You are here: Home » Economy & Policy » News
Business Standard

UIDAI introduces 16-digit 'Virtual ID', limited KYC for Aadhaar holders

Seen as dual move to address privacy and security concerns over sharing of Aadhaar details

Kiran Rathee  |  New Delhi 

3,500 state, central schemes worth Rs 6 lakh cr to come under DBT soon

As it looks to address concerns regarding privacy of data, the Unique Identification Authority of India (UIDAI) has introduced a concept of ‘Virtual ID’, which is a temporary number that can be generated by users for the purpose of verification and authentication. The has taken a slew of measures to safeguard the privacy of citizens, primarily after reports emerged that data can be accessed by unauthorised means. The 'Virtual ID', which will be mapped with the number, can be shared with authorities to authenticate identity for availing various services and it will provide users an option of not sharing their number. The ID will be a temporary, revocable 16-digit number that can be shared with agencies like a telecom operator, for verification of identity. The 'Virtual ID' along with biometrics will furnish limited details like names, addresses, and photographs to the agency concerned for verification. However, experts feel that though the intention of the government is good, it has to be seen what security parameters are put in place to safeguard the 'Virtual ID'. According to senior cyber lawyer Pavan Duggal, cybersecurity was not introduced at the start by the and that is why there have been so many cases regarding data breach. Also, he said people have become increasingly concerned about privacy and consequently, the had come up with the concept of a 'Virtual ID'. “However, the needs to define the security parameters and how it will ensure privacy. As the is not covered by the Act and the Information Technology Act, the government needs to amend the law.

Technical cybersecurity parameters also need to be defined in detail,” he added. Duggal also highlighted that the 'Virtual ID' could be misused by cybercriminals as they could create fake IDs based on the number, therefore, a holistic approach was required to be adopted by the government. “The concept is nice but the devil is in the detail,” he added.

PLUGGING LEAKS * Users can go to the website to generate their virtual ID, which will be valid for a defined period of time, or till the user decides to change it * They can give this to service agencies along with the fingerprint at the time of authentication * Since the system-generated temporary, revocable 16-digit will be mapped to an individual’s number itself at the back-end, it will do away with the need for the user to share number for authentication * It will also reduce collection of numbers by agencies * The will be releasing necessary APIs (application programming interface) by March 1 and all agencies have been directed to make the necessary changes for the use of virtual ID, UID token, and limited to start using the new system by June 1
The has to define the technical details as well as the time frame for which the can remain active. The authority has only said a user can generate as many 'Virtual IDs' as he or she wants but it is yet to define the time frame. The has also introduced the concept of ‘limited know-your-customer (KYC)’ under which it will only provide need-based or limited details of a user to an authorised agency that is providing a particular service. The said it would start accepting the 'Virtual ID' from March 1 and from June 1, 2018, it would be compulsory for all agencies that undertake authentication to accept the 'Virtual ID' from users. Agencies that do not migrate to the new system to offer this additional option to their users by the stipulated deadline will face financial disincentives. “An number-holder can use the 'Virtual ID' in lieu of the number whenever authentication or services are performed. Authentication may be performed using the 'Virtual ID' in a manner similar to using the number,” a notification said. According to the UIDAI, agencies that undertake authentication will not be allowed to generate the 'Virtual ID' on behalf of the holder. As many as 1.19 billion biometric identifiers have been issued so far and is required as identity proof by various government and non-government entities.

First Published: Thu, January 11 2018. 02:43 IST
RECOMMENDED FOR YOU