The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Tuesday, May 10, 2016

9927 - Cyber Security - Everybody's problem, but who's responsible? - Linkedin

CEO, Enterprise Architect, Strategist, Adjunct Prof.

  • Apr 30, 201638 views
Cyber security or the lack thereof has topped the agenda, in many surveys, from Government leaders to CEOs to CIOs to a humble consumer. It is often treated as a technology issue or an IT problem but its recognition as a corporate threat and associated risks and responsibility goes all the way to the top. Often, it is everybody’s problem, but nobody seems responsible.
Here are 9 steps the business and IT leaders, at all levels, need to follow to fulfil cyber security related obligations, duties and responsibilities.

1. Clearly understand how to protect an organization’s assets from cyber-attacks.
Given the damaging nature of cyber-security, it is foremost critical to understand it fully and implement appropriate protections for organisations assets. Learn from mistakes, us and others have committed and harden the assets within and outside the enterprise from that experience. Cyber Intelligence takes this awareness and action a step further to predict and manage cyber threats. Invest in it.

2. Understand reputation, legal and regulatory risks associated with cyber security breaches.
As we have seen from notorious attacks on many well known corporations, business reputation damage is the major fall-out from cyber attacks. Rightly so. Who can trust the business where your private data as customers and partners are open to criminal manipulations?

Increasingly, immediate reputational damage, even if well managed, fall further foul of legal and regulatory risks, attracting major enquiries and penalties from governmental agencies, industry watch-dogs and stakeholder groups.

3. Identify cyber security as an important requirement of enterprise risk management and governance framework.
Often, cyber-security is an afterthought, a result of an attack or panic caused by a regulatory compulsion. Leaders need to identify cyber-security as a critical business requirement, an integral part of Governance, Risk and Compliance management process. Business Architects need to include cyber-security as integral requirement of building business/operating models and capabilities. Given the rapid push in digital transformations and associated business process changes, cyber security needs to be part of its design and not a bolt-on fix.

4. Include cyber security in the CEO’s risk management objectives and performance goals. Do not just delegate responsibility to the CIOs.
Cyber security needs to be part of the corporate strategy and the structure, to be an effective protection. The culture needs to reflect this change. The best way to make this possible is to include cyber-security as part of CEO’s risk management objective and performance goals. If not, it gets pushed down to technology, to CIO and eventually to some IT security analyst. KPIs do get percolated down, but the Board and CEOs need to own this as part of their performance goals.

5. Gain a good understanding of the organization’s action plans in the event of major cyber-attacks and disruption of business services. Put these plans to the test at least twice a year.
Once top-down KPIs are clear, the Action Plans for attack prediction and recovery falls into place. Plans need to be tested at least twice a year as part of business continuity.

6. Ensure all cyber security breaches (no matter how small) are reported to the board of directors with a full explanation of actions taken.
In spite of preparedness, attacks do occur as cyber criminals become more sophisticated and more unpredictable. Thus an ongoing breach escalation and management is critical to ensure senior leaders right up to board of directors and Chair persons are aware of the problem and solutions. This helps ongoing corporate wide learning and evolution.

7. Leverage internal audit and external audit functions to review cyber security.
Just as audit and control functions are regular and common for various processes, they must be applied to cyber-security as well. This cyber auditors, both internal and external need to bring the latest assessments to strengthen corporate assets.

8. Use independent, external expertise to provide advice and guidance to CXOs about cyber security and technology governance matters.
CXOs and the Board of Directors need twice a year update on cyber-security, from threats levels, intelligence to protection and plans. These are critical governance matters that CXOs need to keep up-to-date, so they can invest in right strategies and capabilities. This sends a strong message to all the stakeholders and threat-actors that the corporation is serious about cyber-security and its assets and people are well protected.

9. Educate all stakeholders on cyber security awareness and action
Prime all the stakeholders, internal and external, connecting to the enterprise on the cyber security preparedness, precautions, plans, procedures and alerts. Given the agility and scale of these attacks, a system of quick alertness and action is vital to seal any cracks. Learn and keep strengthening the defences.

I wish to acknowledge seminars and articles by The Australian Institute of Company Directors (AICD) on Cyber Security. I’m a member of AICD.