Digital Locker – Unlocking its full potential

Digital Locker

rajeshAn informal, unofficial Paper by Rajesh Aggarwal, IAS

Currently serving as the Joint Secretary-Financial Services, Ministry of Finance, Government of India, Rajesh Aggarwal recounts his experiences of developing “Digital Locker” – right from visualisation until giving it a realistic shape – to make the life of citizens easier in numerous ways. He believes the Government of India’s “Digital India” programme can reach its full potential only if various departments take a pro-active approach towards promoting the concept of Digital Locker among the masses. The technocrat-turned-bureaucrat relives the Locker dream for Elets News Network (ENN)

My team in the Department of Information Technology, Maharashtra designed and launched the Digital Locker more than one-and-a-half year ago. And then, they shared it with the Government of India. Unfortunately, it is yet to catch the public imagination. This paper tells the story of Digital Locker and its potential usage.

After the formation of the new government at the Centre in 2014, the Prime Minister had asked various Secretaries to make presentations to him. On the web, I saw some slides made by DeitY Secretary Mr. Ram Sewak Sharma, and one bullet point was “Digital Locker”. I quickly assembled my young and gung-ho team of consultants and programmers in Maharashtra, and in less than two weeks, we had the basic Locker up and running on our State Cloud. Later, on request from the Government of India, the Team Maharashtra was happy to hand over the code and the design, for wider use. ( )

My thoughts before designing the Locker

We started with the Signup/Login method, as we were clear that only a citizen having Aadhaar number will be able to Sign Up. You don’t have Aadhaar – sorry, then the Digital Locker is not for you! The philosophy behind this thinking will become amply clear in the next few paragraphs.

Digital Locker BetaAadhaar provides easy, anytime, anywhere, faceless (remote) identity check. Now, even one time password (OTP)-based eKYC or eSign is recognised by law. However, presently Aadhaar database has not too many mobile numbers, nor can we be very sure about their accuracy. Hence, I always advocate having a “verified mobile” tag in Aadhaar centralised database (CIDR). This would happen when a citizen does biometric (fingerprint or Iris) authentication, enters 10-digit mobile number, gets an OTP on that mobile and enters that OTP in the application. Only then this “verified mobile” flag should be ticked in the central Aadhaar database. Thereafter, for all times to come, except for certain critical things, mobile OTP-based Aadhaar linked eKYC or eSign can be used. Probably, Samsung and others will come with Aadhaar-based fingerprint sensors or even Iris sensors on their mobiles in future (sensors now cost hardly a few dollars, and can be miniaturised). But till that time, non-biometric based, just mobile OTP based authentication systems will lead to much wider use of eKYC and eSign.

Also Read: CoWIN app to aid govt in managing vaccination drive in India

Difference between eKYC and eSign: For bank account opening, getting a driving licence or a passport or a SIM card etc., – they require the citizen to bring a bundle of papers to prove you are you (KYC- Know Your Customer requirements). Instead of carrying a bundle of papers, you can just key in your 12-digit Aadhaar number, and do an online authentication – this is eKYC.

eSign is another kind of digital signature, which replaces wet (ink) signature. Our CCA (Controller of Certifying Authorities) had, as per the IT Act, 2000 (Amended in 2008), allowed dongle-based digital signatures. Citizen has to purchase this physical dongle after an elaborate KYC procedure, remember a PIN number, renew the signature after every two years, and spend about Rs.500 per annum. Now, the Aadhaar-based eSign is also legally recognised under the IT Act. No KYC, lifelong valid, zero cost! Just do mobile OTP-based or biometric-based Aadhaar online authentication, and any document gets digitally signed. Now Income Tax returns are using this method, and you don’t have to physically send any ink-signed papers.

Also Read: Going Digital is the Way Forward: Rajesh Aggarwal

The tiny nation of Estonia has embedded citizens’ digital signatures into mobile SIM cards, leading to some great applications (including electronic voting).

Aadhaar eKYC at aGlanceIf we can embed Aadhaar number into SIM cards, then eKYC or eSign become further dramatic. Just one click, two factor authentication through your mobile for all kinds of payments, signatures, voting, and so on!

