In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Monday, May 9, 2016

9922 - India’s Aadhaar Law and Cyber Security, with a legal eye - Financial Express

By Express Computer on May 2, 2016



Pavan Duggal, Cyber Law Expert and Advocate Supreme Court of India

Issues pertaining to cyber security of Aadhaar ecosystem need to be very well examined and analyzed. The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 not only symbolizes the biometric identity of individuals, but it also symbolizes biometric and demographic face of the biggest democracy in the world.

By Pavan Duggal

The month of March, 2016 was a historic month in the legislative history of India. This was the month in which the Parliament of India debated and passed a legislation dedicated on Aadhaar being the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. The said Act has received the assent of the President of India on 25th March, 2016 and came into effect thereafter.

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 is indeed very significant as this has for the first time provided legal sanctity and validity to the Aadhaar ecosystem. It is pertinent to note that earlier in 2009, when Aadhaar was introduced it was done by means of an act of the Executive. From 2009 to 2016, there was not a single legislation that was passed by Parliament, which granted legality to the Aadhaar ecosystem. Meanwhile, various Public Interest Litigations were filed in the Supreme Court of India and the Supreme Court held that Aadhaar cannot be made mandatory by the Government till such time privacy related issues concerning Aadhaar ecosystem are not effectively determined by the Supreme Court.

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 is a law that is aiming to provide for, as a good governance, efficient, transparent, and targeted delivery of subsidies, benefits and services, the expenditure for which is provided from the Consolidated Fund of India, to individuals residing in India through assigning of unique identity numbers to such individuals.

The said legislation deals with enrolment and grant of Aadhaar Numbers on the receipt of demographic information and biometric information from the applicant. The term “demographic information” has been defined to include information relating to name, date of birth, and other relevant information as may be specified for the purposes of issuing an Aadhaar Number. However, the definition of demographic information does not include race, religion, caste, tribe, language, records of entitlement, income or medical history. 

Further, since Aadhaar is based on biometric information, biometric information has been defined to mean photograph, finger print, Iris scan, or such other biological attributes of an individual as may be specified by regulations.

The legislation has provided for the establishment, operation and maintenance of the Central Identities Data Repository for all the biometric and demographic information of Aadhaar Number holders. Further, Unique Identification Authority of India (UIDAI) has been given the responsibility of authentication of the Aadhaar Number of Aadhaar Number holders in relation to his or her biometric or demographic information provided, on the request made to the said Authority by any requesting party.

Given the fact that Aadhaar deals with the biometric information, the same is sensitive personal data within the meaning of the law, as defined under the Information Technology Act, 2000 and rules and regulations made thereunder. In the context of the Aadhaar ecosystem, thus the security of identity information becomes critical.

The Unique Identification Authority of India (UIDAI) has been straddled with this primary responsibility of ensuring the security of identity information and authentication records of individuals. Further, the Authority has been mandated to take all necessary steps to ensure that information in its possession or control is secured and protected against access, use or disclosure not permitted under the law and against loss, destruction or damages.

A perusal of a number of offences under Chapter VII of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 including unauthorized access to Central Identities Data Repository shows that they have not been given the kind of deterrent effect that matches the expectations of people.

In this regard, the cyber security protection elements pertaining to Aadhaar assume tremendous significance. Under Section 28 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, the Authority has been mandated to adopt and implement appropriate technical organization security measures for the information in question. However, what the said appropriate technical and security measures will be, have not been defined.

The Indian Cyberlaw mandates that reasonable security practices and procedures must be undertaken by a legal entity dealing, handling or processing sensitive personal data. Further, the Indian Cyberlaw has made ISO 27,001 as an embodiment of reasonable security practices and procedures. In this context, we find that the specified cyber security parameters in respect of Aadhaar ecosystem, has not been so prescribed, thereby leading to potential confusion.

The issues pertaining to cyber security as defined under the Information Technology Act, 2000, in my opinion, are equally applicable in the context of the Aadhaar ecosystem. The Aadhaar legislation has not really gone much deeper into the issue of protection and preservation of cyber security pertaining to the Aadhaar ecosystem. It is important to appreciate that the Aadhaar ecosystem is a Critical Information Infrastructure of India and as such, there is a need for specific provisions to enhance the cyber security of the said Critical Information Infrastructure.

Further, it is pertinent to note that the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 itself does not have any specific provisions for protection and preservation of cyber security in the context of the Aadhaar ecosystem. However, it is pertinent to note that the Central Government has been given the discretion to make rules to carry out the provisions of this Act. The Central Government can come up with specific cyber security parameters for protecting and preserving not just the Aadhaar Numbers, but also the connected biometric and demographic information and also all contents pertaining to the Central Identities Data Repository.

Issues pertaining to cyber security of Aadhaar ecosystem need to be very well examined and analyzed. The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 not only symbolizes the biometric identity of individuals, but it also symbolizes biometric and demographic face of the biggest democracy in the world. As such, it is likely to expect that with the passage of time, the Aadhaar ecosystem could potentially be targeted by various state and non-state actors. Unauthorized breach into the cyber security could also prejudicially impact its security and also prejudicially impact the preservation and protection of India’s cyber security, sovereignty and integrity. In case, if this aspect will not given the requisite focus and emphasis, this could lead to potential cyber security breaches which could impact not just the Aadhaar ecosystem as a whole, but could also impact people’s confidence and trust in the Aadhaar ecosystem as the identity system

All stakeholders are looking up to the Government to come up with appropriate cyber security mechanisms, processes and procedures which can help make the Aadhaar ecosystem far more protected, from unauthorized intrusion by state and non-state actors. This is a matter of urgent and immediate concern. 

It is common knowledge that the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 was passed very quickly. In this context, the responsibility lies on the Central Government to ensure that it puts in place adequate norms, procedures and mechanisms, in addition to the norms already stipulated under the Information Technology Act, 2000, to deal with cyber security aspects of biometric information of Aadhaar in the Central Identities Data Repository, for making the Aadhaar ecosystem far safer and more secure.

The author Pavan Duggal, Advocate, Supreme Court of India, and leading expert and authority on Cyberlaw, Cybersecurity Law & Mobile Law. The author is also President of Cyberlaws.net; and Head of Pavan Duggal Associates, Advocate

- See more at: http://computer.financialexpress.com/columns/indias-aadhaar-law-and-cyber-security-with-a-legal-eye/17347/#sthash.XBiglnCX.dpuf