Aadhaar Hearing [Day 21 and 22]: It’ll require the strength of the entire universe to break the encryption of the Aadhaar Data: UIDAI CEO

After Attorney General KK Venugopal sought the permission of the 5-judge bench of Dipak Misra, CJ and Dr. AK Sikri, AM Khanwilkar, Dr. DY Chandrachud and Ashok Bhushan, JJ on Day 20 of the Aadhaar hearing to allow the CEO of UIDAI to present a PowerPoint presentation explaining all technical and security aspects of Aadhaar before it, the Bench allowed the same and asked the petitioners to submit a questionnaire based on the presentation on the next date of hearing i.e. 27.03.2018.

Below are the highlights from the presentation by Ajay Bhushan Pandey, the CEO of UIDAI, on Day 21 and 22 of the Aadhaar hearing:

Day 21:

  • In pre Aadhaar times, most people didn’t have IDs. Even I didn’t have an ID since I come from a small village. From 2000-09 also, people didn’t have IDs. Voter ID also doesn’t solve the problem. Children can’t get it.
  • Getting a ration card was also difficult because it required other IDs to procure a ration card. Voter id and ration cards are region specific. It’s not nationally accepted.
  • Aadhaar is nationally verifiable digital ID. It’s not difficult to procure. Genuineness of ration card is not easy to ascertain.
  • The 12 digit Aadhaar number is a completely random no. Once issued, it’s never issued again, even if the person dies. We did not want to link it with citizenship and it includes transgenders and children.
  • People may not be able to provide biometrics due to reasons like leprosy, but we have made exceptions for such cases.
  • Enrollment and updation can happen in any part of the country. It’s a portable entitlement. Not region specific, unlike other IDs. There’s no data sharing without consent.
  • Data is shared only on the instructions of district judge and for national security.
  • Even father’s name is not necessary. No info on religion, caste etc is collected. In the US, to get a birth certificate, a lot of information is collected. Even info like the kind of pregnancy is taken.
  • Chandrachud, J: What is the biometrics exception for people who can’t possibly give their biometrics?
  • Pandey:
    • Authentication will happen through OTP in such cases.
    • Enrollment agencies are both public and private. We empanel these agencies based on certain criteria. Then registrars decide of an agency is fit to be an enrollment agency.
    • We have operator certification agencies along with 30k enrollment centres. Decentralized enrollment, but the data is stored in a centralized place. There’s a safe button with enrollment agencies to encrypt data (2048-bit).  It’ll require the strength of the entire universe to break that encryption! Traceability of all actors is ensured through audit trail.
  • Sikri, J: Why did you de-register so many agencies then?
  • Pandey: It was due to corruption mostly. Also some operators were not entering the details properly. We have very strict quality control standards.
  • Sikri, J: It’s incomprehensible that 49,000 people fall in that category.
  • Pandey: We have high quality parameters. 120.3 cr have enrolled. we enrol children as soon as they are born. We don’t take biometrics of the infant. Only photograph is taken. Biometrics of parents are collected. At the age of 5, we take the child’s biometrics and then again at age 15.
  • Sikri, J:  Do you contact the child or do they have to come to you? This was one of the arguments related to exclusion.
  • Pandey: Anganwadi workers themselves become enrollers. Also, enrollment camps are set up in schools. (Gives details on Aadhaar customer care and how to locate Aadhaar agencies)
  • Chandrachud, J:  What happens when a person’s biometrics change? For eg, for workers and labourers.
  • Pandey:  People can go to enrolment centres and get their details updated.
  • Sikri, J: Many people might not know that their biometrics have changed. What do they do?
  • Pandey:
    • In such cases, a person goes for authentication, for example to a PDS shop and his Biometrics don’t match, then an error code is sent to UIDAI and then the person will be asked to update his biometrics. (Chandrachud, J is not convinced with this method. Says this will lead to exclusion.)
    • A circular was issued yesterday, which said that if a person’s authentication through biometrics does not happen, then he shall not be denied benefits for that reason.
    • Every Aadhaar card has a QR code, which prevents de duplication. The QR code will also show the person’s photo. This method can also be resorted to if biometrics don’t match.
  • Chandrachud, J: You’ll know when there’s an authentication failure in your database, but you won’t know if there has been denial of service.
  • Pandey: We tell entities to make exception handling measures.
    • Aadhaar enrollment is done in prison also. We are starting enrollment centres in banks and post offices. Enrollment and updation of Aadhaar is a continuing process. The total cost of an aadhaar card is less than one dollar.
  • Khanwilkar, J: Other side claims that Aadhaar software is designed outside india, and is prone to tampering.
  • Pandey:
    • Only biometrics matching software has been taken from the world’s best companies. Rest has been developed in India. The servers are ours. We have 6000 servers. Just because we are using the services of these companies, doesn’t mean that they have our data. The biometrics is also anonymized by a reference number before it’s matched against the biometrics stored in the central database.
    • Till now no agency has taken biometrics data for the purpose of national security. We have denied data to CBI also.
    • We have registered devices for authentication. The devices use our key for encryption. The biometrics is not shared with the requesting entity also. Authentication process takes less than a second. We don’t collect purpose, location and details of the transaction.
    • We are doing four crore authentications everyday. We don’t know the purpose of these authentications. Information remains in the silos and merging of silos is also prohibited.

