Over the last few years, Aadhaar usage has gone up significantly.
2017 was a banner year, with the Unique Identification Authority of India (UIDAI) servicing 10 billion authentication requests, and 3.5 billion electronic-Know Your Customer (eKYC) requests.
September was the peak, where the UIDAI serviced an average of 48 million transactions a day. This is about 14,000 times the usage in September 2012. The number of systems that depend on Aadhaar as an identity provider have grown.
2017 was a challenging year with many incidents and claims relating to biometrics, privacy, and exclusion. The government has had to learn to walk the line between transparency and privacy, and now deal with the attentions of international hackers, all in the middle of a very noisy debate. The growth and accompanying challenges are a reflection of the increased digitisation, and formalisation, of the economy. Being at the leading edge of change, Aadhaar has become the lightning rod for discussions around privacy and governance.
Out of these tough times, much good has come forth. The Justice Srikrishna Committee is looking at how users and their data must be protected through a new law. The Supreme Court has read a right to privacy in the Constitution. The UIDAI has emerged as a responsive, nimble organisation and a problem-solver.
Looking at the recent changes in authentication, registered devices, virtual identity number, tokenisation, limited eKYC and face-matching, it appears that the UIDAI is set to tackle the issues, and to deliver on the promises of inclusion and security. Registered devices ensure that biometrics are captured live from sensors, digitally signed, encrypted and sent to the UIDAI without the possibility of interception, tampering or the injection of stored biometrics. This change was rolled out in 2017 and is now nearly complete. Users should be confident that no agency can intercept their biometrics, and use them for a different transaction.
The virtual identification number and tokenisation will ensure that most user agencies will not be able to store Aadhaar number. They will not be able to use it for unauthorised linkage of databases. Limited eKYC adds more support to this by reducing the spread of sensitive information, improving on privacy protections.
Face-matching will improve on inclusion. It will allow users who were previously unable to authenticate with fingerprints see higher success rates. It will also improve security for applications that currently use only a one-time password. Self-service applications will also use this feature.
Other than authentication, the UIDAI has also made changes to the enrolment and update ecosystem. It has moved all enrolment and update activity to government premises and banks. Local governments have been asked to ensure at least three centres in each block/taluka. As a result, there will be capacity for updates and enrolments under greater supervision.
So, in 2018, Aadhaar usage will cross 30 billion authentication transactions.
The UIDAI will support the ecosystem to upgrade. It will continue to be responsive to user needs and make changes. These will include updating process through technology and the rollout of update centres. There will be a focus on auditing applications and grievance redressal. As a result, users should feel safer that the UIDAI is monitoring the ecosystem and on a journey of continuous improvement.
Beyond Aadhaar, our lives are going to be more digital. Much remains to be done to protect our privacy. This is the year we will see the law come up for that.
Originally published as an online article in the Economic Times.