The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Thursday, May 18, 2017

11422 - Time to Fix Aadhaar - Rajeev Chandrasekhar

Time to Fix Aadhaar
In spite of high-decibel promotion, Aadhaar has several loopholes that can impact national security and invade people's privacy

Rajeev Chandrasekhar   New Delhi     Print Edition: June 4, 2017

There has seldom been so much fog and noise around a programme as we have around Aadhaar.

First conceived under the Vajpayee government as a national ID Card, it was taken up by the UPA as the watered down but heavily hyped Aadhaar. The narratives around this through the entire UPA term were about the miracles of technology and what it would do to transform governance - the broad-brush, sweeping characterisation of the benefit of technology without much thought about how it would be used. As one of the earliest critics of its watered down specs, I jokingly referred to it as a solution looking for a cause way back in 2012.

But the few voices like mine that did point out the obvious mistakes in its design and concept were brushed aside by the tidal wave of PR that was unleashed. The Unique Identification Authority of India (UIDAI) had even hired a journalist as its full-time PR. There was no parliamentary debate or scrutiny except for one in the Standing Committee of Finance, which was blunt in its critique of it - possibly the reason why there was a conscious effort to duck Parliament for the rest of the UPA term. Despite the lack of public scrutiny, thousands of crores were spent on collecting and building the database that is known today as the Aadhaar DB.

Fast forward to 2014 and the NDA government had two options - to shelve it or to fix it and move ahead. I was among those who felt that the money spent should not be wasted and it could still be used to deliver subsidies better. It is to this government's credit that it did not just junk this project. This government, from its first day, was invested in the vision of technology enabling the transformation of governance. Hence, we have come across Digital India and Transform India! Aadhaar, with all its flaws, can still be used to implement this vision.

Aadhaar was subjected to Parliamentary scrutiny and given legislative backing by the Aadhaar Act passed in 2016. The government addressed the issue of lack of verification and fake entries by making the UIDAI statutorily responsible under Section 3(3) of the Act, for verifying the entries. So if there is a fake entry, the officials of the UIDAI will be responsible. But the problem is: Prior to the law being passed, over 100 crore enrolments had already happened.

It was widely known that in the run-up to 2014 elections, the Congress and then UIDAI Chairman, who was also contesting, were in a race to enrol large numbers for Aadhaar. Because of the strange (or maybe deliberate) loose verification process of using small, often fly-by-night enrolment agencies, many fakes were being reported. In the absence of any audit and reverification/clean-up, this made the Aadhaar DB an unverified or poorly verified database.

Fast forward to now and a recent case highlights the risks. Two Pakistani spies were found with Aadhaars under fake names but with their own biometric data. 

A new definition of fake is now standard where biometrics are real but the identity is fake. There are thousands of reports highlighting such incidents, caused by the casual and almost criminally negligent pre-enrolment verification process during the UPA regime. This should give us cause for worry at a time when there are attempts (often without knowing its implications) to expand the use of Aadhaar into a full identification system - for accessing airports, opening bank accounts and so on. It is causing worry as terrorists may use fake Aadhaars to enter the financial system or carry out money laundering. Who will be responsible if a fake Aadhaar (fake ID with real biometrics) is used by terrorists/foreigners to get into the financial system or obtain a passport or get a voter identity card? What protections exist to ensure that the 110 crore Aadhaar entries do not have any such entry among them?

This authenticity issue is seen as a victimless flaw because it does not seem to impact any person. But it impacts the larger issues of national security and financial sector integrity and risk.

 These are legitimate issues to be dealt with by institutions like the Reserve Bank of India (RBI) and the National Security Council/Home Ministry, but they have been behind the curve and seem to have unquestioningly bought into the narrative of a technological miracle that had been peddled for several years.

Thankfully, and as I had predicted way back, issues like data security and privacy have come to the fore and people are now focusing on Aadhaar. The debate and scrutiny have become mainstream, moving away from a few MPs and activists to consumers and citizens. As the use of Aadhaar is expanding, more and more concerns about its design, operation and misuse have surfaced. Moreover, it is common knowledge that there have been data breaches, exposing sensitive personal information of millions of citizens, including Aadhaar numbers.
Who is responsible for ensuring that data and information pertaining to each member is not made public and not misused? What is the method of adjudicating and getting damages if such a thing happens?

Who is responsible for ensuring that databases are managed securely against hackers and data breaches? What kind of accountability exists in those organisations that manage and control this data?

Unfortunately, the Aadhaar Act and regulations place no reciprocal accountability on the UIDAI to protect the database of personal information provided by citizens and are silent on the liability of the UIDAI and its personnel in case of non-compliance with the provisions of Section 3 and Chapter VI that require verification and protection of such data. The UIDAI has maintained a studied silence about these breaches because it is not required to report such cases. This must be fixed and reporting all data breaches should be made mandatory.
Many of these issues were raised long ago by some people and I was one of them. But they were dismissed or subsumed in the tidal wave of PR that Aadhaar had unleashed. There was even an epic article in which the Chairman of UIDAI claimed that the design of Aadhar had privacy built into it. A few years and many data breaches later, the song that is being sung now is about the need for a privacy law - precisely what was argued by me several years ago.

The current provisions regarding privacy and data protection under the Aadhaar and the Information Technology Acts are skewed in favour of those who hold our data and place an extraordinary burden on the individual to get justice. The issue of privacy is a broader issue that goes beyond Aadhaar. It raises legitimate questions about the roles and responsibilities of the State and other private agencies that are custodians of our digital footprints at the time of rapid digitisation of our lives and economy. It is a significant issue and I would encourage the government to take the lead. Concerns among citizens can be addressed only if the government articulates clear and public safeguards to prevent misuse and breaches. Technology solutions and even databases like Aadhaar are only going to improve governance and use of public money. But that must not blind us to their design flaws and Aadhaar is one that needs to be fixed.

The writer is Member of Parliament, Rajya Sabha, and Vice Chairman , NDA Kerala