Amendments They recently announced a new two–layer

Amendments
to the Aadhaar Law:
With
the Government of India pushing for the Aadhaar Card connectivity to
the services regularly accessed by each citizen of India, it is
important not to jeopardize the personal information of each citizen
and handle it carefully. After several minor incidents of data leak
and
recently a news report about massive data leak
(https://thewire.in/210497/data-breach-aadhaar-details-grabs-just-rs-500/),
UIDAI came up with some new features to try to secure Aadhaar data
information of each citizen and
avoid a major crisis when the scheme goes into full operation past
31st
March,2018.
They
recently announced a new two–layer security system to protect the
citizen’s private data. To begin with, UIDAI introduced a
temporary 16–digit, randomly generated number that each Aadhaar
holder can use for authentication along with their fingerprint
instead of providing their Aadhaar number to the service lender.
Through this Virtual
ID, only limited information like Name, Address and photograph will
be given to an authorized agency, say a mobile company, for lending
their services as per requested by the individual. As
an additional security measure, the authorized agency will not be
allowed to generate the Virtual ID on behalf of the Aadhaar holders.
Hence, this will reduce the cumulation of Aadhaar data by various
agencies. This feature will come into action on 1st
March,2018 and will become mandatory from 1st
June,2018 for all agencies that endeavor authentication to accept
the Virtual ID from their users, failing
to which they will face financial hardships.
Also, UIDAI introduced
the concept of “Limited KYC” under which only the needed or
limited details of a user will be disclosed to authorized agencies.
Under
this “Limited KYC” system, these agencies will be provided with
an agency–specific unique ID through which they will be able to do
their own KYC without banking or Aadhaar details, meaning that the
agencies will identify each individual user with token and thus
there will not be any need for accumulating their Aadhaar data. In
a recent online survey conducted
by LocalCircles, just
23% people said they were “quite confident” that their Aadhaar
data could be safeguarded by UIDAI. A majority 52% feared that their
Aadhaar data may not be safe from abuse by hackers and information
sellers. The survey, which received some 15,000 votes, also revealed
that the public favours
restricted access to biometric data. About 43% believe only name and
address is enough for e–KYC. The
recent recommendations are a start, but the Government and
UIDAI should
work together with world’s highly respected security analysts to
come up with strong laws regarding the Aadhaar project to safeguard
it from hackers and other potential threats.