While a Bloomberg story suggests US tech giants like Apple and Google are uncomfortable with the government’s initiative to get them to add an Aadhaar-compliant layer to their smart-phones, it is unclear as to what their reservations are since the firms are not being asked to build a back-door into their operating systems—more important, this could be India’s Apple Pay moment where even those with moderately-priced phones could get the seamless one-click-two-factor authentication that Apple offers today. Indeed, given that tech giants like Samsung have already come out with a tablet that allows Aadhaar-authentication, and the likelihood of other manufacturers offering this as an added convenience factor in their phones/tabs in future, even if the government does not make this mandatory—which is what Aadhaar sources say is the case—once the market moves towards this standard, chances are that even reluctant US tech majors will have no option but to follow suit.
Right now, any payment through a mobile phone requires typing in of either a password or an OTP authentication through an SMS but if the phone can recognise an Aadhaar biometric—which phones are increasingly capturing in any case through iris and fingerprint scanners—this makes the payment that much more secure, apart from being faster. What the Unique Identification Authority of India (UIDAI)—it is spearheading the movement on Aadhar-encrypted phones—is asking the mobile phone manufacturers to do is to, once they have captured the consumer’s biometrics, encrypt this using an Aadhaar-provided key before sending it to the database for instant authentication. While the tech giants are reportedly worried this will allow the government to track payments via them—and potentially also open them up to hacking attacks—Indian techies working on payments systems argue this is incorrect. For one, they argue, that since no data on the purchases is given to the Aadhaar database—all that it does is to authenticate the biometrics—there is no question of being able to track payments or the whereabouts of those making them. Two, since all that is happening is that an encrypted biometric is being sent on a secure pipe for verification, it is quite different from the US case of the government asking Apple to open an encrypted phone or sharing any user information with the government or any law-enforcement agency.
Given how India is at the forefront of building a fully-secure world-class digital payments architecture which is immediately accessible to even the not-so well-heeled, both the UIDAI and the IT ministry are doing well to work with phone manufacturers to evolve standards on this. If some tech majors are reportedly uncomfortable with this, it would be a good idea to stick to the voluntary nature of the standards since, in any case, it is likely manufacturers will move to this once customers start demanding it—a billion people with phones wanting to connect their billion Aadhaars through a payments gateway is pretty hard to resist, more so as smart innovators create different apps to use this functionality.