In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Saturday, August 6, 2011

1506 - THE UID Aadhaar PROJECT System design and security considerations By S.G.Vombatkere

THE UID Aadhaar PROJECT

System design and security considerations

By

S.G.Vombatkere

The Unique Identification (UID) project, also known as Aadhaar, has been pushed into implementation by creation of a UID Authority of India (UIDAI) in 2009. It is slated to spend Rs.45,000 to 1,50,000 crores with a sanctioned budget of Rs.3,000 crores without approval of Parliament. Mr. Nandan M. Nilekani has been nominated to head the UIDAI and accorded cabinet minister rank [Note 1]. This is not unconnected with the publication of his book “Imagining India” in 2009, and his former position as CEO of Infosys Technologies, India's software leader. The Aadhaar project has been cogently criticised with doubts raised on several counts including its legality that have neither been addressed in the information put out by UIDAI, nor in Mr.Nilekani's public interactions in various fora. The result is that public skepticism is deepening into mistrust. When Aadhaar has thus been imposed upon the public, there is need for genuine transparency to dispel public doubts regarding compromise of fundamental rights and freedoms. This is especially so because obtaining the Aadhaar number is stated to be not mandatory whereas various government entities are insisting upon it. However, a National Identification Authority of India (NIAI) Bill that seeks to regularize UIDAI is scheduled to be tabled in Parliament soon.
According to declared policy of the Union government, growth is meant to be inclusive and Aadhaar is meant primarily to reach benefits to the poor. Aadhaar claims advantages especially in further enabling the existing NREGA and PDS schemes to reach beneficiaries more quickly and surely. These claims have been systematically addressed by Reetika Khera [Ref.1], who has brought out that while some of UIDAI's claims are practical, others are not. While Khera's analysis addresses several aspects, it does not adequately touch upon the national security aspect of Aadhaar. The present article discusses the system design, implementation and security aspects, beginning with a critique of the planning process or arbitrariness in decisions concerning the Aadhaar project.

The planning process for national projects
Any large, extensive, long-term, high-cost national project should be preceded by a benefit-cost analysis to assess its socio-techno-economic feasibility. This should begin with a clear statement of what precisely is the problem to be solved or the aim to be achieved (sometimes called the “design problem”), the terms of reference, and the fundamental assumptions on which the design problem is based. The detailed design of any system adopted has to be based upon clearly defined design assumptions. This is because an error in design assumptions can produce a flawed or unworkable design, or a faulty system that is untenably expensive to operate and maintain. The successful social, technical and economic functioning of the completed system implies that its performance conforms to the design, which in turn depends upon the validity of the raw and processed data on which the design was based and the knowledge, skill and experience of the designer(s).

But before the detailed design of any system, a comparative study of available systems is necessary, to decide which system to adopt to solve the problem or achieve the desired aim. That is, the various options are listed and each examined from social, economic and technical angles. A rational planning process would begin with listing all options including upgradation or combination of existing systems (upon which capital investment has already been made), and proposals for new systems based upon updated or new technology. The comparative examination of the listed options in terms of the social, technical and financial costs of each would then provide a short-list of feasible options. Detailed comparative analysis of the short-listed options by experts in the field would reveal the inter se priority of these options, which would then be presented for final choice.

At this stage, there is a political decision to be made, which may not necessarily choose the “least-cost” option. The experts would make their recommendations but the responsibility for choice of option remains with the political executive. It would be a deviation from good practices if one or other option were to be chosen without transparent comparison of the available options; it would bring into question whether at all a systematic process of planning was applied, and whether there had been extraneous influence brought to bear on the political decision, and the possible quid pro quo involved.

Briefly, a systematic planning process at the national level should (1) define the aim and the terms of reference, (2) list out all possible or available options to achieve the aim, (3) remove the implausible or politically undesirable options, and (4) subject the remaining options to analysis using previously identified and weighted social, technical and economic criteria. This analysis will provide an inter se priority among the options considered, forming the basis for the final (political) decision of which option to implement. Such a transparent process would obviate political sniping, accusations and inquiries at a later date. It appears that a national project of magnitude, gravity and long-term national consequences like Aadhaar has been arbitrarily chosen without considering alternatives.

