Temporary 16-Digit Virtual ID To Secure Aadhaar Data Privacy: 10 Points
The Virtual Aadhaar ID system is aimed at minimising instances of leak, and misuse of Aadhaar numbers and enhancing privacy of the 119 crore people issued the identification number.
NEW DELHI: People can share a randomly-generated 16-digit temporary number instead of their Aadhaar number starting from March-end to authenticate their identity for various services. The UIDAI – the authority that runs the government’s Aadhaar programme – said today the initiative, which is aimed at minimising instances of leak and misuse of Aadhaar numbers, would enhance privacy of the 119 crore people issued the identification number. The UIDAI, which had been working on the “Virtual ID” for months, made the announcement at a time privacy concerns around Aadhaar peaked after a newspaper expose on unauthorised access of its database earlier this month.
Here are the 10 points on this story:
- The UIDAI will release the necessary software by 1 March. All agencies that are registered to authenticate identities are required to start shifting to the new system by 28 March. By 1 June, all these agencies have to fully migrate to the new system or risk losing their registration and fines.
- Once the new system kicks in, people will be able to generate their Virtual ID from the website run by the Unique Identification Authority or UIDAI, Aadhaar enrolment centre and the Aadhaar application on their mobile phone. This will be a 16-digit number and will be valid only for a limited duration.
- This 16-digit number can be provided by people for various services, say at airline or railway counters once it is made mandatory, instead of revealing their Aadhaar number. This 16-digit number will be transmitted to Aadhaar servers which will link the token to the individual’s Aadhaar number and confirm the person’s identity.
- If a person forgets the Virtual ID number issued, he or she retrieve the number or generate a new one. The older ID gets automatically cancelled once a fresh one is generated.
- The announcement comes amid concerns of privacy concerns after a newspaper bought login credentials to access details of individuals on feeding the Aadhaar number.
- In a rare move, Wednesday’s circular recognised concerns around multiple agencies storing Aadhaar number of their customers. “While it is important to ensure that Aadhaar number holders can use their identity information to avail many products and services, the collection and storage of Aadhaar numbers by various entities has heightened privacy concerns,” the order said.
- In this context, the Unique Identification Authority, or UIDAI, decided to restrict most private firms from retaining Aadhaar numbers of their customers or others.
- The Aadhaar authority has introduced the concept of global authentication agencies, mostly government bodies, which will have access to e-Know Your Customer (e-KYC) information about people who avail their services. They can store Aadhaar number in their system.
- Every other agency would be classified as local authentication agency and would be prohibited from storing Aadhaar numbers in their database.
- This is an important shift in the UIDAI’s approach. Non-government technology research groups such as Centre for Internet and Society’s executive director Sunil Abraham, who had been pushing for introducing Virtual IDs, had faulted the UIDAI architecture for being too trusting of the KYC user agencies and called for safeguards.