The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Friday, May 12, 2017

11324 - Taking Cognisance of the Deeply Flawed System That Is Aadhaar by Shreyashi Roy - The Wire

Taking Cognisance of the Deeply Flawed System That Is Aadhaar

Aadhaar and its many connotations have grown to be among the most burning issues on the Indian fore today, that every citizen aware of their rights should be taking note of.

The panelists. From left to right: Usha Ramanathan, Prasanna S., Osama Manzar, Shyam Divan, Anupam Saraph, Anivar Aravind and Srinivas Kodali. Credit: Shreyashi Roy

New Delhi: With the leak of 130 million Aadhaar numbers recently coming to light, several activists, lawyers and ordinary citizens are up in arms about what is increasingly being viewed as a government surveillance system. Keeping this in mind, on Tuesday, May 9, Software Freedom Law Centre India (SFLC) hosted an event that brought together a panel to clearly articulate the dangers of Aadhaar and to discuss whether the biometric identification system is capable of being reformed.

SFLC is a donor-supported legal services organisation that calls itself a protector of civil liberties in the digital age.

Titled ‘Revisiting Aadhaar: Law, Tech and Beyond’, the discussion, with several eminent personalities who have in-depth knowledge of Aadhaar and its working, threw light on the various problems that have cropped up with regard to India’s unique identification system. The discussion was moderated by Saikat Datta, policy director at Centre for Internet and Society, which published the report that studied the third-party leaks of Aadhaar numbers and other personal data.

The leaks
The discussion took off from the point of the leaks, with Srinivas Kodali, a panelist and one of the authors of the report, explaining his methodology for the study that proved that the Aadhaar database lacked the security required when dealing with private information of people. He highlighted the fact that during the course of his research, he had noticed several leaks from government websites and notified the Unique Identification Authority of India (UIDAI) about the same. Yet, at every step, UIDAI continued to deny and reject the possibility of this happening. Kodali says, however, that he had noticed that the websites that were unknowingly leaking data were, in fact, fixing the leaks after being notified without acknowledging that the leak had happened in the first place. Kodali reiterated at the discussion, as in his report, that a simple tweaking of URL query parameters of the National Social Assistance Programme website could unmask and display private information. 

Unfortunately, UIDAI cannot be brought to task for unknowingly leaking information because there is no such provision.
He also addressed the question of the conflict of interest that existed in the entire system of building Aadhaar, which was created by developers who later left the UIDAI and built their own private companies, monetising the mine of private information that they were sitting on. Kodali blames UIDAI for this even being allowed, since the developers, though clearly lacking ethics, were in fact, merely volunteers.

The system
One of the glaring issues with the technology behind Aadhaar is that the software is not open source. Anivar Aravind, a panelist, called it “defected by design” and “bound to fail” because not only is the technology completely untested but there are very obvious leaks that are taking place. Moreover, UIDAI does not allow any third-party audits or any other persons to look at the technology. Datta pointed to the fact that this is unheard of in other nations, where software is routinely subjected to penetration testing and hacking experts are called upon to check how secure a database is.

Anupam Saraph, another panelist and future designer, illuminated the creation of the Aadhaar database, pointing out that this is a system less about identification and more about verification. All of the verification, moreover, has been done by private parties, making the database itself suspect and leaving everyone’s private information loose at the time of enrolment. In addition, Aadhaar was meant for all residents and not just citizens. But now there is a mix of both, creating confusion in many aspects. Saraph also brought up how one rogue agency with access to all this information could pose an actual national security threat, unlike all the requests for information on breaches that the government keeps pointing fingers at. Referring to Nandan Nilekani’s statement about Aadhaar not being like AIDS, Saraph pointed out that it was exactly like it because much like the body, which cannot distinguish between an invasion and itself, the Aadhaar system is not being able to distinguish between aliens and citizens and has begun denying the latter benefits.

The Supreme Court has declared time and again that Aadhaar cannot be made mandatory, but the government continues to – in complete disregard of the apex court’s judgment – insist on Aadhaar for a multitude of schemes. More and more schemes are being made unavailable without the existence of an Aadhaar number as the government continues to function in a complete lack of cognisance of the fact that the poor are losing out on something as basic as their food because of a number. Prasanna S., an advocate and a panelist, called it a “voluntary but mandatory” system that is becoming an evidence collection mechanism. Moreover, everything is connected through this one number, making many options like financial fraud, selective treatment of citizens and other horrors possible. The collection of all this information is not dangerous, screams the government. Maybe not in the hands of this one. But what of the next? What of rogues?

The legal aspect
One of the panelists was Shyam Divan, a senior advocate of the Supreme Court, who has represented petitioners fighting against Aadhaar. Divan spoke about how along with a group of advocates he has been trying to get the apex court to rule on the issue but has been met with long queues before a ruling can be procured. He addressed the right to privacy aspect of the system and the recent declaration that the citizen does not have the absolute right to the body. He emphasised that the government cannot own the body and that for a free and democratic society, a limited government, instead of an all-knowing and all-seeing government, is essential. Unfortunately for India, there is no express right to privacy in the constitution, but that does not mean that rights can be taken away in exchange for a fingerprint. It is the government’s duty to respect privacy. For him, Aadhaar has become an instrument of oppression and exclusion, a point that Prasanna also agreed with, calling it a “systematic attack on consent”.

There is complete agreement that there has been a railroading of consent in this entire matter if Aadhaar being passed forcibly through the Lok Sabha as a money bill is anything to go by. If parliament’s consent can be disregarded in that fashion, what is an ordinary citizen to do in the face of this complete imbalance of power in the state’s hand?

Usha Ramanathan, a legal researcher and a long-time critic of Aadhaar, spoke about how India has turned into a state where there are more restrictions than fundamental rights, rather than the other way around. She related how there was no clarity at the beginning of Aadhaar of how it would be a card or a number and was never a government project in the first place. This is a private sector ambition that the government has jumped on board with, without considering that the private sector does not concern itself with civil liberties. As other panelists also pointed out, the private sector cannot and will not protect public interest. This is the job of the government, especially in an age of digitisation. But Aadhaar compromises the ability of the state to stand up for its citizens.

With June 30 approaching fast, many of those who have so far abstained from enrolling in the system are considering giving up their rebellion and going like sheep to get themselves registered in the database. In the words of Divan, they will have to “volunteer compulsorily for an Aadhaar”. The government is probably counting on this. Turning to the Supreme Court has been of no help, although a verdict can be hoped for in a couple of weeks. But what can we do if they rule for the government?
Some of the panelists are on board with the idea of a civil disobedience movement, a kind of a rebellion against Aadhaar. Some suggested thinking of out-of-the-box ways to register one’s protest and dissent against what is clearly becoming the architecture of a surveillance state. Saraph was particularly vehement about the need to completely destroy the Aadhaar database – “shred it”.

What all the panelists emphasised repeatedly was that there can be no improvements to a system that is so deeply flawed and that has had so many “teething problems” that are making millions suffer. The main takeaway from the discussion was that Aadhaar must see a speedy demise because it cannot be saved and cannot persist in its current state.