UIDAI CEO Ajay Bhushan Pandey says Aadhaar security can't be breached
New Delhi: Probably for the first time in the annals of the Supreme Court, it allowed the CEO of the Unique Identification Authority of India (UIDAI) to make a PowerPoint presentation on various aspects of Aadhaar scheme, for which the government has already spent Rs 9,000 crore. Making the presentation for 80 minutes before a five-judge Bench of Chief Justice Dipak Misra and justices A.K. Sikri, A.M. Khanwilkar, D.Y. Chandrachud and Ashok Bhushan, the CEO, Dr. Ajay Bhushan Pandey, allayed the apprehensions with regard to leakage of data and security breach. He said the data is encrypted and secured in the depository, which is not connected with internet, and there was no possibility of leakage or security breach.
On the query for a mechanism to prevent financial exclusion and denial of benefits to even one person for lack of Aadhaar, the CEO said the whole object of Aadhaar was not to deny benefit, subsidy or service to any one for lack of authentication of Aadhaar. He said “exceptional handling mechanism’ has been provided in the law to ensure that even if there is failure of authentication of fingerprint details, there are other means like facial print or by means of ‘one time pin’ (OTP) through mobile phone. He said this kind of exercise of providing identity cards has never been attempted anywhere by the mankind and so far more than 1.2 billion Citizens have Aadhaar.
He said Aadhaar is one nationally acceptable robust verifiable ID card. Dispelling doubts on leakage, he said all biometrics data are encrypted with 2048 bit encryption and it will require more than the age of universe to break the one encrypted key. To a question from the Bench whether biometrics data was being shared, he clarified only personal information is shared with the banks through e-kyc without biometric information, which is safe and secured and not shared with anyone. From July this year face identification will be used for authentication and soon QR codes on Aadhaar will have photo. He said that the total expenditure on an Aadhaar Card is less than one dollar.
Asked by Justice Sikri whether the software used is obtained from foreign companies, the CEO clarified that the software for biometric matching is from outside and UIDAI has licence to use it, “but the software data is in our control”. Further Aadhaar data servers are not exposed to Internet but connected with lease lines. When Justice Chandrachud pointed out that denial of benefits due to failure of authentication is one thing and failure to provide benefits even after authentication has to be remedied, the CEO said such a contingency has been taken care off as there are other means of identity that could be used.
When Justice Sikri questioned CEO about the death of a lady in Jharkhand, who was denied PDS benefits for want of Aadhaar, but the ration was shown delivered to that lady, the CEO said “The lady was told that the authentication has failed though authentification was approved we did a probe. We found that the shop keeper not only denied food grains to the lady but to few others also saying biometrics didn’t match But it matched. Every problem can’t be solved by Aadhaar.”
