Identity Project

Interview: ‘Aadhaar is not a secret number like your password or PIN,’ says UIDAI chief

Ajay Bhushan Pandey says 4,700 Aadhaar operators have been fined for enrolment violations in the last seven months.

As a five-judge bench of the Supreme Court gets ready to hear petitions on Tuesday and Wednesday challenging the government’s decision to make Aadhaar mandatory for accessing vital services, Ajay Bhushan Pandey, chief executive officer of the Unique Identification Authority of India, spoke with Scroll.in on Monday. The Authority is the nodal agency that maintains the database of the biometrics-based 12-digit unique identification number that the Centre wants all Indian residents to have.

Pandey said the Unique Identification Authority of India is vigilant about data breaches and citizens should not be too concerned even if their Aadhaar numbers are leaked. His comments come in the backdrop of numerous reports of the personal details of Aadhaar holders being leaked, and close on the heels of an alleged security breach of telecommunications major Reliance Jio Infocomm’s database last week.

Affirming that Aadhaar data sits securely on the Authority’s servers, Pandey, however, said there have been several instances of the Aadhaar Act’s enrolment guidelines being violated. As a result of this, the Authority has penalised close to 5,000 operators. These violations ranged from sending people away when they showed up at the enrolment centre to demanding money for enrolment or updating of information in the Aadhaar database.

Excerpts from the interview:

Many private companies are building parallel databases using Aadhaar authentication, which adds Aadhaar numbers to their data banks. Are there enough safeguards and legal recourses available to people in case of a breach?
You see, Aadhaar data is not with anyone. Aadhaar data means your biometric and demographic data and Aadhaar number are securely with us. What private companies have is their own database and the corresponding Aadhaar number. It is just that the 12-digit number is there. We have a very strict protocol saying that the number should not be misused and should be used only for the purpose it was obtained for, and that it must not be leaked or shared and so on.

If anything happens, then it is a criminal offence. If the person does it knowingly, then it is a criminal offence. If the person fails to protect Aadhaar data, then it is a case of criminal negligence for which the person can be held criminally liable under the Aadhaar Act, and for such cases we do this.

This is the punishment that can be taken against a person who has leaked Aadhaar data.

But those who get impacted…
What I would like people to understand is that Aadhaar is not a secret number like your password or PIN [personal identification number], which can materially affect your life tomorrow if it is leaked without your knowledge. It is not like your Aadhaar number is leaked and your bank account gets emptied out.

In case of Aadhaar, let us say the 12 digits are leaked. The question is, by merely knowing your Aadhaar number, will someone be able to harm you? My answer is no. The Aadhaar number by itself does not give away any information. It has to be used with biometrics. Or, you know, it has to be used with the one-time-password that is sent to your phone for a transaction.

Let us take another example. Aadhaar is not a secret number but it is personally sensitive information. Let me give you a parallel. The bank account number is also a personally sensitive number. We say that it should not be publicly disclosed. But suppose it is known to the public, is your bank account then at risk? Even if your bank account number is known, it does not put you at any risk.

But at the same time, you would not like sensitive personal information to be freely available to the outer world. We are being so particular that even though we say that your Aadhaar number is not secret, we also say that you should protect it. But in case the number does get out, should people be worried? My answer is no. People reveal their Aadhaar number, bank account number and address all the time. Your biometrics are with you, you cannot be impersonated. But if your biometrics are disclosed, then that could be a problem.

Recently, there have been multiple leaks from the government end with ministries and departments found to be sharing Aadhaar and other information of people on their websites.
What happened was that several government departments were disclosing Aadhaar numbers, names, addresses and bank account numbers. And the reason they gave us when we asked them was that they had divulged this data under the Right to Information Act. When we told them that they should not display such information, they immediately complied. We have asked them to be careful in future. However, by publishing these numbers, the people have not been put at risk.

Why then are we bothered about these data breaches if the leaking of the Aadhaar number cannot hurt its holder?
If everyone starts publishing Aadhaar numbers, there is a danger that someone will make a 360-degree profile of you. So, unless and until we can prevent everyone from publishing your Aadhaar information freely, I cannot prevent such a profiling. If one person does it and if I stop it, I nip the problem in the bud and the threat of a 360-degree profiling ceases to exist.

Basically, we have prohibited publishing Aadhaar numbers to ensure that nobody can make a full profile of you and connect databases. That kind of harm has not been done yet. But at the same time, we will be very very tough on anyone who does it; we will hold them accountable.

Did you file a case against any of these government departments for publishing Aadhaar numbers?
We did not file a case because there was no criminal intent. It was a question of understanding. They thought they were doing something under the Right to Information Act. We asked them not to do it and they complied. But suppose they had continued to do so, then they would have become liable for action.

