Profile picture
sflc.in @SFLCin
, 50 tweets, 6 min read Read on Twitter
Day 22 of the final #Aadhaar hearing will begin shortly.
CEO of UIDAI resumes his PowerPoint presentation on #Aadhaar
ABP clarifies that operators check individual packets of data received during enrollment. There are 65 operators who are responsible for verifying biometrics he says
J. Chandrachud: Is it possible for the enroller to make copies of the data before the data is encrypted and sent to cidr?
ABP says that enroller does not have access to biometrics. it's collected by uidais software
ABP: Also retaining data by the operator is an offence. We have zero tolerance policy.
We have started phasing out private enrolment agencies. Now only banks and post offices will do it
ABP: A notification was issued in July that says that 12500 banks and 15000 post offices will become operator agencies.
J.Sikri: That is because you don't need so many enrollment agencies now. People have already enrolled.
ABP says they are doing it for updation of Aadhaar
ABP says that their central authentication server is not connected to the internet for security purposes
J. Chandrachud: How many AUAs are private?
ABP says few dozen.
J. chandrachud:AUA has a record of how many times an authentication request was made even if UIDAI doesn't.Parting with that data is a commercially profitable enterprise. The private sector AUA can misuse that data.
ABP says they are prohibited under section 29(3) of the act.
ABP: Section 38(g) also prohibits it. Further there are regulations to prevent such misuse. Regulation 17(1)(d) for example.
J.Chandrachud:The problem area is that private service providers have a record of authentication requests which can be misused in various ways to profile individuals.
J.Khanwilkar says that the state has to clear the apprehensions of the petitioners wrt to the software of Aadhaar
ABP says software is secure and there hasn't been one data leak till date. Tells court to not believe media reports. Denies recent report of breach by ZDnet
ABP rubbishes the report by tribune also.
ABP says that now they have made it a standard practice to only display the last four digits of the Aadhaar no., wherever needed.
J. chandrachud: The high level of security maintained at CIDR is not maintained at the other end like AUA also. Unless the security at the other end of the spectrum is secured, Aadhaar will be a problem.
ABP physically demonstrates the process of authentication. Shows what all information is displayed. Says location, purpose etc is not showed.
ABP says that Aadhar based authentication and other services like withdrawal of funds is akin to a walking ATM.
ABP says debit cards and pin nos. is difficult to use by most people in India. Aadhaar makes it simpler and allows people to be financially included.
ABP explains the security of authentication transactions next. Talks about stqc and UIDAI certified biometric devices, secure channel, biometrics locking, multiple factor authentication.
Explains the process of biometrics locking.
ABP says that a person can enter her Aadhaar details on uidais website to check her authentication history. This way she can know if her Aadhaar no.was misused.
ABP discusses authentication meta data elements. Says we have no meta data that reveals anything about an individual such as likes and dislikes. Emphasizes again that location, and purpose of authentication is not collected.
ABP says that the technology and architecture board review the technology of Aadhaar. Similarly the security review board reviews the security of Aadhaar. Security is an ongoing challenge and we need to keep upgrading it.
ABP shows a short film on Aadhaar data centres
ABP takes the court through the security measures incorporated in the Aadhar infrastructure.
ABP now discusses the privacy safeguards in Aadhaar like virtual I'd, uid token, purpose and use limitation, strict confidentiality, online access to authentication history, biometrics lock, strict punishment under the Aadhaar act
ABP: We can make further regulations if there are any concerns related to the security and privacy of the Aadhaar ecosystem.
J. Sikri: It cannot be ruled out that authentication history will not be shared under section 33.
Senior Advocate K.V Vishwanath says it can be shared under section 57 also.
ABP says that till date they haven't shared data with any other agency.
ABP is now explaining Virtual Aadhaar ID generation.
J. Sikri: How many people will be able to use it? You can't explain illiterate people to use virtual ID. ABP says this is just an additional safeguard apart from the act.
Bench rises for lunch.
CEO of UIDAI, Ajay Bhushan Pandey resumes his PowerPoint presentation on Aadhaar.
J. Sikri asks if the authentication logs are kept with the authentication/requesting entity. What is the nature of this data?
ABP says that details except biometrics are kept.
ABP draws attention to regulation 17 and 19 on the point that AUAs are not as secure as CIDR.
ABP: Audits are done on AUAs, and requesting agencies, by UIDAI itself or by an agency appointed by them to ensure smooth functioning of the system.
ABP: Anil Jain, professor of Michigan state university, and expert on biometrics, was consulted. He suggested multi modal biometrics authentication i.e both iris and fingerprints should be combined for the process of identification and authentication.
ABP says another expert was consulted and he suggested that iris should be used, because fingerprints often don't work.
Judges are of the view that AG should be making such arguments, not CEO of UIDAI.
ABP: Using virtual ID and uid token ensures that databases are not joined. We make distinctions between what agencies require real Aadhaar no.and what agencies do not. For eg. Telecom does not require real Aadhaar no. But income tax does.
Judges ask ABP to submit a note explaining Virtual id and uid token and how their usage prevents de duplication.
ABP: Uid token is a 72 character alpha numeric string meant only for system usage. For the same resident, different AUAs or KUAs will have different uid tokens. Aadhaar cannot be reverse engineered from the token
ABP now distinguishes between Aadhaar card and smart card. Says central database of biometrics is important, to ensure uniqueness. Uniqueness may not hold true in the case of smart card, and one person can have multiple cards with different identities and same biometrics
ABP: there's no identity theft if Aadhaar is lost. The same cannot be said of smart cards.
Surveillance is not possible with CIDR as silos are not merged. Surveillance is possible by smart cards by merging databases.
There's some discussion on the smart card id system used in Singapore. ABP says keeping too much information on a smart card is not a good idea. Replacement of smart card with a better technology in the future is a huge responsibility.
ABP says that changing encryption kept on a smart card from time to time is not possible. Says offline smart card is not a substitute for online authentication.
ABP says a Singaporen newspaper praised India and Estonia's ID system and wrote that Singapore should adopt something similar.
CJI clarifies about the process of enrollment. Asks if the enroller or requesting entity has access to any data.
ABP says data is encrypted and sent to CIDR, so there's no question of misuse.
ABP shows a graph to illustrate the success rate of Aadhaar based biometric authentication. He shows year wise trends from 2013-18.
Next, ABP shows a graph made on a proof of concept conducted at old age homes in nine different states.
He says that from July 1, facial recognition will be used along with fingerprints in order to ensure better authentication.
Petitioners submit a list of questions based on the presentation. State will answer them on Tuesday.
Petitioners say that deadline for Section 7 benefits should also be extended. Fourteen crore forty eight lakh authentication failures have taken place for section 7 benefits and subsidies.
State argues that authentication rejections does not tantamount to denial of services.
CJI refuses to give an extension on section 7 benefits.
Bench rises for the day. Will reassemble on Tuesday.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to sflc.in
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#Aadhaar