Existing identification systems
There are several existing photo-identification systems co-existing in India, each having its own scope and limitations, that have been created by huge expenditure of public money and physical effort over decades. Below are four of the important ones:
(1) Personal Account Number (PAN) of the Income Tax Department – not all citizens are tax payers,
(2) the Ration Card – not all people hold Ration Cards and these are not transportable across states,
(3) Bank Account Number – not all citizens have bank accounts, and
(4) the Elector's Photo Identity Card (EPIC) – not issued to persons ineligible to vote for reasons of age or citizenship, but accepted as proof of identity and address across the country. 

The UID Aadhaar project has been started up without considering existing systems that already provide unique identity to people, though sectorally. The existing EPIC provides proof of citizenship, and includes photograph, full name, full address, sex, date of birth, father's/mother's/husband's name and a unique 10-character alphanumeric string. The personal details are verified by local government authority before preparing the EPIC. Though an EPIC does not make the holder eligible to vote in another constituency, it still provides a unique identity with several details

Alternatively, using selected features of the four existing identification systems mentioned above (there could be more since this list is not comprehensive but only demonstrative), an option that may be suggested to provide the cardholder with a unique identity could be the EPIC re-issued (to obviate fresh data-entry errors) with additional fields for ration entitlement, reservation entitlement (SC/ST or not), income tax number (if an IT assessee), bank account number(s), citizenship category (resident Indian citizen or NRI or foreigner), biometric information and any other information parameters considered necessary, plus blank fields for more data if considered essential at a later date, and integrating the data of different states. The existing EPICs could be used without interruption for voting, and as and when re-issued with the additional data, would also serve the purpose of unique identification. The system would still allow extension by utilizing the blank fields. Such a card would call for easily achievable inter-system communication and system integration between the various data bases holding information, such as the Food and Civil Supplies Departments, Urban Local Bodies and Panchayats, IT Department, banks, and Passport Offices.

It is not necessary for the present article to go into more detail since that is the task of planning bodies such as the Planning Commission. The above suggestion is only indicative of one available option for consideration at the preliminary planning stage.

Planning methodology
A rational approach to planning national mega-projects such as the Aadhaar project even while there are existing identification systems in place (howsoever inadequate in different ways), would need planners to consider

(1) adapting one or more of the options mentioned in the previous section,
(2) an upgraded or re-worked combination of the best features of two or more of them,
(3) the proposed Aadhaar project, and perhaps
(4) some out-of-the-box proposal(s).
Each of the options would be examined against pre-defined and weighted social-economic-technical criteria in a comparative study, and the options arranged in order of priority. If the Aadhaar project turns up as priority number one, then the political choice of adopting it would be unquestionable. But if the Aadhaar project turns up as number two or three, the political chief executive would still have the option of exercising his personal and political discretion to choose the Aadhaar project for adoption with full responsibility.
 
However, the present choice of the Aadhaar project is without system rationale. The public is acutely aware of the recent frequently surfacing huge scams, and cannot be faulted if there is scepticism or suspicion regarding motives that have led to the Aadhaar project being chosen in spite of arguments, objections and protests on various counts. That this elementary systems aspect was neglected by an engineer-businessperson of Mr.Nilekani's eminence is more than merely strange.

Security considerations
Security considerations concern not only national security but also citizens' constitutional liberties, including the right to privacy. After the reprehensible September 9, 2001, Al Qaeda attack on the WTC and Pentagon in USA, there were attempts in all countries to tighten security. In USA, the Homeland Security Act and the Patriot Act were passed, marking formal commencement of public surveillance in USA. Similarly in 2003 Government of India modified the Citizenship Act, later called the National Population Register (NPR), to authorize the Registrar General of India to hold personal including biometric information of all citizens. That this was primarily a security consideration was affirmed by Mr.Nilekani in response to the question “Isn’t the main purpose security?” concerning the Aadhaar project. True, also affirmed that government's initiative for a unique ID was also for developmental purposes and that UIDAI came out of that initiative [Ref.1]. While there may be no reason to doubt Mr.Nilekani on this score, the fact remains that there was an initiative to create a data base for national security, and the Aadhaar data base would be eminently suited for that purpose. It is noteworthy that Aadhaar is apparently linked with the National Intelligence Grid (Natgrid) [Note 2] and the National Population Register (NPR).
 
