Aadhaar 2.0: AADHAAR EVOLUTION – From Privacy to Efficacy

Background of UIDAI & Aadhaar: The Unique Identification Authority of India (UIDAI) was established as a Statutory Body under the provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act 2016”) on 12 July 2016 by the Government of India, under the Ministry of Electronics and Information Technology (MeitY). The first UID number was issued on 29 September 2010 to a resident of Nandurbar, Maharashtra.

Purpose of Aadhar: UIDAI was created to issue Unique Identification numbers (UID), named as "Aadhaar ", to all residents of India. The UID had to be (a) robust enough to eliminate duplicate and fake identities, and (b) verifiable and authenticable in an easy, cost-effective way. Aadhar is an unique ID which is sufficient enough to prove the Identity of a person when he claims – “I am X” based on verifiable demographic & biometric identities. As on 31st October 2021, the Authority has issued 131.68 crore Aadhaar numbers to the residents of India.

How Aadhar No. is issued: Aadhaar number is a 12-digit random number issued by the UIDAI (“Authority”) to the residents of India after satisfying the verification process laid down by the Authority. Any individual, irrespective of age and gender, who is a resident of India, may voluntarily enrol to obtain Aadhaar number. Person willing to enrol has to provide minimal demographic and biometric information during the enrolment process which is totally free of cost.

Demographic information: Name, Date of Birth (verified) or Age (declared), Gender, Address, Mobile Number (optional) and Email ID (optional).

Biometric information: Ten Fingerprints, Two Iris Scans, and Facial Photograph

Salient Features of Aadhar: Aadhaar number is verifiable in an online, cost-effective way. It is unique and robust enough to eliminate duplicates and fake identities and may be used as a basis/primary identifier to roll out several Government welfare schemes and programmes for effective service delivery thereby promoting transparency and good governance. This is the only program of its kind globally, wherein a state-of-the-art digital and online Id is being provided free of cost at such a large scale to people.

Aadhaar number is devoid of any intelligence and does not profile people based on caste, religion, income, health and geography. The Aadhaar number is a proof of identity, however, it does not confer any right of citizenship or domicile in respect of an Aadhaar number holder.

 AADHAAR 2.0

What is Aadhaar 2.0: Recently, UIDAI under the aegis of the Ministry of Electronics & Information Technology (Meity), Govt. of India, organized  a 3-day workshop titled Aadhar 2.0- Ushering the Next Era of Digital Identity and Smart Governance’. This workshop envisaged setting up a road map for revolutionary services provided by Aadhaar in various sectors of both government as well as corporate in the next 10 years which may ease out provisioning of so many benefits to the common resident and that too with an aim of inclusive governance.

The Workshop was aimed to analyse the reach of Digital Identity in major reforms and schemes launched by the Government ever since the conception. It also aimed to look into various futuristic aspects of Digital Identity to achieve universal inclusion, both social as well as financial.

Aadhaar has given identity to large number of people who did not any identity earlier. Aadhaar has shown that a digital identity can be used in several ways than the physical identity can be used. It has been used in range of services and has helped in bringing financial inclusion, broadband and telecom services, direct benefit transfers to the bank account of citizens in a transparent manner.

The 3-days event provided an excellent opportunity to exchange ideas & information, promote insightful debates and share experiences about developments and initiatives around the world around Digital Identity among various stakeholders including: (i) Government of India and identity authorities (ii) Private sector entities utilizing authentication and e-KYC services (iii) Leading Think-Tanks and SMEs from International Diaspora (iii) Organizations in Social and Regulatory space

 

Spectrum of Services being provided by Aadhaar:

Already UIDAI is providing following options to the residents to utilize the capabilities and reach of Aadhaar through M-aadhaar App or directly through its Portals:-

a)   TOTP (Time based One Time Password) as a alternative of SMS based OTP for in case mobile network is not available during downloading e-Aadhar or updating Aadhar online.

b)  Paperless Offline e-KYC by creating secure and sharable XML file with UIDAI Digital Signature and a share code generated using your m-Aadhar app.

c)   Further secure QR Code also enables offline verification of an Aadhar. Such QR code is already present on the Aadhar Card/e-Aadhar. Additionally, it may be generated using m-Aadhar App and it contains Masked Aadhar, Photograph, Name, Address, Date of Birth, Gender etc. of resident and is digitally signed by UIDAI.

d)  Aadhar No. holder can view details of all authentication records performed by any Authentication User Agency (AUA) of by him/her in the last 6 months subject to maximum of 50 records viewed at a time.

e)   Also resident may view his Aadhar Bank Linking Status i.e. he can check if their Bank Accounts are linked to their Aadhar number and this data is fetched from NPCI (National Payments Corporation of India) Server.

f)   Also, residents may use Biometric Lock/Unlock that allows Aadhar holder to lock and temporarily unlock their biometrics. This facility aims to protect privacy and confidentiality of Residents Biometric Data and to prevent misuse by malicious elements by creating gummy finger or forcibly pressuring a resident to provide biometric authentication.