More from @SFLCin see all

Profile picture
Today, the Government introduced the Aadhaar and Other Laws (Amendment) Bill, 2018 in Lok Sabha, which proposes to amend the Aadhaar Act, The Telegraph Act and the Prevention of Money Laundering Act. A copy of the Bill, can be accessed here - sflc.in/aadhaar-and-ot… #Aadhaar
The Bill seeks to bring amendments to the Telegraph Act and the Prevention of Money Laundering Act to enable voluntary seeding of Aadhaar details with phone connections and bank accounts. #Aadhaar
The Supreme Court in its Aadhaar judgment had struck down that part of Sec. 57 of the Aadhaar Act which enabled private entities to use authentication services calling it unconstitutional. The court held that this enabled commercial exploitation of biometric and demographic data.
Read 11 tweets
Profile picture
On December 20, 2018, the Ministry of Home Affairs issued a statutory order authorizing 10 agencies to intercept, monitor and decrypt communications of citizens. The order may be read, here - bit.ly/2rYlx0z #Surveillance
The agencies authorized by MHA include - Intelligence Bureau, National Investigating Agency and Commissioner of Police, Delhi. The order was issued under existing powers given to the MHA as per Section 69 of the IT Act, 2000 and corresponding rules. #Surveillance
Section 69 empowers the govt. to issue directions for surveillance of communications. The corresponding rules empower the MHA to notify other govt. agencies which can perform such surveillance. Thus, these agencies have been notified under existing rules under the IT Act.
Read 20 tweets
Profile picture
Join us for an important discussion on misinformation in the digital era in Delhi, Bangalore and Mumbai.
We would love to hear from @factlydotin @FactCheckIndia @check4spam @timesfactcheck @boomlive_in @fact @AltNews
Also, @ektanewsco
Read 3 tweets

