The Attorney General of India, Mr. K. K. Venugopal continued with his submissions from the previous day of hearing (21st March 2018).
Mr Venugopal began by reading out sections of the World Bank Report named Identification for Development. He then pointed out how the Report refers to the cost-benefit analysis done by the National Institute of Public Finance and Policy (NIPFP) to say that there could be a saving of 58.5% in costs with the Aadhaar scheme. Here, Justice Chandrachud interjected to inquire about the presence of authentication and enrolment fee. Mr Venugopal responded that enrolment and authentication services are free and continued to point out that Aadhaar furthers compliance with the Sustainable Development Goal of Legal Identity for All by 2030. He asserted that with 1.2 Billion enrolments, India has over-taken several countries in this endeavour.
Mr Venugopal reiterated that Aadhaar is not a casual venture undertaken in a routine manner but that a lot of thought has gone into the programme. Justice Sikri pointed out that this did not answer the issue of the constitutionality of the Aadhaar Act. Justice Chandrachud wondered why the Act was passed only in 2016, when clearly the need for a law was felt back in August 2009.
After lunch, the CEO of UIDAI, Mr. Ajay Bhushan Pandey, was allowed to conduct a PowerPoint presentation in the Court. He began by saying that Aadhaar is the solution for many people who did not have a nationally acceptable identification. Moreover, many IDs have their limitations. For instance, children cannot have voter IDs. Obtaining a ration card was difficult because it required other IDs to be submitted. Moreover, he said, Voter ID and ration cards are region specific and not nationally accepted.
Then, Mr Pandey explained the features of Aadhaar by briefly speaking on each point in the following slide:
Next, Mr Pandey explained the enrolment process using the following slides:
He asserted that the UIDAI collects minimal data, contrasting it with the SSN (Social Security Number) application in the United States, which he called a 'data overload'. Next, Mr Pandey explained that no one is denied enrolment for lack of biometric submissions. Only certain exceptions, in appropriate cases, were considered:
At this point, Justice Chandrachud wanted to know how a biometric exception is authenticated. Mr Pandey responded that other modes of authentication are used, such as a One Time Password (sent to the mobile phone) or authentication of the demographic information. He explained that there are 13 modes of authentication, if you consider 10 fingers, 2 iris scans and the OTP.
Mr Pandey now asserted that the Act has a 2048-bit encryption which is the hardest to break. Here, Justice Sikri pointed out that the worry is of data leaks at the time of capture or before transmission, which Mr Pandey said is impossible. He said that all machines are STQC certified and the software is provided by the UIDAI. Justice Sikri then enquired about the 49000 enrollers who were blacklisted. Mr Pandey responded that these were people who took money for enrolments, whose demographic data quality was very bad, who misused the biometric exception, or registered trees or Gods. The enrolment operators were trusted earlier, but now UIDAI is more stringent with quality control.
Justice Chandrachud then asked Mr Pandey to explain how the update of biometrics of children below 5 was done. Mr Pandey responded that for children, aanganwadi workers can double up as Aaadhaar enrolment operators. Justice Sikri asked if parental consent was taken. Mr Pandey responded that all 'legal compliance is taken care of'. One could also update one's biometrics at the enrolment centres and update their biometrics. Justice Sikri wanted to know how a person would come to know if her biometric data had changed, especially in light of the fact that there were so many illiterate people in the country. Mr Pandey responded that Section 7 and Regulation 14(1)(i) of the Aadhaar Act make sure that people are not denied benefits and entitlements if their biometric is not updated in time. The QR code in the Aadhaar card itself has some data built into it.
Here, Justice Chandrachud pointed out that the UIDAI does not get to know if a service or benefit had been denied until authentication failed. Mr Pandey answered that the UIDAI constantly advises ministries that exclusions on the ground will occur if they solely depend on authentication of Aadhaar. There would be strong action taken against any official denying services. Justice Chandrachud asked if there was official data of services being denied, to which Mr Pandey responded in the negative. When Justice Sikri spoke about shopkeepers misappropriating grains by claiming the beneficiary's biometric mismatch, Mr Pandey responded that the Aadhaar cannot cure every kind of malaise, while on the other hand the ration shopkeeper has been caught due to the Aadhaar. He agreed that a 100% success rate in authentication is not possible, perhaps due to many variables like connectivity issues, machines not working, etc but he asserted that the Aadhaar Act takes care of it all. Mr Pandey said that the Government has now decided that enrolments will be carried out only in banks, government offices, and post offices.
At this point, Justice Khanwilkar raised his concern about the software being a foreign software. Mr Pandey replied that only the biometric match software has been licensed from foreign companies - which are the world's best in that industry, he claimed. The software runs in Indian data centers and there were 6000 server farms. Mr Pandey pointed out that Banks using SAP or Oracle, does not mean that the banks have given away the data to SAP or Oracle. In the same way the software being foreign does not mean the data has been given away to the foreign companies. He said that once the biometrics reached the CIDR, it could never be shared on any ground whatsoever, except for national security under Section 33. He claimed that in 1.5 years, the government had not made any request for any biometric data.
When Justice Chandrachud asked for an explanation on metadata, Mr Pandey promised to explain it at a later stage. The day's arguments ended with Mr Pandey stating that the information collected remains in silos and the merging of these silos is prohibited.
The matter will be next heard on 27th March 2018.