Breaching Aadhaar lock will take age of universe: UIDAI CEO to SC

| | New Delhi
Breaching Aadhaar lock will take age of universe: UIDAI CEO to SC

Even the fastest computer on earth will require the age of the universe to breach the complex encryption lock that secures data of citizens collected under Aadhaar,” said Unique Identification Authority of India (UIDAI) CEO Ajay Bhushan Pandey in his hour-and-a-half presentation in the Supreme Court quelling doubts about security of data and mechanism to prevent its possible leak.

With Aadhaar coverage reaching out to 1.2 billion citizens, Pandey explained that this is the most extensive data collected ever in the history of the country. For this purpose, emphasis was given to the need for protecting the data by way of a 248-bit encryption key with a 12-digit number lock which any hacker will find difficult to breach. Any enroller sitting at the enrolment centre cannot access details of any person as the moment data is entered on Aadhaar database, it gets encrypted and cannot be downloaded.

Dismissing allegations that the maker of the Aadhaar software is a foreign company which can access sensitive demographic and biometric information of citizens for commercial exploitation, the UIDAI CEO explained that the Aadhaar is purely Indian technology and data collected is stored in 6000 servers at two locations in the country. Only the biometric matching software has been borrowed from three top companies in the world who have given UIDAI licence to use the same. But since the software is on Indian servers, it is fully under our control with no backdoor entry to steal it, he added.

Moreover, the UIDAI anonymises biometric data and stores it separately from demographic data. “A gallery of biometrics is built and it is not possible to know to whom the biometrics belong,” Pandey said.

Further he clarified that when a person goes to bank or mobile company for e-KYC verification, through fingerprint, we authenticate the demographic details of the person to the bank or mobile company in an electronic form. No biometric information is shared with anyone and UIDAI is completely ignorant about the purpose or transaction carried out by the person on his visit to the bank.

For better chances of authentication, the UIDAI is in the process of collecting face recognition of citizens that can be matched with the fingerprints. The Bench of Chief Justice Dipak Misra, Justices AK Sikri, AK Khanwilkar, DY Chandrachud and Ashok Bhushan asked Pandey, “If your system was secure, then why did you de-register 49,000 enrollers.” The CEO submitted that these persons were either found indulging in corruption by demanding money for making cards, failing in quality check based on several complaints from one centre, or carelessness on part of enrollers to enter data wrongly.

The court then queried as to what mechanism was in place to secure a service or subsidy to persons whose biometrics fail to match or where biometrics get erased or cannot be collected (elderly, labourers, or children), Pandey replied that service will not be denied in such an event. Aadhaar card has a QR code that contains demographic details of each person. This can be verified even in the absence of biometrics. The presentation will continue on Tuesday.