Aadhaar biometric lock, a lesser-known security feature

Long before it brought in an extra firewall for privacy with the proposed virtual IDs, the Aadhaar-issuing authority UIDAI had set in place a 'biometric lock' as an additional layer of protection against outside intrusions or breach.

A lesser-known feature, the biometric lock in existing Aadhaar system is aimed at allowing users to safeguard or lock down their biometrics as and when they want.

Aadhaar, which captures an individual's personal details along with biometrics like fingerprint and iris, has been mandated to be used for authentication of identity with banks and telecom companies, among others.

The authentication for mobile SIM (subscriber identity module) verification, for instance, is done by providing the 12-digit identifier together with biometrics.

The extent of Aadhaar usage can well be gauged from the fact that an average of 4 crore authentications are being done on a daily basis, while over 1,500 authentication have taken place so far.

But not many know or perhaps use a feature called the biometric lock that allows a user to seal or lock their biometric information.

User can ring-fence their biometrics by simply going to the Unique Identification Authority of India (UIDAI) website or its app, and choosing the option and entering their Aadhaar number.

A registered mobile number is essential to avail this service.

Once the lock clicks into place and the system is enabled, it will simply not accept a biometric request, much like a physical lock blocking an unauthorised access.

A user can unlock for specific transactions and then lock the biometrics back again.

When residents enable biometric locking system, their biometric remains locked till the Aadhaar holder chooses to either unlock it (which is for a temporary period) or disable the locking system, an official said.

UIDAI CEO, Ajay Bhushan Pandey says that the idea behind the facility was to "rule out" possibility of anyone even attempting to misuse biometric information.

The Aadhaar-issuing authority expects the existing biometric lock feature along with new virtual ID facility being rolled out in coming months to address various security and privacy concerns.

The UIDAI, last week, announced the biggest overhaul of the system by allowing Aadhaar owners to create and use a virtual ID to avoid sharing their unique identity numbers, when using government and other services.

Users will, from March 1, have the option of generating a 16-digit virtual identity mapped to their Aadhaar number that can be shared with telecom companies and others at the time of authenticating their identity.

From June 1, 2018, it will be compulsory for all agencies, which undertake authentication, to accept the virtual IDs from their users.

Agencies that do not migrate to the new system to offer this additional option to their users by the stipulated deadline, will face financial disincentives.

The move aims to strengthen the privacy and security of Aadhaar data, and comes amid heightened concerns around the collection and storage of personal and demographic data of individuals.

As many as 119 crore biometric identifiers have been issued so far, and Aadhaar is required as an identity proof of residents by various government and non-government entities.

For instance, the government has made it mandatory for verifying bank accounts and PAN to weed out black money and bring unaccounted wealth to book.

The same for SIM has been mandated to establish the identity of mobile phone users.