VIDs – Introducing a Two Layer Security for Aadhar

January 12, 2018
1 year

What is the issue?

  • The Unique Identification Authority of India (UIDAI) has been facing a lot of criticism over privacy violations.
  • Hence, to reinforce privacy protection, UIDAI has proposed the Virtual Ids, which would be a two-layer security system.

Why Virtual IDs?

  • Allegations of access to personal information by random entities, without the consent of individual Aadhaar holders were rampant.
  • The widespread fear of misuse of demographic data is also heightened by the fact that India still does not have a data-protection law.
  • To address this, UDIAI unveiled the concept of Virtual Ids, which is one of the most significant changes since its inception eight years ago.
  • This is a concept of two-layer security system that prevents the possibility of the numbers being stored in many databases.
  • Notably, “Virtual Id Numbers” are envisioned to be substituted in all places that require one to give out their unique ID (Aadhaar number).

How does Virtual Ids (VID) work?

  • The VID will be a 16-digit random number, which an Aadhaar-holder can generate and use in place of his UID (Aadhar Number).
  • This will ensure that the Aadhaar number is no longer shared, thus obviating any chance of it being leaked.
  • What makes the VID user-friendly is that it is linked to the Aadhaar number and there can only be one VID at any point in time for a particular number.
  • Moreover, only the Aadhaar-holder will be able to generate the VID and it will be a temporary number, unlike Aadhaar, which stays the same forever.
  • Hence, it is pointless to hold on to someone’s VID as it is merely a temporary number like banking “One Time Passwords” (OTPs).

What are the other supporting Changes brought in?

  • UIDAI has also changed the Aadhar based e-KYC norms, which is the norm for service providers for identifying their customer and maintaining uniqueness.
  • Just like how UID was replaced by VID on the Aadhar holder’s side, UID has been replaced by a UID token on the service provider’s side.
  • UID token is a 72-character alphanumeric string that is meant only for system use and acts as a unique-identification serial for a particular customer.
  • This prevents the service provider from knowing their consumer’s Aadhar Number either directly from them or through the verification data base.
  • Most Authentication User Agencies (AUAs) are expected to only use the UID token, instead of the Aadhaar number.
  • Such AUAs will be called local AUAs, while the few that continue to use the Aadhaar number will be called global AUAs.
  • This structure will ensure that even if a local AUAs database is hacked, the Aadhaar number of customers will not be threatened.

What is the way forward?

  • Both the VID and new e-KYC norms significantly address privacy concerns by protect the Aadhaar number from being exposed in day-to-day transactions.
  • But privacy experts and activists say that there is a lot more to be done to ensure foolproof security for critical personal information.
  • Notably, Aadhaar seeding with all existing databases should be revoked.
  • Also, the new VID system should ensure that it doesn’t become too difficult for the poor and illiterate masses will to engage with.


Source: Business Standard

Login or Register to Post Comments
There are no reviews yet. Be the first one to review.
UPSC Admissions 2019