Use of Digital Locker to a citizen is obviously to store his/her “Government Papers”. These are typically birth certificate, domicile certificate, caste certificate, income certificate of parents, matriculation certificate, education degrees, driving licence, passport, property-related papers, tax-related papers, investments/ savings/ pension/ insurance-related papers, employment/business licence papers, Will related papers, and so on. Final certificate to upload would be the death certificate (maybe pushed by municipal authorities into your locker, resulting in automatically handing over the Digital Vault to the heirs mentioned in the Will uploaded earlier on the Digital Locker).

Mostly the citizens have “original”, ink-signed and stamped papers available with them. These can be scanned and uploaded. The Aadhaar-based eSign will automatically kick in and the scanned papers will carry the digital eSign tag with time stamp (of the time of upload). This will be like new-age self-attestation.

These days, a few government organisations have started issuing digitally-signed papers (e.g. under eDistrict project). These certificates, received over email or downloaded from the concerned website, can directly be uploaded by the citizen to his/her Digital Locker.

Third, a few authorities (e.g. some school boards) have opened their databases through APIs. Such authorities can be encouraged to collaborate with Digital Locker. Thus, a student can just tell his Locker his Board roll number, and then any potential employer or college can dynamically pick up the results from the Board database. There will be great ease of use and full confidence when the Board also has the Aadhaar number embedded in its database. Now, pension, scholarship, income tax and many databases are linking with Aadhaar, so this dynamic sharing based on citizen consent will become more important in the years to come. The farmer will no longer run around to obtain copy of his land title, he will just tell his plot number to the bank, who will obtain server-to-server land record details and sanction the loan.

Digital File LockerPlease note that if the documents issued by the government authorities are available in that organisation’s database, then rather than uploading an electronic copy into the locker, it is better to just provide unique reference number of that document in the Digital Locker. The most up-to-date copy corresponding to that document (e.g. citizen may have got address modified on passport) will then be pulled whenever needed. (‘Single Source of Truth’ concept)

Ok, the citizen has Signed up for the Locker, uploaded or linked the certificate details, now what next? Various Departments or private organisations have to tie up with the Digital Locker authority to make use of the content (pull or push content). The authority has to define Metadata Tags and Standards. When a citizen uploads a scanned birth certificate, it has to go into a bucket/folder or, tagged with document type called “Birth Certificate”. Maybe, the Name and date-of-birth have also to be tagged in a well-defined Metadata standard, so that others can make use of it when they pick up this document. The income certificate may similarly define Metadata standards/tags for the year of assessment, annual income in rupees and so on. Thus, if a citizen uploads scanned document, he or she has to choose the correct document type, and then key in the data in the core Metadata fields associated with that document-type. If a citizen uploads digitally-issued certificate, or if the concerned issuer organisation (e.g. School Board) pushes that certificate into the Digital Locker, the document type and the core Metadata has to get filled automatically.

How this benefits citizens or ‘Requestor organisation’?

The citizen logs in to Locker, and clicks on “I need a Passport” link. The Passport Department software kicks in, and says – “Ok, I see from your Birth Certificate that you are 20-year-old, and I see from your educational certificates that you have passed Matriculation – so your passport won’t be stamped Emigration-Check-Required. I also see your address from your Aadhaar database – no more papers required – I am passing this information to the police authorities to visit your Home for verification – aha, police system says that they will be visiting you tomorrow evening – here is the name and phone of the constable who will visit you… And yes, about the fees, since you have linked your wallet/bank account with your Locker, I made a request to the bank and have received the fees… Just fill in these few additional details to complete the Application process… ”

The Locker software is smart. (My wish list…). Once police verify the address, and passport is issued, the passport details automatically go into the Locker, and also the Address part gets stamped with the fact that police verified on this date. This increases the Trustworthiness of the Address component of Locker. Also, since the scanned date of birth document and Matriculation certificates were used by the Passport Department, their “trust factor” also goes up.

Locker software maintains all kinds of log-trails for this purpose.

“Trust Factor” of any document is important. Scanned documents uploaded by citizen can be forged. Hence, as more and more departments use these documents and verify them, the “trust factor” increases. Another way for the citizen is to pay for verifying these old, legacy documents is that NSDL, or other designated Agencies can take Rs.500 or whatever from a citizen, then visit the concerned municipal office to verify if indeed the birth citizen was issued as per their records, and then put a digital stamp “scanned document verified by NSDL on … date after physically verifying record with the municipal authorities”.

