UIDAI collects minimal information and (keeps) optimal ignorance6 min read . Updated: 23 Apr 2017, 11:21 PM IST
Mintspoke to Ajay Bhushan Pandey, chief executive officer, the Unique Identification Authority of India (UIDAI) on why Aadhaar is becoming mandatory for various purposes
Why is Aadhaar becoming mandatory even for those who want to carry on their lives without it?
You see, all have to understand Aadhaar in a broader context and also the purposes for which Aadhaar can be used and where all Aadhaar can be applied. Aadhaar gives a credible identity, compared to the quality of the various identity documents that are used traditionally in the country. Because what we have seen in many studies where you take any identity document, immediately lot of fake, duplicate and bogus documents starts floating in the market. And then it creates its own complications. If the fake identity is used to get subsidies or service deliveries, it leads to leakage of that money, funds get diverted. If the fake identity is used for getting some other services where subsidies are not involved, then the quality of those services gets affected.
For example, if the fake identity document is used to get a Permanent Account Number (PAN) card or a bank account, then imagine the implications that it can have for the system, such as: generating black money, tax evasion and frauds. And then, many times the government is affected, taxpayers are affected and people are affected.
Suppose somebody is able to open a bank account with a fake identity and he is able to do some transaction, then he can easily deceive a lot of people and collect the money and then disappear. Now, you know, these things will become harder. I wouldn’t say impossible but it will be much harder if Aadhaar identity is used.
Given that Aadhaar is available to 1.13 billion people, why don’t we use it to improve the efficiency of our system, the quality of the systems, the quality of service delivery, and safety of users?
Given that Aadhaar is getting mandatory for so many things, are we in the process of getting all the information related to, say, my tax return, investments and bank details at one place, by keying in my Aadhaar details on some website or at UIDAI?
UIDAI has no information about where all you have used your Aadhaar. UIDAI believes in collecting minimal information and (keeping) optimal ignorance. So UIDAI will only tell the agency that this Aadhaar number and this finger print is matching. For what purpose they use this, that information we don’t ask for.
Therefore, UIDAI will never have any data that will impact your privacy. Your data will remain only with income tax department or the data will remain only with banks, along with your Aadhaar. UIDAI will never have your bank details or income tax details. Therefore people should not have to fear that UIDAI will have all your different data and if somebody hacks UIDAI, one can get your full view. That is not possible because we don’t collect that data.
How secure is Aadhaar for the users?
This is the question a lot of people have been asking. There is two sides to this. One is the security inside Aadhaar, and I would say that yes it is secure. And if you see our past track record, during the last 7 years, there has not been any incident of hacking or infiltration in the system. But does that mean that we should relax? No. Because the nature of security threats always keeps changing. So we have to show absolute vigilance and take every possible measure to constantly assess the threats and address those threats. And for that purpose we are always very vigilant. So, from that point of view, what we say is that today we are secure but we continuously work to keep it secure even tomorrow. This is the first thing.
Now, what about the security of the people or the organizations such as banks and others who are using Aadhaar, because ultimately people will use Aadhaar. So we have got a very strong law. And the law provides lots of restrictions on the organization that are using Aadhaar, like: what they should do, how they should improve their security, how to ensure that the data they collect will not get misused. And if any violation takes place, Aadhaar law is very tough. There are provisions of 3 years of imprisonment for the violator.
How does UIDAI check if there has been any violation at the level of organizations that are using Aadhaar? What is the process for this?
There are a couple of things. There are some agencies that are directly in touch with us. We do their audits and during the audit if violations are found, we take action. Then, if any violation that happens and some cases get reported, we take action. If, let us say, that any incident happens, then the persons who are supposed to provide the security—or in case of the organization, their senior management—will be held responsible and they will be held under the Aadhaar Act. Aadhaar will also provide you the system—because in the digital world every transaction is traceable—to track who has done a transaction. Therefore, it will not be very difficult to find out who is the person who is actually behind a fake transaction.
How secure is the process of procuring Aadhaar. Is it possible for someone to store my fingerprint, iris image from the biometric device and then use it later, without my permission?
It cannot be used for any other purpose. We don’t use it for any other purpose. But suppose if a service provider takes your fingerprint and uses it for some other purpose, then he becomes liable. I mean, it is just like you have given your standard signature to your bank and the banks start coping your signatures and start withdrawing the money.
However, the agency is not allowed to store the biometrics and the process is such that they can not do it. Even in the worst situation, if they are able to store it, you will get a notification whenever they try to use it. Based on this, you can file a complaint. And then, from there an investigation can start. Then the police will go and find out the person who has done the transaction. So, here in Aadhaar, such level of security exists.
Aadhaar also provides locking facility of biometrics; so no one can use it for any other purposes unless you open it, for which a one-time password (OTP) is sent on your mobile number. Once you use it, after 15 minutes, it will again get locked.
Recently, linking Aadhaar to income tax return (ITR) and PAN has been made mandatory. How does it make a citizen’s life easier? Is the only purpose of linking Aadhaar to ITR or PAN to catch hold of tax evaders and fraudsters?
As far as UIDAI is concerned, it is only concerned with identity and authentication. The purpose, for which Aadhaar can be used, depends upon the departments and ministries. Broadly, what we are saying is that this is an identity where the identity is credible; and authentication is credible as compared to many other systems. And therefore, if government in its own wisdom thinks that PAN and ITR can be strengthen by it, then they can use it. So that could be the purpose. It will help in improving the system and its efficiency and of course you know there will be many advantages.