New Delhi: Following the Supreme Court’s interim order indefinitely extending the deadline for linking Aadhaar to various services, the chief executive officer of the Unique Identification Authority of India (UIDAI), Ajay Bhushan Pandey attempts to clear the confusion on mandatory use of Aadhaar. Edited excerpts from an interview:

The court has given an interim order on Tuesday—what does it mean?

The Attorney General had earlier made a statement that when time comes, the government would not be averse to extending the deadline. Based on that, when the matter came up on Tuesday again, the Attorney General said that we may extend the date for bank accounts and other services but so far as the benefits, subsidies and services under Section 7 of the Aadhaar Act are concerned, that should remain undisturbed.

The court accepted both the arguments and gave the order that for subsidies and welfare programme under Section 7, the deadline will remain as it is. For bank accounts and non-subsidy areas like passport, telecom, the linkage with the existing account, the court has directed that the interim order of 15.12.2017 shall stand extended till the matter is finally heard and the judgement is pronounced.

However, for opening new accounts, either the Aadhaar number or the enrolment ID is required. So, some reports in media saying that Aadhaar number is not any more required for bank accounts, mutual funds, telecom, etc. are not correct.

In each sector, there are two types of things—the existing ones and the new ones. For the existing ones, the date has been extended but for the new ones, such as opening of new accounts, etc., Aadhaar is required. For example, if someone goes to open a bank account for the first time, then he will be required to do KYC which requires the Aadhaar number. In case, if the person doesn’t have Aadhaar number, the enrolment ID number has to be provided along with alternative identification documents. However, once you have opened the new accounts with enrolment ID, you have the time to give Aadhaar number by the date of the judgment.

There seems to be some confusion with tatkal passports.

The order of the Supreme Court is very clear and is applicable to passport also. In case of applying for a new tatkal passport, Aadhaar number or enrolment ID with other documents is needed. To that extent, we did not see much change in status for tatkal passports from the court’s order.

Some states went ahead to build their own biometric database. For example, Gujarat has a public distribution system (PDS) which works on biometrics.

I’m not aware of it. This is a parallel activity which has nothing to do with UIDAI. In earlier days, Gujarat said that we don’t want to use Aadhaar-based PDS system because we have been working on the biometric base earlier than us. At some point, Andhra Pradesh also said that it had tried something similar with iris. So, they were using their own biometrics.

So far as Aadhaar is concerned, we have come out with registered devices where whenever the fingerprint is put, it gets encrypted with our key and time stamp. So if you try to replay, the time stamp will be different.

We will protect the biometrics to the best of our ability and never allow it to be compromised.

In the last eight years, my database has been secure and not breached. In the worst case, let’s say that the biometrics has been leaked but question is, your biometric is anyway in the public domain, right? Your face, your fingerprint, everything is in public domain therefore this catastrophe that we are talking about doesn’t hold.

By knowing your Aadhaar number, the other person can do nothing; it also needs biometric unlike a social security number where a person can impersonate you by just the number.

If we say that the Aadhaar number and biometric is being used to impersonate you, we have an arrangement here as well; whenever you are putting your biometric it will always be in front of a person. So, unless and until that person is also compromised, then it’s a case of collusion and no system can then protect it.

What is the level of encryption that UIDAI has?

The encryption that we have is 2048 bits. Normally, in a digital signature, you have an encryption of 256 bits. So, we are almost eight times higher. Now, when you try to break this encryption, the fastest computer on earth will require more than the age of universe to break this.

Do you review the level of encryption and try to move it to higher levels?

We have two committees. One is the UIDAI technology and architecture review committee where we have a few outside experts. These are professors from IITs, Indian Institute of Science and National Cyber Security. The country’s top experts are in the architecture board.

We also have a security review committee. It includes few directors of IITs and defence experts.

Security is kind of a continuous process. Today what is secure probably after five months, it may not be secure. We need to anticipate that after 5-6 months what things might come up and accordingly, we have to take counter measures.

No one should be excluded from benefits because they don’t have an Aadhaar card because it’s supposed to be an inclusive thing. There is a provision of physical copy of downloaded version of Aadhaar but why is it that it is still not happening?

This is a new law and it still has to percolate down. We have told all the state governments, all banks and everywhere else to accept it. Our cabinet secretary on 19 December 2017, issued a circular to all state governments and ministries saying that they should ensure that no one is denied the benefits. The awareness also should be built in. If a bank branch or local ration shop doesn’t accept it, then people should complain. The government is not ambiguous on this and has given statutory guarantee of inclusion in the Aadhaar Act itself.

One of the issues that keeps coming up is the failure rates during authentication. Some of these numbers are alarming; is that really the case?

The question is, what do you mean by failure rates? If a person goes to do the authentication at a particular time and after multiple trials if it happens, we consider the authentication as a success and not a failure. Such success rate is between 86-98%. The range is there because the rate depends on which organization that you are looking at.

If a state government, which has recently started authentication for PDS, there might be human error as people are not well trained. In the telecom sector, the success rate is 96% whereas in state subsidy scheme, the success rate is around 86-87%. The maximum rejection rate at individual level is 14% and the minimum is around 4%.

In your ecosystem, there were some issues with people at the front end who are actually providing the services to customers. What is happening there?

Initially, Aadhaar was voluntary for both enrolment and services. Therefore, there was not much premium for doing something wrong and the system was working very well. The moment it became mandatory and Aadhaar became a reliable document, there were certain elements at the front end who tried to take advantage of this, either by indulging in corruption i.e. charging exorbitantly or not collecting proper documents. It was leading to a lot of discontentment among the people and so we aligned our focus to changing environment at ground level and working on creating a trust-worthy ecosystem. We have a zero-tolerance policy.

Subscribe to Mint Newsletters * Enter a valid email * Thank you for subscribing to our newsletter.

Share Via