When Aadhaar was begun, anyone wanting to use it for authentication had to give his/her Aadhaar number.
Though finance minister, Arun Jaitley, has hinted at the possibility of telcos and fintechs being able to use Aadhaar-based authentication once legislation that satisfied the test of “proportionality” was introduced, there may be an interim solution that takes care of the Supreme Court’s concerns of the private sector getting access to the Aadhaar details of individuals. Though no one was able to get any bank account or other details of the Trai chief after he tweeted his Aadhaar number as a dare to Aadhaar-baiters, the Supreme Court was of the view that the number should not be made public; this was always ironic since the Court itself had said that Uidai collected the minimum amount of information—it said this in response to the petitioners’ argument that Aadhaar would allow the government to build a surveillance state and collect even the banking transactions of individuals.
When Aadhaar was begun, anyone wanting to use it for authentication had to give his/her Aadhaar number. Later, however, Uidai itself came up with other solutions. So, a virtual Aadhaar number facility was created—any user could go to the Aadhaar website and generate a virtual ID at any point—and UID tokens were created that prevented, say, telcos from downloading the Aadhaar number of a person who was looking to get a new SIM. In addition, Uidai also came out with Aadhaar Quick Response (QR) codes that had certain details—name, address and pictures—of individuals, but not the Aadhaar number. So, if a person wants to buy a new SIM card, instead of giving the Aadhaar number, she can simply give the Aadhaar QR code—this can be downloaded on the internet and printed—and, once a telco buys a QR code reader, an instant verification can be done since the QR card reader will show a picture of the person along with the name and address. At no point will the Aadhaar database be accessed, in keeping with the SC’s ruling. A fintech, similarly, can ask a person to take a picture online and then email or WhatsApp the Aadhaar QR code; as in the case of telcos, this can be matched with the person’s online photograph. In both these cases, the details the telco or fintech will get—the name, address and photograph—are, in any case, details that a person has to submit to get a new SIM or, say, some financial service.
Such a solution is critical since, in its absence, the costs of verification would have gone up tremendously. As in the case of a road that is built with public money, where it makes little sense to allow only government-owned vehicles to use it, it never made sense not to allow private sector firms to use Aadhaar-based authentication. More so since, as the Court acknowledged, no one was able to prove any abuse by the Aadhaar system.