The Unique Identification Authority of India (UIDAI) yesterday announced a new two-layer system to strengthen security of Aadhaar number holders which would do away with the need to share the unique ID for verification purposes.
The move comes amid privacy concerns after a news report claimed a breach in the Aadhaar database.
Under the new system, at the user-end, the Aadhaar holder will have the choice not to share their Aadhaar number at the time of authentication. Instead, a random 16-digit virtual ID number would be generated and could be used in lieu of Aadhaar with authorised agencies including banks and telecom service providers.
“Virtual ID will be a temporary, revocable 16-digit random number mapped with the Aadhaar number. It is not possible to derive Aadhaar number from virtual ID,” UIDAI said in a statement.
At the agency-end, the UIDAI has introduced the concept of “Limited KYC” (Know Your Customer) which won’t return Aadhaar number but would only provide an “agency specific unique UID token to eliminate agencies storing Aadhaar numbers while still enabling their own paperless KYC”.
The move comes amid heightened concerns around the collection and storage of personal and demographic data of individuals after The Tribune reported it bought unrestricted access to details of over a billion Aadhaar numbers for just Rs500 and in 10 minutes.
However, people would have to wait till March 1 as the UIDAI would be releasing necessary applications for its implementation by that day, the statement said.
“And by June 1, all agencies would have to fully migrate to the new system.”
According to the statement, a virtual ID will be valid for a defined period of time and every time a new one gets generated by the user, the older one gets automatically cancelled.
“Aadhaar number being a permanent ID for life, there is a need to provide a mechanism to ensure its continued use by the Aadhaar number holder while optimally protecting the collection and storage of Aadhaar number itself in many databases,” the UIDAI said.
It added that while it is important to ensure that Aadhaar number holders can use their identity information to avail themselves of products and services, the collection and storage of Aadhaar numbers by various entities had heightened privacy concerns.
Last week, The Tribune report, widely shared on social media, claimed that it had got access through an “agent” to every detail of any individual submitted to the UIDAI including name, address, postal code, photo, phone number and e-mail and found in its investigation that unauthorised persons had gained access to people’s personal information.
Meanwhile, a survey of 15,000 people revealed that 52% of them were concerned about the ability of the government agencies in protecting their Aadhaar details.
The survey conducted by citizen engagement platform LocalCircles to find people’s take on the cyber security mechanism to protect their data said that 20% were “somewhat confident” while 23% were “quite confident” about UIDAI being able to protect their Aadhaar details from hackers and information sellers.
The second poll asked what the penalty should be for unauthorised access to Aadhaar details of masses by a citizen or an organisation, to which 14% supported a five-year jail term and 2% were in the favour of penalty of up to Rs10mn.
A majority of 77% said “both”.
Related Story