uid

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win. -Mahatma Gandhi

In matters of conscience, the law of the majority has no place. Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.” -A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.
Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant. Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017


Special

Here is what the Parliament Standing Committee on Finance, which examined the draft N I A Bill said.

1. There is no feasibility study of the project]

2. The project was approved in haste

3. The system has far-reaching consequences for national security

4. The project is directionless with no clarity of purpose

5. It is built on unreliable and untested technology

6. The exercise becomes futile in case the project does not continue beyond the present number of 200 million enrolments

7. There is lack of coordination and difference of views between various departments and ministries of government on the project

Quotes

What was said before the elections:

NPR & UID aiding Aliens – Narendra Modi

"I don't agree to Nandan Nilekeni and his madcap (UID) scheme which he is trying to promote," Senior BJP Leader Yashwant Sinha, Sept 2012

"All we have to show for the hundreds of thousands of crore spent on Aadhar is a Congress ticket for Nilekani" Yashwant Sinha.(27/02/2014)

TV Mohandas Pai, former chief financial officer and head of human resources, tweeted: "selling his soul for power; made his money in the company wedded to meritocracy." Money Life Article

Nilekani’s reporting structure is unprecedented in history; he reports directly to the Prime Minister, thus bypassing all checks and balances in government - Home Minister Chidambaram

To refer to Aadhaar as an anti corruption tool despite overwhelming evidence to the contrary is mystifying. That it is now officially a Rs.50,000 Crores solution searching for an explanation is also without any doubt. -- Statement by Rajeev Chandrasekhar, MP & Member, Standing Committee on Finance

Finance minister P Chidambaram’s statement, in an exit interview to this newspaper, that Aadhaar needs to be re-thought completely is probably the last nail in its coffin. :-) Financial Express

The Rural Development Ministry headed by Jairam Ramesh created a road Block and refused to make Aadhaar mandatory for making wage payment to people enrolled under the world’s largest social security scheme NRGA unless all residents are covered.


Search This Blog

Wednesday, March 8, 2017

10886 - Here’s Why You May Never Find Out If Your Aadhaar Data Has Been Hacked - Bloomberg Quint



March 2, 2017, 12:03 pm


The debate over the security of data collected and stored under the Aadhaar project is heating up. While the Unique Identification Project has always had strong supporters and equally strong detractors, the latest controversy has been sparked off by an alleged breach of biometric data.

On February 25, Mint reported that the Unique Identification Authority of India (UIDAI) had detected a breach of biometric data and filed a police complaint on February 15 against Axis Bank Ltd, business correspondent Suvidhaa Infoserve and e-sign provider eMudhra with the allegation of impersonation using illegally stored biometric information.

These entities deny storage of any data and claim that the business correspondent was merely testing the platform which accidentally sent authentication requests to the live server instead of the testing one. Still, the incident has sparked concerns about the security of data in the possession with the UIDAI and also the redressal mechanism in the case of a breach like this.

Interestingly, it turns out that the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act is silent on making the UIDAI liable for reporting any breaches.
Legal experts that BloombergQuint spoke to point out that while the international principles of data collection require that any breach or abnormal activity be revealed to the users and authorities quickly, the Aadhaar regulations give no such assurance.

Delhi-based lawyer Apar Gupta said that a user may never really get to know if there was a data breach in the Aadhaar database which compromised their personal data, unless the authority chooses to voluntarily disclose it.

“There is no provision under the act for notification to the public that there’s been a breach of their data. The breach includes both hacking of identity data and unauthorised authentication carried out by someone impersonating a citizen,” Gupta said adding that the authority is “whole and sole” and it isn’t liable to even disclose it under the Right To Information Act or to the parliament.

A broad comparison can be drawn to  system breach in the banking system last year which led to 32 lakh debit cards being compromised. While banks are not required to disclose details of the breach to the public, they are required to report it to regulators immediately. Customer protection provisions also ensure deposit protection to some extent.

In contrast, there is no regulatory oversight of the UIDAI which keeps it away from scrutiny, Gupta said. “There is an absence of a breach notification requirement under the Act,” he added.

Rahul Matthan, partner at law firm Trilegal said that all technological systems are likely to be breached at one point or the other and the Aadhaar Act has strong provisions against nefarious elements wronging the system.

“There is a clear violation of the law in this case no matter who has done it,” Matthan said while adding that it is  not clear where the violation has happened.

If a bank employee steals your money, there is nothing you can do since the bank expects all employees to behave properly. It’s the same thing here as all participants in the process are expected to keep information safe.
Rahul Matthan, Partner, Trilegal

Matthan said that storing of biometrics is wrong and illegal and the concern stems from the potentiality of people using this information left, right and centre.
He also added that protective provisions of the IT Act will apply to Aadhaar as well.

“Any data breach is required to be disclosed under the IT Act but whether that is followed or not is a separate question,” he said. Every authentication under the system is reported to the citizens through an SMS which is effectively informing them of unusual activity, he added.

However, there remains a loophole here for those who do not have their correct phone numbers updated in the Aadhaar system.
Gupta also said that even if one gets to know about their Aadhaar being misused, there is no guarantee under the Act that a redressal will be provided.

In chapter 7 of the Aadhaar regulations, there is a provision for a grievance redressal mechanism whereby a person can approach a call centre through phone or email which will provide residents with a tracking number till the matter is closed.
Gupta believes that this is not enough.

“Even the IT Act has the same absence of reporting principles as the Aadhaar Act so it is substantively insufficient,” he said. “There is no requirement for the call centre to give you a reasoned order like a public authority does. There is no specification to give you a reason if they don’t agree with you and why they can’t help you. The process doesn’t ensure that people’s dispute will be determined by the principles of natural justice.”

Additionally, Sunil Abraham, executive director of Bangalore-based Centre for Internet and Society told BloombergQuint that a privacy law was promised when the Aadhaar Act was being passed in the parliament. That never happened so the system remains deficient on redressal.

I don’t think there is a data breach provision in the act. They said don’t worry, a privacy bill is coming which never happened. But whether we have privacy bill or not, as long as there is centralised biometric data, we are in constant danger.

Sunil Abraham, Executive Director, Centre for Internet and Society