UIDIA ex-chief R S Sharma rubbishes reports of Aadhaar 'breach'

Amid the furore over The Tribune report that anyone's Aadhaar details can be purchased for a mere Rs500, former Unique Identification Authority of India director-general R S Sharma has claimed there has been no Aadhaar data breach to date (See: Your Aadhaar details are up for sale, price: Rs500).

Writing in The Economic Times, says a person's name, gender, date of birth and communication address as contained in the Aadhaar card isn't secret information.

"If a policeman on the road suddenly gets hold of you and asks your name and address, you are mandated under the law, to truthfully disclose that. No harm can be caused to a person if somebody has a copy of his Aadhaar letter," says Sharma.

According to Sharma, the reason for creating e-Aadhaar was that in a lot of rural areas the Aadhaar letter wasn't delivered or had been lost or not generated for some reason. In such a situation if nothing was done to inform the resident then that person would have gone to enrol for Aadhaar again, and the enrolment would be rejected since the Aadhaar had already been issued.

Speaking of situation where people share their Aadhaar credentials with other people, he said that the possible misuse of information by sharing these details is not a breach of data but rather a "breach of trust".

Aadhaar he said, is the world's first online digital identity and the token (Aadhaar letter) has no chip or 'smartness'. The UIDAI has publicised that there is nothing called an 'original' Aadhaar letter. You print the letter from the website and it is good enough to prove your ID, provided it can be verified online.

According to Sharma, Aadhaar is being discredited by many people who have interests in benami properties and who are evading tax. He said the ''next episode'' in this ''sustained campaign to malign Aadhaar'' will play out in the not-so-distant future.

However, UIDAI has now decided that it would release an Aadhaar Virtual Identity which would shield not only the biometric database but the Aadhaar number as well.

The Virtual ID is a 16-digit random number which can be generated by an Aadhaar card holder on the UIDAI website. Its aim is to mask the real 12-digit Aadhaar number when something is being authenticated via Aadhaar. By this means, your actual Aadhaar number is secure and there will be no need to share it with everyone (See: UIDAI introduces Virtual ID for Aadhaar-card holders).

The Virtual ID will come into effect on 1 March and will be a temporary and revocable 16-digit random number which is mapped to a person's real Aadhaar number. From 1 June, it will be mandatory for all agencies that authenticate users by their Aadhaar numbers to have the Virtual ID systems in place. The Virtual ID system is optional for users, but agencies will have to provide both options for authentication from 1 June onwards.