The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Sunday, January 22, 2017

10770 - The Case Against Aadhaar - Counter Currents

in Human Rights / India — by Viswanath L — December 30, 2016

If there is one document that has proliferated in India more than anything else, it is the Aadhaar card. Touted initially as a technological solution to the menace of corruption in welfare programmes, it has slowly emerged, quite unannounced, as an identification number for all citizens. It has found widespread acceptance and appears to have become the new normal.

The technology
To understand the truth about Aadhaar, we first need to understand the technology underlying it. The Aadhaar programme has identified biometrics (i.e. biological attributes of an individual) as the unique markers that will help to establish one’s identity unambiguously and without duplicity.The question is whether biological attributes are indeed unique to each individual? The answer is yes! An easy analogy from the world of mathematics would be real numbers. No two real numbers can ever be exactly equal. Same is the case with biometrics, whether fingerprints or iris scans or any other. The de-duplication process in Aadhaar enrolment exploits this very uniqueness of biometrics, thereby promising that it will be impossible for one person to fraudulently acquire more than one Aadhaar number. Here is where the limitation of technologycomes. Just like real numbers could come arbitrarily close, biometrics may also come arbitrarily close among several individuals. One individual may be distinguished from another provided their biometrics differs by more than the tolerance of the matching technology. It is well possible that two or more persons may fall within the tolerance limit and hence all but the first such person to enrol may be deemed to be duplicates. An affidavit filed by the UIDAI in response to a writ petition mentioned that out of 80 crore enrolments at that time, about 8 crore were rejected as fake/duplicate. The ratio of 1 in 10 is significantly higher than theoretical estimates of discernibility using biometrics. While the UIDAI may consider this an achievement, it may actually be reflective of the complex reality of India, where large numbers of people have poor quality biometrics, due to poor living conditions and/or hard labour. The Aadhaar Act and regulations do include provisions to enrol people having unreadable biometrics, but these are more for legal completeness. There are numerous cases where persons with worn out fingerprints or cataract in their eyes are finding it very difficult to get themselves an Aadhaar number.

Another interesting point here is that with the sample space continuously growing, the chances of overlap will keep increasing to a point where the existing set of biometrics may reach saturation. A new biometric will have to be added then. It is noteworthy that the Aadhaar Act, 2016 does not limit the definition of “core biometric information” to fingerprints and iris scan. Someday we may see the government collecting DNA of all citizens. This is not fear mongering. Since 2007 the Govt. of India has been working on a Human DNA Profiling Bill and it was slated to be presented in March 2015, but shelved due to opposition from concerned citizens.The government’s ambitions are limitless. We are all being drafted into a grand social cum science experiment, with unforeseen consequences along the way. It would be relevant to recall here that when the Aadhaar programme was first rolled out, only fingerprints were used for de-duplication. Iris scan was added only some years later as fingerprints were proving to be too noisy. So we already have a precedent. Should a new biometric be added to the Aadhaar programme, all existing enrolees will also have to queue up to submit the same, otherwise how would the de-duplication technology work? So the UIDAI may rejig the database any number of times as per its own assessment and may throw out new duplicates each time. The technology is continuously evolving and always probabilistic, while an individual’s identity should be deterministic. Denying an individual his identity is nothing short of denying him the fundamental right to life.
Those already in possession of an Aadhaar number may consider themselves to have crossed the above barrier. But are they out of the woods? Here comes another aspect of biometrics. The human body is continuously changing due to age, alongside other abrupt factors like illness or accident or manual labour. To give an extreme example, does a person enrolling into Aadhaar at the age of 20 expect that his fingerprints and irises will remain unchanged even at 80? The same technology that distinguishes one person from another is also applied to positively identify an already enrolled individual, the process being called “authentication”. Authentication will succeed till the changes in biometrics do not exceed the tolerance threshold, with respect to the records in the Aadhaar database. But how  can a person estimate beforehand to what extent his body parts have changed? The Aadhaar Act recognizes this problem and conveniently places the onus of successful authentication on the individual. Clauses 6 and 31(2) effectively state that it is the individual’s responsibility to keep his biometric records in the database up to date; clause 31(2):“In case any biometric information of Aadhaar number holder is lost or changes subsequently for any reason, the Aadhaar number holder shall request the Authority to make necessary alteration in his record in the Central Identities Data Repository…”.This is a well-nigh impossible proposition. Should a person make it his favourite pastime to visit the Aadhaar centre whenever possible, or should he wait for the axe to fall someday?Authentication failures are actually playing out in the field, in states where Aadhaar has been linked to PDS or subsidized kerosene or old age pensions. An official survey in Andhra Pradesh in 2015 found that the success rate was below 50% in many ration shops. These are not teething problems, unlike what the UIDAI would like us to believe.These are due to the nature of the data itself and can never be completely fixed.In order to get around the everyday problem due to biometrics, states like Gujarat and Karnataka have started issuing several months’ worth of print coupons against one authentication. So we are back to the same paper work that we so famously wanted to avoid with the promise of technology. Some of those queuing up for Reliance Jio SIM cards would have also faced the same issue.

