The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Tuesday, May 16, 2017

11413 - Watch: Aadhaar has become a whipping boy: Nandan Nilekani

India certainly needs a modern data privacy and protection law, Nilekani said in an interview

Alnoor Peermohamed & Raghu Krishnan  |  Bengaluru 

May 13, 2017 Last Updated at 09:51 IST

As debate rages over Aadhaar being a privacy and surveillance liability, its architect Nandan Nilekani says the unique identity programme has become a “whipping ward”.  In an interview with Alnoor Peermohamed and Raghu Krishnan, he says we need a data protection and privacy law with adequate judicial and parliamentary oversight. Edited excerpts:

There is concern we are losing our privacy because of Aadhaar...

Privacy is an issue the whole world is facing, thanks to digitisation. The day you went from a feature phone to a smartphone the amount of digital footprint you left behind went up dramatically. The phone records your messages, it knows what you are saying, it has a GPS so it can tell anybody where you are, the towers can tell anybody where you are because they are constantly pinging the phone. There are accelerometers and gyroscopes in the phone that detect movement.

Internet companies essentially make money from data. They use data to sell you things or advertisements. And that data is not even in India, it is in some country in some unaccountable server and accessible to the government of that foreign country, not ours.

Then increasingly there is the Internet of Things. Your car has so many sensors, wearables have sensors and all of them are recording data and beaming it to somebody else. Then there are CCTV cameras everywhere, and today they are all IP-enabled.

So privacy is a global issue, caused by digitisation. Aadhaar is one small part of that. The system is designed not to collect information, because the first risk to privacy is if someone is collecting information. Aadhaar is a passive ID system, it just sits there and when you go somewhere and invoke it, it authenticates your identity. By design itself, it is built for privacy. I believe India needs a modern data privacy and protection law.

Why is Aadhaar being used as a proxy for the privacy and data protection issues?

It is a motivated campaign by people who are trying to find different ways to say something about it. Privacy is a much bigger issue. I have been talking about privacy much before anyone else. In 2010, when it was not such a big issue, I had written to Prime Minister Manmohan Singh saying we needed a data protection law. You could see what was happening, the iPhone came out on June 30, 2007, Android phones came around the time we started Aadhaar, so we could see the trend. I asked Rahul Matthan, a top intellectual property and data lawyer, to help and we worked with the government to come out with a draft law. And then there was the AP Shah Committee. The UIDAI’s DDG Ashok Pal Singh was a part of that committee, so we helped shape that policy. 

When a banking application uses Aadhaar, the system does not know what the bank does. It is deliberately designed so that data is kept away from the core system. 

I am all for a data protection law but we should look at it in context, look at the big picture. If people want to work together to create a data privacy law then it is a great thing. But if they want to use it to just attack Aadhaar, then there is some other interest at work.

Now that the government is linking Aadhaar to PAN and driver’s licences, will that not lead to Aadhaar being used as a surveillance tool?

Surveillance is conducted through a 24x7 system that knows what you are doing, so from a technology perspective the best surveillance device is your phone. The phone is the device you should worry about. 

Aadhaar is not a 24x7 product. I buy one SIM card a year and do an e-KYC, the driver’s licence sits in my pocket and only sometimes someone asks for it. With the PAN card I file my returns only once a year.

But with all that data being linked, can the government not use it?

It is a valid concern and has to be addressed through a legal and oversight process. Aadhaar is just one technology. You do not attack the technology, you look at the overall picture.

The US has the Foreign Intelligence Surveillance Act under which special courts issue warrants to the FBI for surveillance. This is absolutely required and it should be a part of the data protection law (in India) which says under what circumstances the government can authorise surveillance.

Today mobile phones are being tapped by so many agencies. In the US, the FBI is under the oversight of the Senate. In India, Parliament does not have oversight of any intelligence agency. I remember (former Union minister) Manish Tewari had introduced a Bill six or seven years ago saying Intelligence agencies needed to be under the oversight of the Parliament, but nothing happened.

Is there any way to stop Aadhaar being used as a surveillance tool?

Today a person can be identified with or without Aadhaar. US systems can identify a person in a few milliseconds using big data. All that is part of what we have to protect. Aadhaar by itself is not going to add anything to that. What is important is that the infrastructure of surveillance comes under judicial oversight as well as parliamentary oversight.

Would the Aadhaar narrative have been different if this were a Congress-led government?

I think most people making this noise are against the government, so it is a political argument and Aadhaar has become a convenient whipping ward. Lots of different agendas are at work here. But my understanding is this - whether it is data protection and privacy, surveillance or security, these are all broad issues that apply to technology in general and if you are serious about solving the issues you should fix it at the highest level and have a data protection and privacy law which includes, mobile phones, CCTV cameras and Aadhaar.

A report by the Centre for Internet and Society says 130 million Aadhaar identities have been leaked...

It is because of the transparency movement in the last 10 years. In 2006, we passed the RTI Act and MNREGA Act. Section 4 of the RTI Act says that data about benefits should be made public. At that time it was all about transparency. Since then, governments have been publishing lists of MNREGA beneficiaries and how much money is being put into their bank accounts. At that time it was applauded. Now the same thing is coming back as privacy being affected.

These are not leaks; governments have been consciously putting out the data in the interest of transparency. The message from this is we have to strike a balance between transparency and privacy. And that is a difficult balance because Section 4 of the RTI Act says if a benefit is provided by the government it is public information, so the names of beneficiaries should be published because it is taxpayers’ money. 

