World

Virtual ID(VID) to Protect the Privacy of Your Aadhaar Details

Virtual ID(VID) to Protect the Privacy of Your Aadhaar Details

In public, for authentication purposes only the virtual ID will be used.

After Prasad's clarification, the UIDAI also said it is committed to the freedom of the press and will approach the newspaper and its reporter for cooperation in the investigation of alleged data breach. So, unless the latter is stored in the smart card, people may continue to use their Aadhaar numbers, he explains.

The government has been very persistent in pushing Aadhaar as the primary government ID and also in assuring that the system is very safe.

Instead, a random 16-digit Virtual ID number would be generated and could be used in lieu of Aadhaar with the authorised agency like banks and telecom service providers.

The "Virtual ID" will be made compulsory for all agencies undertaking authentication from June 1, 2018.

This Limited KYC service provides an "agency specific unique UID token to eliminate many agencies storing Aadhaar Number, while still uniquely identifying their customers and enabling their own paperless KYC". For one, the fact that UIDAI has introduced virtual ID is in itself as candid an admission of Aadhaar's severe security flaws, exposed by global tech expert Troy Hunt in a recent lengthy write-up.




Mr. Jonnalagadda added that Authentication User Agencies (AUAs) categorised as "global AUAs" by the UIDAI will be exempted from using the virtual IDs. According to an official, the agencies had been provided enough time to migrate to the new system by updating the system needed to offer the additional option of Virtual IDs to users. This, UIDAI hopes, will ensure that no one, except the holder, can access the person's Aadhaar number.

Once the new system starts, people will be able to generate their Virtual ID from the website that is run by the UIDAI, Aadhaar enrolment center and the Aadhaar application on their mobile phone.

UIDAI has been under the radar of various media agencies for some time now.

While granting the temporary reprieve to Airtel in December, UIDAI had instructed the firm to use the e-KYC and authentication service only for the objective of re-verification and issuance of SIM cards and not for obtaining consent of the Aadhaar holder for opening bank accounts, wallets, DTH or any other goods or services. The idea is to minimise sharing of the actual Aadhaar number or demographic information.

Following the reports, the UIDAI also filed a case against the news agency - The Tribune. Hence the deadline for linking Aadhaar with essential facilities has been repeatedly getting postponed.

The UIDAI, while suspending the e-KYC licence, had reportedly imposed a fine of Rs 2.5 crore on Airtel Payments Bank. That remains suspended till final enquiry and audit (here and here).