Aadhaar: SC resumes hearing on April 3; CEO to file answers to petitioners' questions

In the ongoing hearing in the Supreme Court regarding the validity of Aadhaar, the CEO of Unique Identification Authority of India (UIDAI) had said that personal data from Aadhaar cannot be hacked.


Update March 27, 2018: Ajay Bhushan Pandey, CEO of Unique Identification Authority of India (UIDAI), completed his presentation before the constitution bench of the supreme court. The petitioners have now submitted a list of questions that the state will have to answer on next Tuesday, April 3. The court has instructed the UIDAI CEO to file the answers in writing.

The Aadhaar hearing in the Supreme Court has completed Day 22 currently.

CEO of UIDAI, continued the technical presentation on Tuesday at the Supreme Court. The presentation continued to explain the Authentication Services and how the Central Identities Data Repository is fully secure. Pandey also gave a demo on how e-kyc works.

However, the bench asked him to testify that there have been no breaches. According to Prasanna S, a lawyer who is live-tweeting the Aadhar hearing, Pandey's response was that all breaches were of other databases, not of UIDAI's. There has been no instance of Data leak in Aadhaar, the CEO told the court.


Pandey also said that Geo location and IP addresses are not tracked by UIDAI. Post lunch he explained the Virtual Aadhaar ID Generation which will be an added security layer. He said, “Using virtual ID and UID token ensures that databases are not joined. We make distinctions between what agencies require real Aadhaar number, and what agencies do not. For example, Telecom does not require real Aadhaar number; but income tax does.”

The supreme court bench has asked Pandey to submit a separate note on this.


Aadhaar: UIDAI CEO's presentation in Supreme Court resumes tomorrow

March 26: The UIDAI chief, Ajay Bhushan Pandey, will resume his technical presentation before the constitution bench of the Supreme Court tomorrow March 27. The bench, comprising five judges, has asked the petitioners to prepare a questionnaire based on the presentation, so as to facilitate a deepr probe into the data security and privacy concerns around aadhaar.

In the first part of his presentation last week, he had said that it would take more than the age of the universe to break one encryption. Pandey claimed that all personal data including biometric collected during the time of enrolment to Aadhaar has been encrypted.

“Each Aadhaar biometric is encrypted by a 2048-key combination and to decode it, the best and fastest computer of our era will take the age of the universe just to hack into one card’s biometric details,” Pandey said at the Supreme Court. He further claimed that a third party cannot store or save personal data collected during authentication and neither can anyone access these authentication details. He also sails of the original holder making it difficult to be misused. 

Pandey was making the presentation to the five member bench that includes Chief Justice Dipak Misra and Justices A K Sikri, A M Khanwilkar, D Y Chandrachud and Ashok Bhushan. Pandey said, “We (UIDAI) are completely ignorant about the transactions for which a person uses Aadhaar for authentication. We just provide the bare minimum information through leased lines connected to the database for authentication purposes. We are blind to transactions. We do not know which telecom service provider’s SIM card is being purchased by a person by using Aadhaar.”

Aadhaar has been used for 1,696 crore authentications so far; 464 crore eKYC verifications and four crore authentications are carried daily. 

Denies security hack

UIDAI has denied any security hack or leak of personal information from its data. News Agency, ZDNet had reported that there was a breach of data through which certain state-owned utility companies could get access to personal information of users. According to the news agency, the breach was flagged off to certain departments as well. UIDAI has however, refused any breach and said it is planning to take legal action against the news agency. 

Interestingly, in February  this year, Baptiste Robert breached Telangana government’s benefit disbursement portal, TSPost and exposed Aadhaar details of 56 lakh NREGA (National Rural Employment Guarantee scheme) beneficiaries, and an additional 40 lakh SSP (Social Security Pensions) legatees.Robert, who goes by the pseudonym Elliot Alderson on Twitter, shared the exposé on his account.