The 16-digit randomly generated number by the Aadhaar system was supposed to be introduced by the UIDAI on March 1 and mandatorily deployed by companies using Aadhaar by June 1, reports Mayank Jain.
Almost three weeks after the promised release date of the specifications of the much-awaited double-layer virtual ID technology for Aadhaar, the Unique Identification Authority of India is silent on the roll-out.
The virtual ID, a 16-digit randomly generated number by the Aadhaar system, was supposed to be introduced by the UIDAI on March 1 and mandatorily deployed by companies using Aadhaar by June 1, according to a circular that announced the launch and was released on January 10 this year.
The announcement in January came on the heels of multiple reports about Aadhaar numbers being leaked on government websites and the data being sold for just Rs 500.
In the circular, the authority also announced the launch of limited KYC norms, which allow the UIDAI to restrict information flow to private companies and only the required information about a citizen instead of the complete demographic profile is shared.
While the two measures were lauded for being forward-looking and having a focus on the security and privacy of the citizen data, both are yet to be seen in action.
“The UIDAI will be releasing necessary APIs (application programming interface) with implementation by March 1, 2018,” the circular said. It said that all authorities should migrate to the new system by June 1, 2018, failing which their authentication services could be discontinued and financial disincentives may be imposed.
>>UIDAI issued a circular on January 10, promising the launch of a virtual ID for Aadhaar, tokenised systems, and limited KYC
>>The authority as well as the government have remained mum on the launch since then and repeated queries have gone unanswered
>>Experts claim that the virtual ID layer is important to ensure Aadhaar leaks are plugged, but patchy deployment could mean greater legwork for citizens
>>Even limited KYC, which restricts the amount of information shared with a third party, is yet to be launched
However, the UIDAI is yet to respond to emails, texts, and phone calls enquiring about the development of the virtual ID layer and when it will be launched. In addition to this, in a question in the Rajya Sabha on March 16 about the launch protocol and expected timelines for the virtual ID layer, the government referred to the January 10 circular in its response. It neither gave details on the introduction of the virtual ID nor provided any timelines for it.
An insider said it could come after the launch of the second version of the unified payments platform, which will integrate Aadhaar payments and migrate United Payments Interface payments to the Aadhaar-Enabled Payments System.
“It is expected to launch after UPI 2.0 because that will finish UPI migration to AEPS. Payments through Aadhaar can happen via VID if accounts are already mapped. But Aadhaar linking with bank accounts and mobile connections are pending and hence that seems to be the impediment,” he said.
Technology watchers have another bone to pick with. This pertains to the way specifications for the new technology layers are being developed and released for Aadhaar by the UIDAI.
“The virtual ID specification is once again flawed as it does not consider the concerns of both Aadhaar holders and service providers. One hopes the UIDAI does a proper public consultation before rushing it through,” said Kiran Jonalagadda, founder of HasGeek, an organisation which holds tech conferences in the country.
Jonalagadda is not the only one who is sceptical about the Virtual ID layer. Even the man who claims to be the inventor of the technology is not convinced if the UIDAI will be able to implement it well.
According to Subhashish Banerjee of IIT-Delhi, it was after his paper on virtual ID that the UIDAI considered it a solution to Aadhaar leakages, but says he was kept out of the development process after a preliminary communication.
“To the best of my knowledge, it was a paper I wrote in 2016 and published in 2017 that gave the UIDAI this idea. The virtual ID is very important as a solution to make everyone safe because Aadhaar leaks keep happening but it remains to be seen if they can deploy it with fine thinking or not,” he said.
Banerjee said the idea behind VID was to provide a destructible virtual number mapped to Aadhaar and it could be generated and provided to banks, mobile companies, the tax department, etc without sharing the Aadhaar number. This, however, would mean a lot of running around for people, he said.
“Using it in rural areas is the tricky part. Digital awareness needs to be kept in mind, and if they (the UIDAI) think people will be able to do it by themselves, they are mistaken,” he said.