The Aadhaar authority’s new system, which generates a virtual ID that people can give out instead of their actual Aadhaar numbers, is only an added layer of security and does not mean the existing system was vulnerable, Unique Identification Authority of India’s Chief Executive Officer Ajay Bhushan Pandey told NDTV.

The UIDAI on Wednesday said it was introducing a two-step verification process to ensure that users will never have to share their Aadhaar numbers, reducing chances of its misuse and increasing privacy.

Under the new system, which will come into effect by June 1, all Aadhaar transactions will take place with a virtual ID – a 16-digit, randomly-generated number that will be used for authentication to avail services. This virtual ID is temporary and can only be generated by the user. The second safety net is a “limited KYC” mechanism that will regulate how different agencies store Aadhaar details.

Pandey said the UIDAI has been working on the virtual ID for 18 months. The ID will block any attempt at profiling crores of people, he said, adding that the virtual ID is a “pseudo Aadhaar number” that will ensure that the government or private agencies can do so without accessing the actual number.

He maintained that the new system was an “extra layer of security” to adapt to current challenges, and that the concept was discussed in 2009-2010, when the Aadhaar system was being designed. “At that time, it was felt that let us first give an Aadhaar number, let us see how it plays out and then, at an appropriate time, this will be introduced,” he said. “Around 20 years ago, people...their privacy concerns were quite different from the privacy concerns in 2018.”

The privacy question

The questions about how secure it is to share Aadhaar details were raised again over the past two weeks, after a report in The Tribune on January 4 alleged that the Aadhaar details of millions of users was easily accessible.

Union minister Ravi Shankar Prasad on Thursday said the matter of privacy should not be “overblown”, PTI reported. “When you talk about privacy, there should be a balance between data availability, data utility, data anonymity and data privacy,” he said at an event in New Delhi.

On Wednesday, former UIDAI Chairperson Nandan Nilekani also said the matter had been “blown out of proportion as Aadhaar has built far too many security layers”.

Next week, a five-judge Constitution bench of the Supreme Court is scheduled to start a final hearing on the validity of Aadhaar. In a landmark ruling in August, the Supreme Court had declared privacy a fundamental right protected under Article 21 of the Constitution.