Nobody objects to national security measures. But these cannot be at the cost of surveillance of law abiding citizens, restricting their freedoms or infringing on their privacy. This is reportedly happening in USA following implementation of the Homeland Security Act and the Patriot Act. In intelligence practice, national security is enhanced by maintaining surveillance on citizens in public places and linking this with personal information available in various data bases maintained by banks, income tax offices, airline and railway reservation offices, internet service providers, etc. Aadhaar can provide the link between various data bases and will inevitably be at the core of a system which will enable profiling and tracking any citizen useful to any of India's 11 security or intelligence agencies [Ref.2]. 
 
Linked with surveillance in public places and with all people registered with the Aadhaar system, tracking every activity of any or every citizen will be merely a matter of money and technology. This will irreversibly change the relationship between the State and its people, confirming the State as the master when the Constitution of India envisages precisely the opposite.
 
Thus, Aadhaar will enable and support surveillance and tracking whether or not it succeeds in its declared primary aim of enabling services for the poor. Aadhaar promoters claim that access to its data base will not be permitted to any agency, and will be secure from intelligence agencies that spy on citizens. However, this is vitiated since the Aadhaar project is contracted to receive technical support, presently for biometric capture devices, from L-1 Identity Solutions, Inc., a US-based intelligence and surveillance corporation whose top executives are acknowledged experts in the US intelligence community, as revealed in the corporation's website. According to UIDAI website, among other companies awarded contracts for collaboration in the Aadhaar project, are Accenture Services Pvt Ltd which works with US Homeland Security ( for implementation of Biometric Solution for UIDAI) and Ernst & Young (for setting up of Central ID Data Repository (CIDR) and Selection of Managed Service Provider (MSP)). It is difficult to imagine the security of sensitive national information when the technical provider or consultant is not a government body but a business corporation with strong connections to the intelligence organization of another country.
 
The risks are highlighted by the fact that a “retinue of U.S security and intelligence officials” accompanied US Secretary of State, Hillary Clinton, to India in July 2011 [Ref.3]. According to the same source, India has a “gaping appetite for homeland security expertise and technology”. India is racing ahead with a proposed Commercial, Homeland Security and Fire Technology Exhibition at Pragati Maidan, New Delhi in December 2011. It is big business that Natgrid is sure to buy into. Indeed, a document of ASSOCHAM titled “Homeland Security in India” states, “Given its increasing focus on Homeland security, the  Government of India has initiated several steps...(one such) significant initiative is  the ongoing drive to provide UID Number to all Indian citizens which is also aligned to the wider cause of intelligently networking the Indian ecosystem.” [Ref.4]. There appears to be a designed “homeland security” link with Aadhaar, and statements like “The UIDAI will not share resident data” could even be deliberately misleading. India is understood to be opposing CISMOA (Communications and Security Memorandum of Agreement) that USA has proposed for better military interoperability, but the supposed need to acquire technology may accept the cost of allowing inspection (end use monitoring) by US intelligence agencies, and thus compromise national security [Ref.5]. All these issues including the fact that since 2009, the Aadhaar project has been operating without legal sanction (including entering into contracts involving millions of dollars of public funds), only compounds doubts and apprehensions.
The recent case of the Indian Institute of Science (IISc), Bangalore, signing an agreement to set up a telecom laboratory with Huawei Technologies which has links with the Chinese government has been objected to by the Indian intelligence community, which had expressed prior disapproval. That the Indian intelligence community has tamely accepted business links with Accenture Services, Ernst & Young and L-1 Identity Solutions for national security may indicate the unabashed subservience of those who control the intelligence entities like IB, RAW, MoD, MHA, DoT, etc, to the policies of a particular foreign country.
 
The larger implications and ramifications of Aadhaar are best expressed in Usha Ramanathan's words: “[Data collection for the National Population Register] is set amidst NATGRID (National Intelligence Grid), the UID (the Unique Identification project), and a still-hazy-but-waiting-in-the-wings DNA Bank. Each of these has been given spurs by the Union Home Ministry, with security as the logic for surveillance and tracking by the state and its agencies. The benign promise of targeted welfare services is held out to legitimise this exercise” [Ref.2].
 
