An outrageous interview of Dr. Ajay Bhushan Pandey, the CEO of UIDAI on the day after a Supreme Court order extended the deadline for linking Aadhaar and included Tatkal passports among the list of things Aadhaar couldn’t be asked for. Highlights.

On the 13th of March, 2018, the Supreme Court ordered that the government cannot ask for mandatory Aadhaar for Tatkal passports while extending the Aadhaar linking deadline from 31st March, 2018 as it stood then, to indefinitely, till the conclusion of the cases being heard in the Supreme Court. Barely 4-5 days later, the CEO of UIDAI flat out stated that the Supreme Court was applicable to passports (implying regular passports), but Aadhaar was needed for making Tatkal passports.

The Supreme Court order is clear and is applicable to passport also. In case of applying for a new Tatkal passport, Aadhaar number or enrolment ID with other documents is needed. To that extent, we did not see much change in status for Tatkal passports from the court’s order.

If this is not flat out contempt of court, hard to say what is. This is, at best a cheap attempt to make a word play out of the Supreme Court order (at least as per what the anonymous handles appreciative of Aadhaar seem to think) that while the extension was requested for the Tatkal passports, the Court granted it only for regular passports because of the wording of the order being as follows:

Mr. Arvind Datar, learned senior counsel has brought to our notice that a set of Rules, namely, the Passports (1st Amendment) Rules, 2018 has been introduced which has conceived of Passport under “Tatkal” Scheme. There has been a distinction between the earlier one and the present one. Mr. Arvind Datar and Mr. Shyam Divan, learned senior counsel appearing for the petitioners submitted that the interim order passed by this Court on 15.12.2017 should be extended, and also it should cover the arena relating to the grant of Passports.

Notice the missing “Tatkal” before the last “Passports”. That is being used to argue that the order isn’t about Tatkal passports though that is what the lawyers had asked for and it is about regular passports. However, what they do miss is the last paragraph of the order that explicitly states:

It is also directed that the same shall also control and govern the Passports (1st Amendment) Rules, 2018.

It is the 1st Amendment rules, 2018 that had introduced the mandatory Aadhaar for Tatkal passports. Not to mention that the Court had explicitly said that the government cannot insist on a mandatory Aadhaar even for Tatkal passports.

The Aadhaar Mafia continues to disregard anything the Supreme Court says in its relentless rampage against the interests of the country.

Further, in the interview, Dr. Pandey said that the state SRDHs were destroyed:

In pre-Aadhaar (Act) situation, all the state governments were our registrars i.e. they were registering people for Aadhaar. Whenever someone enrols, the demographic information i.e. name, date of birth, address and biometrics- photograph, fingerprint and iris (scan) — are collected. The states used to keep a copy and send another copy to us. The information was stored in an encrypted manner and there was a key to it. We would do the de-duplication at the backend to generate an Aadhaar number and inform you of the Aadhaar number so that you will have a database of all the persons you have registered along with the Aadhaar number now and the other information you already have.

But yes, it’s a fact that the information was available to them as it was the arrangement under which they were collecting the information itself.

There was also another situation. Suppose you have gone to a bank and have enrolled for Aadhaar, so the bank will have one copy but while filing the application form you say that I don’t have any objection if my data is shared with the entities involved in the delivery of social benefits. For such people, even though the registration has been done by the bank and bank has the biometrics…, we gave the demographic information and Aadhaar number to the state governments. So the state governments had a dataset, one dataset of the people whom they have enrolled along with their biometrics and another is the ones that they got from other registrars where they got only the demographic data. This was called State Resident Data Hub and the idea was that the state governments are involved in the various benefit schemes like MGNREGA, PDS etc. and accordingly plans (benefits of) which schemes should be given to you and which schemes should not be given to you.

However, when the Aadhaar Act came, many of these things went away. The first thing that went away was that we stopped giving one copy of the data to them. We also told them ‘please destroy all the biometric data that we have given to you before the Act.’

On being asked to confirm that they were destroyed, he confirmed it.

Yes, we have got certificates from state governments and we are filing them in courts. All of them have been destroyed.

We were also quite worried because once the Aadhaar Act came, it was our responsibility to protect the biometric data wherever it is. I’m also very confident while saying this because only a few states were technologically capable of keeping the data. Most of the states had told us to keep their copy of the data as well. They had told us that whenever they would need it, they would ask us but no one actually asked for it. Those states that kept the data were not in a position to use the biometrics.

So, whatever data we had, we destroyed it. Only the biometric data was destroyed, the demographics remain with the states. The Aadhaar Act provides for it and the demographics have much lesser information than that you have on a voter ID card except for the Aadhaar number. And anyway the state government is supposed to be having your Aadhaar number.

He claimed ignorance of Gujarat’s PDS system being based on biometrics.

I’m not aware of (that). This is a parallel activity which has nothing to do with UIDAI. In earlier days, Gujarat said that we don’t want to use Aadhaar-based PDS system because we have been working on the biometric base earlier than us. At some point, Andhra Pradesh also said that it had tried something similar with iris (scan identification). So they were using their own biometrics.

This, of course is a flat out lie, given that when the Gujarat PDS database was breached, he had come up with bullshit like it wasn’t the Aadhaar database that was breached.

But the best part of the interview was the set up for the inevitable biometrics leaks as well. So far, UIDAI went from calling Aadhaar perfectly safe to the Aadhaar biometrics database being perfectly safe (after the Tribune report). Now he is saying even if the biometrics were breached, it is not a problem because “your biometrics are anyway in the public domain, right?“. Apparently nothing is a problem for Aadhaar.

We will protect the biometrics to the best of our ability and never allow it to be compromised. In the last eight years, my database has been secure and not breached. In the worst case, let’s say that the biometrics have been leaked but question is, your biometrics are anyway in the public domain, right? Your face, your fingerprint, everything is in public domain; therefore, this catastrophe that we are talking about doesn’t hold.

Dr. Pandey doesn’t see the utter stupidity of securing sensitive data with something that is already public – that critics of Aadhaar have been consistently pointing out. He even manages to say:

By knowing your Aadhaar number, the other person can do nothing; it also needs biometrics unlike a social security number where a person can impersonate you by just (knowing) the number. If we say that the Aadhaar number and biometric is being used to impersonate you, we have an arrangement here as well; whenever you are putting your biometric it will always be in front of a person. So unless and until that person is also compromised, then it’s a case of collusion and no system can then protect it.

So let us get this right. Aadhaar is secure, because you will be “putting your biometric” in front of a person. So can someone explain what exactly was the problem with using hard to duplicate government documents and submitting them to persons and why exactly was this technological clusterfuck given so much money?

And to put the final nail in the coffin of this nonsense, Dr. Pandey probably hasn’t checked out how “putting the biometric” in front of a person has not at all stopped expert proxies from appearing for Police exams.

Vidyut is a commentator on socio-political issues with a keen understanding of tech and policy. She has been observing and commenting on Aadhaar since 2010 from a perspective of human rights, democracy and technological robustness.

One thought on “CEO of UIDAI manages to overrule, the Supreme Court, lie about SRDHs and shrug off concerns on data protection in one interview

Leave a Reply

Your email address will not be published. Required fields are marked *