The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Saturday, April 23, 2016

9860 - The Technocratic Visions of Nandan Nilekani: What an Aadhaar-Enabled Future May Look Like - The Wire

The Aadhaar ecosystem is best thought of as a birthday cake: the cherry, the icing and the cake itself. Credit: Australia India Institute

If there’s one person that’s smiling after last Friday, when the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill was given an overwhelming stamp of approval by the Lok Sabha, it’s Nandan Nilekani.

Although the origins of the UID project can be traced back to the first NDA government, it is mostly due to the efforts of the Infosys co-founder and Congress party member that the Aadhaar initiative was given shape and pushed through the largely dysfunctional second UPA government.

With the national identification project now receiving statutory backing, what lies in store for India’s citizens? What else can it be used for; what feats of technological efficiency can be achieved? Or in other words, what sort of house can be built upon the Aadhaar system?

Fortunately for us, Nilekani’s latest book, Rebooting India, released late last year, comes with a number of examples. Nilekani and his co-author, Viral Shah, think almost exclusively in terms of networks, databases and centralisation; the very same centralisation that many people fear can be exploited without the proper privacy and security safeguards that India currently lacks.

At the beginning of Rebooting India, Nilekani illustrates his argument with a diagram of a “class of applications”, that includes ‘social security schemes, subsidies, government services, e-KYC, voting/administration’. This classification, however, is a little messy. It doesn’t adequately explain how Aadhaar could impact our society, both from a positive and negative perspective.    

It’s far better to think of an Aadhaar card and its application ecosystem as a birthday cake that consists of three parts: the cake, the icing and the cherry on top. All of the examples given below, divided into three categories, are potential use-cases that have been laid out by Nilekani and Shah in their book.

Part 3 – The cherry
The cherry is what the Aadhaar card is capable of in the future. It’s what can be built upon the UID system and is simultaneously exciting and a little frightening.

Voting 2.0: The Death of Fraud:  In early 2015, Chief Election Commissioner H S Brahma announced that the voter ID and Aadhaar number systems would be linked in order to help stamp out voter fraud.

A person with unique biometric data obviously cannot vote twice and as Nilekani and Shah write, “creating a fake voter profile would become so complicated that no would-be election rigger would bother trying.”

This, however, is only the beginning. While the Aadhaar system can obviously be used to speed up our sluggish voter enrolment process, the real advantages come when the voting system becomes electronic. Once our Aadhaar cards allow us to identify ourselves, smartphone applications “can allow every aspect of the voting process – voter registration, address changes, polling booth information, perhaps even casting one’s ballot – to be available to us on our smartphones”.

In the short-term, the government could potentially boost enrolment by algorithmically nudging its citizens once the voter ID and Aadhaar databases are linked ( a suggestion that the book says was made by former CEC N Gopalaswami). Since Aadhaar cards are issued to all Indian residents from birth onwards, the system can “automatically flag those Aadhar card holders who turn 18 in a given year, making them eligible to vote”. Once these potential voters are identified, they can be prompted to start the voter registration process, thus hopefully reducing a barrier for lethargic voters.

The National Health Information Network (NHIN):  Imagine an electronic medical record system (EMRS) used by multiple health service providers. “For example, a pharmacist can pull up a prescription, doctors can pull up diagnostic test results from labs online and insurance companies can provide customised quotes based on prior history,” the authors write in their chapter on ‘Towards a Healthy India’.

As with everything else, the Aadhaar number serves as a basis for this as a “natural patient identifier”. Although the construction of a database will require some level of information sharing, once that is allowed by the user in question, the sky’s the limit. In the same way the government distributes subsidies to Aadhaar-linked bank accounts, health-related payments through government-backed insurance schemes can also be carried out.

Patients can walk to different hospitals with their data and after being identified, their health status follows them everywhere. But again, this is only the start. Nilekani & Shah believe that the Aadhaar-backed EMRS will be a “treasure trove of ‘big data’ that can be mined using analytics to identify public health trends, collect statistical data and detect epidemic outbreaks.”

Education, Exams and Jobs: From the problems of implementing the RTE act to the issue of fake resumes, the Aadhaar system has a possible role to play in the future.
The idea is simple: The RTE Act demands that private schools set aside 25% of their enrolment capacity for students from economically disadvantaged backgrounds. 

Instead of setting aside money only for government schools, some part of that funding that can be used to create ‘school vouchers’ that can be used by needy students to “pay for their education at a school of their choice”. “Aadhaar”, the authors write, “can be used in the creation of a central registry and voucher-issuance platform for schools and students”. “Students can be registered in the system using their Aadhaar numbers.” Once these vouchers are issued, matched against the correct Aadhaar number, parents can enrol their children at a school of their choice.

Changing track a little bit, the Aadhaar card system can also go a long way in cracking down on fake resumes (the authors quote statistics that show that one in five resumes in the IT industry are falsified). Prime Minister Narendra Modi already encourages the “de-materialization” of our educational degrees through his Digital Locker initiative. Once combined with an Aadhaar-based identification, a person’s educational qualifications can be guaranteed, “increasing trust between jobseekers and potential employers”.

Other low-hanging fruit can also be tackled. Entrance examination fraud, the most prominent example of which is the long-running Vyapam scam, can be eliminated to a great extent if students are authenticated using Aadhaar before entering the exam hall.

