The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Wednesday, March 1, 2017

10868 - A Billion Identities At Risk Even As Modi Seeks To Make Aadhaar Compulsory - Bloomberg

February 27, 2017, 1:41 pm

Bloomberg) -- Shivam Shankar Singh woke last month to an e-mail from an Indian government department. It had a name, address, mobile phone number and bank account with a code for money transfers and investments made in a dairy farm. None of the details were his.

The e-mail contained details submitted to a program that collects personal and biometric data, and was meant for someone from the eastern state of Bihar. Singh, a polling campaign manager for Prime Minister Narendra Modi’s Bharatiya Janata Party in Manipur, a state further east, rang the phone number listed on the e-mail but it didn’t work.
“That shook me,” said Singh, who posted about the incident on Twitter. The e-mail did not request information or ask him to click a link, suggesting it was not a phishing bid, so he did not report it to the police.
“It seemed like a fake identity was made up using my e-mail to corner government benefits,” he said. “Or it could’ve been a mistake. But I’m sure no one wants all his personal information leaked to strangers. And this is happening at a time when the government wants a cashless, digital India.”

Customers use their Aadhaar or Unique Identification (UID) card to withdraw money. Photographer: Noah Seelam/AFP via Getty Images  

The state entity that captures personal data said no information was leaked from its systems. The Ministry of Micro, Small and Medium Enterprises, the department listed on the e-mail, said it has ordered an inquiry into the matter.

Whatever the circumstances, the episode raises fresh questions about the Unique Identification Authority of India. Better known as Aadhaar, which means “foundation” in Hindi, it was created in 2009 to identify citizens and ensure they receive state benefits in their bank accounts.

Aadhaar is getting more attention: Modi, who scrapped 86 percent of India’s currency in early November to curb the illegal hoarding of cash, has urged citizens to enroll. With a 12-digit number assigned to users, Aadhaar is key to Modi’s plan to move transactions online. He wants to make it compulsory.
The government is seeking to link the database, with information on about 88 percent of the population of more than 1.2 billion, including children, to all state services -- from school admissions to passports and the purchase of cooking gas. In effect, it would create more large databases. But in a nation without an overarching privacy law, Indians have few options for redress in the event of identity theft or data leaks.

It’s an issue other countries are grappling with: The U.K. announced in 2010 it was scrapping a plan for a national identity register after objections that it infringed on civil liberties. France is debating a mega database for biometric details of citizens, citing the threat of terrorism. The U.S. Federal Trade Commission said identity theft complaints were the second-most reported in 2015, rising more than 47 percent from 2014.

‘Every Transaction’
“In India, you have the Aadhaar number doing the same thing as the social security number. It envisages to keep track of absolutely every transaction with government and private companies,” said Subhashis Banerjee, a professor at the Delhi-based Indian Institute of Technology. Banerjee and his team are awaiting peer reviews for a paper that examines ways to strengthen Aadhaar and its related systems, including appointing a third-party online auditor.

“You have to give the UIDAI credit for this incredible solution in an incredibly complicated country like India,” said Banerjee. “But with its vast amounts of data, the UIDAI needs more scrutiny.”

The program now has 582 banks, brokerages and government departments listed as registered users permitted to access Aadhaar’s data. Google Inc. estimates India’s digital payments industry will grow 10 times to $500 billion by 2020.

An Aadhaar biometric identity card, issued by the Unique Identification Authority of India. Photographer: Dhiraj Singh/Bloomberg 

At the same time, private companies obtaining and offering services based on Aadhaar data have proliferated. The UIDAI said in a briefing this month it had shut 12 private websites and 12 mobile applications and was on the verge of closing 26 more for illegally obtaining Aadhaar numbers or enrollment details.

Lawyers arguing against Aadhaar in a bundle of cases -- some oppose the whole program, others its expansion -- in the nation’s highest court said last month the state’s policy of collecting data through private agencies raises privacy concerns.

The state says the identification cards “would only be issued on a consensual basis” and the “information shall however not be used for any purpose other than social benefit schemes,” court documents show.

“In any system there may be some errors and there have been some cases of misdemeanor in Aadhaar,” said Ajay Kumar, additional secretary at the Information Technology Ministry, referring to the risk of data leaks by companies collecting data. “But the systems in place are very solid and the misdemeanors are statistically very small,” Kumar said.
“Because of one or two cases of misdemeanor we can’t discard the whole thing,” Kumar added.

Saving Money
Modi opposed Aadhaar before coming to power, saying it violated national security and the privacy of citizens. Now, Aadhaar has become part of his push for cashless transactions in a nation where a quarter of the people can’t read or write but a third own phones that can be used for online transactions.
The direct transfer of state benefits through Aadhaar-based services has helped India save $5 billion, Information Technology Minister Ravi Shankar Prasad said in November. Modi’s office didn’t respond to calls seeking comment.
The database has multiple layers of technology and hasn’t received any complaint about security, said UIDAI Chief Executive Officer Ajay Bhushan Pandey. Still, there is a need to monitor private databases created with Aadhaar data, he said.

A customer gives a thumb impression to withdraw money with his Aadhaar card. Photographer: Noah Seelam/AFP via Getty Images  

More than 46 million people have joined the program since Modi’s cash ban. Aadhaar is now a requirement for state recruitment, and the Reserve Bank of India allows the use of Aadhaar to verify customers for new accounts. The Aadhaar-enabled payment system is linked to 119 banks with 338.7 million recorded transactions, Prasad said Jan. 27.

The UIDAI filed a police complaint claiming a breach of Aadhaar’s biometric verification by Axis Bank, Suvidhaa Infoserve and eMudhra, Mint and the Times of India reported last week. The alleged breaches may have occurred during systems testing, Mint added.

Axis Bank said in an e-mail it has blocked “business correspondent” Suvidhaa from accessing the UIDAI database after being alerted to an “alleged deviation from the protocols set by UIDAI.”

Lost Data
Suvidhaa will be in a position on Monday to comment, a spokesperson said. eMudhra is not aware of any criminal complaint and has not received any communication from authorities, chairman V. Srinivasan said by e-mail. Pandey did not respond to calls outside of office hours seeking comment.

In April 2013, the western state of Maharashtra said it irretrievably lost the data of 300,000 citizens while uploading files to Aadhaar’s servers in Bangalore, according to a Times of India report.

Aadhaar’s central technology isn’t the biggest worry given the use of iris or finger scans, according to Amit Jaju, Mumbai-based executive director for fraud investigation and dispute services at Ernst & Young. Banks should be concerned about accounts created using Aadhaar databases and the potential for online fraud, he said.

Aadhaar is a “self-cleansing system” that will be audited by a state-run entity when the government asks for it, Pandey said. The government auditor, the Standardisation Testing and Quality Certification Directorate, certifies all hardware used to capture data but hasn’t yet audited its software and databases, he said.

PriceWaterHouseCoopers LLP manages cyber security checks for Aadhaar, it said in an e-mail.
Among the listed registered users of Aadhaar’s authentication are AuthBridge Research Services Pvt Ltd. and Swabhimaan Distribution Services Pvt Ltd., which runs a mobile app called TrustID. Both use Aadhaar’s biometrics to help companies verify potential customers and employees.

TrustID’s Chief Executive Officer Rahul Pagare declined to comment. AuthBridge Chief Executive Officer Ajay Trehan said Aadhaar must "audit users to ensure that organizations like ours are not vulnerable.”

Trehan said his company had used the system since 2015 and had not been audited by Aadhaar. "That is something the UIDAI needs to look into."