Aadhaar adds new security layer with 16-digit 'Virtual ID'


This, UIDAI said, will reduce the collection of Aadhaar numbers by various agencies.

The opponents including Petitioners on Aadhaar are of the view that "Virtual ID" concept is "untested and unworkable". "I am clueless about how it is going to help or how it will work in rural areas", he said.

The linchpin of the new protocol will be the virtual ID (VID) - a "temporary, revocable 16-digit random number" that can be used instead of Aadhaar to verify or link services. Aadhaar number holders can generate this from the official website and use it in place of original Aadhaar number.

The UIDAI - the authority which runs the government's Aadhaar program - stated that the initiative is aimed at minimising instances of leak and misuse of Aadhaar numbers that will be also going to enhance the privacy of the 119 crore people afterward the identification number will be issued. One can select to use the Virtual ID as many times as one wants, or keep generating a new one every time you have to share your unique ID.

However, more than that, Aadhaar critics, particularly the tech website Medianama, have challenged the assertion that the introduction of VID and limited KYC would plug the gaping hole in Aadhaar's problematic security system.

More news: Oprah 'may' run for president
More news: Raiders report card: Last marks for Jack Del Rio and Co
More news: Former world champ Khan to return to ring

The report shows how Nilekani's personal information is still available online, and that the man steering the UIDAI ship was himself unaware of the vast breach of his own confidential information that had occurred when he posted the picture of his Aadhaar card, with the QR code intact. Only the Aadhaar number holder can generate the VID.

"The attitude of the government and the UIDAI is evident from the fact that a case has been registered against The Tribune and its reporter for breach of security of Aadhaar". This is an effort to curb the number of people who will have access to the Aadhaar number. Only Global AUAs will have access to e-KYC with Aadhaar number, while all other agencies will only have access to "Limited KYC".

While VID allows individuals to avoid sharing their Aadhaar number, UIDAI recognised that storage of Aadhaar numbers within various public and private databases-as proof of identity to avail of services/benefit-also needed to be further regulated. "It is not possible to derive Aadhaar number from Virtual ID", a circular issued by UIDAI said.

"And at that time, it was felt that let us first give Aadhaar number, let us see how it plays out and then, at an appropriate time, this will be introduced", he said. The complete statement from UIDAI is available here. The latest security breach was exposed by The Tribune, where Aadhaar details could be bought on WhatsApp for just Rs 500. On March 11, it was reported that UIDAI was allowing Airtel to continue Aadhaar-based e-KYC verification of telecom subscribers till March 31, but has not withdrawn the current eKYC licence suspension order on its banking arm.

Following its suspension, Airtel Payments Bank had launched a probe, wherein it was observed that some retailers, who were also acting as designated banking points, had not informed customers about savings account opening and direct benefit transfer (DBT) receipts in an upfront manner. That remains suspended till final enquiry and audit (here and here).