New Delhi: Making its rare presentation before the Supreme Court on Thursday, the UIDAI said that Aadhaar data of 1.2 billion Indians is protected by a 2048-encryption key that will take a supercomputer over 13 billion years to crack.
The Supreme Court allowed the CEO of the Unique Identification Authority of India (UIDAI) to make a PowerPoint presentation on the Aadhaar scheme on Thursday. While two screens were set up in the courtroom, all lawyers were handed hard copies of the presentation.
The constitution bench headed by Chief Justice Dipak Misra asked the petitioners opposing the Aadhaar scheme to prepare a questionnaire for UIDAI CEO, Ajay Bhushan Pandey.
Pandey insisted throughout his 80-minute presentation that UIDAI has ensured security of the biometric data with multiple layers of protection.
The UIDAI further informed the court that it has no data on those who have been denied benefits for want of the 12-digit biometric identification number.
The information was given by Pandey, after the top court asked him whether there was any official data on how many persons have been denied benefits either due to want of Aadhaar or due to failure of their authentication.
A five judge Constitution bench also pointed out that unaware and illiterate persons can "be left high and dry" as, over time, the finger prints faded.
"We had no means to know as to how many persons have been denied benefits... Is there any official data on denial of services," the bench, also comprising Justices A K Sikri, A M Khanwilkar, D Y Chandrachud and Ashok Bhushan, said.
The CEO, a 1984 batch IAS officer of Maharashtra cadre, said the UIDAI has no data about persons who have been denied benefits for want of Aadhaar or due to lack of authentication.
Pandey, however, said no person shall be denied of any benefit if there is any failure in authentication due to lack of updation of data and various circulars from authorities, including from the Cabinet Secretary, have been issued in this regard.
The Aadhaar Act and its regulation make sure that people are not denied of benefits, he said.
Seeking to allay apprehensions raised, the UIDAI CEO said Aadhaar provided a "robust, lifetime, reusable, nationally on-line verifiable ID" card to citizens, as the Supreme Court which posed queries on data security, exclusion of persons from getting benefits for want of authentication.
The bench then said that sometime biometric details like finger prints fade over a period of time and unaware and illiterate persons may not get them updated and can they "be left high and dry".
It also referred to the allegation of senior advocate Shyam Divan, appearing for Justice K S Puttaswamy, and asked why 49,000 certified private operators, out of total 6.83 lakh who carry out Aadhaar enrolment, have been blacklisted by UIDAI.
"Aadhaar enrolment is free. They charge people. We got complaints," the CEO said, adding that these operators also filled wrong details at the time of enrolment and "as we have a zero tolerance policy towards corruption, they were blacklisted."
At the outset, Pandey, with the help of two projectors, started the presentation and said, "a very large population had no nationally-acceptable IDs - children, old, migrant workers, poor, destitute".
"Most people used local proxy/domain IDs and faced language, format, jurisdiction barriers. Lack of identity and identification led to exclusion and denial of service," he said.
He then referred to the issue of duplicates and ghosts in the welfare schemes, PAN cards and shell companies, while Aadhaar provided a "robust, lifetime, reusable, nationally on line verifiable ID and identification" to citizens.
The Aadhaar ID has nationwide portability and uniqueness and one card cost less than one USD from the time of enrolment to its delivery to a citizen, he said, adding that so far, 1.2 billion people have been enrolled in the scheme.
The CEO then said that Aadhaar required minimum information from citizens like photograph, demographics, finger prints, iris, but does not collect details of "religion, caste, tribe, language, records of entitlements, income or medical history and profession".
He said UIDAI has reached to a level where it can generate, print and dispatch more than 1.5 million Aadhaar per day.
On the issue of safety of data, the CEO said that the once the enrolment agency submits the biometric details after enrolment, the data is encrypted and deposited at the Central Identities Data Repository (CIDR).
Dealing with the authentication process, he said the UIDAI is "blind" and does not keep track of any transaction done by using the Aadhaar card.
"If somebody opens a bank account or gets a mobile phone by using the Aadhaar, the UIDAI cannot know the account details or the phone number," he said, adding that no profiling can be done by using the Aadhaar.
The UIDAI chief said that Aadhaar has a superior 2048-bit encryption where as the standard encryption rate is 256.
The bench said that the failure in authentication should not lead to denial of benefits to the citizens and this has to be remedied.
The CEO said that from July onwards, besides fingerprints and iris, the photograph of the person will also be used for authentication and no person shall be deprived of the benefits.
The bench then referred to the allegation that there was a possibility of tampering of data as the software has been taken from outside.
"These are our software and developed by us," the CEO said, adding that only biometric matching software has been taken from three best companies and these were licenced software which ran the system.
Moreover, the Aadhaar software is not linked to internet because "we were aware some people may hack the system," Pandey said.
He then gave the example of softwares like Oracle used by banks and said if the banks were using foreign softwares, it does not mean that details are shared with the software providing company. The presentation remained inconclusive and would resume on March 27.
(With PTI inputs)