The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Thursday, May 4, 2017

11223 - The UIDAI has insulated itself from any blame or responsibility for leaks in the Aadhaar ecosystem - - Tech First Post

By Aditya Madanapalle /  02 May 2017 , 12:53

It does not matter how many times there are news reports of leaks of databases containing Aadhaar numbers along with other sensitive and private information, the UIDAI can continue to claim a 7-year long, flawless record of adequate data security.

The problem here is not with the UIDAI biometric database. That database is apparently behind seven firewalls and Norton, and uses proprietary technology. All this is independently audited regularly by security companies. In any case, the database is used only for verification and authentication, and therefore contains only the templates needed for performing the verification and authentication functions.
However, that is not the only database with details relating to Aadhaar. Databases that include names, names of parents, PAN numbers, mobile numbers, religion, marks, status of rejection of applications, bank account numbers, IFSC codes and other sensitive information have been leaked repeatedly, and are available via simple Google searches.

An operator arranges the Unique Identification (UID) documents submitted by people for their enrolment in the desert Indian state of Rajasthan. Image: Reuters/Mansi Thapliyal
Unfortunately, these databases do not enjoy the exceptional security provided to the core biometric (template) database, and are not secured by the UIDAI. Instead, they are secured by the various governmental departments and agencies that collect them for all the reasons Aadhaar is used for. Third party institutions and organisations also collect the data and store them for their own purposes. These are the databases that are susceptible to breaches, or easily available for someone who knows Google-Fu.
The UIDAI and the Information Ministry offers canned responses to such breaches. If the breach originates from a third party, then harsh action is taken in accordance with the Aadhaar act. In a case where an overexcited worker at an Aadhaar data collection center leaked the personal details of cricketer MS Dhoni, the agency was banned for 10 years.

A banner on the UIDAI web site.
We are not aware of any such harsh actions taken against leaks originating from official sources, including from the .gov.in domains operated by the government. If readers are aware of any such instances, do let us know in the comments section below. Even if the UIDAI takes steps to make sure a few government officials will be put behind bars, but the leaked data cannot be made confidential again.
Instead, what is known to happen in previous such breaches is that a circular is sent to the government agencies notifying them that publicly posting private information, including Aadhaar numbers is not allowed. A banner is put up on the UIDAI website. If the breach originates from a government source, the data sources are silently pulled.
An agency tasked with storing data can claim that any database with personal information is adequately protected according to Indian laws. The lack of dedicated data security and privacy laws in the country makes it difficult to dispute such claims. In fact, at an Aadhaar hearing in July 2015, the attorney for the Government went ahead and made it clear that Indians do not have a right to privacy at all. “Right to Privacy is not a fundamental right under our Constitution. It flows from one right to another right. Constitution makers did not intend to make Right to Privacy a fundamental right. There is no fundamental right to privacy so these petitions under Article 32 should be dismissed,” Attorney General Mukul Rohatgi submitted during a 2015 hearing on Aadhaar data collection violating the privacy of individuals.

Ghewar Ram (R), 55, and his wife Champa Devi, 54, display their Unique Identification (UID) cards. Image: Reuters/Mansi Thapliyal

UIDAI itself claims that the Aadhaar Act has integrated the data protection and privacy laws within itself, and so provides adequate legal protection to the individuals. If something goes wrong, the citizens cannot file their own complains, the UIDAI has reserved the right to launch criminal proceedings for Aadhaar related issues, and only the UIDAI can file an FIR. The UIDAI has insulated itself very smartly because of all these reasons. Data leaks? UIDAI has a flawless record, and the data is secured with “harsh laws”. Worried about the most mandatory voluntary scheme in existence? That is the law of the land. Inconveniencing senior citizens and the caregivers of the disabled with harsh deadlines for Aadhaar linking? That is the fault of the external agencies linking to Aadhaar, and not a decision taken by the UIDAI. Now, we can expect another round of reassurances. It could be statements from The UIDAI, UIDAI chief  Ajay Bhushan Panday, IT Minister Ravi Shankar Prasad or The Minister of State for Electronics and IT, the end result would be more reassurances to the public and before the houses of parliament that the Aadhaar data is adequately secured, that there are enough regulations in place, and that the program is coming along nicely as an example of something the world has never attempted before. The arguments by the UIDAI and the government so far, have not convinced critics. Pavan Duggal, a lawyer and leading expert on cyber laws in India says “The fears pertaining to misuse of Adhaar data are real because the concerns have not been adequately addressed. You can’t take an ostrich approach to Aadhaar and hope the problems will go away. They’re very real, and they affect everyone.”

as predicted by many of us, #aadhaar is turning into the world biggest #privacy disaster...

Anita Gurumurthy, from the IT for Change NGO, an organisation that works at the intersections of digital technologies and development writes, “In the absence of a data protection law and privacy rules, there is no accountability structure for the use and abuse of citizen data. This is why the seeding of Aadhaar to databases can bestow unchecked power upon the already powerful – bureaucrats, politicians, corporate actors, and other vested interests – who can exploit people by accessing information about them.”
New laws for data retention have been proposed. The WhatsApp case on data sharing with Facebook has pushed the government towards putting a data protection regime in place, which may have an effect on Aadhaar and the Aadhaar ecosystem. It may improve the safeguards on user data, or it may not.
In any case, there is am urgent need for pro-active privacy and data protection laws in the country.
Publish date: May 2, 2017 12:53 pm| Modified date: May 3, 2017 3:34 pm