UIDAI will issue 16-digit virtual ID to secure Aadhaar privacy

The Unique Identification Authority of India (UIDAI) has brushed off claims of these pressing Aadhaar security loopholes as "fake news".

Their main point of contention is that the UIDAI which is mandated to issue 12-digit random number as Unique Identity - Aadhaar to all the citizens of India, "is trying to rectify technical breach by its untested technology".

From June 1, 2018 it will be compulsory for all agencies that undertake authentication to accept the Virtual ID from their users. "I am clueless about how it is going to help or how it will work in rural areas", he said.

A temporary number or the Virtual ID will be used instead of original Aadhaar numbers for authentication and know-your-customer (KYC). While only one VID per Aadhaar number will be valid at a time, users can revoke and generate new VIDs as many times as desired. "No one else including the authentication agency can generate this VID on behalf of Aadhaar holder", the UIDAI explained. "The concept is attractive, but the devil is in the details", observed Pavan Duggal, cyberlaw expert, adding that the new system does not address those who have already gained unauthorised access to Aadhaar numbers.

"We can confirm that the UIDAI had permitted Bharti Airtel to continue Aadhaar based e-KYC till March 31, 2018, subject to compliance to guidelines laid down by the authority", a Bharti Airtel spokesman said in a written response to ET's queries Thursday.

UIDAI has been under the scanner over the past few months over allegations of access of personal information by random entities without the consent of individual Aadhaar holders. So most people's Aadhaar numbers are probably available in the open. It will not be possible to find an Aadhaar number by using the Virtual ID.

Aadhaar was challenged legally in Supreme Court, to prevent misuse of the Aadhaar number and linked details.

Considering the problems specifically faced by NRIs, senior citizens, handicapped people or even those whose fingerprints have worn out, DoT's December notification explained in detail the strict protocol that has to be followed while doing the verification for NRIs, senior citizens and resident Indians who do not have Aadhaar or if their mobile number is not registered in the UIDAI database. For one, the fact that UIDAI has introduced virtual ID is in itself as candid an admission of Aadhaar's severe security flaws, exposed by global tech expert Troy Hunt in a recent lengthy write-up. It will not reveal any of the user's Aadhaar details.

"The Aadhaar-issuing body, however, has said that it will reserve the right to determine what demographic fields need to be shared with the Local AUAs in addition to the UID Token depending upon its need".