On day 21 of the final Aadhaar hearing, the judges agreed to hold the PowerPoint presentation prepared by the Unique Identification Authority of India (UIDAI) in the second half of the day.
Attorney General, K.K Venugopal began his submissions by reading out excerpts from World Bank’s Identification for Development (ID4D) Integration Approach Study, and pointed out that the goal is to have legal unique identity for all by 2030. Thereafter, Mr. Venugopal took the bench through the history of the Aadhaar program, and highlighted that various committees and groups of the Government have been working on it since 2006, therefore, Aadhaar is a well thought out venture and was only adopted after considering all other possible alternatives.
Mr. Ajay Bhushan Pandey, CEO of UIDAI, commenced his presentation on Aadhaar with four agenda points: Introduction, Technology of Aadhaar, Privacy Safeguards and contrast with Smart Cards, Security of Aadhaar. He started with explaining how people in India do not have a nationally acceptable ID. For instance, children cannot get Voter IDs, and procuring a ration card is also tedious because it requires furnishing other ID proofs. He also stated that voter ID and ration cards are region-specific, and are not nationally verifiable, unlike Aadhaar, which is a nationally verifiable digital ID, enrolment and updation for which can happen in any part of the country.
Mr. Pandey highlighted how Aadhaar is a completely random number, and once issued, it is never issued again, even if the Aadhaar holder dies. Also, Aadhaar was purposely not linked with citizenship and included transgenders and children as well. He also stated that exemptions have been made under the Aadhaar Act for people who cannot provide their biometrics. He pointed out that data sharing without consent is not allowed under the Act, except during narrowly tailored circumstances, such as national security, and on the instructions of a district judge.
Further, Mr. Pandey, described the process of enrolment, and remarked that even information such as father’s name is not collected. He, then, elucidated on the types of authentication mechanisms available under the Act, and mentioned that the ecosystem comprises of decentralized enrolment and centralized storage of data. The type of encryption that is used is 2048-but and the traceability of all actors in the enrolment process is ensured through audit trail. On being asked why so many enrolment agencies were blacklisted, Mr. Bhushan clarified that it was mostly due to corruption and failure of some operators to enter individuals’ data correctly. Justice Sikri did not seem convinced and commented that it was incomprehensible that forty nine thousand agencies were de-registered. Mr. Pandey reiterated that UIDAI has strict quality control standards.
Mr. Pandey then moved on to explain childrens’ enrolment, and said that, infants are enrolled at the time of birth, but only their photograph is taken, instead of biometrics. Biometrics is later collected twice, at ages 5 and 15. At this point, Justice Chandrachud enquired about the process of updation in case a person’s biomterics change, and also about how people will come to know if their biometrics have changed. Mr. Pandey answered that in such circumstances, a person will experience authentication failure, and an error code will be sent to UIDAI. Thereafter, the individual is asked to update her biometrics.
Justice Chandrachud remarked that such a method would lead to exclusion and denial of services. On the point of de-duplication, Mr. Pandey mentioned that every Aadhaar card has a QR code, which on scanning shows the Aadhaar card holder’s photograph, therefore, there is no question of de-duplication. Justice Chandrachud remarked that authentication failures are recorded by UIDAI but there is no way to ascertain whether authentication failure was followed by denial of service. To this, Mr. Pandey, replied that entities working with Aadhaar are asked to make exception handling measures. Speaking about the scale of Aadhaar enrolment, Mr. Pandey highlighted that enrolment centres will be expanded and cover more banks and post offices. He also mentioned that the cost of an Aadhaar card is less than one dollar.
Mr. Pandey began his next agenda by discussing the software of Aadhaar. Justice Khanwilkar enquired whether the software is designed in India, to which, Mr. Pandey, highlighted that only the biometris-matching software has been taken under a license from foreign companies, but the six thousand servers that are used are owned by UIDAI. He also asserted that registered devices are used for authentication, and the same use UIDAI’s key for encrypting the data captured on the device. Mr. Pandey concluded his presentation for the day by emphasizing that the authentication records remain in separate silos and their merging is prohibited.
The hearing will continue on Tuesday, 27th March, 2018.