Hackers trying to breach UIDAI security will not only need 13-foot high ladders, but also the world’s fastest computer and over 13.772 billion years to successfully access Aadhaar data, if UIDAI CEO Dr. Ajay Bhushan Pandey is to be believed.
Leaked footage of a hacker who wanted to steal Aadhaar data, thwarted by UIDAI's wall pic.twitter.com/QumNRUBzfD
— Rohin Dharmakumar (@r0h1n) March 21, 2018
Following the recent statement made by Attorney General K K Venugopal, in which he claimed that Aadhaar data remained secure in a complex that has 13 foot high and 5 foot thick walls, UIDAI CEO Pandey recently told the Supreme Court that it would take “more than the age of the universe for the fastest computer in earth, or any supercomputer, to break one key of Aadhaar encryption”.
"Aadhaar data has been secured by a 2048-encryption key that will take a supercomputer more than the age of universe, or over 13 billion years, to crack" Ajay Bhushan Pandey, the chief of UIDAI
An average Indian can do it for 500 Rs ! 😂😂😂 pic.twitter.com/wPUAscAKby
— My Fellow Indians (@MyFellowIndians) March 22, 2018
Pandey was given the first-ever opportunity to conduct a presentation in front of a five-judge Constitution Bench led by Chief Justice of India Dipak Misra in the Supreme Court on Thursday. In the hour long presentation, which is scheduled to continue on March 27, Pandey told the Constitution Bench that Aadhaar data was protected by a 2048-bit encryption and added ominously, “once biometrics comes to us, it will never go away.”
To this claim, Justice A K Sikri, one of the panel members, noted, “Maybe when it reaches you, it gets encrypted, but at the center, it may be captured by a private party”. In Aadhaar’s defense, Pandey said that the UIDAI did not share biometric details with anyone and the “software is such that the moment the resident presses the save key, entire data gets encrypted by the 2048-bit key.”
Did you know why they had to use random private agencies to collect all that sensitive, personal data? Because to do it through govt servants would take too long. So they got the Registrars who they did have some control over, to get an #Aadhaar themselves! Security worries gone!
— Vakasha Sachdev (@VakashaS) March 22, 2018
Justice Sikri also asked Pandey why the UIDAI had blacklisted 49,000 registered operators, to which Pandey said that those operators had been de-registered for corruption, carelessness and harassment of the public. Pandey said, “Some of them used to take money from the public, others would not enter the details properly. We have a zero-tolerance policy.”
When Justice Sikri pressed further, Pandey revealed that:
“Initially we trusted these operators, but they ended up registering trees…Jamun trees.”
It’s worth noting that such “registered operators” have previously been accused of selling Aadhaar data for as low as Rs. 500. A fact that Pandey carefully omitted.
Unfortunately for Indians worried about Aadhaar and data safety, the latest comments only add to the dilemma of whether to laugh or outrage at the UIDAI.