Aadhaar data unbreachable as UIDAI blind, CEO tells SC: Top 10 developments
Trying to allay the fears over security and privacy of Aadhaar, Ajay Bhushan Pandey, the Chief Executive Officer of the Unique Identification Authority of India (UIDAI), the nodal agency implementing the project, told the Supreme Court on Thursday that it would take the world’s fastest computer “the whole universe’s strength to break the Aadhaar encryption system”.
In a first-ever powerpoint presentation in open court, the constitution bench of Chief Justice Dipak Misra, and Justice A K Sikri, Justice A M Khanwilkar, Justice D Y Chandrachud and Justice Ashok Bhushan was told that Aadhaar data in an encrypted form were "very very secure".
The UIDAI CEO had said the biometric and demographic information of people enrolled for Aadhaar was secure, while no one would suffer loss of benefits for its absence.
According to tweets by lawyer Prasanna S (@Prasanna_s), who was present at the Supreme Court, and legal services organisation Software Freedom Law Centre (@SFLCin), Pandey covered three major points in his presentation — an introduction to Aadhaar, the technology behind Aadhaar and the privacy safeguards put in place to protect Aadhaar data.
The apex court was hearing a bunch of petitions challenging the constitutional validity of the Aadhaar Act and concerns that the data could be taken over by other enrolment centres that might even misuse them.
“Maybe when it reaches you, it gets encrypted, but at the (enrolment) centre, it may be captured by a private party”, said Justice Sikri. To this, Pandey replied that UIDAI did not share biometric details with anyone and the “software is such that the moment the resident presses the save key, entire data gets encrypted by the 2048-bit key.”
Pandey had said that UIDAI starts collecting data from the birth of a child and the data are updated twice, first at the age of five and later at 15 years.
Having said that 1.2 billion people had already been enrolled for Aadhaar, Pandey added that a number once given to an enrolled person would not be repeated even after their death. He contended that UIDAI had reached a level where it could generate, print and dispatch more than 1.5 million Aadhaars per day.
The CEO then said that Aadhaar required minimum information from citizens like photograph, demographics, fingerprints, iris, but does not collect details of "religion, caste, tribe, language, records of entitlements, income or medical history and profession".
At the start of the presentation, a technical snag led to not functioning of one of the projectors facing the lawyers and litigants. The glitch was rectified later.
Top 10 developments related to the Aadhaar hearing so far:
1. ‘Universe's strength needed to break Aadhaar encryption’: Stressing that the entire system for storing the Aadhaar biometric data and demographic information was safe and free from any kind of intrusion, Pandey had said that it would "require the age of the universe to crack the data stored in encrypted form".
Reverting to the question of intrusion in the privacy of Aadhaar users, he had said "we are ignorant about the purpose and details of the transactions being undertaken by the people" whose Aadhaar is linked to various services.
Noting that data matching software has been bought from the world's three best companies and stored on UIDAI's 6,000 servers, Pandey had said that these are not linked to the internet to eliminate the possibility of any backdoor access to the data.
He had then given the example of softwares like Oracle used by banks and had said if the banks were using foreign softwares, it does not mean that details are shared with the software providing company. The presentation remained inconclusive and would resume on March 27....
Comments
Post a Comment