UIDAI introduces new QR code for offline Aadhaar verification; top updates

Unique Identification Authority of India (UIDAI) has brought an updated QR code on e-Aadhaar. Aadhaar card holders can now download and print their biometric ID from the UIDAI website. Details here

To shield the crucial information and add an extra level of privacy to Aadhaar against any sort of tampering, the Unique Identification Authority of India (UIDAI) has introduced an updated digitally signed 'QR code' on e-Aadhaar that will now contain the photograph of the Aadhaar user with other non-sensitive details like name, address and birth date. The new 'QR code' can be used for offline user verification without disclosing the 12-digit identification number, according to a PTI report.
 

This new feature is available through Aadhaar downloads and contains the photograph of the Aadhar user in addition to the existing availability of demographic information, which in turn will allow various user agencies like banks to verify the authenticity of Aadhaar card data offline.
 

Ajay Bhushan Pandey, CEO of Aadhaar-issuing body UIDAI, said: "The offline QR code is a landmark development which will allow everyone to establish their identity through offline verification without giving out Aadhaar number".
 

Adding to the ongoing battle between the Supreme Court and the UIDAI over the authenticity of Aadhaar, the apex court has observed that the biometric authentication of Aadhaar is highly prone to misuse.
 

The Supreme Court also added that if the biometric authentication is attached to every transaction entered into by a person, it would "form a wealth of information" necessitating the need for data protection.
 

In another significant development, the UIDAI has denied the media reports that its counsel Rakesh Dwivedi has accused Google of trying to fail Aadhaar while presenting arguments in the Supreme Court. 
 

Our counsel had contended in the court that as far as Google, Facebook and Twitter are concerned, they cannot be compared with Aadhaar because of the nature of the information is different and also due to a difference in the nature of algorithms being used, an official release from the UIDAI clarified.
 

Here are the top developments around Aadhaar, newly updated QR code, SC-UIDAI spat over its authenticity and much more: 
 

1. UIDAI brings updated QR code on e-Aadhaar: UIDAI - the nodal agency in charge of implementing Aadhaar, has updated the digitally-signed QR code as a simple offline mechanism to quickly verify the legitimacy of the Aadhaar card.

Aadhaar card holders can download and print their biometric ID with the QR code from the UIDAI website or its mobile application. The newly restructured QR code would be convenient for establishing the identity with non-statutory entities, say, the likes of online shopping portals when delivering goods.

A QR code is a machine-readable barcode label typically used for storing URLs or other information for reading by the camera on a smartphone.

Aadhaar users can manually darken the Aadhaar number and use the printout with the new QR code for establishing their identity, offline also. For example, when an online shopping delivery is made and the delivery man asks for ID, Aadhaar holder can show him the printed QR code which when scanned (through an updated QR code reader on Aadhaar site) would read non-sensitive information, said a PTI report.
 

According to a report in the Millennium Post, The new QR code will also ensure that Aadhaar user is genuine and not using any tinkered identification documents. Also, to make Aadhaar information more secure and tamper-proof, it will be signed with UIDAI digital signature. To ensure that the privacy is maintained throughout the verification process, the Aadhaar number is not given out in the entire process, nor is biometrics.
 

The offline verification facility would add yet another option to the exception-handling mechanism at the ground level to ensure that no denials on Aadhaar-based services take place.
 

2. SC on Aadhaar's constitutional validity: A five-judge bench headed by Chief Justice Dipak Misra, hearing a series of petitions challenging Aadhaar and its enabling 2016 law, explained to UIDAI of its apprehensions saying biometric authentication of Aadhaar number in every transaction could lead to accumulation of meta data of citizens, which can be collated and used for many purposes including surveillance, said PTI report.
 

Justice Chadrachud pointed out that there is potential technology to aggregate the information of requesting entities and said that the UIDAI has to examine what safeguards have been put in place to prevent the misuse of information and the aggregation of information is not allowed.

 

Senior advocate Rakesh Dwivedi, appearing for the Unique Identification Authority of India (UIDAI) and the Gujarat government, said in most of the cases, authentication is done only once.
 

"For example, in case of PAN cards, it is once in a lifetime. For mobile sims, it is done only at the time of obtaining it. So, where this multiplication of authentication from morning to evening comes from," the senior lawyer asked, adding, "realistically speaking, there is no trail of authentication from morning to evening. No real-time tracking is done".
 

He then asked the bench to examine the Aadhaar law on the ground of "reasonableness" and said as of now, there was no such possibility of aggregation and if any such things happen in future, the court may examine them at that time.

During the hearing, the SC bench asked the UIDAI counsel whether the storage of biometric and demographic details under Aadhaar law amounted to "invasion of the right to privacy" and said minimal intrusions with legitimate interests have to be ensured".

 

"Any system which involves biometrics will require storage of biometrics, either at a single point or multiple points," Dwivedi replied.
 

UIDAI also dismissed concerns that it might use Aadhaar data analysis in the future, saying a certain section of people are creating "imaginary fear" to "fail" the national identification programme.
 

3. SC red flags threat of Aadhaar data misuse, fears poll manipulation: The Cambridge Analytica data leak controversy also found mention in the Supreme Court, which red-flagged the threat of probable misuse of citizens' information by entities which were getting Aadhaar details authenticated by the UIDAI.

In the absence of robust data protection law, the matter of misuse of information becomes pertinent, said an SC bench. The apex court apprehends that the elections are influenced using data analytics.
 

"Please do not bring Cambridge Analytica into this. The UIDAI simply does not have the learning algorithms like Facebook, Google to analyse information of Aadhaar card holders," senior advocate Rakesh Dwivedi, appearing for UIDAI said.
 

Aadhaar only matches biometrics, while the other global tech companies use learning tools for analysis of data, which creates knowledge, justified UIDAI.
 

Besides the Aadhaar Act does not authorise any kind of data analysis, he said, adding the UIDAI has "simple matching algorithms" which give answers like 'yes' or 'no' after it receives a request for Aadhaar authentication from a requesting entity.

"UIDAI does not permit any Requesting Entity (RE) to collect and analyse Aadhaar data and use the same for any commercial uses," the UIDAI statement read.