI) is a statutory authority established under the provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services Act, 2016 (“Aadhaar Act 2016”)on 12 July 2016 by the Government of India, under the Ministry of Electronics and Information Technology (MeitY).
  • UIDAI was created with the objective to issue Unique Identification numbers (UID), named as “Aadhaar”, to all residents of India that is (a) robust enough to eliminate duplicate and fake identities, and (b) can be verified and authenticated in an easy, cost-effective way.
  • The UIDAI was established in 2009 and functions as part of the Planning Commission of India.
  • The agency issues cards with the help of several registrar agencies composed of state-owned entities and departments as well as public sector banks and entities such as the Life Insurance Corporation of India.
  • UIDAI works in consultation with the Registrar General of India, which is responsible for census data in India

Conclusion:

The move to introduce an “untested” virtual ID to address security concerns over Aadhaar database is a step in the right direction, but may be a case of too little, too late, according to experts, as many of the 119 crore Aadhaar holders have already shared their 12-digit numbers with various entities.

Unless all entitites are required to use virtual IDs or UID tokens, and are barred from storing Aadhaar numbers, the new measures won’t really help.

Print Friendly, PDF & Email

Did you like what you read?

Enter your email address below to get all our updates in your inbox the moment it is published. Once you enter your email address, you will be subscribed immediately.


We do not spam you, so you can easily unsubscribe anytime, by clicking on unsubscribe link in the email.