Fastest computer can’t breach Aadhaar, UIDAI chief tells SC

By: | Published: March 23, 2018 2:32 AM

Trying to allay fears over Aadhaar, the CEO of the Unique Identification Authority of India (UIDAI), the nodal agency implementing the project, told the Supreme Court on Thursday that it doesn’t share biometric details of residents with anyone and that it will take the fastest computer currently available “more than the life of the universe” to break its 2048-bit encryption.

Aadhaar, UIDAI, suppreme court, Personally Identifiable Information, SAP, oracle, biometric details of residentsThe court is hearing a batch of petitions challenging the constitutional validity of the Aadhaar Act. (IE)

ANANTHAKRISHNAN G

Trying to allay fears over Aadhaar, the CEO of the Unique Identification Authority of India (UIDAI), the nodal agency implementing the project, told the Supreme Court on Thursday that it doesn’t share biometric details of residents with anyone and that it will take the fastest computer currently available “more than the life of the universe” to break its 2048-bit encryption. “Biometrics is never given out. Our software is such that the moment the resident presses the save key, entire data gets encrypted by the 2048-bit key. To break one key, the fastest computer in the world will take more than the life of the universe”, Ajay Bhushan Pandey told a five-judge Constitution bench comprising Chief Justice of India Dipak Misra and Justices AK Sikri, AM Khanwilkar, DY Chandrachud and Ashok Bhushan.

The court is hearing a batch of petitions challenging the constitutional validity of the Aadhaar Act. The official who was allowed by the court to make a presentation to explain the security and other features of Aadhaar said this when the bench told him that there were concerns that the data could be captured by others at the enrolment centres. “Maybe when it reaches you, it gets encrypted, but at the (enrolment) centre, it may be captured by private party”, said Justice Sikri. “No,” replied Pandey.

Justice Khanwilkar pointed out that there were charges that the software used was foreign and there was fear of data falling into wrong hands. On this, the official said that only the software used for biometric-matching was foreign, under licence from “world’s three best companies”. Explaining further, he added this was like SAP or Oracle, used by banks and financial institutions under licence from foreign companies that own it. “These are intellectual properties and the companies don’t share the source code”, he said, adding banks using them doesn’t mean they are giving their data to the companies.

The biometric-matching software is used offline, he said, and added “the data is fully under our control. The biometrics is anonymized before it’s given to the matching software. We segregate the Personally Identifiable Information (PII) so the software doesn’t know whose biometrics it is.” Justice Chandrachud wanted to know how authentication happens for a person who has not given biometrics because of old age etc. On this, the official said there already existed an “exception handling mechanism”.

 

Get live Stock Prices from BSE and NSE and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Switch to Hindi Edition