With Virtual ID, UIDAI admits what it has been denying: Leaked Aadhaar numbers are a problem

The new process will allow people to be authenticated without sharing their Aadhaar number.

Every time news emerged that official websites were giving away registered Aadhaar numbers to anyone looking for them, the government insisted it was not a problem, even though the 12-digit Unique ID is supposed to be confidential. On Wednesday, the authority that oversees Aadhaar introduced a new system through which one can be authenticated without sharing the UID. In doing so, the body admitted what it has been denying until now: Leaks of Aadhaar numbers are a massive concern.

In a circular released on Wednesday, the Unique Identification Authority of India announced the implementation of a number of new processes aimed at making Aadhaar more secure. As far as most citizens are concerned, the most relevant part of these changes is what is being called the Virtual ID. According to the circular, Virtual ID or VID, will be a temporary, revocable 16-digit random number that is mapped to your Aadhaar number. The circular claims it will be generated in a manner such that if you gave your VID to someone, they will not be able to derive your Aadhaar number from it.

Virtual ID

According to UIDAI, someone who has Aadhaar can give their VID wherever authentication or Know Your Customer verification. This means that, once the VID system is in place, you do not have to give your Aadhaar number out to institutions, whether private or governmental, so that you can be authenticated.

The rest of the circular details how exactly this will work. UIDAI will allow Aadhaar-holders to generate their VID from a number of places, including its website, Aadhaar Enrolment Centres and the mAadhaar mobile app. There will be a set validity period for the VID, after which holders have to generate a new one.

On the back end, only certain institutions, essentially the core government ones, will be able to access people’s Aadhaar numbers themselves. Other agencies will only be able to do what UIDAI is calling “limited KYC” in which they will only get access to a few demographic details and a UID token authenticating the VID, instead of the Aadhaar number of the user itself. This is aimed at ensuring they cannot store the Aadhaar number.

Aadhaar number leaks

All these changes point to one thing: The sharing of Aadhaar numbers is a dangerous thing, and can be misused.

This should have been obvious, since the Aadhaar Act says it is a confidential detail and even says that those displaying or storing Aadhaar numbers should be punished with up to three years in prison. Yet, over the last few years, the government has insisted that there is no major issue if your Aadhaar number is available to others, even as they have been turning up all over the internet, particularly on government websites.

Aadhaar numbers have been readily available to anyone who would like to find them. A Google search could turn up Aadhaar numbers that had been hosted on government websites. A large number of state websites were found to be publicly displaying Aadhaar numbers along with names and other demographic data.

In a response to a question in Parliament last week, Minister of State for Electronics and Information Technology Alphons Kannanthanam admitted that “approximately 210 websites of Central Government, State Government departments and some educational institutes were displaying the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public.” He added that they have been asked to remove these, without saying whether criminal cases – as mentioned in the Aadhaar Act – had been initiated against these institutions.

UIDAI u-turn

Throughout all of this, the government insisted that there was no major danger if your Aadhaar number has become public. In an interview to Scroll last March, UIDAI Chief Executive Officer Ajay Bhushan Pandey said “in case of Aadhaar, let us say the 12 digits are leaked. The question is, by merely knowing your Aadhaar number, will someone be able to harm you? My answer is no.”

Yet, the new circular from UIDAI says exactly that.

“While it is important to ensure that Aadhaar number holders can use their identity information to avail many products and services, the collection and storage of Aadhaar numbers by various entities has heightened privacy concerns,” the circular said. “Aadhaar number being the permanent ID for life, there is need to provide mechanism to ensure its continued use by the Aadhaar number holder while optimally protecting the collection and storage of Aadhaar number itself in many databases.”

It goes on to explain exactly the point of the Virtual ID.

 “Introduction of Virtual ID for an Aadhaar holder to use it in lieu of his/her Aadhaar number to avoid need of sharing of the Aadhaar number at the time of authentication.”

