Government is planning to add security layer to your Aadhaar
MUMBAI: Amid the privacy and protection concerns voiced by various groups, the top team of Unique Identification Authority of India (UIDAI) is exploring the possibility of introducing dummy numbers that would add an extra layer of security to every Aadhaar cardholder.Such a framework would require an individual to share dummy or pseudo numbers — and not the real Aadhaar number — to government agencies, private utilities, banks and while withdrawing money from ATMs or moving funds from one bank account to another under the Aadhaar-enabled payment system. Besides the cardholder, the original Aadhaar number would be known only to UIDAI. Two senior persons in the industry told ET that the concept has been discussed at senior levels in UIDAI but is yet to be finalised.
No details yet
The creation of dummy numbers and the frequency at which it can be generated and used would depend on the design architecture of the system.
“It may not help if a permanent dummy number is given against every Aadhaar number. The primary job of Aadhaar is authentication — to ensure whether the right person is using the services. So, if there can be a dynamic system where an individual authenticates with the electricity company using one dummy number, with the telephone company using another dummy number, and generates new dummy numbers for monetary transactions like one time passwords (OTPs), then there is no one Aadhaar number that can be traced back to the person. And, in the absence of a single number, it is very difficult to misuse Aadhaar to track someone’s personal data,” said a person familiar with the concept.
However, there are no details available on UIDAI’s final stand on such a proposal — whether and in what form it could be brought in. Ajay Bhushan Pandey, chief executive of UIDAI, did not respond to texts, WhatsApp messages, and phone calls.“It may be useful from the point of data security. But one has to think how convenient is the use of dummy numbers for various kinds of users,” said another person.
UIDAI, a statutory authority, is responsible for Aadhaar enrolment and authentication, issuance of Aadhaar numbers as well as ensuring the security of identity information and authentication records of individuals. Its measures on data protection and development of new standards on technologies like Aadhaar-Pay are ongoing.
The organization, however, currently finds itself in a situation where the provisions of the very law (Aadhaar Act 2016) under which it was established has been challenged in the country’s highest court of law.
Toeing the government directive, banks, utilities and credit card issuers are repeatedly asking customers to link their Aadhaar details to respective accounts by 31 December 2017, failing which services would be discontinued. Critics of Aadhaar are resisting such coercion to link Aadhaar with multiple service providers. They are hoping that some of these rules may change after the Supreme Court ruling. The apex court hearing on the Aadhaar case is scheduled to begin on November 28.