Aadhaar as a normal citizen

Here I have tried to describe most common news or media findings and in general the gut feel about Aadhaar. Hope it helps in some clarity and understand the different aspects of Aadhaar.

1. Aadhaar information was leaked, my phone number etc is now public and is tied with Aadhaar.

Dont worry. Report it and allow system to do its work and UIDAI needs to ensure its removed from the source and catch all people involved. Such a information leak will eventually happen and all telecallers will know who you are and what is your Aadhaar number and your address and etc etc which are not even on Aadhaar card. Until now they did not have you Aadhaar card number, but the rest of the information is always available with them and is linked to your mobile number. So relax, having your Aadhaar number will not solve all their problems.

2. Can they use my Aadhaar card to perform bank transaction ?

Now let us assume someone used your passport number as of today to transfer amount of 1 lakh to someone. Do you think its possible ? Nope, the same is with Aadhaar card and its number. It does not in anyway allow a person to do banking using that number and details present in that. But if you have kept your banking password same as your Aadhaar details like dob etc then chances are there he may be intelligent enough to crack your password, but thats a separate issue and not related to Aadhaar(a case of simple password, change your password to more complex password). If a bank in future allows you to draw money using your finger print and finger print alone then something is wrong with the bank and immediately oppose the same. This is like bank is putting the onus on Aadhaar for their transactions, which is outright wrong. Bank can use Aadhaar for checking who you are, whether you are same as whom you claim to be and so on. But they cannot use Aadhaar to allow you to do banking. Banking needs to be done as is today using existing procedures of signature, face and photo they have of you, Online password etc. Having said that they can use your Aadhaar card and authentication additional to what they use normally. But note that as of today March 2018, your phone already uses the biometric to perform bank transactions directly. So now that is a risk if someone steals your phone and your fingerprint information/faceid. So as indicated, a bank using Aadhaar in a stupid way is not really Aadhaars responsibility. If bank had used your passport or driving license information for performing banking transactions then it is the bank responsibility to ensure its safe not Aadhaar/passport/rto responsibility. Aadhaar is just allowing bank to identify you are whom you claim to be.

3. Bank linking to Aadhaar vs Aadhaar linking to bank account.

Note that originally Aadhaar was created as a DBT ( Direct benefit transfer) method. So Aadhaar database had one bank account number where they would directly deposit your benefit amount. Now at the onset let us understand the difference between Aadhaar having your bank account number which is just 1 bank account number where subsidy is transferred. And then there is a bank account number, you can have several accounts in different banks. This database is managed by the bank and here the bank will update Aadhaar number in their database for every account you have with them. So different banks ICICI/SBI/HDFC/etc etc all have their own database which has entry for Aadhaar number. So each of these banks update your Aadhaar number separately.

Now the issue with airtel and Aadhaar was that somehow during intial rollout Aadhaar had allowed bank to link to Aadhaar database their number. So it was a mistake on Aadhaar part to allow bank to update Aadhaar database with bank account number. Actually the ideal way was to ask the Aadhaar user to update Aadhaar database with whichever bank User chooses as the DBT bank. But having given a way to update Aadhaar database with bank number, airtel wrongly used this to automatically update Aadhaar database with their airtel account number. So Aadhaar anyway have fixed this issue.

So now user updates Aadhaar database with DBT bank account number.

User Gives Aadhaar card details to bank for KYC and bank updates Bank database with Aadhaar number.

So there is no confusion and breach of information since both databases and updations are done by respective institutions.

4. Have wrong information in my Aadhaar.

Please check the online and offline method(enrollment center) for how to update your personal details if any discrepancy.
https://uidai.gov.in/enrolment-update/aadhaar-enrolment/aadhaar-data-update.html

5. Someone has changed my personal information.
This is a rare case and happens only when someone has access to your biometrics and mobile where OTP is sent. So inform the enrollment center and follow procedure to update the same.

https://uidai.gov.in/enrolment-update/aadhaar-enrolment/aadhaar-data-update.html

6. Why did they create virtual Aadhaar number.
– Virtual Aadhaar id is like a token and someone like JIO who tries to authenticate you for issuing a sim will only have virtual id and hence only partial information. But in my view this is just a patch and eventually all data gatherers, tele callers will have your Aadhaar, virtual Aadhaar and entire kyc information. But nothing to panic as explained in point(1).

