Offline verification of Aadhaar data.. Is it feasible?

According to the Caravan report about the proposed new Data Protection Act /Privacy Protection Act which the Srikrishna Panel has tabled, a suggestion has been made for amendment of the Aadhaar Act to introduce what is called “Offline Authentication”.

A discussion has already ensured in the professional circles, how the “Offline” authentication can be done without a copy of the Aadhaar data being kept outside the CIDR and whether it will introduce new data breach risks.

However, I feel that just like the introduction of the Virtual Aadhaar ID which stepped up the security of the Aadhaar data by several notches and took the wind out of the anti-Aadhaar lobby, it is likely that this “Offline Authentication” system may also turn out to be a good practical suggestion that can ensure that Aadhaar system survives the critical scrutiny of the Supreme Court.

Just to think of one of the measures by which this system can be introduced, we can envisage that UIDAI may authorize “Identity Certification Agencies”.

This could be  part of the Digi Locker scheme and Digital Certificate Scheme run under the CCA. In such a scheme certain agencies may be licensed to make verification based on “Virtual Aadhaar ID” submitted by the Aadhaar user (Global KYC agents can perhaps use the real Aadhaar ID itself) and maintain a mirror identification data base of “Members of its service”.

These agencies could be be similar to the “Data Trusts” which Naavi had proposed earlier. Individuals could deposit their ID information with these agencies who may be private sector agencies who may have access to technology which they claim are better than that of UIDAI. Their data base may be maintained on the basis of their membership and the linked Virtual Aadhaar ID.

If there is any data breach at these “Trusted Intermediaries”, then UIDAI cannot be blamed. Also the loss can be recouped with the change of the Virtual Aadhaar ID.

Hence this move will both address the issue of insulating the CIDR from too much of access by public and also silence the critics by challenging them to be the secure repositories of the data if they are capable rather than blaming the Government all the time.

For the positively minded, this is an additional opportunity to create a business out of the need to secure personal data.

It is therefore time for the Critics of Aadhaar to accept the challenge thrown at them by the Srikrishna panel and find solutions to make offline Aadhaar authentication feasible without the fear of personal data breach.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

2 Responses to Offline verification of Aadhaar data.. Is it feasible?

  1. Vivek says:

    Can you please highlight The Protection of Personal Data Bill and the conditions under this bill?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.