Aadhaar forms the foundation of ‘Digital Public Infrastructure’ that Bharat has advocated during its highly successful G20 Presidency. This transformational identity document has uses as diverse as the Public Food Distribution (PDS) system, PM-JAY health insurance, the Aadhaar-enabled payments system (AePS) of micro-banking and e-KYC.
Yet, the system faces some significant risks, as the loss of (potentially) millions of Aadhaar details from ICMR databases recently revealed. As it increasingly mixes high-value identity verification transactions (e.g. opening bank accounts, using AePS) and low-value identity verification transactions (e.g. visiting a nature reserve/hotel or ICMR testing), the ubiquity of Aadhaar multiplies both the benefits and drawbacks. This is because it increases the risks of information being extracted in a low-value setting and then being used in a high-value setting to cause harm to individuals or national security.
For example, paper documents containing Aadhaar can be misplaced or, improperly disposed or misused. Similarly, online records of Aadhaar data by different organisations can be broken into or ‘leak’ out through keystroke-logging software or during data packet transmission. Cases abound of fraud, including biometric cloning to fraudulently access AePS services, SIM card rackets by telecom employees and misusing of details provided in ubiquitous Aadhaar photocopies.
As such, I propose four key pillars necessary for an Aadhaar 2.0: Suspicious Usage-Pattern Tracking, Transaction Alerts, Linkage Summaries and Novel Identity Verification. Some of these pillars adapt key safeguards present in the UPI and global banking systems to the Aadhaar context.
Abnormal Usage-Pattern Tracking
Firstly, it is uncertain whether the Aadhaar system tracks usage patterns. However, with its increasing importance, it would be necessary to implement a system similar to that of multinational banks, where UIDAI systems would identify normal Aadhaar usage patterns for each user to allow suspicious transactions to be instantly flagged up and blocked. For example, suppose an Aadhaar is suddenly being used in Jabalpur for SIM card registration when a person has so far only undertaken such transactions from Mumbai. In that case, the Aadhaar verification should instantly be blocked and notifications sent to the person for them to contact UIDAI and confirm whether they are indeed the one making these transactions.
Transaction Alerts
Secondly, transaction alerts must be sent to an individual via the mAadhaar app or SMS alert every single time their Aadhaar is used for a particular purpose, whether it be e-KYC/verification, AePS, ration collection or use of biometrics. This will enable individuals to track more carefully where and when their Aadhaar is being used. While some of this data is available on the Aadhaar app or website, the onus should not be on users to check this on their own accord – especially as the most vulnerable, like the elderly and rural poor, are most at risk of Aadhaar misuse and also face the biggest barriers to checking this. Instead, this data should be instantaneously provided to them, allowing them to intervene rapidly if they notice misuse.
Linkage Summaries
Third, Aadhaar is increasingly being linked to various things such as Voter IDs, SIM Cards, bank accounts and Income Tax filings. This creates a deep web of connections that individuals are unlikely to be able to keep track of, with risks of unwanted/fraudulent linkages.
At the same time, the UIDAI has a stated policy of not storing information unrelated to Aadhaar. To strike a balance, each of these linkages should be reflected for the user on the mAadhaar app without storing these details. In this linkage summary, UIDAI should provide broad information about what the Aadhaar is linked to as such: “Your Aadhaar is linked to 1 PAN Card, 1 Voter ID, 2 SIM Cards, 3 Bank Accounts”, and so on. This will give Aadhaar users a single-point contact to understand what their Aadhaar is linked to and reduce fraud at the earliest, without breaching the UIDAI’s guarantee.
Novel Identity Verification
Lastly, the implementation of my Novel Identity Verification method will help Bharat circumvent many of the existing issues with digital identity systems.
To begin with, each Aadhaar user will choose a disclosable Unique ID Name, such as an alphanumeric sequence similar to a UPI address. This alphanumeric system should not contain any numbers or dates that would accidentally reveal information about the users, such as their birth date. Each identity verification request will consist of a Unique ID and an OTP. While the Unique ID will be disclosed in the paper/online forms for a service, the OTP will be generated for each request.
Similarly, each organisation/institution that collects Aadhaar Data will have to be registered as an Aadhaar Authentication User Agency (AUA) with a unique AUA Number. Each AUA will have only a fixed set of details that it can request from users. For higher-value transactions like banking, a bank would have access to more details. For lower-value transactions like verifying identity at a hotel, only the basic details would be accessible.
So, how will the scheme work?
Let’s say you must provide your Aadhaar details for identity verification, whether online or offline. In the paper or online form, e.g., when purchasing a SIM, you will only reveal your unique ID.
Next, using your mAadhaar app, you will either fill in the Unique AUA Number or scan a QR Code containing the same details – just like UPI. The App will then ask you to fill in the name of the receiver (e.g. HDFC Bank, if you are setting up an account). This is to provide a layer of confirmation that the organisation seeking the information are who they claim to be.
Once this matches the actual name of the receiver, the App will prompt whether other details are being filled out online or offline. If offline, the name of the individual in the organisation seeking your details will also need to be filled in. Depending on whether online or offline is chosen, the time period for the permission will differ, being longer for the offline mode and shorter for online.
Once selected, the system will show the fixed list of details the AUA is authorised to collect, and the user will be asked to give permission for the same. Each permission will also require an OTP generated within the App or via SMS. Without the system-generated OTP, no request for Aadhaar verification will be allowed.
Once permission is given, as in the current system, the UIDAI database will be pinged and return a ‘Yes/No’ answer as to whether the Aadhaar details match those given by the user. In this way, there is double verification with the AUA confirming that the user is who he claims to be while the user also verifies the AUA’s identity.
All of this, while ensuring that the Aadhaar details are not held on any system and not given to anyone, minimising the risks of data leakage or malafide use. There will be no need for any Aadhaar photocopies and any leak of Unique ID details will be insufficient to generate or use Aadhaar data since it will not contain the OTP. Moreover, AUAs can only verify Aadhaar information in a time-bound fashion and will not be able to use Aadhaar information afterwards.
Aadhaar 2.0: The Need of the hour
Aadhaar, the world’s largest biometric Digital ID, has transformed public service delivery in Bharat, but risks of fraudulent use and privacy compromise must be combatted to preserve public trust in the long term. In a world where ‘Data is the new oil’, Atmanirbharta cannot be achieved without protecting digital identity and user privacy. With these four changes, Aadhaar 2.0 will continue to be a world-leading form of digital identity while substantially reducing the risks of user harm.
Comments