‘Aadhaar still a must to avail of services’
STRAIGHT TALK Says despite SC indefinitely extending deadline for Aadhaar linking, new applicants for bank accounts, Tatkal passports and telecom services will still have to provide the unique ID number
New applicants for bank accounts, Tatkal passports, mutual funds and telecom services will have to still provide their Aadhaar number to avail of services even after the Supreme Court indefinitely extended the 31 March deadline, Ajay Bhushan Pandey, chief executive officer of the Unique Identification Authority of India (UIDAI), said in an interview on Tuesday. The apex court extended the deadline until after it rules on petitions challenging the constitutional validity of Aadhaar. Edited excerpts: media saying that Aadhaar number is not any more required for bank accounts, mutual funds, telecom, etc. are not correct. In each sector, there are two types of things — the existing ones and the new ones. For the existing ones, the date has been extended, but for the new ones, such as opening of new accounts, etc., Aadhaar is required. The Supreme Court order is clear and is applicable to passport also. In case of applying for a new Tatkal passport, Aadhaar number or enrolment ID with other documents is needed. To that extent, we did not see much change in status for Tatkal passports from the court’s order. The other side (petitioners against Aadhaar) said that there were some states creating state resident data and that was not good as it leads to a surveillance state.
In pre-aadhaar (Act) situation, all the state governments were our registrars i.e. they were registering people for Aadhaar. Whenever someone enrols, the demographic information i.e. name, date of birth, address and biometrics- photograph, fingerprint and iris (scan) — are collected. The states used to keep a copy and send another copy to us. The information was stored in an encrypted manner and there was a key to it. We would do the de-duplication at the backend to generate an Aadhaar number and inform you of the Aadhaar number so that you will have a database of all the persons you have registered along with the Aadhaar number now and the other information you already have.
But yes, it’s a fact that the information was available to them as it was the arrangement under which they were collecting the information itself.
There was also another situation. Suppose you have gone to a bank and have enrolled for Aadhaar, so the bank will have one copy but while filing the application form you say that I don’t have any objection if my data is shared with the entities involved in the delivery of social benefits. For such people, even though the registration has been done by the bank and bank has the biometrics..., we gave the demographic information and Aadhaar number to the state governments. So the state governments had a dataset, one dataset of the people whom they have enrolled along with their biometrics and another is the ones that they got from other registrars where they got only the demographic data. This was called State Resident Data Hub and the idea was that the state governments are involved in the various benefit schemes like MGNREGA, PDS etc. and accordingly plans (benefits of) which schemes should be given to you and which schemes should not be given to you.
However, when the Aadhaar Act came, many of these things went away. The first thing that went away was that we stopped giving one copy of the data to them. We also told them ‘please destroy all the biometric data that we have given to you before the Act.’
Yes, we have got certificates from state governments and we are filing them in courts. All of them have been destroyed.
We were also quite worried because once the Aadhaar Act came, it was our responsibility to protect the biometric data wherever it is. I’m also very confident while saying this because only a few states were technologically capable of keeping the data. Most of the states had told us to keep their copy of the data as well. They had told us that whenever they would need it, they would ask us but no one actually asked for it. Those states that kept the data were not in a position to use the biometrics.
So, whatever data we had, we destroyed it. Only the biometric data was destroyed, the demographics remain with the states. The Aadhaar Act provides for it and the demographics have much lesser information than that you have on a voter ID card except for the Aad- haar number. And anyway the state government is supposed to be having your Aadhaar number. I’m not aware of (that). This is a parallel activity which has nothing to do with UIDAI. In earlier days, Gujarat said that we don’t want to use Aadhaar-based PDS system because we have been working on the biometric base earlier than us. At some point, Andhra Pradesh also said that it had tried something similar with iris (scan identification). So they were using their own biometrics.
So far as Aadhaar is concerned, we have come out with registered devices where whenever the fingerprint is put, it gets encrypted with our key and time stamp. So if you try to replay, the time stamp will be different.
We will protect the biometrics to the best of our ability and never allow it to be compromised.
In the last eight years, my database has been secure and not breached. In the worst case, let’s say that the biometrics have been leaked but question is, your biometrics are anyway in the public domain, right? Your face, your fingerprint, everything is in public domain; therefore, this catastrophe that we are talking about doesn’t hold.
By knowing your Aadhaar number, the other person can do nothing; it also needs biometrics unlike a social security number where a person can impersonate you by just (knowing) the number.
If we say that the Aadhaar number and biometric is being used to impersonate you, we have an arrangement here as well; whenever you are putting your biometric it will always be in front of a person. So unless and until that person is also compromised, then it’s a case of collusion and no system can then protect it. The encryption that we have is 2048 bits. Normally, in a digital signature you have an encryption of 256 bits. So, we are almost eight times higher. Now, when you try to break this encryption. The fastest computer on earth will require more than the age of the universe to break this. We have two committees. One is the UIDAI technology and architecture review committee where we have a few outside experts. These are professors from IITS (Indian Institutes of Technology), Indian Institute of Science and The question is, what do you mean by failure rates? If a person goes to do the authentication at a particular time and after multiple trials if it happens, we consider the authentication as a success and not a failure. Such success rate is between 86-98%. The range is there because the rate depends on which organisation you are looking at.
If a state government has recently started authentication for PDS, there might be a human error as people are not well-trained. In the telecom sector, the success rate is 96% whereas in state subsidy schemes, the success rate is around 86-87%. The maximum rejection rate at individual level is 14% and the minimum is around 4%. Initially, Aadhaar was voluntary for both enrolment and services. Therefore there was not much premium for doing something wrong and the system was working very well. The moment it became mandatory and Aadhaar became a reliable document, there were certain elements at the front-end who tried to take advantage of this. Either by indulging in corruption i.e. charging exorbitantly or not collecting proper documents. It was leading to a lot of discontent among the people and so we aligned our focus to changing the environment at the ground level and working on creating a trustworthy ecosystem. We have a zero-tolerance policy.