Earlier, there were reports of the licences of around 34,000 private operators who enrol people for Aadhaar being suspended. What has happened since then? Do you continue to monitor and take action against such operators?
See, our enrolment happens through the registrar. The registrar goes to an enrolment agency, which employs the operators. We have a strict quality control process, so we not only depend on complaints that we receive but also proactively monitor and see what is happening in the field.

Whenever such violations have been brought to our notice from the field, either through our own monitoring or through complaints, we have taken action. So we have taken action against these 34,000 people and imposed fines and we have also blacklisted some.

One complaint that we have been getting of late is that people visiting Aadhaar enrolment centres are being turned away or they are being asked to pay. In the case of information updates, they are being charged more than the amount specified. In all such instances, we impose a fine of Rs 10,000 for the first violation. In the case of a second violation, the fine goes up to Rs 50,000. We blacklist the operator on the third instance.

We have data on this. In the last seven months, we have fined or blacklisted about 4,700 private operators. We are also setting up an internal cell. The good thing about Aadhaar is that we have the address and number of every person enrolled. So instead of waiting for people to register a complaint, we call them and ask them how their Aadhaar enrolment experience was.

Support our journalism by subscribing to Scroll+ here. We welcome your comments at letters@scroll.in.
Sponsored Content BY 

Following a mountaineer as he reaches the summit of Mount Everest

Accounts from Vikas Dimri’s second attempt reveal the immense fortitude and strength needed to summit the Everest.

Vikas Dimri made a huge attempt last year to climb the Mount Everest. Fate had other plans. Thwarted by unfavourable weather at the last minute, he came so close and yet not close enough to say he was at the top. But that did not deter him. Vikas is back on the Everest trail now, and this time he’s sharing his experiences at every leg of the journey.

The Everest journey began from the Lukla airport, known for its dicey landing conditions. It reminded him of the failed expedition, but he still moved on to Namche Bazaar - the staging point for Everest expeditions - with a positive mind. Vikas let the wisdom of the mountains guide him as he battled doubt and memories of the previous expedition. In his words, the Everest taught him that, “To conquer our personal Everest, we need to drop all our unnecessary baggage, be it physical or mental or even emotional”.

Vikas used a ‘descent for ascent’ approach to acclimatise. In this approach, mountaineers gain altitude during the day, but descend to catch some sleep. Acclimatising to such high altitudes is crucial as the lack of adequate oxygen can cause dizziness, nausea, headache and even muscle death. As Vikas prepared to scale the riskiest part of the climb - the unstable and continuously melting Khumbhu ice fall - he pondered over his journey so far.

His brother’s diagnosis of a heart condition in his youth was a wakeup call for the rather sedentary Vikas, and that is when he started focusing on his health more. For the first time in his life, he began to appreciate the power of nutrition and experimented with different diets and supplements for their health benefits. His quest for better health also motivated him to take up hiking, marathon running, squash and, eventually, a summit of the Everest.

Back in the Himalayas, after a string of sleepless nights, Vikas and his team ascended to Camp 2 (6,500m) as planned, and then descended to Base Camp for the basic luxuries - hot shower, hot lunch and essential supplements. Back up at Camp 2, the weather played spoiler again as a jet stream - a fast-flowing, narrow air current - moved right over the mountain. Wisdom from the mountains helped Vikas maintain perspective as they were required to descend 15km to Pheriche Valley. He accepted that “strength lies not merely in chasing the big dream, but also in...accepting that things could go wrong.”

At Camp 4 (8,000m), famously known as the death zone, Vikas caught a clear glimpse of the summit – his dream standing rather tall in front of him.

It was the 18th of May 2018 and Vikas finally reached the top. The top of his Everest…the top of Mount Everest!

Watch the video below to see actual moments from Vikas’ climb.

Play

Vikas credits his strength to dedication, exercise and a healthy diet. He credits dietary supplements for helping him sustain himself in the inhuman conditions on Mount Everest. On heights like these where the oxygen supply drops to 1/3rd the levels on the ground, the body requires 3 times the regular blood volume to pump the requisite amount of oxygen. He, thus, doesn’t embark on an expedition without double checking his supplements and uses Livogen as an aid to maintain adequate amounts of iron in his blood.

Livogen is proud to have supported Vikas Dimri on his ambitious quest and salutes his spirit. To read more about the benefits of iron, see here. To read Vikas Dimri’s account of his expedition, click here.

This article was produced by the Scroll marketing team on behalf of Livogen and not by the Scroll editorial team.