Moneycontrol News

In yet another move for the government-private sector link-up for benefits with Aadhaar, Microsoft is integrating the 12-digit unique ID with Skype Lite.

The primary reason for the Aadhaar integration is to enable users to authenticate the identity of the user, especially in case of job interviews.

Microsoft CEO Satya Nadella has confirmed that once the Aadhaar-verified Skype chat is over, the 12-digit ID will be purged from the website.

What is Skype Lite?

The lighter version of the popular video calling app Skype from Microsoft was designed especially for India keeping in mind the slow speeds of most mobile data internet connection which cannot take on the loads of video-conferencing.

Skype Lite is designed keeping in mind the low mobile data speeds in India, and can run even on a 2G connection.

How does Aadhaar-Skype link work?

Both the persons can verify their identities at the beginning of the video call by requesting Aadhaar verification. To confirm the identity, the user has to click on ‘‘Verify Aadhaar Identity” and following that enter their Aadhar number, which is then to be validated with a one-time password (OTP).

Once the process is done, they have the option of choosing whether to share their Aadhaar information with the other person to confirm the identity.

As per a statement given out by Microsoft: “For example, you may wish to make a Skype Lite call to an important business client or government representative – by using Aadhaar, both parties can verify their identity at the beginning of the call to prevent impersonation fraud.”

Why is Aadhaar Entering the Private Sector?

Aadhaar is a 12-digit unique identity number based on biometric and demographic data for Indian residents. The Aadhaar Project was created by the United Progressive Alliance government in 2009 to reduce leakages in the country’s welfare programs.

The Unique Identification Authority of India (UIDAI) and the government both allow access to Aadhar data of people by private companies through Authentication User Agencies, which are both governmental and non-governmental entities.

Recently a range of private companies have started using it, some of the examples of which are HDFC, Authbridge and so on, from which fresh security concerns are emerging.

New rules of the government rapidly rolling in making Aadhaar compulsory for banking, I-T, mobile subscription and PAN accounts, sharing one’s Aadhaar number online has become a risk to one’s identity and may have chances of leaking personal and sensitive information.

What are the security concerns ?

The filing of the Aadhaar and its usage across various government data portals has raised several security concerns by analysts and computer science experts, most of them pointing at two alarming concerns of the hour.

Firstly, Aadhaar vouches for authentication without consent, unapproved filing, tracking and surveillance of individuals.

Secondly, there is a lack of legal framework in the country to protect the privacy of individuals in such cases of digital integration.

A report by computer science researchers at IIT-Delhi reveals that the biggest threat to privacy in the case of Aadhaar comes from insider leaks, and the structure is not well-designed to provide protection from insider leaks, which often requires a third party auditor under an independent administrative control.

Despite the UIDAI’s repeatedly stressing that the system is hack-proof and that data cannot be leaked, other websites known to use Aadhaar have been leaking data online.

Is Aadhaar even compulsory ?

The Aadhaar Act of 2016 also does not make Aadhaar mandatory for citizens in any way.

A Supreme Court ruling in 2015 clearly read, "... the Aadhaar card Scheme is purely voluntary and it cannot be made mandatory till the matter is finally decided by this Court one way or the other."

The apex court had also set up a constitutional bench to hear Aadhaar case.

As for the Aadhaar database, the UIDAI mentions it is encrypted using the highest available public key cryptography (PKI-2048 and AES-256) with each data record having an in-built mechanism to detect any tampering. UIDAI says that even if a hacker attempted to decrypt it using millions of computers, it would take him billions of years to crack the code.

What’s the law?

Section 57 of the Aadhaar Act, 2016 permits private companies to use Aadhar data to establish “identity of an individual for any purpose”.

There is no specific law passed by Parliament for protection against breach of privacy of individuals in India. A bill, Privacy Bill, 2011, was drafted by the UPA-II government but is hanging fire since then.

As per a report in The Quint, Usha Ramanathan, an independent legal researcher who has been tracking Aadhaar since 2009, says,

“There is Section 57 of the Aadhaar Act 2016, which, among other things, makes it clear as the blue sky on a cloudless day that the Aadhaar Act could never have been a Money Bill. It allows private companies to use the UID database for ‘establishing the identity of an individual for any purpose.”

Earlier in May, the Central government had admitted in Court towards the leaking of Aadhar data and maintained that there was no leakage by the Unique Identification Authority of India (UIDAI).

Advocate Arghya Sengupta while arguing the case on behalf of the government told the bench that leakage was by various other government departments and state agencies, and might have occurred on account of balancing transparency and data protection concerns.

Appearing for retired Major General S G Vombatkere and social activist Bezwada Wilson, Divan questioned how the Finance Act could make getting Aadhaar mandatory when the Aadhaar Act said obtaining UID was completely voluntary.

“This scheme makes whole-time surveillance – from cradle to the grave – possible. This is perhaps the worst project possible under our Constitution. Entire architecture of Aadhaar is worthless as far as information security is concerned. We are concerned with one-seventh of the total population of the world in the wake of a scheme where degree of invasion is extremely high and protection much low,” said Divan.

With more and more private data companies having access to Aadhar, the need to the hour is to make a part of policy of the government to provide individuals some control over the data that the private forms collect and some control over how the data is utilised.