NEW DELHI: Ahead of crucial hearings in the Supreme Court on the Aadhaar project, the government has brought out a set of new regulations to take care of the data security and privacy concerns around the project as well as address the political concerns that people could be denied benefits for the want of an Aadhaar.
The Unique Identification Authority of India (UIDAI), as per a set of five new regulations accessed by ET, will set up an online system for an Aadhaar number holder to “lock” his biometrics for a specific duration or permanently, and unlock it temporarily when needed for biometric authentication to get a service.
Further, an Aadhaar number holder shall have the right to access his authentication records online – like how many times he has used Aadhaar and for what. For highvalue transactions, entities can use “multi-factor authentication” like combination of fingerprintiris matching and One-Time-Password to eliminate any chance of fraud.
The most important regulation, UIDAI Chief Executive Officer Ajay Bhushan Pandey told ET, is that any agency requiring an individual to furnish Aadhaar to get a service will ensure his enrolment for one, in case he does not have an Aadhaar. This will mean the agency becoming a UIDAI registrar itself and set up enrolment centers at “convenient locations” to give an Aadhaar there-and-then.
“This takes care of the concern that people without Aadhaar risk losing out on benefits or that people without an Aadhaar will have to run around to get one to get a service. Now, the responsibility has been cast on the agency to provide Aadhaar,” Pandey said. Many political parties and states like West Bengal have objected to Aadhaar being made mandatory for a host of services while many people are still without Aadhaar.
Pandey said around 37000 enrolment centers of UIDAI are operational around India to provide an Aadhaar but now all agencies providing Aadhaar-based services – like ministries, states and private entities – can also become UIDAI Registrars to give an Aadhaar at their own level. “If a person claims wrongly before the agency that he does not have an Aadhaar to procure a service, his immediate Aadhaar enrolment will expose the lie.
So it addresses concerns of both sides,” Pandey said. The UIDAI will also put in place a system of audit, as per these new regulations, where all authentication logs of citizens will be audited by an agency to determine whether they were used for the purpose they were intended to. As per these regulations, people will also be able to share a digitally signed e-KYC with banks or other agencies which accept Aadhaar based KYC – this will be an alternative to having to keep and furnish a physical copy of Aadhaar.
All requesting entities and authentication service agencies shall have their servers used for Aadhaar authentication and routing to Central Identities Data Repository (CIDR) to be located within data centers “located in India”, the regulations accessed by ET say.
By opening up a person’s authentication history to him, the system will be much more secure. “It will be a statement of sorts, so that there is no confusion, if a person didn’t consent to any transaction, there will be an ability to go back and check,” an official said.