g)  Similarly, ‘Lock Your Aadhar’ service may be utilized to lock Aadhaar which means resident will not be able to perform authentication using Aadhar No. However, authentication may be performed using Virtual ID.

h)  Aadhaar Payment Bridge (APB) System: It is a unique payment system implemented by National Payments Corporation of India (NPCI), which uses Aadhaar number as a central key for electronically channelizing the Government subsidies and benefits in the Aadhaar Enabled Bank Accounts (AEBA) of the intended beneficiaries. It is a payment system based on Aadhaar numbers issued by UIDAI & IIN (Institution Identification Number) issued by NPCI. APB System is used by the Government Departments and Agencies for the transfer of benefits and subsidies under Direct Benefit Transfer (DBT) scheme launched by Government of India. The APB System sub-serves the goal of Financial Inclusion and provides an opportunity to the Government to attempt financial re-engineering of its subsidy management program. The implementation of APB System has also lead to e-payment of a large number of retail payment transactions which were predominantly either in cash or cheque. It eliminates inordinate delays, multiple channels & paper-work involved in the existing system.  Transfers benefits & subsidies in a seamless & timely manner and directly into the Aadhaar Enabled Bank Account.  In case of change in bank account, customer is not required to convey the bank account details or change in bank details to the Government Department or Agency. Customer not required to open multiple bank accounts for receiving benefits and subsidies of various social welfare schemes – Customer just need to open one account and seed his/her Aadhaar number in the bank account to start receiving benefits and subsidies directly into his/her Aadhaar Enabled Bank Account.

(i) Aadhaar-enabled Payment System: AePS is a bank led model which allows online interoperable financial inclusion transaction at PoS (MicroATM) through the Business correspondent of any bank using the Aadhaar authentication. AePS allows a resident to do multiple types of transactions- Cash Deposit, Cash Withdrawal, Balance Enquiry, Mini Statement Aadhaar to Aadhaar Fund Transfer, Authentication, BHIM Aadhaar Pay. Aadhaar enabled payments have reached over 40 crore monthly transactions and 5 crore daily authentication on Aadhar. The only inputs required for a customer to do a transaction under this scenario are:- (i) Bank Name (ii) Aadhaar Number (iii) Fingerprint captured during enrollment.

 Aadhaar authentication is free for individual residents. Recently, UIDAI had slashed the price for authentication to Rs 3 from Rs 20 per instance to enable entities to leverage their infrastructure for better services and benefits.

 

How Aadhar can be friendlier in Aadhaar 2.0

UIDAI should use more easily accessible verifiable tools which utilize mobile phone/smart phone as a means for residents may face no issues in authenticating themselves.

 Apart from FINGER PRINT & IRIS SCAN which has been captured during Aadhar enrolment, more easy technologies for authentication which may be used is FACIAL RECOGNITION, VOICE RECOGNITION, Use of other biometrics like RETINA SCAN, HAND GEOMETRY, EAR SHAPE GEOMETRY may also be used in a safe and secure manner. It must ensure faster automated biometric matching solutions, with a primary focus on the security of the ecosystem.

 All such technologies must serve as a convenience to the specially-abled resident and senior citizens apart from common citizens who at times require separate device for Biometric Authentication and require going to Common Services Centre (CSC) for certain services like generation of ‘Life Certificate’.

 

UIDAI is all set to provide a plethora of other services through AADHAAR 2.0 like:

a)    Child Enrolment through Postal Department & Anganwadis-

Postal department has started the CELC (Child Enrolment Light Client) app through India Post Payments Bank (IPPB), through which Aadhaar registration for children below 5 years of age and updating mobile number can be done at the doorstep. Aadhaar enrolment for children below 5 years can be done with the help of proof of relationship (POR) through mobile app. The parents will need their Aadhaar or any valid identity card. Postman will complete the registration process by clicking the photo of the child through the CELC app installed in the IPPB mobile handset. It will be free of cost. After registration, the postman will provide the Enrolment ID, through which the Aadhaar card can be downloaded from UIDAI website. For updating mobile numbers in Aadhaar one has to pay prescribed fee of only Rs 50 (including tax) under CELC service. Similarly, Government also intends to start enrolment of children below 5 years through Anganwadi Centres. Various state governments in collaboration with UIDAI are rolling out a framework in which block-level Woman Supervisors will be provided with a Tablet and Single Finger Print Equipment.

 

b)      Linkage of Aadhar with Election ID/Voter ID:

Indian Parliament recently passed an amendment to our electoral laws allowing the digital linking of the Aadhaar number of a citizen to the country’s electoral rolls on a voluntary basis. The Election Laws (Amendment) Bill, 2021, was passed by the Lok Sabha on 20 December last year and by the Rajya Sabha the next day. This linkage of Voter ID with Aadhar will help the residents who are registered voters that they may make all revisions for changes in residence etc, and same could be verified with the Aadhaar Database, thereby allowing all citizens to vote freely without unnecessary pain, and also vote electronically future elections once the technology backbone allows the same. Badly maintained electoral rolls, on the other hand, are a reason that many Indians are unable to vote. If changes are not recorded in time, and the registration of new voters is delayed, as is often the case, then many eligible voters get disenfranchised. This reduces the proportion of voters exercising their franchise, bringing down voting ratios that should actually be higher. The new amendment enabling a citizen to voluntarily link his or her Aadhaar number to the electoral rolls is a great reform which will deepen our democracy. Today, most citizens above 18 have Aadhaar numbers, with over 1,260 million cards issued until 31 October 2021, according to government data.

