uid

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win. -Mahatma Gandhi

In matters of conscience, the law of the majority has no place. Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.” -A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.
Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant. Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017


Special

Here is what the Parliament Standing Committee on Finance, which examined the draft N I A Bill said.

1. There is no feasibility study of the project]

2. The project was approved in haste

3. The system has far-reaching consequences for national security

4. The project is directionless with no clarity of purpose

5. It is built on unreliable and untested technology

6. The exercise becomes futile in case the project does not continue beyond the present number of 200 million enrolments

7. There is lack of coordination and difference of views between various departments and ministries of government on the project

Quotes

What was said before the elections:

NPR & UID aiding Aliens – Narendra Modi

"I don't agree to Nandan Nilekeni and his madcap (UID) scheme which he is trying to promote," Senior BJP Leader Yashwant Sinha, Sept 2012

"All we have to show for the hundreds of thousands of crore spent on Aadhar is a Congress ticket for Nilekani" Yashwant Sinha.(27/02/2014)

TV Mohandas Pai, former chief financial officer and head of human resources, tweeted: "selling his soul for power; made his money in the company wedded to meritocracy." Money Life Article

Nilekani’s reporting structure is unprecedented in history; he reports directly to the Prime Minister, thus bypassing all checks and balances in government - Home Minister Chidambaram

To refer to Aadhaar as an anti corruption tool despite overwhelming evidence to the contrary is mystifying. That it is now officially a Rs.50,000 Crores solution searching for an explanation is also without any doubt. -- Statement by Rajeev Chandrasekhar, MP & Member, Standing Committee on Finance

Finance minister P Chidambaram’s statement, in an exit interview to this newspaper, that Aadhaar needs to be re-thought completely is probably the last nail in its coffin. :-) Financial Express

The Rural Development Ministry headed by Jairam Ramesh created a road Block and refused to make Aadhaar mandatory for making wage payment to people enrolled under the world’s largest social security scheme NRGA unless all residents are covered.


Search This Blog

Tuesday, May 23, 2017

11456 - What the Aadhaar authority needs to learn from Zomato’s response to hacking - Scroll.In


Far from being open to questions, UIDAI has chosen to go after anyone who raises genuine concerns about the security of Aadhaar data.

Published 21 hours ago.  


The Unique Identification Authority of India does not take kindly to criticism. The body, which issues India’s 12-digit unique identity numbers known as Aadhaar and administers the centralised database with biometric scans of more than 100 crore Indians, has in the past filed complaints against a journalist and a think tank head for pointing to flaws in the storage of Aadhaar details. This week, UIDAI sent a letter to Bangalore-based Centre for Internet & Society suggesting that its report, which revealed that government websites were giving easy access to 13 crore Aadhaar numbers, was in fact potential evidence to prove that the Centre had been involved in illegal hacking.

The letter from UIDAI asked for CIS’ help in bringing to justice those involved in “hacking such sensitive information,” and said that it had asked for the centre to respond to UIDAI by May 30. The letter also asked CIS to specify “how much (of) this data have been downloaded by you or are in your possession, or in the possession of any other persons that you know.”

Easily accessible
The Centre for Internet & Society had on May 1 published a report claiming that around 13 crore Aadhaar numbers and 10 crore bank account numbers were easily accessible on four government portals connected to welfare schemes. The report pointed out that, though the Aadhaar Act makes it illegal to publish a citizen’s Aadhaar number, government websites were making it easy for just about anyone to access a vast number of these numbers as well as other data such as bank account numbers. It added that this sort of information could be used for financial fraud and profiling, among other things.

Although access to the numbers may not have been as simple as just going to the portals, the report pointed out that anyone with a basic awareness of technology would easily be able to get to the documents storing these Aadhaar details. “Sensitive personal identity information such as Aadhaar number, caste, religion, address, photographs and financial information are only a few clicks away and suggest how poorly conceived these initiatives are,” the report said.

The report was officially published and publicised, with the aim of bringing to the attention of the state and the wider public the fact that such information was readily available, and that too on government websites. The letter from UIDAI, however, seems to suggest that, far from being concerned about the lax standards at government websites, the authority instead wanted to go after CIS for pointing to these weaknesses in the Aadhaar architecture.

UIDAI’s complaints
This is not the first time UIDAI has chosen to act this way. When CNN-News18 journalist Debayan Roy attempted to demonstrate that a person could obtain two separate Aadhaar enrollment numbers with the same biometrics, the Delhi Police filed a First Information Report against him. And when think tank head Sameer Kochhar pointed to the potential use of stored biometric data to carry out unauthorised transactions, the UIDAI registered a complaint against him as well.

It seems evident that the authority does not recognise the difference between public interest efforts to point out weaknesses in the government’s massive scheme, which involves biometric data of more than 100 crore Indians, and actually malicious hacking. Indeed, it would be hard for the government to argue that the CIS’ work, which was published in an official report, could possibly be analogous to that of a hacker who was trying to grab data that should otherwise be secret.

CIS added an update to its report on May 16, clarifying some of the questions that had been raised about its effort. It pointed to a number of reasons why it cannot be said to have violated the hacking sections of the Information Technology Act. Those reasons include
  • the fact that CIS informed all the government departments mentioned, including UIDAI, about the data that was easily accessible, before publishing its report.
  • the fact that the datasets had been uploaded by the government departments themselves and were publicly available via search engines,
  • and that they were not guarded by any passwords or access protocols. In one case, anyone could just change the URL from ‘nologin’ to ‘login’, to access details, even without the use of a password.
“If what CIS researchers did violates the law, then every single person visiting a government website without taking prior approval from the site’s owner would be violating the law as well. Clearly this is not what the law is meant to do and has not been done in this case.” 

Chilling effect
UIDAI’s behaviour seems likely to have a chilling effect on anyone who raises concerns about the very genuine security problems that have plagued one of the largest government-mandated data collection and storage efforts in history. Its decision to pursue criminal cases, rather than work with an organisation that, in CIS’ case, even gave it prior information about the problematic websites, makes it clear that the authority has little interest in ensuring the secrecy of Aadhaar numbers, despite the Aadhaar Act making it illegal for them to be displayed.

The body’s behaviour seems even more egregious because it came around the time of two other news breaks. There were allegations that one of the influential think tanks closely associated with the UIDAI was resorting to trolling critics of the Aadhaar project through anonymous Twitter profiles.

The other was the news of a massive data breach at Zomato, a company that lists restaurants and allows people to order food online.