Hammered Government Offers Virtual ID Firewall to Protect Your Aadhaar

“Hammered Government Offers Virtual ID Firewall to Protect Your Aadhaar” is a The New Indian Express report published on 11 January 2018. The article covers UIDAI’s announcement of a Virtual ID system as a response to reported security breaches in the Aadhaar programme, with Sunil Abraham arguing that the measure would only be effective if the Aadhaar-KYC process were redone entirely from scratch.

Contents

  1. Article Details
  2. Full Text
  3. Context and Background

Article Details

📰 Published in:
The New Indian Express
📅 Date:
11 January 2018
📄 Type:
News Report
📰 Newspaper Link:
Not available online

Full Text

NEW DELHI: Days after reports surfaced claiming security breaches, the Unique Identification Authority of India (UIDAI) on Wednesday announced the implementation of a new security protocol that would remove the need to divulge Aadhaar numbers during authentication processes and limit third-party access to KYC details.

Admitting that the "collection and storage of Aadhaar numbers by various entities has heightened privacy concerns", the UIDAI circular said Authentication User Agencies (AUAs) providing Aadhaar services have to be ready to implement the protocol from March 1, 2018. From June 1 use of Virtual ID for authentication would be mandatory.

The linchpin of the new protocol will be the virtual ID (VID) — a "temporary, revocable 16-digit random number" that can be used instead of Aadhaar to verify or link services. VIDs will have a limited validity and can be generated only by the Aadhaar holder. "UIDAI will provide various options to generate, retrieve and replace VIDs… these will be made available via UIDAI's resident portal, Aadhaar Enrolment Centre, mAadhaar mobile application, etc.," it said. While only one VID per Aadhaar number will be valid at a time, users can revoke and generate new VIDs as many times as desired.

UIDAI will also limit KYC details accessible by AUAs by classifying them as Global AUAs, which are required to use Aadhaar e-KYC by law, and Local AUAs. Only the former will have full access to e-KYC details and can store Aadhaar numbers. Local AUAs will only have access to limited KYC details and be prohibited from storing Aadhaar numbers. UIDAI will also generate UID tokens which will be used to identify customers within agencies' systems, but these will not be usable by other AUAs.

However, cybersecurity experts say that even if the new "patch" is effective, verification processes will have to be redone to prevent misuse of already-leaked Aadhaar numbers. "The concept is attractive, but the devil is in the details," observed Pavan Duggal, cyberlaw expert, adding that the new system does not address those who have already gained unauthorised access to Aadhaar numbers. Sunil Abraham, executive director, Centre for Internet and Society, was more categorical. "If it has to be effective, they will have to redo (Aadhaar-KYC) from scratch."

Back to Top ⇧

Context and Background

By January 2018, Aadhaar had become the subject of sustained public controversy. Reports of data breaches, including a Tribune investigation that claimed access to the database could be purchased for a nominal sum, placed the UIDAI under acute pressure to respond. The Virtual ID announcement was the authority’s attempt to address the most visible concern, which was the wide-scale storage and circulation of actual Aadhaar numbers across agencies and service providers.

The Virtual ID system introduced a layer of indirection, replacing the permanent 12-digit number with a temporary token for authentication. Critics, however, pointed out that this did not resolve the problem of Aadhaar data that had already been compromised or stored without authorisation. That gap between the proposed fix and the pre-existing exposure was the crux of the scepticism expressed in the article.

The Supreme Court’s landmark privacy judgment from August 2017 had, in the preceding months, sharpened public and legal scrutiny of Aadhaar’s data handling practices. The UIDAI’s January 2018 circular can be read partly as an administrative response to that wider pressure.

📄 This page was created on 22 June 2026. You can view its history on GitHub, preview the fileTip: Press Alt+Shift+G, or inspect the .