SECURITY AND OTHER CONCERNS

What about security concerns surrounding data and access to it, especially since there are plans to have UID online too?

People tend to think that online means access to information on the fly. But that does not mean that any individual can access the data. To give an instance, when it comes to commercial use, any commercial vendor - bank, insurance firms etc – that needs to verify an individual's UID will need to take imprints of fingers and send it to UIDAI asking for authentication. This is online and real-time. However, UIDAI will not send the finger prints or any other detail. It will just confirm the authenticity of the imprints. Hence, the repository is not accessible to anyone. Besides, adequate measures would be built into the tech systems to ensure that the data are being added to the repository according to the set standards.


Shown below is the security model for UID: (Source: UIDAI and NIC)

A security breach can occur nevertheless...

Use of any technology brings challenges, and adequate measures need to be taken to counter them.  As an extra security measure, UIDAI has added four digits to the 12-digit number. This PIN-based four-digit identification will be masked. So, at anytime this four-digit number gets changed then everything changes. Over a time there is a possibility that this kind of information when it is shared could be tracked. There will be more than enough people who will try to get more than one UID or will at least try to get. Rules, however, are being set that if someone intentionally attempts to defraud then there will be penalties and other measures built in.

What about privacy issues?

The concern is: who can access this data and where the data will reside. India, in this regard, will need to have a formidable data privacy policy. Privacy forums will need to be formed and this should happen as the roll out takes place. In toto, some cases might need regulatory changes and in the other cases, there will be an outreach programme.