Related threads

Profile picture
Mini #tweetorial for anyone who wants to learn how to do a good PowerPoint presentation:

Tip 1: Look and sound bored. Sigh a lot.
Tip 2:
Look towards your PowerPoint and away from your audience. This way they will appreciate the back of your haircut and everyone can avoid awkward eye contact
Tip 3:
Put lots of fancy graphs and tables loaded with data in there that take 5-10 minutes to understand. Give your audience 15 seconds to admire them and move on to the next slide
Read 12 tweets
Profile picture
#Aadhaar hearing resumes. CEO of UIDAI continues his ppt.

He starts by giving a break up of enrolment operators having been blacklisted..classified by reason. Will shortly give a link to that document.
DYC J asks if there has any operator been blacklisted for data breach....such as sharing of data etc.

CEO says only possible when the operator is so qualified to tamper the enrolment client software to capture or share biometric data.

Even if someone does it, it is punishable.
CEO says now they are phasing out private enrollment agencies and are going to be housed only inside banks and post offices.
Read 16 tweets
Profile picture
#Aadhaar hearing continues. Attorney General KK Venugopal commences his arguments for the Union Govt.

He announces the batting line up ...says he will be followed by Rakesh Dwivedi (UIDAI), Jayant Bhushan (RBI) Sr advs and Gopal sankaranarayan appearing for intervenors.
Even as he laments that petitioners have taken almost 19 days, promises to keep the Union arguments as brief as possible.
Says Aadhaar is not an isolated measure but follows a series of measures put in place to solve the problems that Aadhaar solves.

Says Aadhaar is a serious effort..all alternatives such as smart cards were considered and then decisions taken.
Read 45 tweets
Profile picture
#Aadhaar hearing continues. Sr. Advocate Meenakshi Arora continues her submissions. Reminder, petitioners expected to complete their submissions in 90 minutes today.

Ms. Arora is appearing for @vvcrishna and others.
MA: Reading Tele2 German Constitutional court decision. (Her WS here: drive.google.com/a/advocatepras…)
MA elaborating on the chilling effect that is caused by a general and indiscriminate retention of personal and personal transactional data.
Read 58 tweets
Profile picture
#Aadhaar hearing continues. Arvind P Datar, Sr. Advocate resumes his arguments for Petitioners.
APD lays his propositions. Submits on the Money Bill argument. How Aadhaar certification as a Money Bill is unconstitutional.

Explains how the word final in Article 110 (3) does not mean the certification is beyond judicial review and shows how there is a long line of precedent.
He will develop this point later.

The first one he will develop now is back to PMLA. And the consent form. The absurdity of giving consent in the form when you are mandated by law to link failing which your account is inoperable!

Wonders if consent should receive....
Read 33 tweets
Profile picture
#Aadhaar hearing. To resume shortly. Shyam Divan to continue for the Petitioners. He is expected to complete his submissions in the first half today. However more petitioner arguments by other counsel to follow. Thread.
SD continues to read the affidavit of Mr. Siraj Dutta who did an investigation into two Aadhaar related starvation deaths in Jharkhand. (Premani and Etwarya Devi).
Discloses the following problems.

1. Premani pension transferred to someone else. Noone was aware until his investigation happened. Because the other person's aadhaar was linked to Premani's Aadhaar. (The NPCI mapping problem, which is now quite famous.) ...
Read 76 tweets

Trending hashtags

#HumanTrafficking #UI #Aadhaar #Inclusive #DestroyTheAadhaar #ODSCWest #scobserver #bias #BlackMoney #Awan #DOJ #PowerPoint #openeducation #SupremeCourt #UX #WorldBank #DestroyTheAadhaarData #biometrics #privacy #Aadhaarleaks #AadhaarFail #SaveTheInternet #AadhaarVerdict #datascience #GiveItUp

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!