Constitution bench

That is about as clear an admission of UIDAI admitting that it was either lying or simply got it wrong when saying earlier that there was no danger in the leaking of Aadhaar numbers. Moreover, the new system will not be implemented until March 1, 2018 and will not be mandatory until June 1, 2018. Meanwhile, there are genuine concerns, following many of these cases over the last few months, that practically the entire Aadhaar database including demographic data has already been copied by people who are now monetising that information. UIDAI has insisted all along that biometric data has not been breached, and so there is nothing to fear. Now it has changed tack to make Aadhaar numbers themselves private.

Activists critical of Aadhaar have been crying hoarse about problems like this for years now, and questions will be raised about why UIDAI took until now to recognise this problem. One natural presumption might be that the authority is scrambling to protect its systems ahead of a hearing in the Supreme Court, where the Aadhaar project has been challenged on the grounds of it violating a fundamental privacy.

That case is set to come up before a Constitution bench on January 17.

Support our journalism by subscribing to Scroll+ here. We welcome your comments at letters@scroll.in.
Sponsored Content BY 

Following a mountaineer as he reaches the summit of Mount Everest

Accounts from Vikas Dimri’s second attempt reveal the immense fortitude and strength needed to summit the Everest.

Vikas Dimri made a huge attempt last year to climb the Mount Everest. Fate had other plans. Thwarted by unfavourable weather at the last minute, he came so close and yet not close enough to say he was at the top. But that did not deter him. Vikas is back on the Everest trail now, and this time he’s sharing his experiences at every leg of the journey.

The Everest journey began from the Lukla airport, known for its dicey landing conditions. It reminded him of the failed expedition, but he still moved on to Namche Bazaar - the staging point for Everest expeditions - with a positive mind. Vikas let the wisdom of the mountains guide him as he battled doubt and memories of the previous expedition. In his words, the Everest taught him that, “To conquer our personal Everest, we need to drop all our unnecessary baggage, be it physical or mental or even emotional”.

Vikas used a ‘descent for ascent’ approach to acclimatise. In this approach, mountaineers gain altitude during the day, but descend to catch some sleep. Acclimatising to such high altitudes is crucial as the lack of adequate oxygen can cause dizziness, nausea, headache and even muscle death. As Vikas prepared to scale the riskiest part of the climb - the unstable and continuously melting Khumbhu ice fall - he pondered over his journey so far.

His brother’s diagnosis of a heart condition in his youth was a wakeup call for the rather sedentary Vikas, and that is when he started focusing on his health more. For the first time in his life, he began to appreciate the power of nutrition and experimented with different diets and supplements for their health benefits. His quest for better health also motivated him to take up hiking, marathon running, squash and, eventually, a summit of the Everest.

Back in the Himalayas, after a string of sleepless nights, Vikas and his team ascended to Camp 2 (6,500m) as planned, and then descended to Base Camp for the basic luxuries - hot shower, hot lunch and essential supplements. Back up at Camp 2, the weather played spoiler again as a jet stream - a fast-flowing, narrow air current - moved right over the mountain. Wisdom from the mountains helped Vikas maintain perspective as they were required to descend 15km to Pheriche Valley. He accepted that “strength lies not merely in chasing the big dream, but also in...accepting that things could go wrong.”

At Camp 4 (8,000m), famously known as the death zone, Vikas caught a clear glimpse of the summit – his dream standing rather tall in front of him.

It was the 18th of May 2018 and Vikas finally reached the top. The top of his Everest…the top of Mount Everest!

Watch the video below to see actual moments from Vikas’ climb.


Vikas credits his strength to dedication, exercise and a healthy diet. He credits dietary supplements for helping him sustain himself in the inhuman conditions on Mount Everest. On heights like these where the oxygen supply drops to 1/3rd the levels on the ground, the body requires 3 times the regular blood volume to pump the requisite amount of oxygen. He, thus, doesn’t embark on an expedition without double checking his supplements and uses Livogen as an aid to maintain adequate amounts of iron in his blood.

Livogen is proud to have supported Vikas Dimri on his ambitious quest and salutes his spirit. To read more about the benefits of iron, see here. To read Vikas Dimri’s account of his expedition, click here.

This article was produced by the Scroll marketing team on behalf of Livogen and not by the Scroll editorial team.