 Day 22:

  • Pandey: Operators check individual packets of data received during enrollment. There are 65 operators who are responsible for verifying biometrics.
  • Chandrachud, J:  Is it possible for the enroller to make copies of the data before the data is encrypted and sent to CIDR?
  • Pandey: Enroller does not have access to biometrics. it’s collected by uidais software. Also retaining data by the operator is an offence. We have zero tolerance policy. We have started phasing out private enrolment agencies. Now only banks and post offices will do it. A notification was issued in July that says that 12500 banks and 15000 post offices will become operator agencies.
  • Sikri, J: That is because you don’t need so many enrollment agencies now. People have already enrolled.
  • Pandey: We are doing it for updation of Aadhaar. Our central authentication server is not connected to the internet for security purposes.
  • Chandrachud, J: Central authentication server is not connected to the internet for security purposes.
  • Pandey: Few dozen.
  • Chandrachud, J: AUA has a record of how many times an authentication request was made even if UIDAI doesn’t.Parting with that data is a commercially profitable enterprise. The private sector AUA can misuse that data.
  • Pandey: They are prohibited under Section 29(3) of the Aadhaar Act. Section 38(g) also prohibits it. Further there are regulations to prevent such misuse. Regulation 17(1)(d) for example.
  • Chandrachud, J: The problem area is that private service providers have a record of authentication requests which can be misused in various ways to profile individuals.
  • Khanwilkar, J: The state has to clear the apprehensions of the petitioners with respect to the software of Aadhaar.
  • Pandey: Software is secure and there hasn’t been one data leak till date. (Tells court to not believe media reports. Denies recent report of breach by ZDnet). Now we have made it a standard practice to only display the last four digits of the Aadhaar no., wherever needed.
  • Chandrachud, J: The high level of security maintained at CIDR is not maintained at the other end like AUA also. Unless the security at the other end of the spectrum is secured, Aadhaar will be a problem.
  • Pandey:
    • Aadhaar based authentication and other services like withdrawal of funds is akin to a walking ATM. (physically demonstrates the process of authentication. Shows what all information is displayed. Says location, purpose etc is not showed.) 
    • Debit cards and pin nos. are difficult to use by most people in India. Aadhaar makes it simpler and allows people to be financially included.
    • A person can enter his/her Aadhaar details on uidais website to check her authentication history. This way he/she can know if her Aadhaar no.was misused.
    • We have no meta data that reveals anything about an individual such as likes and dislikes.
    • The technology and architecture board review the technology of Aadhaar. Similarly the security review board reviews the security of Aadhaar. Security is an ongoing challenge and we need to keep upgrading it. (discusses the privacy safeguards in Aadhaar like virtual I’d, uid token, purpose and use limitation, strict confidentiality, online access to authentication history, biometrics lock, strict punishment under the Aadhaar act)
    • We can make further regulations if there are any concerns related to the security and privacy of the Aadhaar ecosystem.
  • Sikri, J: It cannot be ruled out that authentication history will not be shared under section 33.
  • Pandey: Till date we haven’t shared data with any other agency.
  • Sikri, J (on Virtual Aadhaar ID generation): How many people will be able to use it? You can’t explain illiterate people to use virtual ID.
  • Pandey: this is just an additional safeguard apart from the Act.
  • Sikri, J: If the authentication logs are kept with the authentication/requesting entity. What is the nature of this data?
  • Pandey:
    • Details except biometrics are kept.
    • Audits are done on AUAs, and requesting agencies, by UIDAI itself or by an agency appointed by them to ensure smooth functioning of the system. Anil Jain, professor of Michigan state university, and expert on biometrics, was consulted. He suggested multi modal biometrics authentication i.e both iris and fingerprints should be combined for the process of identification and authentication. Another expert was consulted and he suggested that iris should be used, because fingerprints often don’t work.
  • Bench: AG should be making such arguments, not CEO of UIDAI.
  • Pandey: Using virtual ID and uid token ensures that databases are not joined. We make distinctions between what agencies require real Aadhaar no.and what agencies do not. For eg. Telecom does not require real Aadhaar no. But income tax does.
  • Bench: Submit a note explaining Virtual id and uid token and how their usage prevents duplication.
  • Pandey:
    • UID token is a 72 character alpha numeric string meant only for system usage. For the same resident, different AUAs or KUAs will have different uid tokens. Aadhaar cannot be reverse engineered from the token.
    • Central database of biometrics is important, to ensure uniqueness. Uniqueness may not hold true in the case of smart card, and one person can have multiple cards with different identities and same biometrics. There’s no identity theft if Aadhaar is lost. The same cannot be said of smart cards.
    • Surveillance is not possible with CIDR as silos are not merged. Surveillance is possible by smart cards by merging databases.
    • Keeping too much information on a smart card is not a good idea. Replacement of smart card with a better technology in the future is a huge responsibility. Changing encryption kept on a smart card from time to time is not possible. Says offline smart card is not a substitute for online authentication. (On Singapore like Smart card system)
  • CJI:  Does the enroller or requesting entity has access to any data?
  • Pandey: Data is encrypted and sent to CIDR, so there’s no question of misuse.

Petitioners then submitted a list of questions based on the presentation. They also argued that the deadline for Section 7 benefits should also be extended. Fourteen crore forty eight lakh authentication failures have taken place for section 7 benefits and subsidies. CJI, however, refused to extend the deadline.

To read the highlights from submissions of Senior Advocates Meenakshi Arora, Sajan Poovayya, CU SIngh, Sanjay Hegde and Counsel Jayna Kothari, click here.

To read the highlights from submissions of Senior Advocates KV Viswanathan and Anand Grover, click here.

To read the highlights from Senior Advocate Arvind Datar’s submissions, click here, here and here.

To read the highlights from Senior Advocate Gopal Subramanium’s submissions, click herehere and here.

To read the highlights from Senior Advocate Kapil Sibal’s arguments, click here, here and here.

Looking for the detailed submissions of Senior Advocate Shyam Divan? Read the highlights from Day 1Day 2, Day 3, Day 4 , Day 5, Day 6 and Day 7 of the hearing.

Source:  twitter.com/SFLCin

Join the discussion

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.