Aadhaar biometric authentication process not 100% secure, UIDAI CEO

Aadhaar biometric authentication process not 100% secure, UIDAI CEO

Chandan Goswami

CEO of Unique Identification Authority of India (UIDAI) Ajay Bhushan Pandey today conceded before the Supreme Court that the Aadhaar biometric authentication process is not one hundred per cent secure.

Pandey was addressing the Constitution Bench headed by the Chief Justice Dipak Misra on technical aspects surrounding Aadhaar, through a Powerpoint presentation.

He submitted on more than one occasion that the entire authentication process may fail because of connectivity and hardware issues. He added that repeated advisories were issued to Ministries, asking them not to completely rely on Aadhaar for targeted delivery of services, as the ground reality might be different.

He added that in order to ensure that there is no disruption in services even if the authentication process fails, the mechanism allows for production of Aadhaar card to avail the benefits.

Pandey further submitted that strict provisions were in place to punish the defaulters who deny benefits and services to people who produce their Aadhaar cards.

This prompted Justice DY Chandrachud to ask Pandey whether there was any data available with the UIDAI on how many people have been denied services so far, to which Pandey replied in negative.

The judge observed that in cases where there is denial of service due to the failure of authentication, a mechanism must exist to address the same.

Justice AK Sikri then asked Pandey what happens when there is an authentication mismatch where one’s benefit is given to another. Pandey admitted that this kind of problem occurs at the ground level, and that Aadhaar cannot solve such problems.

He added that there are different mechanisms to deal with the issue of exclusion of services, but the same does not come under the ambit of Aadhaar. He accepted that there have been certain unfortunate incidents where people have died after they were denied benefits they were entitled to.

Proceeding further, Pandey submitted that the UIDAI has a strict policy of not sharing the data with anyone without consent. He added that it is prohibited by law to share the data, unless an issue of national security is involved.

Addressing the issue of data security, he said that to break the encryption data secured on the servers, a supercomputer will be required and that it would take ages to decrypt even one key of the code where the data is stored. He stated that though Aadhaar cards may be photoshopped, a QR code is added to enhance security and prevent misuse.

He assured the Court that UIDAI does not share the demographics of card holders and that complete anonymity is maintained by the data servers. He added that whenever any transaction is carried out, UIDAI only receives the number of the Aadhaar card holder and is therefore completely ignorant of the location, purpose or the amount of transaction.

He also informed the Court that merging of silos by other agencies is also prohibited, and therefore, the data is absolutely secure.

After hearing his submissions, the Court proceeded to adjourn the case. Pandey is yet to conclude his submissions on Tuesday.

Read the presentation:
Bar and Bench - Indian Legal news