Unique Identification Authority of India (UIDAI) has launched three new Aadhaar enabled services - an authentication services using Iris, an authentication service using one time pin (OTP) and an electronic know your customer (eKYC) service. It also announced that currently over 400 million residents have been enrolled for an Aadhaar number, while about 350 million Aadhaar numbers have been issued. eKYC service: The eKYC service will allow one to authorize service providers to receive electronic copy of their identify proof and address. This will allow instant and paperless verification of of one's identity and address. Using this service will allow sharing of demographic information including name, address, DOB, gender, photograph and mobile number this was collected during enrollment. This is quite different to what was said at the Aadhaar Development Track conference organized by NASSCOM in Bangalore in 2011. At the conference, key personnel from the authority including Head of Technology Srikanth Nadhamuni, Chief Product Manager Sanjay Jain and Pramod Varma, Chief Architect had mentioned that the Aadhaar backend will simply verify the info and return a Yes or No response. Aadhaar would not send any other data back, except in cases of National Security, for which protocols were not been decided back then. This contradicts with the services that UIDAI is offering for Aadhaar enabled services. With the eKYC service, UIDAI shares all demographic information including name, address, DOB, gender, photograph, and mobile number to the service providers. With 350 million Aadhaar cards issued, access to such information not only brings up privacy issues but also security concerns. What stops hackers to get into UIDAI server and collect all private…
