"But when the government of India, which is your government, asks you your name and your address, nothing more... there's a massive revolution in the country... saying it's an intrusion into the privacy of the individual. I mean, how far can we go? Let the Supreme Court decide," Kannanthanam said.
"What is the information collected by Aadhaar today? Your name... address; you don't have to give the e-mail ID which everybody now demands," the minister said.
He said the fingerprint details and the data related to iris were something in the UIDAI repository.
"Not one case has come up in the past three-and-a-half years.... (that) the bio-metric data of any Aadhaar holder has been leaked in India. The Government of India has protected the data," Kannanthanam said.
The Supreme Court has indefinitely extended the March 31 deadline for linking Aadhaar with existing bank accounts, PAN, mobile phone numbers, and various other services. However, the relief was not absolute as, according to the Unique Identification Authority of India (UIDAI), your Aadhaar would still be required for opening new bank accounts or applying for Tatkal passports.
Here are the top ten developments around Aadhaar data leak and Union Minister Alphons Kannanthanam's Aadhaar remarks:
1) Subramanian Swamy says Alphons' statement 'foolish':
Asking Union Minister of State for Electronics and Information Technology K J Alphons to retract his statement, where he compared Aadhaar to getting a US Visa, BJP leader Subramanian Swamy, according to News18, said, "It's a foolish statement."
Swamy said that there was "no point comparing India and America". He added that going to America was "your choice" and that Alphons "should take back his words".
2) UIDAI may take legal action against ZDNet:
Tech news site ZDNet said it stood by its report that identified a security vulnerability in data-linked to Aadhaar. Seeking to downplay the report, the UIDAI said that even if the claims in the story were true, it would raise security concerns with the database of the utility company and not with the security of UIDAI’s Aadhaar database. UIDAI said it is "contemplating legal action against ZDNet"
3) Irdai extends deadline for linking Aadhaar with various insurance policies:
The Insurance Regulatory and Development Authority of India (Irdai) has extended the deadline for linking Aadhaar with various insurance policies until the Supreme Court decides on the matter.
“For existing insurance policies, the date of linking Aadhaar is extended till the matter is finally heard and the judgment is pronounced by the SC,” Irdai said.
4) Aadhaar for new policy buyers:
In case of new policies, Irdai said a policy buyer was allowed six months
from the date of commencement of account-based relationship to submit the Aadhaar number
and PAN/Form 60 to the insurer. “In absence of Aadhaar, the client shall submit any of the officially valid document as mentioned in the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005,” it said.
According to norms, Non-Resident Indian policyholders are not required to surrender their policy for not having Aadhaar. In absence of Aadhaar, NRI/Persons of Indian Origin/Overseas Citizens of India too can submit any of the officially valid documents as per the PMLA.
5) Alphons says some people have no problem getting naked for US visa but cry privacy on Aadhaar:
Union Minister Alphons Kannanthanam
said "ten pages of information which you have never even confessed to your wife ever, or to your husband, have to be passed on to a white man to get an American visa. We have absolutely no problems going and putting our fingerprints and the iris and getting your whole body naked before the white man at all". He claimed the attitude of many people changed sharply when their own government sought basic information.
"But when the government of India, which is your government, asks you your name and your address, nothing more..there's a massive revolution in the country...saying it's an intrusion into the privacy of the individual. I mean, how far can we go? Let the Supreme Court decide, Kannanthanam said.
Criticising the Minister's remarks, Yechury said the question is not about getting naked or giving biometrics to a country for the visa, the question is information is being collected on the basis of Aadhaar.
He further said that during the elections government will use those data to influence it.
"The personal information of people is their personal liberty, which is also their constitutional right. This is very undemocratic and wrong. It's an attack on people's individuality," he added.
How will face authentication help? This feature will help those who run into problems in biometric authentication due to old age, hard work or worn-out fingerprints.
UIDAI said, "face authentication will be allowed only in fusion mode meaning it would be permitted along with either fingerprint or iris or OTP to verify the details of Aadhaar holders".
A statement released by the Authority said there was no breach of Aadhaar database and it remains safe and secure.
It said in a series of tweets on its official handle: "We refute the reports in a certain section of media sourced from ZDNet which quote a person purportedly claiming to be a security researcher that a state-owned utility company has vulnerability which can be used to access huge amount of Aadhaar data
including banking details. There is no truth in this story as there has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure. The story is totally baseless, false & irresponsible. It purports that the database of a state Utility company containing its customer details such as bank account numbers, consumer number, Aadhaar number
(not the biometrics), etc., has vulnerability. Even if the claim purported in the story were taken as true, it would raise security concerns on database of that Utility Company and has nothing to do with security of UIDAI’s Aadhaar database."
"If one goes by the logic of ZDNet’s story, since the Utility company’s database also had bank account numbers of its customers, so would that mean that all Indian banks’ databases have been breached? The answer would obviously be in negative. Further, one must understand that the Aadhaar number, though a personal sensitive information, is not a secret number. Mere availability of Aadhaar number
with a third person will not be a security threat to the Aadhaar holder or will not lead to financial/other fraud, as for any transaction, a successful authentication through fingerprint, Iris or OTP of the Aadhaar holder is required. We advise people not to get misled by such false and irresponsible stories being circulated in social and other media by some vested interests," UIDAI added.
The UIDAI said that the ZDNet report raised concern on the database of utility company and not Aadhaar. In its statement, UIDAI said that even if the claimed purported in the story were taken as true, it would raise security concerns on the database of that utility company and had nothing to do with security of UIDAI's Aadhaar database.
Also, the fact that the utility company had bank account numbers of its customers did not imply that all Indian banks' databases had been breached, UIDAI clarified.
9) ‘Universe's strength needed to break Aadhaar encryption’:
In a first-ever powerpoint presentation in open court, Ajay Bhushan Pandey, the Chief Executive Officer of UIDAI told the Supreme Court
on Thursday that it would take the world’s fastest computer “the whole universe’s strength to break the Aadhaar encryption system”.
Noting that data matching software has been bought from the world's three best companies and stored on UIDAI's 6,000 servers, Pandey had said that these are not linked to the internet to eliminate the possibility of any backdoor access to the data.
10) 'UIDAI is blind':
Reverting to the question of intrusion in the privacy of Aadhaar users, Pandey said the UIDAI is "blind" and does not keep track of any transaction done by using the Aadhaar card.
"If somebody opens a bank account or gets a mobile phone by using the Aadhaar, the UIDAI cannot know the account details or the phone number," he had said.
Once the enrolment agency submits the biometric details after enrolment, the data is encrypted and deposited at the Central Identities Data Repository (CIDR), Pandey explained.