It is accepted that hacking into a system is most effectively done by paying, co-opting or honey-trapping individuals who have access to critical information. The recent instance of Union Finance Minister Pranab Mukherjee's office being bugged, shows how a device can be placed by gaining physical access to a high security office. Natgrid (which seeks to integrate 21 data bases) or some foreign intelligence agency could obtain access to the Aadhaar data base notwithstanding pious statements of UIDAI. (Incidentally, Capt Raghu Raman, CEO of Natgrid, was also CEO of Mahindra Special Services Group, a security services company. One view of this side-stepping is that he would bring to Natgrid his wealth of background experience but, without casting doubt on his personal integrity, the possible convergence of interests between his corporate background and national information security are undeniable). Obtaining a brief, one-time entry to the Aadhaar data base to permanently compromise its security would pose no serious problem to any efficient intelligence agency that has sufficient influence or funds to obtain that access. Even if Aadhaar can enable provision of services to the poor (which has been cogently argued elsewhere as unworkable) possibility of loss or breach of security of a national data base does not appear to have been examined.
Without in any manner casting aspersions on Mr.Nilekani's integrity, it should be noted that his Union Cabinet minister status as Chairman of UIDAI is without having taken formal oath of secrecy and abiding by the Constitution of India. He is free to take any measures that he deems fit with no accountability to the people or the Government of India; the multi-million-dollar contracts entered into bear witness.

Aadhaar project deserves review
The NIAI Bill is scheduled to be tabled in Parliament in the 2011 monsoon session. The Bill has several infirmities that have been pointed out to government, but it appears that no cognizance has been taken.
The UIDAI functions with only token transparency. Obtaining an Aadhaar number is stated to be not mandatory, but various government departments are insisting upon the Aadhaar number, causing skepticism and mistrust among the public. The Aadhaar project is an unconscionably expensive, unaccountable and virtually secret program that can hold the key to a total-surveillance-State, making the Constitution of India a dead document.
The claims made by the UIDAI to make social benefits available or accessible to the poor sections of Indian society have been questioned elsewhere, but the Aadhaar scheme itself has been formulated without due technical or administrative planning process. Thus, from system design and security considerations, the Aadhaar scheme deserves to be blocked with immediate effect and reviewed from scratch in the national best interest.
(2,944 words of text)

References
1. Reetika Khera; “UID Project & Welfare Schemes”; Economic & Political Weekly; Vol XLVI No.9 February 26, 2011.
2. Usha Ramanathan; “Implications of registering, tracking, profiling”; The Hindu, April 5, 2010.
3. “U.S., India share focus on homeland security, but collaboration comes slowly”; Washington Post, July 20, 2011; <http://www.washingtonpost.com/world/us-india-focus-on-homeland-security/2011/07/19/gIQAQ56HOI_story.html>
4. Gopal Krishna; “NIAI Bill, Wikileaks, World Bank & L-1 Identities Solution”; <www.countercurrents.org>, January 22, 2011.
5. Vombatkere, S.G., “Deepening India-US Strategic Ties - Evidences and Repercussions”, Mainstream, New Delhi, Vol XLVIII No 40, September 25, 2010, p.13-15.

Notes
Note 1. The basis for selecting Mr.Nandan Nilekani for appointment as UIDAI Chairperson with cabinet rank is arbitrary and not beyond question. No doubt the UIDAI Chairperson should possess experience in systems engineering but he/she should also have experience in public administration since the UID project deals with government systems and the public, involving legal and constitutional issues. Transparent selection of an individual from a panel of eligible persons would have constituted due process of democratic governance. Avoidance of due process speaks poorly of governance and raises doubts about hidden agendas.

Note 2. Natgrid c/o Ministry of Home Affairs, will ensure that India has a world-class integrated national security database that can be accessed by the security agencies as required. This national security database is inter-operable with other relevant databases, so that all terror threats can be detected and acted upon in a timely manner. This ambitious project will be implemented without infringing upon the privacy of individuals whose details -- banking, insurance, immigration, income tax, telephone and internet usage -- will be on Natgrid. The data collected will also have to be safeguarded from hackers. The goal of Natgrid will be to achieve quick, seamless and secure access to desired information for intelligence/enforcement agencies in India.

**S.G.Vombatkere retired as major general after 35 years in the Indian military. He is engaged in voluntary social work, and is member of the National Alliance of People's Movements (NAPM) and People's Union for Civil Liberties (PUCL). As Adjunct Associate Professor of the University of Iowa, USA, he coordinates and lectures a course on Science, Technology and Sustainable Development for under-graduate students from USA and Canada. He holds a master of engineering degree in structural engineering from the University of Poona and a PhD in civil structural dynamics from I.I.T, Madras.

Contact details:
Maj Gen S.G.Vombatkere (Retd) 
475, 7th Main Road 
Vijayanagar 1st Stage 
Mysore-570017.
Tel:0821-2515187