Introduction of Virtual Aadhaar Case of Too Little, Too Late – Locking the Stable After Horses Have Bolted
Just an attempt at plugging loopholes, say experts.
The Unique Identification Authority of India (UIDAI) introducing a virtual ID and limited KYC to address privacy and security concerns is a case of too little, too late, say experts.
The UIDAI, the agency that administers Aadhaar, said on Wednesday it will now let Aadhaar number holders have a virtual ID, which will come with an expiration data, mapped to the Aadhaar number. It also said only some entities will be allowed to store a person’s Aadhaar number.
“This is just as attempt at plugging the loopholes in the system,” said Ramanjit Singh Chima, India Policy Director at Internet advocacy group Access Now. He called the proposal “complex and unworkable”.
While the Aadhaar debate has many facets, the issue of citizen data leakage and privacy has been in the news since the past week after The Tribune reported that an anonymous seller was, through WhatsApp, offering access to the entire Aadhaar database for as low as Rs 500.
There have also been other reported instances of Aadhaar numbers being available publicly, but the UIDAI has always maintained that there is no threat to citizen data as long as their biometrics are safe and authorised agencies have access to their Aadhaar numbers.
While the UIDAI had been considering the use of virtual ID and tokens since some time, the new measures still do not completely eliminate the need to access the biometric database of citizen data for authentication, and would also require people to re-enroll for the measures to be effective, said Chima.
The new measures also do not specify what happens to Aadhaar numbers that have already been collected by different agencies and entities such as telecom companies, banks or educational institutions.
“What Aadhaar needs is an overhaul of its defective-by-design architecture and not stopgap measures. On January 9 another security researcher found issues in its Android app. It’s not a constructive use of time and financial resources to force any inherently insecure system on the citizens,” said technology lawyer Mishi Choudhary.
While the lack of a proper data protection and privacy framework has been a longstanding roadblock in deciding how stored data can be treated. There is currently a consultation underway to decide a data protection framework in India.
Meanwhile, P Chidambaram took to Twitter on Thursday to offer his take on the new security features to safeguard your Aadhaar number, using a classic analogy to drive the point home.
“Under compulsion, millions of persons have already shared Aadhaar number with many service providers. New security layer is like locking the stable after horses have bolted,” Chidambaram tweeted.
The former finance minister was implying that the government was attempting to rectify their mistake after the damage had already been done.
Source” from around the web