New Delhi: Aadhaar data has been secured by a 2048-bit encryption key that will take a supercomputer more than the age of universe, or over 13 billion years, to crack, Ajay Bhushan Pandey, the chief of UIDAI which runs the identification programme, told the Supreme Court on Thursday, online media reports said.
Pandey, who made an 80-minute rare presentation before the five judges of the top court, said once any Aadhaar data reached its central database, it could not be shared with anyone except on grounds of national security. The bench then referred to the allegation that there was a possibility of tampering of data as the software has been taken from outside. “These are our software and developed by us,” the CEO said, adding that only biometric matching software has been taken from three best companies and these were licenced software which ran the system. Moreover, the Aadhaar software is not linked to internet because “we were aware some people may hack the system,” Pandey said.
Responding to queries on the authentication process, he said the UIDAI is “blind” and does not keep track of any transaction done by using the Aadhaar card. “If somebody opens a bank account or gets a mobile phone by using the Aadhaar, the UIDAI cannot know the account details or the phone number,” he said, adding that no profiling can be done by using the Aadhaar. Seeking to allay apprehensions raised, the CEO said Aadhaar provided a “robust, lifetime, reusable, nationally on-line verifiable ID” card to citizens, even as the Supreme Court posed several queries.
It referred to the allegation of senior advocate Shyam Divan and asked why 49,000 certified private operators, out of a total 6.83 lakh who carried out Aadhaar enrolment, have been blacklisted by UIDAI. “Aadhaar enrolment is free. They charge people. We got complaints,” the CEO said, adding that these operators also filled wrong details at the time of enrolment and “as we have a zero tolerance policy towards corruption, they were blacklisted.”
But Aadhaar can’t ensure 100% authentication
The Unique Identification Authority of India CEO has told the Supreme Court that Aadhaar-based verification cannot always ensure successful biometric authentication. “Every problem can’t be solved by Aadhaar,” the CEO acknowledged. He also admitted that currently there is no institutional mechanism in place to deal with cases where a citizen’s biometrics do not match with those linked to his/her Aadhaar identity.
The UIDAI CEO’s comment was in the context of allegations that services have been denied to citizens in cases where their biometrics have failed to match their Aadhaar details. Biometrics may not match due to a number of factors such as problems with internet connections and malfunctioning devices; so, Aadhaar-based verification should not be relied upon absolutely to authenticate a citizen’s identity, the Supreme Court was told.
The five judge Constitution bench headed by Chief Justice Dipak Misra, which allowed the UIDAI CEO to make a power-point presentation, however, pointed out that unaware and illiterate persons can “be left high and dry” as, over time, the finger prints fade.They were also concerned about frequent reports of people being denied services because the Aadhaar programme wasn’t able to authenticate their identity. Like a ration shop in Jharkhand turning back a woman who later died on grounds that her authentication had failed. “But the ration was shown to have been delivered to that lady. How do you deal with such a situation,” Justice AK Sikri, one of the five judges on the bench, asked.
Pandey said they did probe this case. “We found that in the same village, the shop keeper not only denied food grains to the lady but to a few others also, saying biometrics didn’t match. But it matched,” he said Pandey also told the Supreme Court that the UIDAI has repeatedly asked government ministries not to deny services in cases where a citizen’s biometrics do not match and to set up an institutional mechanism to deal with such scenarios.
The CEO, a 1984 batch IAS officer of Maharashtra cadre, however, said the UIDAI has no data about persons who have been denied benefits for want of Aadhaar or due to lack of authentication. Pandey, however, said no person shall be denied any benefit if there is any failure in authentication due to lack of upgradation of data. The presentation remained inconclusive and would resume on March 27.