Same can be done with Educational degrees. The employers, including private companies like Tata and Wipro, spend lots of time, effort and money in these kinds of verification checks at the time of recruitment. Thus, if the documents in the Locker have enough “trust factor” by above methods, this can be helpful to so many stakeholders.

In Maharashtra, the joint venture company MahaOnline was implementing eDistrict project, with digital back-end work flow resulting in digitally signed certificates by tahsildars etc. Each Application Form was re-designed to truly leverage Aadhaar ecosystem. A link “do eKYC” would enable a CSC (Citizen Service Centre) operator to ask citizen if he or she had Aadhaar number, click consent field, do biometric authentication, and then quick eKYC would populate Name, Address and Photograph automatically from the central database of Aadhaar. The citizen sitting at Home could also do this, using mobile OTP-based eKYC. Next was to add a link in the Form: “Pick up relevant documents from my Digital Locker”. If this particular Application Form requires four documents, and three are already in the Locker, then the software says “OK, I found three documents, this fourth one is missing. Can you just upload it?” Loop is complete when Tahsildar issues digitally-signed certificate, and eDistrict software pushes this into the Locker.

Also Read: Madhya Pradesh govt launches ‘digital locker’ facility

This also increases the “trust factor” of the four documents used by the Tahsildar.

Can our Regulators like CCA, RBI, IRDA, SEBI, TRAI, UIDAI, CERC etc., agree that the KYC process can be radically modified after the Aadhaar Bill has been passed? Hundreds of crores of rupees can be saved if Aadhaar-based eKYC and eSign are allowed by the Regulators. The citizen logging into the Digital Locker can be treated as “already authenticated and KYC compliant”. Can the links in Digital Locker be “one click and get a bank account”, “one click and get a Demat account for share market” and so on? Can Paytm tie up with the Digital Locker and throw a pop upon login – “Hey, I have pre-approved Paytm wallet with free Rs.100 thrown in for you… Just click here to start using it…?”

The game-changer part – Entitlements!

You are a student, a girl student, aged 16 years, studying in 10 Standard in a village school, your family income is about Rs.3 lakh per annum, and you are from SC category. Are you aware which government schemes are available for you? Just imagine, all departments weave their scheme eligibility criteria into the Digital Locker, the Digital Locker can tell you – “Hey, based on your profile in the Locker, I figured that you are entitled to scholarship of the Central Social Justice Ministry…cross-checked that you are not already enrolled there. Luckily, all the documents required were in your Locker. I sent them across to the Social Justice Ministry’s DBT software which approved it immediately, and I hope that you have already received the SMS from your bank regarding the receipt of first installment of your scholarship”. Dream on…

Can the Digital Locker tell a kid – “Hey, congrats on turning 18 years yesterday… I did some back-end work for you, and have got you added into the Voter list… here are the details. Would you also like me to apply for your Driving licence?”

Also Read: DigiLocker is Going PlacesTouches 38 Lakh Users

Who operates Digital Locker? NIC or CDAC? This probably needs a rethink. Organisations like CDAC and NIC working under DeitY should work with stakeholders to set Metadata standards, to get various ministries and state governments to collaborate with the Digital Locker (as Issuers as well as Requestors of data). Then it should be left to experts. Just as multiple Repositories work for Demat in a Share Market, same way multiple companies be authorised to operate and offer Digital Locker services to citizens. They can onboard private players (Paytm, Vodafone, SBI, ICICI, Tata, Wipro, Universities, Employers, so many others). They can offer verification services for a fee, and so on. One could try Freemium Model – basic 20Mb storage free and consent-based sharing for government services free while charging for other services and extra storage.

Thus, the Digital Locker can be much beyond just a dumb storage for your documents. I find the finer debate missing among the stakeholders, and hope that this paper will stir up some debate. I am deeply aware of difference between Hype and Ground Reality (between what-can-be and what-really-is). For a balancing act, you may read “Geek Heresy: Rescuing Social Change from the Cult of Technology” by Toyama and also about “Rosser Reeves Trap”. (Just Google it!)


Rajesh AggrawalRajesh Aggarwal, a B.Tech in Computer Science from IIT-Delhi (1983-87), joined IAS (Indian Administrative Service) in 1989. He has served in various positions in Maharashtra and Delhi. He has written a number of papers on eGovernance and handled large number of eGovernance projects. Read more at