Fastest computer failed to breach Aadhaar security: UIDAI chief tells SC

New Delhi : In a bid to ensure that data with Aadhaar is fully secured, the CEO of the Unique Identification Authority of India (UIDAI), told Supreme Court that the biometric details are not shared with anyone, even the fastest computer currently available can't breach our 2048-bit encryption.

"Biometrics is never given out. Our software is such that the moment the resident presses the save key, entire data gets encrypted by the 2048-bit key. To break one key, the fastest computer in the world will take more than the life of the universe", Ajay Bhushan Pandey told a five-judge Constitution bench comprising Chief Justice of India Dipak Misra and Justices AK Sikri, AM Khanwilkar, DY Chandrachud and Ashok Bhushan.

The court was hearing a batch of petitions that raised threat over data leak, questioning constitutional validity of the Aadhaar act. Justice Sikri raised doubts that it may be encrypted when it is with UIDAI, but the data can be stolen from the enrolment centres too. 

“Maybe when it reaches you, it gets encrypted, but at the (enrolment) centre, it may be captured by private party”, said the justice. “No,” replied Pandey.

The biometric-matching software is used offline, he said, and added “the data is fully under our control. The biometrics is anonymized before it’s given to the matching software. We segregate the Personally Identifiable Information (PII) so the software doesn’t know whose biometrics it is.”