Part 2 – The icing
If the cherry is what can finally be built upon the Aadhaar number system, the icing is how Aadhaar is being sold by the current and past governments; how it is represented in mainstream debate; how it will eventually be funded.
It is here that there has been the greatest discussion. Nilekani and Shah’s outline here is simple and echoes the Modi government’s logic: Aadhar-backed bank accounts and micro-ATM systems will eventually result in a cashless India. But in the meantime, it can be used to mend India’s social safety nets, fix our leaking subsidy system and bring order to the country’s somewhat chaotic identification system.

A number of legal and academic critics counter the above arguments by pointing out how the Aadhaar can be used as a method of exclusion, how its technology is flawed, and how it could work against the very beneficiaries it should be helping. Citing Edward Snowden’s revelations, they argue mass surveillance will likely result, even if they don’t properly expand on how exactly the Aadhaar database will result in constant surveillance.

Part 1 – The cake
The cake is what the Aadhaar card actually is, when stripped down to its core: An identification number that can be used to identify a person electronically. In popular, mainstream debate this definition is taken for granted and is often overlooked when critics express their worries.

In the opening chapters of the book, the authors state very eloquently the difference between the Aadhaar project and any other system of identification, whether it’s your debit card or driver’s licence.

“To use an ATM to withdraw money you need a debit card (‘what you have’) and  a PIN (‘what you know’). Strong authentication can be provided by the UIDAI the biometrics (‘who you are’) combined with the one-time password sent to the mobile phone (‘what you have’),” they write.
There are two key phrases in the above paragraphs: ‘who you are’ and ‘identifying a person electronically’.

The latter is why the Aadhaar card is so powerful: theoretically, barring any lemon juice or Boroplus mistakes, it allows a system to authenticate your identity electronically in a single attempt. Other methods of electronic identification could require up to two or three different ways of doing so. But because Aadhaar is capable of doing so, it allows you to build upon it a variety of different applications.

On the other hand it is the ‘who you are’ part that concerns critics of the Aadhaar project. If there’s a system that can identify who you are in one step, it only stands to reason that the privacy and security of its users should be protected. It’s not enough that the system itself is secure, but that the legal apparatus around it is also in place. And yet much of the pro-Aadhaar rhetoric ignores this.

For instance, when the Attorney-General argued before the Supreme Court late last year on this issue, he pointed out if the poor wished to continue receiving benefits, they needed to be prepared to surrender their right of privacy.

In other similar arguments, the “oh, but the benefits outweigh the risks” approach also crops up very often. While this appears to be a seemingly pragmatic stance, it ignores the fact that we can have the cake and eat it as well. It’s completely possible to have an identification system that is used to transfer subsidies and a piece of national privacy legislation that protects the rights of India’s citizens. To argue otherwise, or to bring up ‘benefits outweigh the risks’ is to behave like a child; to want something right now simply because you want it.The governments of the last five years had ample time to pass a privacy law. They just never got around to doing it.

When we step back and look at the three layers of the Aadhaar cake, there are two different arguments against the project when it comes to issues of privacy and security. The first concerns the Aadhaar project’s database security and privacy: who else will have access to the database, under which conditions, and what will happen in the case of data breaches? 

This is extremely important – but this concern also applies to nearly every other centralised government database of citizen data. It makes more sense to have broad privacy legislation and a specific data regulator address these concerns, rather than have each database come with a specific piece of vaguely-worded legislation (the way Aadhaar has with its Section 33).

The larger argument against Aadhaar has more to do with the cherry and less to do with the icing. The Aadhaar database today is useful for transferring subsidies and other payments  but isn’t as exciting to private companies as the ecosystem that can be built on top of Aadhaar. The examples laid out by Nilekani in his book have started being built albeit in much simpler forms: an Aadhaar hackathon held at Khosla Labs in Bangalore earlier this year saw college students come up with ways to innovate on digital identity using the Aadhaar system.
Scroll reported today (PTI had an earlier piece on the same company last December before the Aadhar system was given statutory backing) on a company that uses a smartphone application and Aadhaar verification to verify the background details of semi-professional workers such as drivers and maids. And yet, there doesn’t seem to be anything too wrong with this because this is exactly how the Aadhaar API is supposed to work!  As YourStory points out, “the basic authentication that they [UID] allow third party apps as of now is to verify an entry in the Aadhaar database by means of querying any of the data points they capture.” Whether the Supreme Court allows this and whether the Aadhaar Bill legitimises these third-party applications, however, is yet another question.

The larger problem, therefore, is the question of government centralisation. The Aadhaar card system is almost techno-deterministic in nature; its existence demands that it be linked to other databases, to constantly extract value from its user data, and to carry out a process of algorithmic regulation in the name of efficiency.  The value of the Aadhaar database, to bureaucrats, policy-makers and politicians lies in how often it can be triangulated with other sources of data.

While this may be valuable to administration and instrumental in mitigating natural disasters, it could also backfire without proper safeguards. For instance: linking the Aadhaar database to the voter ID system could possibly allow governments to nudge new voters into enrolling. But what if this is done only in swing states, in swing constituencies and in areas that favour one political party over the other?

The death of privacy in autocracies allows repressive governments to target their citizens. In democracies like India, however, the lack of privacy legislation is seen by officials, such as our Attorney-General, as a method of providing services and benefits to citizens. This confused and even shocking logic – in which the defenders of the UID system respond not by allaying privacy concerns but by insisting citizens have no privacy rights – seems characteristic of our Aadhaar-enabled future.