Thus, the mere possession of Aadhaar number/card is no assurance of identity. It is not a question of if, but when a person will trip the authentication test.A person faced with authentication failure has no recourse but to visit the nearest enrolment centre for updating his data. While this may not seem much for city dwellers, for the vast rural areas, the nearest Aadhaar centre may be at the next town or district headquarters. Regulation 19(a) of the Aadhaar (Enrolment and Update) Regulations, 2016 simply states that “the resident will be biometrically authenticated and shall be required to provide his Aadhaar number along with the identity information sought to be updated”. What when the information to be updated is the biometrics itself? Will it be treated as a new enrolment, or will there be expectation that at least one biometric should continue to match? There are a myriad possibilities and consequent uncertainties here.Further, the Aadhaar Act and regulations contain provisions for “deactivating” an Aadhaar number, should there be suspicion of fraud.So there is every chance that a person’s identity may be stuck in limbo, between an unreliable technology and an insensitive bureaucracy. Aadhaar becoming a condition precedent for accessing any particular service, a matter of right has become a matter of chance.

The confusion surrounding biometrics is most apparent in the way children are being enrolled. As per regulations, biometrics should be collected at the ages of 5 and 15. There is no basis to believe that some particular ages are “biometric milestones” in a person’s lifetime.
Clauses 6 and 31(2) are impractical (if not impossible) conditions to comply with, but these are critical for the Aadhaar technology to work.Denial of service may directly compromise life and livelihood and liberty and hence the Aadhaar programme is a fit case to be held ultra vires the Constitution.

Needless to say, Aadhaar minus the biometrics would be nothing but a replication of data from other identity documents and therefore no more capable of preventing fraud than what is already possible. Thus, from a technology perspective, Aadhaar is not just useless but actually detrimental, as it may only end up causing misery to genuine, bona fide citizens.

Rollout and big data
So, how has a technology that is so unreliable achieved such scale? Aadhaar enrolments have crossed over one billion and almost all people, from new-borns to old, are in the database. The reason is that different sections of people are seeing different faces of Aadhaar. The ones who are actually being dispossessed due to the Aadhaar technology are those at the bottom of our country’s social/economic pyramid. They hardly have any voice or visibility. Aadhaar is one more addition to the daily struggle that their life is. However, since Aadhaar strikes at the most crucial welfare services, these sections may not remain silent for long.

For the better off sections, the interface with Aadhaar is mostly limited to “seeding” the Aadhaar number wherever asked to – bank accounts, EPF, LPG connection, etc. This is a seemingly painless exercise. These sections are not exposed to the vagaries of biometric authentication in a life threatening manner and hence do not make much hue and cry. However, the unification of citizen databases is an extremely significant by-product of the Aadhaar programme but is nowhere covered explicitly in the Aadhaar Act. There is more than just macro level linking of various databases. Aadhaar is proposed to be linked to such things as rail tickets, airport entry, mobile payments and PoS/ATM transactions. So the Aadhaar server will hold an active log of all movements of all citizens in real time. Further to this, there is the implicit requirement from the Aadhaar technology (discussed earlier) that all citizens keep their biometric records in the database continuously updated.The Aadhaar Act has provisions for the government to access all information in the database, both identity information and the activity log, in the interest of “national security”. National security may sometimes be synonymous with the incumbent government’s insecurity. There should be reasonable suspicion of crime before an individual may be put on surveillance. Holding all citizens on a leash, just in case they may go wrong,is a recipe for ending meaningful democracy and civil liberties.

The big brother government apart, there is always the risk of unauthorised access to the database. The Aadhaar Act claims to addresses these concerns by mandating that the UIDAI follow the best security practices and also by prescribing punishments for any unauthorised access or breach. We all know that the world’s best servers have been hacked. Punishing a few individuals responsible for a breach is unlikely to mitigate the consequences of such breach. In most cases nobody would even have knowledge of an unauthorised access. So, what is the best way to remain safe? The answer is not to create such a database in the first place. It is a myth that centralization of power (in this case data) is essential to achieve efficiency. Aadhaar data is unbounded and may grow to include anything and everything.

In conclusion, the Aadhaar programme proposes to set up technological barriers to the commission of fraud, but takes no responsibility towards the identity crisis it may cause to bona fide citizens. The big data it generates, together with the continuous collection of citizens’ biometric data,is a frontal attack on the future of civil liberties in our country. On these counts the Aadhaar programme should be scrapped ab initio. The Aadhaar Act, which provides a semblance of legality to it, actually exposes the unviability of the underlying technology in the clearest possible terms and should help the Supreme Court in concluding the matter at the earliest.

Viswanath L  is  an engineering graduate from IIT Kharagpur