UIDAI chief gives presentation, says Aadhaar data is safe

781
Aadhaar

The Supreme Court Constitution Bench of Chief Justice Dipak Misra and Justices AK Sikri, AM Khanwilkar, DY Chandrachud and Ashok Bhushan, hearing Aadhaar and related linkages issue (petitions saying that it was unconstitutional), was told on Thursday (March 22) by government counsels, as well as by the CEO of the UIDAI that the data with the UIDAI was safe.

In the morning Attorney General K K Venugopal requested the bench to bring in the set up including a laptop, projector and two scales. He said that the entire PowerPoint presentation will take 30 minutes. This would be a presentation, he said, given by the CEO of UIDAI.

A MS Word format of the PowerPoint presentation had been submitted to the bench beforehand.

In the morning, though, Venugopal presented his submissions. He again mentioned the world bank report before the bench. The report is of 2015, before the Act came into picture. tgher report had said that identity was important for such a huge population in order to avail benefits for their overall development.

He said: “The Unique Identification program is paramount in nature. It has 7 percent fully integrated identification process. The country has developed a digital integrated identification system.

“However, significant efforts have to be made for its proper functioning. Use of strong biometric identifiers like 10 fingerprints or 2 iris, would make the integrated identification system more reliable,” he said. “The national integrated identification system creates a unique identity number, available to every individual.”

He further explains the business models. He said there was one model in which the government will pay. Then there is the Public Procurement model (PPP Model).

Justice Chandrachud asked that whether there was any fee levied for enrollment purpose to which AG replied that it ws absolutely free.

Justice Bhushan asked the AG if there was any report from the World Bank after the enactment of the Aadhaar Act. The integrated identification program lacked legal support at that time, when the World Bank report came into existence.

From 2006 onwards, various efforts by the government of India were made for the purposes of this integrated identification program and eradicating the defects. For a period of 12 months, a programme approved by the ministry of information and technology for the unique identification for BPL families in 2006.

He further summarized as to what happened in the meetings for the implementation of the same policy.

In the afternoon the CEO of the UIDAI stared his his presentation. he talked about the need for identification, enrollment, success rate, it’s security and privacy safeguards and the benefits of Aadhaar.

He said that identity and identification is a common requirement for access to any service. “If u want to access any service public or private, they will ask who are you and you have to prove your identity.

“Those questions were asked between 2000 and 2009 also,” he said. “At that time there was no fixed identity. An attempt was made by the Chief Election Commissioner with the introduction of voter ID cards. But there were problems related to it. People below the age of 18years had no voter ID cards. In the case of ration cards, someone else would be using that ID card.

“Suppose people of Tamil Nadu have voter ID or ration card of that state, then will that identity be accepted in Delhi? There was no national identity. That was when we came up with the national identity card, or Aadhaar. Aadhaar is a national online verifiable identity.

“The problem with other identity proofs were, they made an individual stuck in the vicious cycle of the need of documents to support the previous one.”

“The 12 digit number was a mere random number, no intelligence, no profiling was done. The number will never be re-issued to someone else and a person’s identity i.e. biometrics will be unique to each and every person. That 12 digit number once issued, will never be issued to any other person even if the person dies.”0

Certificate given by gram panchayat, certificate given by anganwadi helped in proving their identity and getting enrolled. Exceptions are also there. People may not have a complete set of biometrics. All the data once submitted, goes on a safe server. If the data is matched on the server, the Aadhaar number is not issued, else the number is issued, he said.

He said that the security and privacy of data will not be shared without the consent of the person before Aadhar Act and after Aadhar Act it was after getting consent from District judge. “From no ID to online ID, we have moved in development,” he said. “One of the declared policies is that no data shall be shared with anyone without prior permission from the Aadhaar holder, except for in the case where district judge has asked the same, only a limited amount of information is given.”

He clarified that no parents’ name is required for Aadhaar except for children below 5 years. Citing example of the US, how much information and what information is asked on grant of birth certificate. “In Aadhaar we take minimal information. The kind of data not collected under Aadhaar scheme is caste, religion, income, entitlements, tribe. In case of leprosy patients and where biometrics cannot be taken, then, for that person there are biometrics exceptions. He said that in case people are not having complete biometrics, Aadhaar number will be issued on the basis of demographic information. In such cases biometric authentication will not take place. But if that person has given his number, OTP will have to be given by that person and the demographic information to be given by him.

An alternative method to the recording of the biometrics is the OTP method, he said. UIDAI provides four types of authentication: mobile number, which will registered mobile number, biometrics, demographics “and now we are working on face recognition from July. Face recognition will enhance the authentication process.

“For the transaction facilities, the Aadhaar can be used accordingly. “We appointed registrars under this project. They can engage their work done either by their employees or by the agency( enrolment agencies). The empanelled agencies, once have applied, the registrar chooses which agency will be working.

The agency operator must first have their Aadhaar and they have to pass the exam. Today we have 8.7 lakh operators who can help in enrollment process.

“There is a misconception that the biometrics are saved by the private agencies,” he said. “However, once the biometrics are recorded, they are immediately encrypted via 2048 bit software and the hardware. Every equipment used in the project is certified one. The private parties acting as a empanelled agency, has to work according to the government’s software.

“A lot of complaints with reference to Aadhaar were on corruption. That is, take money and issue Aadhaar. Some of the individuals come to the centre just to play with the machine. Also, the quality of the Aadhaar is checked. Traceability of all actors through audit trail is ensured. Traceability of actors is used in Aadhar, which means while enrolling a person the operator has also to give his Aadhar number.

Once the biometrics are saved, a background quality check is also done. And there will be a supervisor who checks all enrollment at the end of the day.

Aadhaar number for the newborn: baby’s photograph, along with parents’ biometrics and whatever name the parents give to the child. After the age of 15, the biometrics becomes fairly stable.

About other age category, if person does not have Aadhaar number, he can call on 1947 and get enrolled in Aadhaar. Finding Aadhaar centres is easy. It’s easily available on the website as well. For biometric update, we have other process and for that the person can go at the Aadhaar centre and get his biometrics updated. “We replace old biometric with new biometric,” he said.

“If the biometrics don’t match, an error message would go to the server.

Justice Chandrachud said: “So basically an individual could suffer because of a technical fault.”

The UIDAI chef said that there is also an exception handling mechanism, under section 7. Every Aadhaar card has a QR code. Because of this, no copies of the Aadhaar  card can be made.

Justice Chandrachud tells the CEO: “You can detect failure of authentication, but you may not have knowledge of denial of services. How will you get to know if there is a denial of services or not? Is there any data available with you up to what extent the denial of services or authentication?

“One situation is failure of services due to failure of authentication. The other situation is failure of services despite proper authentication,” points out Justice Chandrachud.

To that senior lawyer Tushar Mehta said: “This is the failure of honesty.”

The money mayters were disclosed. It was said that the total expenditure for making Aadhaar card, including biometric collection and all is less than $ 1 dollar.

A fusion mode of face authentication to be available from July 7, along with one other mode of biometrics. “The software will be run on our server, with no internet connection and our firewalls will be used so that no data loss is done. This process mostly eradicates duplication of Aadhaar.

Regarding security, the court was told that except for the purposes of national security, no data shall given. “Even when there was no Aadhaar Act, we solemnly promised people that we will not disseminate their information, so we went to the High Court to get orders to give information of a person to the CBI.”

“Even for the purposes of ID proofs submitted to buy SIM cards, only Aadhaar number is visible to them, no other personal information is released. Prior to the Act, UIDAI was bound by its own policy to not to release the data.

The matter will be hard again tomorrow.

–         India Legal Bureau