Aadhaar draft bill goes beyond biometric lock to protect against fraud
Holders of Aadhaar cards may be able to lock access not just to their biometrics held by the system, but their Aadhaar number as well, and instead use a Virtual ID to verify their identity during the lock period or unlock it temporarily. The changes are part of the Aadhaar (Authentication and Offline Verification) Regulations, 2021 brought by the Unique Identification Authority of India (UIDAI), which will supersede 2016 regulations when they come into effect on publication of the bill in the Gazette of India.
Users will be able to lock access to their Aadhaar number, meaning any attempts to verify their number will fail and return a ‘No,’ according to a new section 11A, which follows section 11 ‘Biometric locking.” The user will also be able to temporarily unlock access to the digital ID number for an instance of authentication, or otherwise use one of a list of Virtual ID options, which is essentially 16-digit random number mapped with the Aadhaar number of the holder.
Users will be able to deploy the same set of blocks for their Aadhaar number as their biometrics. Data on authentication transactions will be held by the UIDAI for six months. Users will also be able to request access to the records held on them.
Offline Verification Seeking Entities are forbidden by the draft from storing Aadhaar numbers or biometrics. The entities must inform the Aadhaar holder of what information they will share with the UIDAI, how they will use information received during authentication as well as provide other ways to access their service without having to undergo authentication or offline verification.
They must also inform the UIDAI within 72 hours of any malpractice involving user information. If they keep physical records, they must redact the first eight digits of users’ Aadhaar numbers.
In the years since the introduction of Aadhaar, various issues have arisen surrounding its scope and in what circumstances biometric verification is required, versus offline checks or not needing to use Aadhaar at all, for example in accessing government welfare. As the project has grown, it has linked with more services and people have reported exclusion from services.
The legality of the system was taken to India’s Supreme Court in 2018. The court ruled in favor of Aadhaar and permitted private companies to verify against the system in an offline, non-biometric mode.
The Court is reportedly reviewing its ruling as petitioners continue to push issues they perceive as unconstitutional, including the amount of financial information the system requires, compliance with data privacy regulations and allegations that biometric data has been transmitted to overseas biometric service providers.