The Unique Identification Authority of India on Thursday told the Supreme Court that no citizen will be denied social benefits for lack of biometric authentication under Aadhaar, the 12-digit unique identification number. However, UIDAI Chief Executive Officer Ajay Bhushan Pandey admitted that 100% Aadhaar authentication was not possible.
On data security, Pandey claimed Aadhaar data was encrypted so well that it would take even the most powerful computer time equal to “the age of the universe” to break a single key.
A Constitution bench of the Supreme Court is hearing a batch of petitions challenging the constitutional validity of the biometric identification programme. The petitions also deal with data security and surveillance concerns.
In a rare event, the Supreme Court Constitution bench headed by Chief Justice Dipak Misra allowed Pandey on Thursday to make a Powerpoint presentation. During his presentation, the UIDAI chief said there are other ways to authenticate an Aadhaar user in case biometric authentication fails. For example, he said a one-time password could be used.
“At no point would a person be denied benefits because of an authentication failure,” he said, adding that in such cases, the individual would be added to the exception register, given the benefit and then asked to update their information. From July 1, the authority will also start face recognition as a mode of authentication.
Justice AK Sikri intervened at this point and said that while the authority had gone to citizens to enrol them initially, the onus of updating their information would fall on the individual. “Let us say that if a person is illiterate or is a tribal living in a remote area, they may not know what to do,” he said.
Justice DY Chandrachud pointed out that while the UIDAI will know when an authentication has failed, there was no way to know whether the individual was denied the benefit even after authentication. For this, he gave an example of a case presented by petitioners in Jharkhand, where a woman was denied rations even after Aadhaar authentication. He also wanted to know whether there was any official data on benefits being denied even after successful Aadhaar authentications.
The UIDAI chief then conceded that Aadhaar would not be able to resolve all problems, and that the concerned ministry would need to take action in such cases. However, unlike the past when there was no evidence to prove that benefits were being denied, Aadhaar authentication now creates a digital trail, he said.
Pandey explained that while UIDAI’s enrolment software was used, the government had licensed the de-duplication software from the world’s three top companies. This software works within UIDAI’s server and is not connected to the internet to ensure that the companies do not access Aadhaar data.
On Thursday, Pandey assured the court that when a transaction is carried out using Aadhaar, the UIDAI does not obtain demographic data such as location or the nature of the transaction. “In one case, we denied the Central Bureau of Investigation access to biometric data,” Pandey added.
In rare cases where the biometric data of two individuals are very similar, he said authorities manually de-duplicate the information.
Pandey will continue his Powerpoint presentation on Friday.
On Wednesday, Attorney General KK Venugopal began his arguments for the Centre and told the Supreme Court the “core effort” of the Aadhaar Act was to protect the money spent on bridging the gap between the rich and the poor. The project, he added, could help check corruption. The government counsel said the Centre had made every effort to ensure that the data was secure and that Aadhaar was not a “fly-by-night scheme”. Venugopal had dubbed the project an “enabler for millions of residents”.
The bench then posed six questions to the government, ranging from Aadhaar’s role in allowing citizens to avail government benefits to privacy and data security concerns. The court also asked Venugopal whether the Centre could introduce a programme for citizens who may want to opt out and whether the data collected before the Aadhaar Act was passed in 2016 should be destroyed.
On March 13, the court had indefinitely extended the deadline to compulsorily link Aadhaar with bank accounts and mobile numbers. March 31 was the earlier deadline.