By Meghnad Bose
On Wednesday, the Unique Identification Authority of India (UIDAI) announced the introduction of Virtual IDs or VIDs – the latest of its damage control measures post reports of a data breach in the Aadhaar database emerging last week.
On Thursday morning, a tweet by UIDAI lent some clarity to what these Virtual IDs are expected to do. But we bet you’ve still got a thousand questions about it. So let’s get to answering them.
— Aadhaar (@UIDAI) January 11, 2018
What is this VID and how can you use it? Read on to find out.
All About the New ID From UID
1. UIDAI will implement the VID service by 1 March 2018.
2. Your Virtual ID will be a 16-digit, random system-generated number which can be used for authentication instead of your original Aadhaar number.
3. Your Virtual ID is linked to only YOUR Aadhaar number. At any point in time, there will only be one active and valid Virtual ID for an Aadhaar number.
4. If you’re not comfortable sharing your Aadhaar number with private agencies, services, and apps (for example, mobile wallets like PayTM), you can generate a Virtual ID from the UIDAI website, mAadhaar mobile app or Aadhaar enrolment centers.
5. After that, when you share your VID with the requisite agencies, they will only be able to see limited details of yours. For verification purposes, the only name, address, and photograph will be shared by UIDAI.
6. You can generate any number of new Virtual IDs with your Aadhaar number. But the moment you generate a new VID, the old one will get canceled and become invalid.
7. An Aadhaar cardholder can use their VID in lieu of the Aadhaar number whenever authentication or KYC services are performed.
8. All authentication service providers have to complete implementation of VID processes in their systems by 1 June 2018.
9. Disclaimer: Only Aadhaar cardholders can generate a Virtual ID.
— Aadhaar (@UIDAI) January 11, 2018
FAQs on the New Virtual IDs
Q. Is it compulsory for you to generate a Virtual ID?
A. No, it’s not. If you are comfortable sharing your 12-digit Aadhaar number with government and private agencies for authentication and KYC procedures, you are free to do so. It is OPTIONAL to generate and use a virtual ID. But given the security concerns regarding potential misuse of data, it is advisable and recommended that you generate and use a Virtual ID instead of sharing your Aadhaar number everywhere.
Q. Do you need to continue using the same Virtual ID?
A. You can choose to use the same Virtual ID as many times as you want, or keep generating a new VID every time you need to share it. In case the UIDAI sets a minimum validity period for one Virtual ID, the user would be able to generate a new VID only after that time period.
Q. Can an agency or company find out your Aadhaar number if they only have your Virtual ID?
A. No. According to the UIDAI, it will not be possible to locate an individual’s Aadhaar number by merely obtaining the Virtual ID.
Q. What if your personal data (like a photograph, mobile number, residential address, etc) has already been accessed by an unauthorized individual? Can the Virtual ID help you in that case?
A. No. The Virtual ID is a security feature that will be implemented from 1 March 2018. If your personal data on the Aadhaar database has already been accessed by an unauthorized individual, the Virtual ID cannot help you recover that. The VIDs are designed to limit the number of companies and agencies you have to share your Aadhaar number with henceforth.
Q. Why is a Virtual ID 16 digits long when your Aadhaar number is only 12 digits?
A. Multiple Virtual IDs can be generated on a single Aadhaar number (though only one Virtual ID will be valid at any given point in time). This means that the total number of possible 16-digit Virtual IDs needs to be far greater than the total number of possible 12-digit Aadhaar numbers. This is the probable explanation behind UIDAI choosing 16 digits as the length of each Virtual ID.
Timely Move or Too Late?
Former UIDAI Chairman and Aadhaar architect Nandan Nilekani have hailed the move to introduce Virtual IDs, while also claiming that an “orchestrated campaign” is underway to malign Aadhaar.
Everybody can now create a virtual ID which is attached to their Aadhaar number and they can now use it at all public places where they need to use the Aadhaar number. They never have to give their Aadhaar number, they can give this virtual number which they can keep changing. That means this whole issue that you have to give the Aadhaar number everywhere goes away because you are giving the virtual ID.
Nandan Nilekani to Economic Times
Nilekani was also quoted as saying, “This was an idea which we contemplated in 2010 but it was a little ahead of its time then.”
But the party under whose reign the UIDAI was set up thinks that the new security feature has come too late after significant damage has been done. Congress veteran P Chidambaram likened it to “locking the stable after horses have bolted.”
Under compulsion, millions of persons have already shared Aadhaar number with many service providers. New security layer is like locking the stable after horses have bolted.
— P. Chidambaram (@PChidambaram_IN) January 11, 2018
Damage Control After Data Breach
The UIDAI’s had a busy January so far. Four days into the new year, an investigation by The Tribune showed that admin access to the Aadhaar database was being sold for as little as 500 rupees. Hours later, The Quint reported that any admin could, without a single check, add anyone else as an admin.
Investigations by The Tribune and The Quint exposed glaring loopholes in the security setup of the Aadhaar portal.
The UIDAI’s been firefighting ever since. First, they filed an FIR naming The Tribune and its reporter Rachna Khaira. Then, they announced a security upgrade – a new system in which access needs to be authenticated by the fingerprint of the Aadhaar holder and the data available will be restricted to that person. Unrestricted access given thus far was revoked for everyone, according to a report in The Economic Times.
And now, the latest damage control measure – a Virtual ID or VID.
Can the introduction of these Virtual IDs answer the concerns raised by the data breach and the security loopholes it exposed? And is it a security measure that has come too late in the day for the security of your Aadhaar data?
The Supreme Court hearings of the main petitions challenging the Aadhaar Act are set to begin six days from now on 17 January. And it is there, in the country’s top court, that the UIDAI will have to answer these questions.
Why is UIDAI So Confused on Whether Aadhaar Database Was Breached?
Stay updated with all the insights.
Navigate news, 1 email day.
Subscribe to Qrius