The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Friday, May 5, 2017

11240 - How Does Aadhaar Compare With Other ID Systems In The World & How To Secure Its Leaky Database - India Times


Aadhaar is arguably the world's largest biometric identification system, and from a benign system designed to do good, it's turning into somewhat of an Orwellian nightmare, where the state can easily infringe upon its citizen’s right to privacy. Everything from your bank accounts, private micro-payment systems, airline and telecom companies, and more are demanding an Aadhaar card to ascertain your identity -- is that fair and is it right?


Aadhaar was designed with an aim to cut out the middleman, eradicate corruption and to ensure that subsidised goods and services (on behalf of the state and central government) reach the deserving recipients. Sounds like a great concept, in theory, right? But then the cracks started to emerge. The Aadhaar database has some serious security holes in it, and it’s been leaking data steadily for a long time. Just recently, the single largest data breach revealed private information of 13 crore Aadhaar Card Holders online.

The reality is simple. Whether you like it or not, Aadhaar is here to stay; and along with it the biometric data - fingerprints, iris scans - of over 100 crore Indians hangs in the balance. It cannot be simply wished away anymore. It’s a technological and legal problem that needs to be solved to prevent further damage.

How do Aadhaar like systems work in other parts of the world

The biggest debate around Aadhaar right now is whether enrollment should be made mandatory, and become the central identity authentication tool used in the private sector, too.
Aadhaar is certainly one of its kind when it comes to the scale anywhere in the world, but other countries have tried issuing government identity proofs. While Indonesia started rolling out its eKTP national identification system since 2006, issuing an electronic card which contains fingerprints of citizens that must be reissued every five years, Malaysia has one of the oldest biometric identification systems in the world called MyKad, which was introduced in 2001.


While the Indonesian eKTP seems to be benign and not necessarily used as an identity authentication tool, the Malaysian MyKad system has penetrated into the chip-enabled card being as the single point of identification and authentication in places like ATM kiosks, at toll booths on highways, electronic cash for micropayments and digital certificate as a public identifier.

In fact, the Malaysian MyKad enrollment is apparently compulsory for citizens and the card must be carried on their person at all times - not doing so can incur heavy monetary fines and even imprisonment for up to three years, according to reports.

It’s not difficult to imagine a similar scenario with Aadhaar in India sometime in the future, where carrying it on your person becomes a legal necessity and having it as a central authentication tool a way of life - severely sacrificing a citizen’s sense of privacy. But what’s even scarier is the thought that you are not in control of your identity - that there exists a centralized database of your fingerprints and iris scans that can be used by the government and third parties without your knowledge - as opposed to all of that residing offline in a chip enabled card that you have complete control over as to when or when not to use.

Is Aadhaar similar to Social Security Number in the USA? In one word - No

For good reason, the so-called first world (Western democracies) have been vehemently opposed to centralised biometric databases and identity registries, precisely with regards to prevent the abuse of its citizens’ right to privacy.
The Social Security Number (SSN) is a tool to ascertain the income of any American individual and calculate the amount of social security credit they’re entitled to - based on their individual financial health. The US issues SSNs only to its citizens and doesn’t collect any biometric data of the individuals that are enrolled in the scheme. Aadhaar, on the other hand, is an identity authentication tool with biometric markers to ascertain an individual’s identity. This is not the only place where the similarities between Aadhaar and SSNs end. There’s more.

Where SSN is a dumb number that’s attached to an individual’s profile in a company or US government agency’s database, Aadhaar is a tool for authenticating a person’s identity. Think of it like a digital key or a username and password of sorts which authenticates you into a digital system, wherever you’re trying to prove that you are in fact you - in the eyes of the authority.

Increasingly, with Aadhaar, the authority can mean not just government agencies but also private entities -- for instance, Microsoft recently launched a version of Skype for India with Aadhaar authentication embedded within. Earlier, last year, and even now, Reliance Jio subscriptions required Aadhaar authentication of customers -- that’s right, Reliance was pulling in Aadhaar data to confirm whether the fingerprints of a person waiting in line for the Jio SIM card matched with his or her Aadhaar card or not. The US’ SSN was strictly meant for use by government agencies, but its abuse by the private sector has been identified as a crucial link for the rising number of identity thefts in America.

Ultimately, there are federal and state-level laws in the US that restrict the use of SSN across different government databases as a marker to identify a person’s identity. Aadhaar, on the other hand, has been spearheaded by the government as a token across databases to identify someone within the country, to the extent where they leave a trail of transactions - in the bank, while booking an airline ticket, train ticket, buying a SIM card, and more.
Lastly, where the US firmly decided against encapsulating its citizens’ biometric profile to the Social Security Number cards back in 2007, Aadhaar’s use and proliferation is only going to increase in the days and months to come, as the government is pushing hard for its adoption across different central and private database systems.

How to secure Aadhaar like databases to prevent data breaches?
We all know that Aadhaar is leaky. In the face of this reality, there are only two alternatives that we have - either to destroy Aadhaar or plug its security holes in a way that they don’t get exploited in the future (the latter is no easy feat). Maybe biometric databases are inherently doomed from a security perspective, who knows?

Mr Altaf Halde, who's the Managing Director at Kaspersky Lab - South Asia, a leading security company, has some important thoughts on the matter. "With the widespread adoption of biometrics, we have seen its amazing security slip. The technology’s popularity is actually a major contributing factor to this slide, for two reasons. First, security specification standards for consumer goods are lower than they are in mission-critical implementations. Second, a broad field of easily obtainable gadgets gives criminals a huge test bed of consumer devices to experiment with and find more and more vulnerabilities for their own benefit, of course. The rapid development of 3D printing has also contributed to biometrics’ vulnerability."

"Fortunately, biometric data is not stored as is," explains Mr Halde, "A server receives only hashed scanning results, making outright theft a less-attractive option. Nonetheless, criminals can still use methods such as man-in-the-middle attack, inserting themselves into the data transfer channel between an ATM and a processing centre to steal users' money, for instance."

As far as securing digital systems and databases online is concerned, it’s important to take into consideration the potential of human error as the weakest link in the chain. Technology, of course, is a core part of any solution for dealing with malware, according to Mr Halde. But he believes it would be unwise to ignore the human dimension of security. He adds further, “In the real world, we know that burglar alarms, window locks and security chains on the front door can be effective ways to secure a property. But they won’t prevent an unsuspecting victim from jeopardising their security by opening the door to a stranger. 

Similarly, a corporate security strategy will be less effective if it doesn’t address the human element. We need to find imaginative ways of ‘patching’ human resources as well as securing digital resources."

Finally, it's one identity versus multiple identities versus privacy versus...

When you think about Aadhaar, think about this: All of us have multiple identities online. Our identity on Facebook is different from that on Twitter; similarly what we share on Tinder is starkly different from what we share on LinkedIn, which is slightly different from the kind of conversations we have on Quora. And if anyone came to know of our secret profiles on X-rated websites. And what we are offline, away from our online persona, is something different altogether. 

Now imagine if all of our multiple identities across these multiple websites were fused into one by a giant corporation, behind our back, in violation of the individual terms and conditions we signed up for when we wilfully created an account on each one of them. Wouldn't that be scary? Wouldn't it be a violation of our trust? Imagine what a business-driven, profit-oriented corporation would do with that kind of intimate data -- data that which we thought was private, our own. 

While it may have our best interests at heart, we expect our government to be at least slightly more sympathetic to our cause with our Aadhaar data than what a private corporation would ever be. Because there is absolutely zero margin for error, when the stakes are so stratospherically high.