There is something called personally identifiable information. You should strike a balance between transparency and not revealing personally identifiable information. That is a delicate balance, and people will have to figure this out. The risk you have now is governments will stop publishing data - look, you guys have made a big fuss about privacy, we will not publish. In fact, the transparency guys are now worried that all the gains are being lost.

If Aadhaar is voluntary, why is the government forcing it on to various schemes?

There are two things, benefits and entitlements and government-issued documents. There the government has passed a law, the Aadhaar Bill of 2016, which is signed by the President. In that, there is a clear protocol that the government can use Aadhaar for benefits and what process they should follow.

The second thing is Aadhaar for government documents. There are three examples - PAN cards, driver’s licences and SIM cards. 

The government has modified the Finance Bill and made Aadhaar mandatory for a PAN card. Why has it done that? Because India has a large number of duplicate PAN cards. India has something like over 250 million PAN cards and only 40 million taxpayers. Some of those may be people who have taken PAN cards just as ID but not for tax purposes, but frankly it is also because a lot of people have duplicate PAN cards. Why do people have duplicates?  That is a way of tax evasion. The only way you can eliminate duplicate PAN cards is by having Aadhaar as a way of establishing uniqueness.

The second thing is mobile phones. Here the mobile phone requirement came from the Supreme Court, where somebody filed a PIL saying so many mobile phones are being given to terrorists and therefore you need to do an e-KYC when the SIM is cut and the government said they would use Aadhaar and they have been asked to do it by 2018.

The third thing is driver’s licences. As (Union Transport Minister Nitin Gadkari has said, 30 per cent of all driver’s licences are fakes. Now why is this important? Because when you have fake driver’s licences or multiple drivers’ licences, even if you are caught, you can give your fake licence and continue to drive. Today India is the country with the largest number of deaths on highways. Lack of enforcement, fake licences are all a problem.  So in the latest Motor Vehicle Bill which was passed the government said Aadhaar was necessary to get a licence. So that you have just one driver’s licence, whether it is issued in Karnataka or Bihar, you have just one.

The government is also talking about using Aadhaar for the mid-day meal scheme...

If you talk to people on the ground, and I have spoken to people on the ground, a big part of the leakage is mid-day meals. It is not reaching children. So it is important that all this has to happen so children get what they need.

You engaged with governments and civil servants when you initiated the Aadhaar process. In hindsight, would you say you should have also engaged with civil society?

I do not think there is any other programme in history which reached out to every stakeholder in the country. When we started Aadhaar we met governments, regulators and even parliamentarians. I gave a talk in Parliament and we engaged deeply with civil society. In fact, we had one volunteer only to engage with civil society.

You said you were engaged with the previous government about the data protection law. Are you engaging with the current one too?

I am not really engaging. I know that people are working on it and recently the attorney-general has made a statement in the Supreme Court that the government will bring in a data protection law by Diwali.

We have heard of several instances of people not being able to get their biometric authentication done. Is there a problem with Aadhaar?

The seeding of data in the Aadhaar database has to be done properly and that is a process. Authentication has been proven at scale in Andhra Pradesh. Millions of people receive food with Aadhaar authentication in 29,000 PDS outlets. In fact, now they have portability -- a person from Guntur can go to Vijayawada and get his rations. It is empowering. We keep forgetting about the empowering value.

What has the Andhra Pradesh government done? They have used fingerprints, but they also have used iris scans, OTP on phone, and they have a village revenue officer if none of the above works. When you design the system, you have to design it in a way that 100 per cent of the beneficiaries genuinely get the benefit.  Andhra Pradesh has shown it can be done.

The government needs to package the learning and best practices of Andhra Pradesh and take it to every other state. It is an execution issue.

Activists have raised concerns over the centralised Aadhaar database...

How else would you establish uniqueness? If you are going to give a billion people a number, how else would you do it? Is there any other way of doing it? Every cloud is centralised, then we should not have cloud systems.  

How do you ensure security standards and software are updated?

There are very good people there. The CEO is very good. There is a three-member executive board with chairman Satyanarayana and two members, Anand Deshpande and Rajesh Jain. I have no doubt that they will continue to improve things. 

On security, you keep improving. It is a constant race everywhere in the world. They are now coming out with registered devices that will make it more difficult to spoof.

But without a centralised database, how do you establish that an identity is not two people? If you look at the team that designed this, cumulatively they have a few hundred years of experience of designing large systems around the world. Every design decision has been taken consciously looking at the pros and cons. Why did we have both fingerprints and iris scans? There are two reasons. One is to ensure uniqueness. The second is inclusion. We knew that fingerprints in India do not work all the time because of age and manual labour. So we included iris scans. I can give you a document from 2009 that says all of this. All of these things were thought through.

If you are given a chance to design Aadhaar today what would you do differently?

I would do exactly the same thing. Go back and look at the design document. Every design has been articulated, the pros and cons are written down, published on our website, and it is a highly transparent exercise. It is the appropriate design for the problem we are trying to solve. We are forgetting about the huge benefits people are getting. Crores of people are getting direct benefit transfer without hassle. They can go to a village business correspondent and withdraw money using Aadhaar. They can get their SIM card and open a bank account using e-KYC.

You are also forgetting that people are getting empowered. That portability has ensured the bargaining power has shifted from the PDS shop owner to the individual. If a PDS guy treats him badly, the individual can choose another shop, earlier he could not do that. The empowerment of millions of people to buy rations at the shop of their choice is extraordinary.