As on date there is no legal framework governing Aadhaar project and the same has been challenged before various High courts in India. Further, till now there are no satisfactory resolutions of cyber security and data security issues of Aadhaar infrastructure. Despite many shortcomings, the Indian government is clinging to this troublesome project for political considerations.
Now UIDAI has launched three new Aadhaar-enabled services and announced the establishment of around 300 permanent enrolment centres (Aadhaar Kendras). This means that now both public and private user agencies can identify a beneficiary/customer using a fast and paperless format.
The services launched are authentication services that use iris, One Time Pin (OTP) and e-KYC (Electronic-Know Your Customer) technologies.
In the iris authentication method, the resident’s iris Image is submitted along with the Aadhar number to UIDAI’s Central Identities Data Repository (CIDR) for verification. In the OTP method the authentication is ensured for all residents who registered a mobile telephone at the time of enrolment or through subsequent lengthy and time consuming registration procedure. The e-KYC service will allow individuals to authorise service providers to receive an electronic copy of their proof of identity and address.
Only demographic information (name, address, date of birth, gender and mobile number) that is collected during Aadhaar enrolment shall be shared, at the request of, and/or with the consent of the Aadhaar user, but will be available only for few seconds to eliminate any misuse.
However, the newly launched mobile-based authentication services would benefit only around 40% of Indian residents having Aadhaar numbers. This is so because UIDAI has mobile numbers of only about 40% of the Aadhaar holders as it did not seek mobile numbers of enrollers in the first phase, during which over 200 million had got registered.
Mobile numbers cannot be updated easily as the entire service is based on one time password sent to a person’s mobile registered at the time of enrollment. One can send the mobile details with Aadhaar number to UIDAI’s offices or can visit his nearest Aadhaar enrollment centre. That is an option but the UIDAI cannot assure in how much time the records would be updated.
The other biometric registration based authentication will require service providers to buy finger print or iris recording machines.