Aadhaar on phones is for makers to decide: UIDAI
UIDAI Chief Executive Officer Ajay Bhushan Pandey (pictured) spoke to Nitin Sethi on the way forward for Aadhaar now that all its regulations are in place. He also talked about the technical problems being faced by the platform.
No edition
The New Delhi edition of the newspaper is being carried as e-paper, as the Mumbai office of Business Standard remained closed on Thursday (September 15) on account of Ganesh Chaturthi
UIDAI Chief Executive Officer AJAY BHUSHAN PANDEY speaks to Nitin Sethi on the way forward for Aadhaar now that all its regulations are in place. He also talks about the technical problems being faced by the platform. Edited excerpts:
Does UIDAI want phones to mandatorily provide a biometric authentication system, using its protocols and encryption systems?
We initiated a discussion with all device manufacturers and those providing operating systems. We want to make Aadhaar universally available. We told them, if they want, we can provide Aadhaar authentication facilities through their devices. I gave them the example of how GPRS has become a de facto standard across smartphones. If a device manufacturer or operating system provider is interested, we can make their devices Aadhaar-enabled.
If that happens people can sign in and carry out Aadhaar-based transactions from their phones, too. If they want, they can put it in some of their devices and not in others or maybe in one model or choose not to do so. Ultimately, it is the people who will decide what they want. If a company has five smartphone models and one has Aadhaar identification, in the future a consumer might decide to buy that one, not the others. So, we are not mandating that phones have it; we are only saying we are willing to provide support for it.
Are they facing technical problems with encryption requirements?
We are working on it. This will require a lot of work. We have had three rounds of discussion with them. We need to work with all of them — device manufacturers, operating system providers. We are telling them that in case you decide to use Aadhaar, this is how the data is kept and transferred in a secure manner and what should be the encryption mechanism. And, this is something which will be only for those who are willing to participate.
So, you are not saying you shall make it mandatory?
At least from the UIDAI side, we have not said it shall be mandatory.
There are still no regulations in some areas, such as a grievance redress mechanism. When will this system become functional?
We already have a grievance redress system within UIDAI. We have a call centre. Any resident can call 1947 and register a grievance. Every day, we get 150,000 calls. Of these, half are addressed through the automated system and the rest need handling by operators. We monitor every week the nature of the difficulty people are facing.
Do you get audit reports on each entity that is using biometric authentication, to see what is the failure rate?
Yes, we get that. We get a total macro picture and also entity-wise, of which entity is having a higher failure rate and which has less. We advise them on how to improve.
Are these available in the public domain, for people to see?
I don’t know. I will have to check with the mutual agreements for confidentiality. From UIDAI’s side, we don’t publish these reports.
While you provide for these privacy safety latches, if someone still breaches my privacy and shares my data, what options do I have?
Under the Aadhaar law, any such breach is a criminal offence and a person can be punished. There is a process for this.
I would need to go to UIDAI with my grievance?
At this point, yes, you shall have to come to UIDAI if there is a violation of the Aadhaar law.
Because only UIDAI can file a formal complaint and act on it.
The complaint has to be filed by UIDAI or any officer authorised by it. Over a period of time, we shall create a whole mechanism and authorise several others to act on the complaints, on behalf of UIDAI.
Why can only UIDAI file a complaint and not the person who suffered the breach of privacy? UIDAI is the delivery agency and it is being asked to check breach of its functioning. Why can’t I go and file an FIR (police case), saying my privacy has been breached?
Under the general criminal law, a police officer understands the issues of, say, what is grievous bodily injury or assault and are in a position to act. But, this is a specialised Act. Let us say a person goes to complain about Aadhaar law; the person should be able to understand whether an offence has been committed or not. This is a problem in all specialised laws, not only UIDAI. Take other economic crimes — it all requires that someone should understand a violation has been committed and a complaint should be lodged. That was the logic, that this is a specialised area and before the investigative machinery is set into motion, there is a pre-check by a specialised body.
WE ALREADY HAVE A GRIEVANCE REDRESS SYSTEM WITHIN UIDAI. EVERY DAY, WE GET 150,000 CALLS. OF THESE, HALF ARE ADDRESSED THROUGH THE AUTOMATED SYSTEM AND THE REST NEED HANDLING BY OPERATORS. WE MONITOR THE NATURE OF THE DIFFICULTY PEOPLE ARE FACING