The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Monday, November 30, 2015

9095 - Cybersecurity is the new battleground for human rights - Open Democracy

Andrew Puddephatt and Lea Kaspar 18 November 2015

Cybersecurity has become conflated with ‘national security’, with no consideration of what a ‘secure’ internet might mean for individual users. But, such a definition can be diametrically opposed to individual security. 

 Shutterstock/Gaudilab. Some rights reserved.

In July 2015, UKTrade and Investment (UKTI) opened a new centre in London to showcase Britain’s ‘dynamic and innovative’ cybersecurity industry to global investors. Four months later, the UK and US governments conducted a widely reported joint exercise with leading global financial firms to test collective resilience in the face of a ‘cyberterrorism’ incident. Last week, in the wake of horrific scenes in Paris, UK Chancellor George Osborne unveiled a comprehensive new ‘national cyber plan’, allocating £1.9 billion of new funding against a backdrop of swingeing cuts across government departments.
In his speech announcing it, which contained 134 instances of the word cyber, he boasted that despite “taking the most difficult decisions on spending in other areas,” the government has made “a deliberate decision to increase spending on cyber.” These are just three particularly high-profile instances in a year which has seen cybersecurity rise to unprecedented prominence in the media and policy space.
Nor is it just a UK phenomenon. Out of 193 International Telecommunications Union (ITU) member states globally, 67 now have live national cybersecurity strategies, and 102 have National Computer Incident Response Teams (CIRTs). International institutions including the Organisation of American States and the African Union are considering cybercrime conventions to set normative standards across whole continents. Cybersecurity is also increasingly present and visible as an issue in international relations and diplomacy. Recall, for example, Chinese prime minister Xi Xinping’s recent visit to the UK in October, where the main news story was a joint statement on cybersecurity, only a month after reports of a similar ‘cyber-peace deal’ between China and the US. As an ex-foreign minister of India recently noted, “[cybersecurity] has become a fresh domain of contention between states. It is true of land, seas, skies and outer space, all of which we have successfully militarized. Exactly the same thing is happening in cyberspace.” “We have successfully militarized land, seas, skies and outer space. Exactly the same thing is happening in cyberspace.”
A rights-based cybersecurity?
Among civil society and public interest groups however, there has, as yet, been little engagement or even research on this issue - something which unbalances the debate and locates cybersecurity as something for systems, rather than people. But cybersecurity is intrinsically about people. As a policy area concerned with the regulation of online behaviour, how it is defined and implemented will have - and is already having - profound implications for essential human rights such as privacy and freedom of expression. 
As human rights defenders, it is therefore crucial that we engage in this debate. But how? And what would a rights-based cybersecurity look like?
The natural starting point is to define what cybersecurity is - or at least how it is currently understood. This is surprisingly difficult. Cybersecurity encompasses a universe of different definitions, as the Global Cyber Definitions database (with 900 definitions and counting) demonstrates. To further complicate matters, cybersecurity is often conflated with cybercrime, or confused with related but distinct concepts such as cyber-resilience, cyber-warfare and cyber-defence.
Cybersecurity is intrinsically about people. How it is defined will have profound implications for privacy and freedom of expression.Broadly speaking, it is taken to mean the protection of digital information systems against attack, either by states or individual hackers. Recent high-profile incidents of this kind, like the TalkTalk data breach and Sony Pictures hack, have fed alarmist narratives of a ‘cyber-crimewave’, in spite of the absence of reliable supporting evidence (indeed, a recent report suggested cybercrime is actually becoming rarer).
This is not to suggest that threats don’t exist, or that cybersecurity isn’t important - quite the contrary. From a human rights point of view the US Personnel Department hack earlier this year, which exposed the sensitive personal information of 22 million people - including mental health records and details of drug and alcohol abuse - is a catastrophe, demanding urgent remedial action and radical reform to ensure it never happens again.
But because of the poverty and narrowness of current discourse around cybersecurity, this hasn’t happened. There has been no discussion about whether such vast amounts of data should have been collected in the first place, given the weak safeguards in place – a risk which the Electronic Frontier Foundation had flagged as early as 2010. Instead, the incident was treated as a diplomatic incident, with US officials blaming China and weighing options for ‘retaliation’.
