Privacy was intruded but there was no data breach: UIDAI chief

Neelu Vyas

Days after the Unique Identification Authority of India announced security firewalls like Virtual IDs eKYC and facial recognition , in an exclusive interview to Rajya Sabha TV , Aadhaar chief Dr Ajay Bhushan Pandey who is the CEO Unique Identification Authority of India said that in the last seven years there has been no data breach .

Elaborating further on the issue he said that Aadhaar number is not secretive as its shared by many and publicised everywhere.

The CEO even clarified that idea of virtual ids is as old as 2009-2010 but the internal mechanism did not allow the system to be rolled out then.

Here are some edited excerpts from the interview:

Since the journey of its inception, has Aadhaar been able to meet its objective?

Aadhaar’s journey started in 2009, the first card was issued in 2010. We have issued aadhaar to more than a billion people. Its unique because it is based on biometric. Nobody can have a fake identity because of Aadhaar.

There are insecurities when it comes to data breaches, what about cases like Tribune?

Publishing of aadhaar numbers on websites is not an aadhaar database breach according to us. In our country we still need to understand data protection. Every data disclosed is not aadhaar data leaked. Government departments were publishing their details regarding the payment of subsidies, bank account number is not secretive and even date of birth is not secretive. They should not have published. They are violation of the IT law. It’s something that should not have been done. Intrusion of privacy has happened which is why concerned departments have been put on a corrective path. Justice Sri Krishna Committee has been formed which is working on the data protection framework. But such disclosures are not breach of aadhaar data base.

Govt linked aadhaar with income tax filing, then sim cards and now bank accounts. Dow do you explain?

There are strong reasons for this linkage. In the past fake pan cards, benami accounts were being operated, black money could not be checked. To check these fake transactions it was imperative that we linked PAN, SIM and bank accounts. Money laundering act also says we need to link everything with aadhaar. Fraudsters can be identified easily. Banking system will become safe. Every year banking system loses crores of rupees because of this.

There is so much political rhetoric on aadhaar that the government is not serious and that the government is intruding. How will this perception be cleared?

As a civil servant I don’t want to comment on the political rhetoric.  There has been no breach in the last seven years. World over, there are hundreds of vulnerabilities which are reported. Don’t you receive a patch everyday on your phone and computers. This is for plugging the security loop.

First aadhaar card was issued in 2010. Eight years later you bring in firewalls like virtual ids, facial recognition. Could these have been brought earlier?

We thought of this way back in 2009 and 2010 but then our internal mechanism told us it would have created more confusion among the people. That time people were just talking about right to information. Right to privacy is a very new discussion in the country’s narrative.

How will the virtual IDs be processed ?

Let’s say I have to use my aadhaar number somewhere. Some people are afraid, not most of them. People think if they have to give the aadhaar number for passport or in some hotel they fear that somebody might disclose the presence somewhere and some kind of profiling might happen. They are scared on these fronts. We have given an option  of another 16 digit number which is self generated. Can generate as many ids as per the transactions he makes. This number you can take from the UIDAI website.

There are still large number of service providers which accept paper KYC, then there is again confusion because your aadhaar data gets exposed. How well equipped are they?

That’s correct. Aadhaar card holder has a choice. You can strike the aadhaar number and generate an id and give that number.  You can tell the operator or the company that you will give the virtual id. Take the example of facial recognition , we have used the most modern technology. Old people whose fingerprints get watered out or their hand lines get blurred then they will have another option.  We already have the photo in the database. Till now we had fingerprints, iris scan and now we have another option. Existing aadhaar card holders do not need to go to the centre to get their facial recognition done.  Now the consumers will have various options. Facial recognition is just another option.

(Watch the entire interview at 10 pm on Wednesday)