The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Tuesday, May 23, 2017

11456 - What the Aadhaar authority needs to learn from Zomato’s response to hacking - Scroll.In

Far from being open to questions, UIDAI has chosen to go after anyone who raises genuine concerns about the security of Aadhaar data.

Published 21 hours ago.  

The Unique Identification Authority of India does not take kindly to criticism. The body, which issues India’s 12-digit unique identity numbers known as Aadhaar and administers the centralised database with biometric scans of more than 100 crore Indians, has in the past filed complaints against a journalist and a think tank head for pointing to flaws in the storage of Aadhaar details. This week, UIDAI sent a letter to Bangalore-based Centre for Internet & Society suggesting that its report, which revealed that government websites were giving easy access to 13 crore Aadhaar numbers, was in fact potential evidence to prove that the Centre had been involved in illegal hacking.

The letter from UIDAI asked for CIS’ help in bringing to justice those involved in “hacking such sensitive information,” and said that it had asked for the centre to respond to UIDAI by May 30. The letter also asked CIS to specify “how much (of) this data have been downloaded by you or are in your possession, or in the possession of any other persons that you know.”

Easily accessible
The Centre for Internet & Society had on May 1 published a report claiming that around 13 crore Aadhaar numbers and 10 crore bank account numbers were easily accessible on four government portals connected to welfare schemes. The report pointed out that, though the Aadhaar Act makes it illegal to publish a citizen’s Aadhaar number, government websites were making it easy for just about anyone to access a vast number of these numbers as well as other data such as bank account numbers. It added that this sort of information could be used for financial fraud and profiling, among other things.

Although access to the numbers may not have been as simple as just going to the portals, the report pointed out that anyone with a basic awareness of technology would easily be able to get to the documents storing these Aadhaar details. “Sensitive personal identity information such as Aadhaar number, caste, religion, address, photographs and financial information are only a few clicks away and suggest how poorly conceived these initiatives are,” the report said.

The report was officially published and publicised, with the aim of bringing to the attention of the state and the wider public the fact that such information was readily available, and that too on government websites. The letter from UIDAI, however, seems to suggest that, far from being concerned about the lax standards at government websites, the authority instead wanted to go after CIS for pointing to these weaknesses in the Aadhaar architecture.

UIDAI’s complaints
This is not the first time UIDAI has chosen to act this way. When CNN-News18 journalist Debayan Roy attempted to demonstrate that a person could obtain two separate Aadhaar enrollment numbers with the same biometrics, the Delhi Police filed a First Information Report against him. And when think tank head Sameer Kochhar pointed to the potential use of stored biometric data to carry out unauthorised transactions, the UIDAI registered a complaint against him as well.

It seems evident that the authority does not recognise the difference between public interest efforts to point out weaknesses in the government’s massive scheme, which involves biometric data of more than 100 crore Indians, and actually malicious hacking. Indeed, it would be hard for the government to argue that the CIS’ work, which was published in an official report, could possibly be analogous to that of a hacker who was trying to grab data that should otherwise be secret.

CIS added an update to its report on May 16, clarifying some of the questions that had been raised about its effort. It pointed to a number of reasons why it cannot be said to have violated the hacking sections of the Information Technology Act. Those reasons include
  • the fact that CIS informed all the government departments mentioned, including UIDAI, about the data that was easily accessible, before publishing its report.
  • the fact that the datasets had been uploaded by the government departments themselves and were publicly available via search engines,
  • and that they were not guarded by any passwords or access protocols. In one case, anyone could just change the URL from ‘nologin’ to ‘login’, to access details, even without the use of a password.
“If what CIS researchers did violates the law, then every single person visiting a government website without taking prior approval from the site’s owner would be violating the law as well. Clearly this is not what the law is meant to do and has not been done in this case.” 

Chilling effect
UIDAI’s behaviour seems likely to have a chilling effect on anyone who raises concerns about the very genuine security problems that have plagued one of the largest government-mandated data collection and storage efforts in history. Its decision to pursue criminal cases, rather than work with an organisation that, in CIS’ case, even gave it prior information about the problematic websites, makes it clear that the authority has little interest in ensuring the secrecy of Aadhaar numbers, despite the Aadhaar Act making it illegal for them to be displayed.

The body’s behaviour seems even more egregious because it came around the time of two other news breaks. There were allegations that one of the influential think tanks closely associated with the UIDAI was resorting to trolling critics of the Aadhaar project through anonymous Twitter profiles.

The other was the news of a massive data breach at Zomato, a company that lists restaurants and allows people to order food online.