The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Wednesday, March 9, 2016

9453 - The stiff backbone of aadhaar bill - Live Mint

Tue, Mar 08 2016. 01 45 AM IST

We need an Aadhaar legislation to establish boundaries within which the ID database will function and clearly cordon it off from government over-reach

Massive sensitive personal information has been collected under Aadhaar, and the government has a casual and porous approach to inter-departmental data transfer. 

Photo: Mint

When the National Democratic Alliance (NDA) introduced the Aadhaar Bill in Parliament late last week, it looked like the government was trying to latch the stable door a few years after the horse had bolted. This is 2016. We are approaching the one billion-mark in number of Aadhaar cards issued. Passing an enabling legislation now is a bit like planning a coronation to celebrate the diamond jubilee of the Queen.

Much of the opposition to Aadhaar comes from the massive amounts of sensitive personal information that has been collected. These apprehensions are exacerbated by the casual and porous approach that the government has to inter-departmental data transfer—a fear that was brought into sharp focus when it took the full might of the Supreme Court to stop the Central Bureau of Investigation (CBI) from accessing the Aadhaar fingerprint database.

This is why we need an Aadhaar legislation—to establish boundaries within which the identity database will function and clearly cordon it off from government over-reach. In many ways, it is far more important to have a legislation today, as the project enters the implementation phase, than when the project was conceived.

I have worked with the government on drafting a privacy legislation and my expectations of the Aadhaar Bill were low. 

The government hates absolutes, and I was resigned to finding privacy provisions riddled with exceptions. I was pleasantly surprised to find only a few. I will go so far as to say that the Aadhaar Bill, if it passes in its current form, will impose some of the strongest fetters on government over-reach, of any legislation in the country.

The best example of this is in the protection afforded to core biometric information—a subset of biometric information that includes the fingerprints and iris scans and forms the foundation of Aadhaar’s authentication mechanism. Under Section 29, core biometric information cannot be shared with anyone for any reason whatsoever. The section makes it clear, in language that brooks no exception, that this information cannot be used for any purpose other than the generation of Aadhaar numbers and authentication of Aadhaar number holders.

There are many examples throughout the bill where core biometric information has been ring-fenced in this manner. For instance, Section 8, which deals with authentication, states that the response to an authentication query must exclude core biometric information. Perhaps the most extreme manifestation of this is in the proviso to Section 28 (5), which prevents the Aadhaar number holder from accessing his own core biometric information in the Central Identities Data Repository (CIDR).

The other pleasant surprise is the manner in which classic privacy principles of notice, consent and purpose limitation have been liberally sprinkled throughout the statute. Enrolment officers have to inform individuals seeking enrolment how their information will be used, who it will be shared with and what access rights they have. Requesting entities must obtain consent before collecting information for authentication and provide details of the information that will be shared and the alternatives available if the individual doesn’t want to submit identity information.

There is an entire provision (Section 28) devoted to the protection of information. This is yet another example of a provision that has been framed in the absolute—prohibiting the authority from revealing any information stored in the CIDR.

It would have been too much to ask for the legislation to have been completely devoid of exceptions—Section 33 allows for judicial and executive exceptions to the absolute prohibition against disclosure of information. It states that the protections of Sections 28 and 29 will not apply against the order of a district judge (or higher). Similarly, the protections under Sections 28 and 29 can be over-ridden by directions issued by an officer above the rank of joint secretary, in the interests of national security. Any such direction must be reviewed by an oversight committee before it takes effect.

This is not a legislation without flaws. There is a lot that’s left to be clarified through delegated legislation, and if there is one thing experience has taught us, it is that the devil is in the detail. One particularly disappointing provision is Section 29(4), which seems to allow core biometric information to be made public for purposes specified in the regulations—contrary to the manner in which it has otherwise been ring-fenced.

In the balance, this is a good legislation, filled with the kind of stiff backbone needed in a law that will form the basis for the digitization of government services. I have apprehensions about how it will be implemented, whether in practice, the privacy protections of consent, notice and purpose limitation will be given effect to. Or whether the national security exception will be misused. But given the absolutes in the drafting, it’s likely that the courts will make short work of any transgressions.

Rahul Matthan is partner in the Technology, Media and Telecom (TMT) group at Trilegal.