The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Thursday, April 14, 2016

9827 - All you need to know about UPI, the Unified Payment Interface - Business Standard

The UPI technology promises to change the way Indians carry out transactions, and aims to move to a largely cashless economy at the retail level

Shishir Asthana  |  Mumbai 
April 12, 2016 Last Updated at 16:22 IST

The way we undertake money transactions in India is expected to change dramatically with the introduction of the Unified Payment Interface (UPI), which aims to move the country towards a more cashless model. Developed by The National Payment Corporation of India (NPCI), the payment interface is expected to be a game changer in mobile banking.

Shikha Sharma, managing director and CEO of Axis Bank, considers UPI the ‘WhatsApp moment’ for payments in India.

The Reserve Bank of India (RBI) in its Payment System Vision Document (2012-2015) had mentioned the use of UPI for achieving its goal of a lower cash-intensive society and financial inclusion using the latest technology.

Here’s a closer look at what the RBI is trying to achieve through UPI and how it will make our lives easier. But before that, let’s look at the current status of non-cash transactions in the country.

According to an NPCI document, the number of non-cash transactions per person stands at just 6 per year. Only a fraction of the 10 million-plus retailers in India have card payment acceptance infrastructure – presently this number stands at 0.6 million, or 6%. What these numbers reflect is the potential that exists as penetration of smart phones is projected to increase from the current level of 150 million to 500 million over the next few years.

What are the key drivers of UPI?

The NPCI document points out that the key goal of implementing UPI was to simplify and provide a single interface across all segments. The key drivers for this are:

Simplicity: The thinking behind the UPI was to make the application as simple as possible. Paying and receiving payments should be as easy as swiping a phonebook entry and making a call on mobile phone, says the document. An account holder should be able to send and receive money from their mobile phone with just an identifier without having any other bank/account details. All they need to do is to "pay to" or "collect from" a “payment address” (such as Aadhaar number, Mobile number, RuPay Card, virtual payment address, etc.) with a single click.

Innovation:  The idea here was to come up with a solution so that innovations on both payee and payer side can evolve without having to change the whole interface. It should allow application providers to take advantage of enhancements in mobile devices, provide integrated payments on new consumer devices provide innovative user interface features, take advantage of newer authentication services, etc.

Adoption:  Given the size of the potential user base, the key was to have a solution which should not crash and be scalable to a billion users and enable large scale adoption. It should allow gradual adoption across smartphone and feature phone users and provide full interoperability across all payment players, phones, and use cases. People using smartphone should be able to send money to others who are not yet using any mobile application and vice versa. Similarly, it should allow full interoperability between multiple identifiers such as Aadhaar number, mobile number, and new virtual payment addresses.

Security: One of the key areas of concern among users is security. The solution had to provide end-to-end strong security and data protection. The trick here was not to reveal too much data like banking or other personal details which could be misused. For convenience, the solution also had to offer 1-click 2-factor authentication, protection from phishing, risk scoring, etc.

Cost:  India is a cost-conscious country and any product with a high cost is likely to have a short life. Since mobile phone number is used as an authentication (credential capture) device, use of virtual payment addresses, and use of third party portable authentication schemes such as Aadhaar should allow both acquiring side and issuing side cost to be driven down.

What are the objectives of UPI?

The key objective of a unified system is to offer an architecture to facilitate next generation online immediate payments leveraging trends such as increasing smartphone adoption, Indian language interfaces, and universal access to Internet and data.

UPI is expected to further propel easy instant payments via mobile, web, and other applications. The payments can be both sender (payer) and receiver (payee) initiated and will be carried out in a secure, convenient, and integrated fashion. Virtual payment addresses, 1-click 2-factor authentication, Aadhaar integration, use of payer’s smartphone for secure credential capture, etc. are some of the core features. It supports the growth of e-commerce, while simultaneously meeting the target of financial inclusion.

Who can use UPI?

Anyone with a mobile phone and a bank account will be able to take benefit of UPI for either receiving or transferring money.

How is it different from the existing system?

In the present system, in order to make any transaction the account holder’s bank IFSC code is needed, which reveals bank account details. But using UPI, all one needs is a virtual address which is unique to you and it camouflages the bank and personal detail of the user or the receiver behind it.

What is the level of security in UPI?

UPI has a single click-two factor authentication system which means that with one click the transaction is authenticated at two levels. The user will need a mobile phone with a mobile pin called MPIN and a virtual ID offered by the provider. With a click the transaction is checked if the mobile pin matches with the virtual address only then does the transaction goes through.

Here is an example to explain the process.

Suppose you have bought some goods at a mall and need to make a payment for it. You have to inform your virtual address to the person at the counter who enters the address in his or her system. The mall’s system then sends an authentication message to the virtual address which is mapped to your mobile. Only after receiving the message and acknowledging it by entering your password is the transaction complete and the amount debited from your bank account or wallet.

Is virtual address unique to the user?

Virtual addresses offered by the provider need not be permanent. For example, a provider may offer “one time use” addresses or “amount/time limited” addresses to customers. In addition, innovative usage of virtual addresses such as "limit to specific payees" (e.g., a virtual address that is whitelisted only for transactions from IRCTC) can help increase security without sacrificing convenience. PSPs can allow their customers to create any number of virtual payment addresses and allow attaching various authorisation rules to them.

UPI is important for implementation of the JAM (Jhan Dhan Yojana, Aadhar and Mobile) trinity which Finance Minister Arun Jaitley spoke of during his Union Budget presentation. Raj Jain, chairman and managing director of RS Software, the company that helped NPCI launch UPI, said: “The launch of UPI will go down in history as amongst the most important initiatives to transform India.”