 

c)   Getting Consent from Citizens on 'Prospective' Sharing of Aadhaar for Future Schemes, Database: 

    The government may soon be sending citizens a form through an e-mail, SMS or asking you to access the same online on a website, seeking your permission for the “prospective sharing” of your Aadhaar details for getting benefits in all “future” government schemes and for the “creation of an Aadhaar-seeded database”. The UIDAI has shared a form with the government which can be furnished to a citizen to seek their consent. The form says the citizen gives their consent for sharing their Aadhaar number, demographic details and photograph, for verifying their identity for the purpose of determining their eligibility across government welfare programs, “which are in existence and for future programmes” run by the central and state governments. Benefits:-The one-time consent will enable the government to create an Aadhaar-seeded database which the ministries and the State governments would then use to link all their welfare schemes. Earlier, people had to give their Aadhar details separately to authenticate a person's identity for the schemes they used to register or for registering for subsidies and various other services. Citizens will have the right to revoke the consent at any time.

 

(d  Use of Block chain Technology:

Problem Statement-

Authentication of a person via an Aadhaar User Agency (entities seeking authentication through UIDAI) requires the user to provide their personal data to the AUA. The AUA then authenticates the user by using UIDAI services. An AUA with a mischievous intent may keep an undisclosed record of your demographic and biometric details along with the associated Aadhaar number and commit fraudulent activities. As a quick fix solution, UIDAI has introduced a 16-digit Virtual ID that any Aadhaar user will be able to generate for a temporary period of time by themselves and provide that Virtual ID to the AUA for authentication purposes which will otherwise remain the same. So, resident has the option to not disclose your Aadhaar number to an AUA, but you will still be required to provide your personal information (and in some cases your biometrics, as well). When addressing the security concerns of Aadhaar, security throughout the different levels of implementation also requires to be discussed which includes concerns regarding the Aadhaar authentication process as well as the centralized database.

 Robust Solution based on Blockchain Technology-

A 'blockchain' is a distributed ledger consisting of blocks. Each block contains multiple verified transactions. Blocks contain a secured hash, which is generated taking into account the index, timestamp, data inside the block, and the hash of the previous block. Such a design makes a blockchain auditable. Any modification to the blocks, after a verified block has been added to the blockchain, would generate a new hash which will be inconsistent with the hashes that precede.

 A blockchain-based Aadhaar would help UIDAI to comply with the data protection and privacy stipulations outlined in the Right to Privacy judgment. It would allow information to be collected, held and utilized transparently with the consent of the individual whose information it is.

While using blockchain for Aadhaar, there will be multiple UIDAI trusted nodes (i.e. state governments can opt to become one of the UIDAI trusted nodes). Trusted nodes will be able to validate a transaction and append blocks in the blockchain. Only these trusted nodes will be able to decrypt the data stored in the blocks. Now, because there will be multiple nodes involved in the peer-to-peer network and every node will have a full copy of the blockchain, therefore compromise to the sanctity of data will be next to impossible.

 

(f) Use of Quantum Computing and AI-ML (Artificial Intelligence & Machine Learning): 

Classical computers carry out logical operations using the definite position of a physical state. These are usually binary, meaning its operations are based on one of two positions. A single state - such as on or off, up or down, 1 or 0 - is called a bit. In quantum computing, operations instead use the quantum state of an object to produce what's known as a 'qubit'. Rather than having a clear position, unmeasured quantum states occur in a mixed 'superposition', not unlike a coin spinning through the air before it lands in your hand. These superpositions can be entangled with those of other objects, meaning their final outcomes will be mathematically related even if we don't know yet what they are. The complex mathematics behind these unsettled states of entangled 'spinning coins' can be plugged into special algorithms to make short work of problems that would take a classical computer a long time to work out if they could ever calculate them at all. Such algorithms would be useful in solving complex mathematical problems, producing hard-to-break security codes, or predicting multiple particle interactions in chemical reactions.

UIDAI intends to use this power of Quantum Computing to secure the Aadhaar Data of the citizen in its custody and also to provide fast and accurate Aadhar based authentication services without security breach. Further AI and ML may be used in Facial Recognition of the residents for providing alternate easy authentication means to the citizen apart from verification of documents related to DoB, PoA and the ultimate goal of the organization.

 

Summary: UIDAI is all set to provide a broad spectrum of Citizen Services in Aadhaar 2.0 on top of the secure Aadhar-based platform. This will ease the life of ordinary citizens and help implement corruption free and transparent delivery of services directly without any interruption from various middle actors who earlier were stumbling blocks in inclusion and economic growth.

 

Blog Author: Sameer