Moneycontrol
you are here: HomeNewsIndia
Last Updated : Jan 10, 2018 09:17 PM IST | Source: Moneycontrol.com

UIDAI introduces 'Virtual ID' to address privacy concerns

The move aims to strengthen the privacy and security of Aadhaar data.

In an attempt to address security and privacy concerns around leakage of Aadhaar numbers and data, the Unique Identification Authority of India on Wednesday introduced two new measures - virtual ID and limited KYC.

The virtual identity or virtual ID will be a random 16-digit number mapped to the Aadhaar number of a citizen, and will come with an expiration date.

The VID will not be duplicable by agencies performing authentication of Aadhaar number, and hence will ensure safety of the Aadhaar number.

According to a statement by UIDAI, which administers Aadhaar, the VID can be generated and revoked only by the Aadhaar number holder through channels such as the Aadhaar portal and the mAadhaar mobile app. The older VID gets canceled each time the Aadhaar number holder issues a new one.

The issue of privacy of citizen data has picked up steam in the last week after The Tribune reported that an anonymous WhatsApp number was selling access to the entire Aadhaar database for as low as Rs 500.

The UIDAI has further introduced limited KYC (know your customer) process wherein only some entities, categorised as global authentication user agency (global AUA) will be allowed to store a citizen's Aadhaar number, while others, known as local AUAs will not be allowed to store Aadhaar numbers.

These agencies will be given a UIDAI token specific to them, to enable them to uniquely identify their customers.

The UID token, a unique character for system usage, will be unique to every authentication request made by a global or local AUA.

Currently, every agency that uses Aadhaar for KYC authenticates a user and often stores a person's Aadhaar number.

In the absence of strong data protection and privacy laws, the issue of what can be done with stored citizen information is a grey area.

The new measures do not specify what happens to the Aadhaar numbers that have already been stored by public or private entities. It also does not mention which AUAs would qualify as global or local.

 
First Published on Jan 10, 2018 04:45 pm
Loading...
Sections
Follow us on
Available On