Aadhaar data is protected by a 2048-bit encryption and “once biometrics comes to us, it will never go away”, says Ajay Bhushan Pandey.
It will take “more than the age of the universe for the fastest computer on earth, or any supercomputer, to break one key of Aadhaar encryption,” according to CEO of Unique Identification Authority of India (UIDAI) Ajay Bhushan Pandey.
Mr. Pandey, who has been steering the Aadhaar project from its beginnings in 2010, was given the unique opportunity to conduct a presentation in a courtroom presided by a five-judge Constitution Bench led by Chief Justice of India Dipak Misra in the Supreme Court on Thursday.
In the hour-long presentation, which would continue on March 27, Mr. Pandey said the Aadhaar data was protected by a 2048-bit encryption and “once biometrics comes to us, it will never go away”.
Recounting his own life experience as a small town person who did not have a photo identity till he joined the Indian Administrative Service in the late 80s, Mr. Pandey said Aadhaar offered the answer to the ancient question, often asked by sages, i.e., “who am I?”
A “portable entitlement” against poverty
He said that for the first time Aadhaar offered the billion plus population of India a “robust, lifetime, nationally online, verifiable identity”. Through a massive exercise that would benefit mankind, India had “leap-frogged” to Aadhaar identity from proxy and local identification mechanisms like ration card. He termed Aadhaar a “portable entitlement” against poverty.
But Justice A.K. Sikri questioned Mr. Pandey’s narrative about the infallibility of Aadhaar, asking why then did the UIDAI blacklist 49,000 registered operators. The CEO replied that these operators were de-registered for corruption, carelessness and harassment of the public. “Some of them used to take money from the public, others would not enter the details properly. We have a zero-tolerance policy,” he said.
Justice Sikri persisted, “It sounds somehow strange that you blacklisted 49,000 of your operators for harassing people.”
Mr. Pandey said, “Initially we trusted these operators, but they ended up registering trees… Jamun trees.”
Mr. Pandey explained that biometric changes could be updated through a process called ‘Aadhaar update’.
Justice Sikri asked, “Aadhaar update can be done if a person knows there is such an option. You have covered a wide area of the country and brought tribal people and those living in the fringes under the Aadhaar regime. They are poor and illiterate. How will they know what to do.”
Justice Chandrachud said that eventually the onus was on the individual to get an Aadhaar update if she wanted to continue receiving her rightful entitlements. He went on to ask whether the UIDAI had any statistics on the number of Aadhaar authentication failures so far.
Other alternatives to biometric authentication
To this, Mr. Pandey referred to the provisions in the Aadhaar (Authentication) Regulations of 2016 to point out that there were other alternatives to biometric authentication like demographics and electronic One Time PIN (OTP).
He said the UIDAI cannot promise 100% authentication everytime. There may be connectivity or other technological issues across India, especially when the scheme covered over 1.2 billion people. “When biometric authentication does not work, we have instructed our officers to check the Aadhaar card and see that the case is genuine. A person should not be denied benefits because there is failure in authentication.”
Aadhaar, he said, was not the solution for a shopkeeper who refused a woman her ration under the PDS despite the successful authentication of her biometrics.
Justice Chandrachud said, “So you say that failure of service because of failure of authentication can be addressed. But failure of service despite authentication needs to be addressed separately.”
Additional Solicitor General Tushar Mehta answered the judge’s question, saying the conduct of the shopkeeper in question was the “failure of honesty”.