The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Friday, January 26, 2018

12782 - All is not well with Aadhaar by Usha Ramanathan- Indian Express

Aadhaar breach: Gaping holes in data security and the unreliability of biometrics put a question mark on the project. UIDAI’s denials are increasingly unconvincing

All is not well with AadhaarAadhaar breach: The UIDAI admitted this had happened, but said “that was not us”, the database is safe. Then they began to threaten those who exposed the leaks with criminal action. (Illustration by Subrata Dhar)
Does it really not matter at all that the personal details of a billion people, including their name, address, gender, date of birth, parents’ names, possibly bank account number, mobile number, email address and photo have been exposed by anonymous sellers? Is the only thing valuable in the UID (unique identification) database the biometric data? If the demographic data is so easy to reach, how do we know the biometric data is safe?
The explosive report in The Tribune on January 4, which revealed the gaping holes in the security of the database, has provoked the predictable response from the Unique Identification Authority of India (UIDAI) — denial. The reporter explains the few simple and swift steps she had to take, and the Rs 500 she had to pay, to access a billion identities on the UID database. The UIDAI says this is “misreporting”, and what happened is not a breach — that the database is safe and secure. And that they will take legal action against those involved in the case — an implicit admission amidst much denial.
The leaks, breaches and misuses have become too frequent for the denial to be convincing.
The leaks have not been either sparse or rare. Among the ones that hit the headlines, with large numbers affected by the breach: In November 2017, 210 government websites and those of educational institutions displayed personal information along with UID numbers. The UIDAI admitted this had happened, but said “that was not us”, the database is safe. Then they began to threaten those who exposed the leaks with criminal action. In December 2017, it was discovered that Airtel had opened bank accounts in a payments bank that they had launched; and it had seemingly done that by fudging consent, procured while verifying sim cards. When people began complaining that they were not receiving their subsidies, the latter were traced to an Airtel account that customers did not even know had been opened for them. Now, this.
Some things have become clear over time. One, that the UID project is not just about the UIDAI. The UIDAI is certainly an important part of the project, but the project seeks to achieve ubiquity and universality and, in doing that, it involves private businesses. The Aadhaar Act 2016 does not permit private companies to mandate the use of the UID. So, the government uses its licencing powers to mandate that mobile companies and banks coerce mobile users into submission. Ever since the first MoUs between the UIDAI and various state governments, according to which the state governments were to act as registrars for the UID, the agreement was that the enrolment would include information that the UIDAI wanted for its database (KYR, or Know Your Resident) and anything additional that the government may collect (KYR+). Together, they were to become a means of getting a 360-degree view of people and communities. These now are the State Resident Data Hubs. They also come in various shapes and sizes. In Haryana, for instance, it is the Jan Kalyan and Suraksha Survey that captures every detail of every household, and of each individual in every household. See this to get an idea of how much the government wants to know you.
Ubiquity is achieved through mandating, either lawfully or otherwise, the inclusion of the UID number in every database. Hundreds of notifications, circulars, letters of instruction and many more such instruments compel people to get on the UID database, and to leave their “digital footprint” everywhere. Coercion was expected to help achieve universality — that is, everyone would be in the database. The “architecture” or “ecology” of the UID project involves leaving these digital footprints, by the use of state power and force if needed (and it has indeed been needed — people haven’t been happy to enrol, they have largely had to be pushed to the enrolment stations and also to the many, many other databases such as schools, hospitals, voter ID, ration, LPG, etc).
The UIDAI goes on about how biometrics are safe and out of reach. The truth is, biometrics are collapsing all round. The figures for biometric failure have been staggering. In Rajasthan, in the PDS, exclusion because of fingerprint failure has been close to 36 per cent — which means not even one person from 36 per cent households are able to authenticate using their fingerprints. Jharkhand has witnessed deaths because the poorest have had difficulty linking their UID number with their ration card. Documents in the UIDAI archive from between 2009 and 2012 show that biometrics was still in an experimental phase. That biometrics are not working as hoped is made evident in the Watal Committee report on digital transactions, in December 2016. At pp. 123-124, the committee says that biometric authentication requires the availability of internet and high-quality machines capable of capturing biometric details, making it contingent on these working. So, the committee asks that for digital transactions, the “OTP sent on registered mobile number of Aadhaar holder” be allowed, thereby downgrading biometrics.
Digital payments are in the business interest; not PDS. So, while fingerprints cause huge problems to the poor, the business interest shifts to other means because biometrics are not dependable.
The mantra has, in fact, been JAM — Jan Dhan, Aadhaar, mobile — three numbers that make up identity. It was in 2010 that Nandan Nilekani said to a reporter: “The slogan of “bijli, sadak, paani” is passé; ‘virtual things’ like UID number, bank account and mobile phone are the in-thing.” That is the imagination that is driving the project today. It is these three numbers that are being exposed in the breaches. Then, to say that all is well is clearly not quite the truth.
The project is putting people, and the nation, at risk. Those in court challenging the project have been demanding that the project be scrapped — not just the UIDAI, but the project. The breaches explain why what they are asking makes sense.
The writer works on the jurisprudence of law, poverty and rights