Aadhaar Body Talked About Virtual ID 7 Years Ago, Put It Off

Aadhaar Body Talked About Virtual ID 7 Years Ago, Put It Off is a news report written by Sukirti Dwivedi and published by NDTV on 13 January 2018. The article reveals that UIDAI’s newly announced Virtual ID feature had been conceived during Aadhaar’s initial design phase in 2009-10 but was deliberately postponed. It features critical commentary from Sunil Abraham and Pranesh Prakash of the Centre for Internet and Society, who argue that making Virtual ID optional represents “privacy through hurdles” rather than genuine privacy by design.

Contents

  1. Article Details
  2. Full Text
  3. Context and Background
  4. External Link

Article Details

📰 Published in:
NDTV
✍️ Author:
Sukirti Dwivedi
📅 Date:
13 January 2018
📄 Type:
News Report
📰 Newspaper Link:
Read Online

Full Text

New Delhi: Virtual ID, the 16-digit temporary number, announced by UIDAI this week had been suggested way back in 2009-10 when its architects were still designing the system. But the Aadhaar authority, which has called Virtual ID a unique innovation to enhance privacy and security, decided against rolling it out at that time.

"And at that time, it was felt that let us first give Aadhaar number, let us see how it plays out and then, at an appropriate time, this will be introduced," Ajay Bhushan Pandey, the chief executive officer of UIDAI, or the Unique Identification Authority of India said in an interview to NDTV this week. He called it an "extra layer of security" for the 119 crore people issued Aadhaar numbers.

It may be a step forward. But not everyone is as convinced.

Cyber security Jiten Jain is one of them. Mr Jain told NDTV that UIDAI should first of all decide if the Aadhaar number was confidential information or not because it had changed its stance on this aspect on more than one occasion.

Like when government departments put out lakhs of Aadhaar number, the government agency had insisted that there was nothing really confidential about the number which could not be misused. Or when The Tribune earlier this month claimed to have found gaps in UIDAI's security system that let the newspaper demographic details of an individual, UIDAI claimed that "the Aadhaar number is not a secret number" anyway.

Also, a point is being made that if hiding an Aadhaar number enhances privacy, then what about the crores of people who have been forced to share their Aadhaar numbers — and a copy of their Aadhaar cards — all these years.

Experts suggest the timing of the announcement may not have been a coincidence. The initiative came against the backdrop of mounting privacy concerns after the newspaper expose. The hearing by a five-judge Constitution Bench of the Supreme Court to decide if the Aadhaar project violates citizens' privacy is to start hearing from next week, January 17.

Srinivas Kodali, cyber security expert and an Aadhaar researcher, said it was clear that the UIDAI had brought it hurriedly. "They said they will release the codes by March 1. So it clearly looks like they haven't planned this thoroughly," he said.

There are also concerns about the ability of people living in remote areas to generate the Virtual IDs, in terms of connectivity and literacy. That means a large proportion of people would not be able to generate the Virtual IDs.

UIDAI chief Mr Pandey said there was nothing to prevent them from continuing to use their Aadhaar number. It is an option, he stressed.

This, experts at the Bengaluru-based research group, Centre for Internet and Society, which has long advocated for a token system such as the Virtual ID, said was a problem area.

"Privacy can be protected by design and not by choice," said CIS executive director Sunil Abraham, who believes the biggest flaw with Aadhaar was its design.

"Since it is not mandatory most people will just use the Aadhaar number instead of getting into the hassle of generating a VID... This is privacy through hurdles instead of privacy by design. I suggest authorities should generate VIDs for people and ensure that third parties only use VID and not the Aadhaar number," Pranesh Prakash at the CIS' policy director told NDTV.

Back to Top ⇧

Context and Background

This report exposed a troubling pattern in UIDAI’s approach to privacy protection—announcing safeguards only when external pressure mounted whilst framing belated implementation as innovation. The Virtual ID concept had existed since Aadhaar’s design phase but remained unimplemented through years of escalating privacy concerns and documented security failures. UIDAI chief Ajay Bhushan Pandey’s explanation that authorities wanted to “see how it plays out” before introducing privacy features suggested reactive rather than proactive governance, treating citizen privacy as negotiable during a system’s experimental phase.

The timing proved particularly significant. The Tribune’s January 2018 investigation had demonstrated that Aadhaar demographic data could be accessed for ₹500, with printing services available for ₹300 more. UIDAI’s immediate response had minimised these revelations by insisting Aadhaar numbers weren’t confidential—a position difficult to reconcile with subsequent claims that Virtual IDs would enhance privacy by concealing those same numbers. This inconsistency reflected deeper confusion about Aadhaar’s security model and what information required protection.

Sunil Abraham and Pranesh Prakash’s critique centred on the fundamental distinction between privacy by design and privacy by choice. Systems employing privacy by design embed protections as default features requiring no user action, whilst choice-based approaches place the burden on individuals to navigate additional steps for protection. Given barriers around digital literacy, internet connectivity, and simple awareness—particularly acute in rural India where Aadhaar enrolment was highest—an optional Virtual ID system would predictably see minimal adoption. Most users would continue sharing actual Aadhaar numbers, leaving their privacy nominally protected in theory but exposed in practice.

The “privacy through hurdles” formulation captured how ostensible protections could function as theatre rather than substance. Introducing friction into the process of obtaining privacy safeguards effectively meant only the most motivated and capable users would benefit, creating tiered privacy outcomes correlated with digital access and sophistication. This contradicted principles of universal rights protection, where fundamental safeguards should not depend on individual initiative or capability.

UIDAI’s insistence that Virtual ID remained optional also created systemic weaknesses. Service providers faced no obligation to accept Virtual IDs, meaning users attempting privacy protection could encounter rejection and be forced back to sharing Aadhaar numbers anyway. Without mandating that authentication entities use only Virtual IDs and never request actual Aadhaar numbers, the system offered no reliable privacy improvement—users gained an option they might not know about, couldn’t easily access, and couldn’t count on being accepted when used.

The article appeared as the Supreme Court prepared to hear constitutional challenges to Aadhaar in mid-January 2018. UIDAI’s announcement of Virtual ID immediately before these hearings suggested strategic timing intended to demonstrate responsiveness to privacy concerns. However, the revelation that this “innovation” had been shelved since 2009 undermined claims of genuine commitment to privacy protection, instead suggesting belated recognition that inadequate safeguards threatened the programme’s legal survival.

📄 This page was created on 21 December 2025. You can view its history on GitHub, preview the fileTip: Press Alt+Shift+G, or inspect the .