Centre for Internet & Society

Ever since the Supreme Court’s judgment on Aadhaar, which prohibited the use of the 12-digit biometrics-linked unique identity number by private entities as well as its linking with phone numbers and bank accounts, telecom companies and their customers in particular are wondering what this means for them.

The blog post by Kanishk Karan was published in Scroll.in on October 18, 2018. Pranesh Prakash was quoted.

On Thursday, the Times of India reported that crores of mobile phone connections face the “prospect of disconnection” if their SIM cards are not backed up by identity documents other than Aadhaar. The report also appeared on TimesNowHindi. The reports prompted the Union government to issue a statement insisting that the disconnection concerns are “completely untrue and imaginary”. But questions still remain about what comes next.

Joint statement

The news reports said that 50 crore mobile phone customers – who had used only Aadhaar to verify their identity as part of the Know Your Customer verification process, which became mandatory for all phone numbers last year – will need to re-verify their identity using alternative documents or face disconnection. This is because the Supreme Court verdict had concluded that linking Aadhaar to mobile connections, even voluntarily, is illegal.

In a joint press statement on Thursday, the Department of Telecommunication and Unique Identification Authority of India, the body that oversees Aadhaar, refuted this claim. The statement said that a “few news reports” have tried to create “unnecessary panic” by claiming that phone numbers may be at risk of disconnection. It insisted that those customers who used only Aadhaar for their verification process could use other documents to re-verify their identities, without being worried about their phones being disconnected. “In any case her/his mobile no. will not be disconnected,” the statement said. “What Supreme Court has done is that it has prohibited issue of new SIM cards via Aadhaar eKYC process due to lack of a law. There is no direction to deactivate the old mobile phones.”

The statement made it clear that telecom companies cannot ask for Aadhaar as proof of identity when issuing new SIMs. The authorities also used the statement to clarify a few other questions that have come up following the September 26 Aadhaar verdict.

Aadhaar data

One of the big sources of confusion that the verdict created was the Aadhaar data that telecom companies had already collected while carrying out Know Your Customer verification for phone numbers over the last year. The verdict seemed to suggest that all such data needs to be deleted within a certain time frame.

But the joint statement insists that this direction only applies to UIDAI and not to telecom companies. “The Court has also not asked to delete all the eKYC data of telecom customers after six months,” it said. The statement claims that the verdict only orders the UIDAI to delete the authentication data it holds, and, in fact, says that telecom companies are mandated to keep that data and that “there is no need” for them to delete it.

But not everyone agrees with this interpretation of the judgment.

Prasanna S, one of the lawyers who appeared on behalf of those petitioning against Aadhaar in the Supreme Court, said that the statement’s claim that telecoms do not need to delete Aadhaar data is wrong.

The Aadhaar ruling was a 4:1 majority judgment with Justice DY Chandrachud the sole dissident.

“The government and Telecom Regulatory Authority of India [should have issued] direction on the directive given by the Supreme Court to delete data within two weeks,” he said, referring to the portion of Chandrachud’s dissenting opinion in the verdict. Chandrachud had disagreed with the majority on a number of issues. But all five judges on the bench had agreed that linking Aadhaar to phone numbers was unconstitutional and posed a grave threat to privacy, liberty and autonomy of individuals. In his order, Chandrachud issued directions for Aadhaar data to be deleted within two weeks, which some lawyers believe should be binding even though it was in the dissenting opinion.

New authentication app

Since telecom companies can no longer use Aadhaar-based verification to authenticate new customers, the statement also said that the Department of Telecom and UIDAI are working on a mobile application that will perform the gask instead. According to the statement, when carrying out the authentication of a new SIM, the application will capture a “live photograph”, including location coordinates and a time stamp. Along with the live photograph, the application will require other government-issued identification documents such as voter ID or passport.

While that may solve the problem of having a simple authentication process instead of Aadhaar, questions have been raised about whether this procedure is vulnerable to fraud.

Pranesh Prakash, a fellow at the Centre for Internet and Society, said as of now it is unclear how the government would find a way to prevent “a single live photo being used multiple times”. If the same photo is used for issuing three SIM cards by the agent, would the government be any wiser, he wondered. Prakash said that, rather than the technology infrastructure, the important area to focus here is the security loopholes in the identity verification process.

Earlier this year, UIDAI had introduced a number of new provisions, including the virtual ID and face authentication, saying it will make fraud and data leaks less likely, as well as make it easier for those who are facing trouble with biometric authentication. Later, the directive was put on hold by the Department of Telecom. Thursday’s statement suggests a similar application, using live photos, but does not say when this technology will be rolled out.

Filed under: