In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Monday, May 7, 2018

13472 - 9 Questions to the Election Commission on Aadhaar-Voter ID Linking - Quint

https://www.thequint.com/voices/opinion/aadhaar-voter-id-linking-election-commission

9 Questions to the Election Commission on Aadhaar-Voter ID Linking

31 crores. 38 crores. 32 crores.

These are the number of people who have ‘voluntarily’ linked their voter ID with Aadhaar, depending on whether you believe the UIDAI or Chief Election Commissioner OP Rawat (on 23 January 2018) or CEC OP Rawat (this time on 10 March 2018) respectively.

54.5 crores.

This is the total number of linkings that CEC OP Rawat says “will be done as soon as we get a nod from the Supreme Court.”

Why is This Concerning?

Because the Election Commission claims to have got those 31/38/32 crore voter IDs linked to Aadhaar numbers in the space of a mere 3 months in 2015.
Which not only raises questions about how voluntary this process was, but also theway in which this was done. After all, Aadhaar-related work was being carried out back then without any proper regulatory framework, and to a large extent by an army of private agencies and operators, 50,000 of whom have since been blacklisted.

Is the EC Still Linking Voter ID Cards to Aadhaar?

Thankfully, the process, part of an initiative called the National Electoral Roll Purification and Authentication Programme (NERPAP), was suspended because of the Supreme Court’s interim orders on Aadhaar in August 2015. However, from the CEC’s statement about 54.5 crore further linkings, it is clear that the EC hasn’t given up on the idea.
Ever since the Aadhaar Act 2016 came into force, the EC has been trying to get the Supreme Court to allow them to resume the seeding of Aadhaar and voter ID cards on a voluntary basis.
However, in late 2017, the EC filed a revised application in the Supreme Court, asking for permission to make seeding mandatory (this only became public in March 2018).

The Questions That Need to be Asked

The apex court has thankfully not granted permission to do this just yet, but now that arguments in the main Aadhaar case are almost finished, the judges will soon need to consider this request.
Whether the Court holds Aadhaar to be constitutional or not, the judges must ask serious questions to the Election Commission on the exercise thus far, from the standpoints of privacy and data protection. If the answers are unsatisfactory, not only will all the data previously collected need to be deleted, but stringent safeguards will need to be put in place to govern any such exercise in the future.
On the basis of the information we have now, these nine questions would be a good place to start:
(1) What is the exact number of people whose voter IDs have been linked with their Aadhaar number?
The fact that the UIDAI’s figure from 2017 is lower than those quoted by the CEC in 2018 is concerning, especially since the original figure provided by the CEC is much higher. In fact, reports from 2015 indicate that 34 crore linkings took place.
This will be important to know in the event the Supreme Court’s final decision requires the EC to get rid of the data it has, to verify whether they actually carry out the instruction.
(2) On the basis of what authority did the EC start linking Aadhaar with voter IDs in 2015? Which rule or legislation gave them the authority to do so? Was it directed by the Union Government?
Since there was no Aadhaar Act at the time the exercise was carried out, it is important to know what allowed the EC to conduct the NERPAP with Aadhaar linkage.
Even if the process was truly voluntary, it is difficult to see how the EC decided the official elector’s photo identity cards (EPICs) issued by the EC could be linked with a scheme which didn’t have proper legislative sanction at the time.
(3) Did the EC utilise the services of any private companies/entities when conducting the linking? What were the exact functions of such private companies/entities and what measures were put in place to ensure such private companies/entities did not retain any data?
The entire Aadhaar ecosystem prior to 2016 was dependent on the involvement of private players, whether for enrolment or special projects like this – Maharashtra for instance used the services of private company SAS to seed Aadhaar and voter information. There have been multiple instances of these private players retaining data and software relating to Aadhaar, who can sell this information to anyone regardless of legal restrictions.
From the EC’s August 2015 circular which suspended the NERPAP, it appears that Aadhaar data was being collected from agencies.

Election Commission’s Letter on NERPAP dated 13 August 2015
Election Commission’s Letter on NERPAP dated 13 August 2015
Election Commission of India (http://eci.nic.in/eci_main1/Current/NERPAP-AADHAAR_14082015.pdf)
(4) What were the channels used to receive the Aadhaar data from electors? How exactly was the seeding process carried out?
The NERPAP supposedly received Aadhaar numbers from electors, but we need to know how exactly this was done – email, text, paper documents, orally, etc.
Even if private contractors were not used for receiving Aadhaar numbers from electors or seeding, the system may still not have been secure, especially if the Common Service Centre (CSC) infrastructure was used. Understanding how the information was collected is essential to understanding whether the data of those 31+ crore individuals was compromised during the linking process.
According to the August 2015 circular, it was not just the EC, but also other officials connected with NERPAP,  who were carrying out the seeding, hence the need to understand how this was carried out to assess any vulnerabilities.

Election Commission’s Letter on NERPAP dated 13 August 2015
Election Commission’s Letter on NERPAP dated 13 August 2015
Election Commission of India (http://eci.nic.in/eci_main1/Current/NERPAP-AADHAAR_14082015.pdf)
(5) What are the security measures in place to protect the data collected by the EC?
Even if the data was collected in a safe manner, the database has been with the EC for almost three years now. As the recent hacking of Provident Fund data shows, there is a constant risk of hacking and this information needs to be properly protected.
Since the Aadhaar Act 2016 wasn’t in force at the time, it is unclear what security was put in place to protect the data. Hopefully it wasn’t just a 13-foot high wall.
(6) Has the EC shared the data collected by them through the linking exercise with anyone, including individuals, corporate entities, or government departments? Do they envisage allowing anyone to access their data and under what circumstances would this be possible?
As pointed out in more detail below, there are serious risks with sharing this kind of information.
Again, since the EC collected this information before the Aadhaar Act, there weren’t any effective restrictions (ie, with consequences) on sharing it (arguably there are none even after the passage of the Act), which means that all the information they have could have been accessed by other parties even without being hacked. The August 2015 circular mentions this letter from May 2015 as containing instructions on maintaining confidentiality, but there are no measures detailed in this.
(7) How was the Election Commission able to receive and link so many numbers within such a short period of time? Since the process was supposed to be voluntary, what documentary records of consent does the Election Commission have from the individuals whose records were linked?
There is a significant risk that linking of Aadhaar to other information can be done without a person’s consent. A Hindustan Times investigation by Aman Sethi found that State Residential Data Hub (SRDH) internal documents showed that they had the capability to link Aadhaar with any personal document of a resident,without the individual’s consent.
The August 2015 circular indicates that data was being received from “state hubs”, which gives rise to concerns that the linking of voter IDs could also have been done in such a manner, which means the data and voting rights of crores of people could have been compromised without their knowledge.
(8) What steps were taken to ensure the Election Commission obtained informed consent to link Aadhaar and voter IDs? How many complaints about misinformation and coercion were received?
A crucial aspect of the arguments before the Supreme Court on Aadhaar has been the fact that informed consent wasn’t taken from people with regard to linking Aadhaar to various things.
If people were not made aware of the exact consequences of linking (and not linking) their voter IDs to their Aadhaar numbers, including what happens at the polling booth if there is a mismatch, or what happens if their Aadhaar number is deactivated, getting their consent would not be enough given the possible consequences.
In fact, the EC’s May 2015 letter itself notes they received complaints about confusion as to whether names would be struck off the electoral rolls for non-furnishing of Aadhaar, even though this was supposed to be a voluntary process.

Election Commission’s Letter on NERPAP dated 22 May 2015
Election Commission’s Letter on NERPAP dated 22 May 2015
Election Commission of India (http://eci.nic.in/eci_main1/current/NERPAP%2022-5-2015.pdf)
(9) Since the Election Commission now wants to make Aadhaar seeding mandatory, do they intend to only allow people to vote after a successful authentication (biometric, OTP or virtual ID)?
See the next section for dangers of making Aadhaar authentication mandatory for voting.

The Dangers of Linking Aadhaar to Voter IDs

Even if there were satisfactory answers to these questions, there are serious risks that can arise from this kind of linking. The experiences with SRDHs across the country shows how dangerous linking Aadhaar to multiple services can be, since it leads to collation of sensitive personal information that would otherwise have been kept separate.

The Andhra Pradesh government, for instance, used this data to compile a database which included the exact geographic location, caste, religion and more of millions of residents. This database was publicly available online till recently.
The potential for profiling voters using such an Aadhaar-seeded database is tremendous, even more so than normal thanks to what can be gleaned from Aadhaar authentication logs, which then allows for gerrymandering, intimidation and harassment. Seeding voter IDs with Aadhaar also opens up more possibilities of exclusion of legitimate voters. This could happen because:
  • their Aadhaar is deactivated (for which there is very little effective relief – all you can do is apply to a UIDAI grievance redressal centre);
  • their Aadhaar details aren’t accessible because of a glitch in the system or a connection failure;
  • they fail to authenticate their Aadhaar (if biometric authentication is carried out) – after all, the UIDAI admitted in court that the failure rate for linking Aadhaar with government services is 12%.