The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Friday, December 11, 2015

9147 - Securing the right to privacy - The Hindu Business Line


Digital trail Its dangers cannot be wished away enzozo/shutterstock.com

It will take both technology and awareness to create a foolproof and workable system

On August 11, 2015, a division bench of the Supreme Court recommended that a constitutional bench should determine whether privacy is a fundamental right.

While that outcome would be eagerly awaited, there is an urgent need to restart the stalled process for dedicated privacy legislation as recommended by the Justice Shah committee report in 2012.

Admittedly, the existing provisions under the Information Technology Act and elsewhere do not fulfil the need. This is why consultations have been happening at least since 2009 soon after the IT Act was amended.

Government initiatives such as Digital India and Pradhan Mantri Jan Dhan Yojana can indeed accelerate the process of inclusive and equitable development through citizen empowerment.

The biometric ID, Aadhaar, plays a pivotal role, with 900 million enrolments already and a million being added daily. Beyond the government endeavours, Indians have taken to mobiles and the internet like fish to water and various innovative services have emerged in areas as diverse as farming, education, healthcare, entertainment, and even travel and transport.

All such transactions and interactions leave a digital trail, often interspersed with personally identifiable information such as mobile numbers and income tax PAN as well as with personally sensitive information such as financial and medical records.

Ground realities
In India, banter between strangers such as fellow train travellers exchanging names, occupations, family details, incomes and even marital status, is not unusual but has relatively low risk of misuse as their paths are not as likely to cross as often as Bollywood would like us to believe. However, the risk is significantly higher if you share the PIN (Personal Identification Number) of a debit or credit card, whether out of blind faith or due to ignorance or, for that matter, by clicking on a fake link purported to be from your bank.

The Reserve Bank of India’s approval for eleven payment banks would also imbue a massive shift in digital transactions. In addition, the Internet of Things (IoT) and the draft human DNA profiling Bill would only compound the challenge. All the sensors connected to the internet would keep generating and transmitting data while DNA information would be stored digitally.

Hence, we need to foster end-to-end trust across the digital ecosystem so that what should remain private, remains so. All the same, with so many identifiers and the data deluge, it is not very difficult to identify individuals by interlinking discrete databases and yielding extremely rich profiles of groups and even individuals, thanks to the rapid pace of digitalisation, hyper-connectivity and Big Data analytics. Beyond bona fide usage for national security and law enforcement, such exercises can be misused for intimidation, blackmail and even actual threats, thereby bringing sharp focus on privacy within the realm of public policy.

Cybersecurity boosts privacy
Security and privacy are often depicted as counterpoints to each other as if one would have to be sacrificed for the other. However, in today’s digital ecosystem, they actually reinforce each other and have a symbiotic relationship. If our data is not secure, then neither is our privacy. Inadvertent disclosure as well as wilful theft of private information through a series of data breaches reported over the last two years account for about a billion records.

These have occurred across all parts and regions around the world — including government agencies, businesses large and small, celebrities and even individuals.

According to the Online Trust Alliance, nine out of ten such breaches could have been prevented if basic cyber security best practices were observed such as installing security software on mobile and computing devices, and using strong passwords, second factor authentication and end-to-end encryption.
However, privacy law should not be so onerous as to cause a chilling effect on innovation. Someone might be willing to share the location data with a map service while on the road hoping to get routing suggestions, but they also should be able to disable the functionality when they do not want their location to be tracked by the map service. User-friendly tools can provide such flexibility.

Beyond legislation
Obviously, beyond legislation, we need to use technology that enhances security and privacy. But we also need to create awareness amongst the public at large and empower them to make judicious choices in terms of what and when to share specific information and with whom and how.

After all, it would be a misplaced expectation to seek solace and solution in law and technology if people share private information with one and all through the social media, for example, under some inducement.

Such social engineering has become the new vanguard of cyber criminals. Likewise, the underlying principle for data collectors should be minimalism rather than an attempt to collect unnecessary and irrelevant data.

For example, if the over-the-counter reservation forms for railways do not have any field to capture the marital status of the applicant, what is the need for that while creating a user profile before booking a ticket online?

Beyond principle-based legislation, we need an enlightened citizenry and responsible businesses and government agencies, coupled with effective enforcement to secure our right to privacy.

The writer is the director of Government Affairs, India, Symantec
(This article was published on December 7, 20