This is what happens when a policy area is exclusively framed by security agencies and selected private sector interests. The US Cybersecurity Information Sharing Act (CISA), for example – which many argue undermines data protection law, and increases rather than reduces the risk of future attacks – was negotiated entirely behind closed doors, with the only non-governmental input coming from telecoms industry lobbyists. We live in a world where a small elite of tech companies have built vast monopolies on a business model which relies on the extraction, storage and monetization of our personal information.
As a result, cybersecurity has become wholly conflated with ‘national security’, with no consideration of what a ‘secure’ internet might mean for individual users. Indeed, such a definition of cybersecurity – in which surveillance powers are expanded, encryption and anonymity limited, ‘backdoors’ installed and accountability structures weakened – can be diametrically opposed to individual security.
Ironically, from the user point of view there has never been a greater need for cybersecurity. We live in a world increasingly defined by data, where a small elite of tech companies have built vast monopolies on a business model which relies on the extraction, storage and monetization of our personal information. Government services, which hold sensitive data on everything from taxation to health records, are rapidly moving online, while a nascent Internet of things ushers in a new age of wearable health monitors, hackable toasters and TVs that listen to you.
That is why rather than simply decrying current attacks on data protection and privacy, we need to proactively advocate for a new definition of cybersecurity, centered on the security and rights of the end user, rather than on systems.
Our informed consent
What would this look like? It might mean a legal and normative shift in our conception of data ownership, putting ownership and control of personal information in the hands of the user, rather than the service provider. It might mean guaranteed end-to-end encryption and public education programs that focus upon personal privacy and data protection. It could mean instilling stronger accountability and oversight structures where data collection is deemed necessary, by ensuring that the scope of such powers is narrowly defined, and that oversight mechanisms include staff with high level computer skills, and judicial authorisation for any interference in people's’ privacy.
The internet is interoperable, multi-jurisdictional, and horizontal, qualities which seldom conduce to security.Above all, we need to fight for an open, inclusive, multistakeholder approach to internet policy-making. In a democratic society, the implementation of cybersecurity demands the informed consent of the population - which means ensuring that voices other than security agencies are involved in the debate. How can human rights defenders push for this?
Local campaigns against proposed legislation are, of course, crucial - with the coordinated fight against CISA in the US an inspiring recent example. But we also need to be thinking about how to drive engagement on this issue in the absence of big legislative flashpoints.
This will mean proactive lobbying and a willingness to engage in public debate - not simply denouncing measures that promote cybersecurity, but consciously seeking to shift the debate to an understanding of cybersecurity as the protection of the person. It will require action at the global, as well as local and regional, level. 
There are signs that these issues are beginning to be addressed. At the recent Internet Governance Forum in Brazil, Working Group 1 of the Freedom Online Coalition (FOC) presented a set of draft recommendations for a rights-respecting cybersecurity policy, developed through a multistakeholder process, complementing earlier efforts by civil society groups like CitizenLab and ICT4Peace to move the debate forward. Earlier this year, the Dutch government decided to invite over 500 civil society participants to the Global Conference on Cyberspace - the most recent iteration of the London Process, which previously offered very limited provision for civil society input. We must encourage more initiatives like this.
Cybersecurity is an issue that goes to the very essence of what the internet is. The internet was never, after all, made to be secure - by design it is interoperable, multi-jurisdictional, and horizontal, qualities which seldom conduce to security. But it is these qualities which make it valuable and worth fighting for. If we want to keep it that way, this is a debate we can’t afford to avoid.

The article references the work of the Freedom Online Coalition and the Global Conference on Cyber Space. For the sake of transparency, the authors would like to clarify that Global Partners Digital is the Secretariat of the Freedom Online Coalition, and was a facilitator in the Global Conference on Cyber Space in 2015.