7. What is your view on Aadhaar
In my view Aadhaar is a must. System needs to be improved and secured. All systems are vulnerable in some way or the other and people are the weakest link. No matter what people can still be cheated and their biometrics can be copied, OTP compromised.
Aadhaar is having a much bigger benefit which is not related to these events, but more with respect to national security, personal security, financial implications for the country. The crux of Aadhaar is how user information is tied to user biometrics. If someone comes with different names, addresses and tries to create multiple financial profiles to cheat tax, commit crimes, then his biometric can be used to tag him, identify him. He can tell different names but it will be difficult for him to spoof his biometrics.

Note the key points here
1. it will be difficult for one person to create two identities and hence two Aadhaars since biometric spoofing will be difficult.
2. Worst case if such a person is caught he can be flagged in teh system and prevent him further benefits, citizenship etc.
3. No such system exists as of today which maps “identity(name,address, position, job)” to “physical body(actual person/biometrics)”
4. No thief who is caught can claim i am X and next time take a different identity.
5. For marriages in future it can prevent double marriages if Aadhaar is made mandatory.
6. Having multiple PAN cards and avoiding income tax will become a thing of the past. May not be immediate but will take 5 to 10 years to weed out the people because even today some guys can show their grandfather or senior citizens and save tax to some extent.
7. Submitting proof for banking, schooling, etc etc can use Aadhaar(note can use Aadhaar in their own database) and take benefit of easy KYC or id submissions. Any day many citizens will be more than happy if one id card is enough to get government ID and address proof done with just one document.
8. Future voting can be done using Aadhaar and will help prevent frauds.

9. Aadhaar should not take responsibility of other departments like driving license, passport, etc. Ofcourse RTO, passport office, banks can use Aadhaar information, but UIDAI should only concentrate on securing the biometrics and personal information. How individual organizations use Aadhaar is their responsibility and it is rightfully so. Aadhaar just provides a mechanism to tag “physical body” to “identity”. It can at best guarantee uniqueness of an individual.
10. Aadhaar is not responsible for thieves. Aadhaar will identify a person. Same Aadhaar number can be used by police stations to identify him uniquely. So as a bank it is bank responsibility to identify that he is a thief or loan defaulter by checking police records, etc etc which they do as of today. So organizations can track him as they do today using passport number, dob, name, etc etc and is not a responsibility of Aadhaar organization.

8. How can the system be made secure from your view.

a. Biometric based authentication should be limited and used only for special cases and only used by government systems or crime or financial systems. But a simple SIM card issue and especially to corporates like Reliance, etc should not be allowed to use biometrics for authentication. Because it will allow them to copy the biometric information. So it should be avoided. Also biometric should be updated every 10 to 15 years since technology also advances in capturing and storing and verifying biometric. So it is good to update biometric once every 10 to 15 years.

b. Simple photo id display on Aadhaar number entry from Aadhaar database, original Aadhaar card/copy, OTP etc should be enough to perform the authentication for most purposes.

c. Frequent audits on Enrollment centers and signatory for Aadhaar data entry should be audited instead of reacting based on complaint. This is one area where there are frequent data breaches. It wont affect the central repository but can help to create fake ids, incorrect data, etc.

d. Aadhaar card should be cut and enrollment number should not be part of the card.

9. My Grandfather is facing issue with Aadhaar biometric.
Can happen to everyone as they age. Also technology gets better by the year. So update the biometric information as indicated in uidai website below. Also iris and face recognition options are available for senior citizens. It is also the responsibility of the parallel entity such as bank/mobile service provider to understand these issues and keep alternate methods of authentication. Note that most biometric based authentication should be restricted to only critical operations as explained in (8)(a).

https://uidai.gov.in/enrolment-update/aadhaar-enrolment/aadhaar-data-update.html

10. Then why do I get the feeling its not very useful to me ?
It is indeed not very useful to you as a person because you have to do extra work in creating Aadhaar card, maintain Aadhaar information. Also it does not even help you to fly to foreign countries like passport and not useful for voting like voter id card. So it is very natural to have a bit of reluctance in doing this.
But if you are getting subsidy, then may be to some extent you will be less reluctant to migrate to Aadhaar[you may now know why it started as subsidy based]. If you are someone who neither gets gas subsidy nor get any DBT, but only get taxed more or tracked more the reluctance is natural. So for such people it is important to note that it helps to catch other defaulters, nation building, crime reduction(wont go away, but reduce), easy KYC, easy id proof, easy address proof, effective banking, catch benami property, polygamy(multiple marriages), prevent voter fraud which are not easy to convince yourself but a SSN or Aadhaar does provide better methods than existing identity methods. So its not fool proof but better than what exists as of today.

So get geared for Aadhaar, but it is okay to do it with a SIGH! or WHATEVER!