The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Monday, October 12, 2015

8916 - Living in a data glass bowl - DNA India

Sunday, 11 October 2015 - 7:30am IST | Place: Mumbai | Agency: dna | From the print edition
The trail of data you leave online is open to threat from internet companies, hackers, and governments. What does one do then? How do governments draw the fine line between individual privacy and national security? Are Indian laws adequate to deal with the situation? Amrita Madhukalya finds out

                                    Sudhir Shetty dna
The sponsored post you clicked on your preferred social media site, the information you just entered in the payment gateway while buying an AC, the emails you exchanged with your father this morning… simply mundane exchanges on the internet you'd think. But a deeper look will reveal the scary truth.

"You are the data: You are the queries you ask, the addresses you provide, the emails you answer, the transactions you carry out, the conversations you have. There is an inexhaustible amount of data that we leave online, leaving us vulnerable to various threats," says Nikhil Pahwa of the internet watchdog Medianama.

Companies like Facebook and Google store the data of every individual user, even deleted ones, in US-based data centres. The exhaustive body of data that these companies have access to is open to surveillance by US intelligence agencies, thereby exposing a huge loophole in our national security. To add to that, companies routinely use the data to harvest our preferences so they can present us tailored content. Targeted ads, location information etc. could also present a 360-degree profile of a user, leaving them vulnerable to surveillance, hackers and the loss of identity.

Last Tuesday, the Court of Justice in the European Union barred US-based companies like Google and Facebook to allow intelligence agencies like the National Security Agency (NSA) a peek into the individual online data of millions of Europeans. It argued that a person's online data can be used for surveillance if there exists a necessary threat, but the NSA cannot harvest the data of millions of Europeans on the pretext of national or international security.

In India, however, we are in for the long haul. The right to privacy law is in limbo. The Right to Privacy Bill (2014), amongst others, penalises identity theft, requires foreign companies to store data in Indian, and recommends a data protection authority. The bill is currently with the ministry of personnel; who is fine-tuning it currently.

And the recent gaffe with the draft encryption policy, where a leaked draft showed us how the government wants us to store all encrypted data, like whatsapp messages, emails, etc. for over 90 days, has revealed that the government lacks the know-how to deal with such data.

Too much data, too little concern
In May this year, Aran Khanna, a computer science and mathematics student at Harvard, was fired from his internship at Facebook for exposing a major glitch with its messenger. Khanna came up with a plugin called Marauder's Map that connected user location data, which was exposed by the messenger to find out where a particular Facebook user was located at the moment. One did not need to be friends with the user; a Facebook conversation was enough.

When his app went viral, Facebook revoked Khanna's internship and updated the messenger. It said the fault lay with Khanna's app and not the messenger. Khanna, on his part, said his app exposed the dangers of online privacy. "What does this say about privacy protection? Can we reasonably expect Facebook or others with an interest in collecting and sharing personal data, to be responsible guardians of privacy," he told reporters.

According to cyber security expert Akash Mahajan, cyber threats due to available user information is inevitable, it is just a matter of when. "Large scale data analysis can be used to glean insights about patterns, traits of a large number of people in a particular geographical location," he says. The US' NSA, the hackers in China, Israel, Iran, France and Britain's GCHQ are some examples of surveillance bodies, he adds.

"Several countries routinely conduct mass surveillance, and there are highly sophisticated attackers for hire. Many companies also engage in corporate espionage for financial, strategic gains. Some groups engage in misinformation or propaganda by manipulating data patterns," Mahajan states.

And it's not just internet companies like Facebook. Government data agencies like the UIDAI that deals with the Aadhaar are also collecting data. As per government statistics, 92 crore people are registered with the UIDAI for Aadhaar. "The data is collected by UIDAI (thumb prints and iris scans) are collected by private companies in private computers," says Supreme Court advocate Rahul Narayan, a counsel arguing against the mandatory use of Aadhaar for utility services like LPG connection and opening a bank account.

This week, the Supreme Court also referred to a larger bench the plea of the central government, the Reserve Bank of India, Securities and Exchange Board of India (SEBI), Telecom Regulatory Authority of India (TRAI) and states like Haryana and Gujarat to extend the voluntary use of Aadhaar to other services. When the apex court bench takes a decision on the issue, it will also serve as a precursor to the state's stand on the right to privacy.

Privacy or national security
There needs to be a fine balance between individual privacy and national security. India needs better safeguards, says a research fellow of the Institute for Defence Studies and Analyses (IDSA), who did not wish to be named. "The government should not worry about policies as much as it should worry about safeguards -- of both individual privacies and national security."

According to Medianama's Pahwa, the time is ripe for a bill on privacy. "Companies like Google and Facebook are sitting on a mine of data, and what they do with this data is every bit of our concern because the data is about us. Will we be allowed to recall that data, or remain anonymous? We need to have control over our own data." He adds that the draft national encryption policy, which invited the outrage of several users for its implausibility, may be ill-designed, but is nevertheless important.

Former Data Security Council of India (DSCI) head Kamlesh Bajaj, who was part of the Justice Shah Commission on the Right to Privacy, argues that a modern society needs to have a certain amount of surveillance. "But that surveillance, as the European Union rightly suggested, should be targeted surveillance so that we can stop the US from dipping into the data of an Indian citizen at will… The state needs to ensure that targeted surveillance is done to curb crimes, and does not let blanket surveillance leave us vulnerable. But, we need to have a data protection law first."

User cannot be the loser
Cyber security expert Mahajan says that any huge body of information is a threat to security and privacy. "As soon as there exists a large storage of data, like the NSA data center in Utah, there will be people who will want access to that data. Be it for personal gain, strategic advantage or in the case of Wikileaks as a political statement. Safe storage of such data is a challenge, whether it is for the government of India or the NSA," he stresses, pointing that US government agency OPM lost more than five million biometric records to online attackers despite sophisticated measures.

Pahwa says that problem with huge data bodies like the one collected for Aadhaar is that we may never be sure of if a future government turns rogue. "Without adequate safeguards, our data is exposed to, at the very least, phishing attempts," he says. "And what is the guarantee that a future government, or in fact, the current one does not use it against us for any purpose that suits it."

In Mahajan's view, the government should also allow for companies to have data centres in India, so they can start storing the data of Indian users in the country. Microsoft said recently while launching its cloud services and the first three data centres in India that the data of Indian users will be governed by the Indian laws.

Mahajan adds that the government should allow for safe and secure tools. "Be it digital contracts, online e-commerce, e-tendering etc. worldwide standards will allow us to compete, take part in global commerce and communicate freely," he says. "Get serious about telecommunication security in India and get the telcos to start encrypting GSM calls and messages to the minimal levels as per global standards."

Things to do for better privacy
1) Clear cookies in your internet browser routinely; especially if it is a public computer
2) Turn off your location data in mobile apps
3) Don't download too many apps on your phone, and with the ones you do, read the fine print carefully. Be aware of what are you allowing the app to do.
4) Use complicated passwords. Apps like KeypassX allow us to keep passwords that are over 50 characters long
5) Some tools allow others a peek into calls
6) Use a black tape on a webcam when not in use
7) Learn basic encryption to protect email
8) Don't hand out your primary email or phone number to consumer companies