Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Saturday, June 2, 2018

13629 - Globalise identity, not aadhaar: Using one single database and identity management scheme for everything will not work - Times of India


May 31, 2018, 2:00 AM IST Eben Moglen in TOI Edit Page | Edit Page, India | TOI

By Eben Moglen and Mishi Choudhary

A couple of weeks back, Bill Gates committed his globe-girdling foundation to the goal of spreading Aadhaar to the world. This is a good idea wrapped up in a terrible idea.

Aadhaar’s premise – that the poorest of citizens has the most to gain from the efficiencies that strong, fast, inexpensive identity authentication offers in improving public services, payments, credit and healthcare – is undoubtedly correct. Aadhaar’s marketing – that these efficiencies have been achieved through the creation of one big, vulnerable database containing more than a billion peoples’ biometric identifiers – is a shoddy effort to ignore the increasingly obvious flaws in the system.
Because the premise of Aadhaar is correct, the Indian government has an enormous political stake in ignoring the flaws and shutting down public conversation. Globalising Aadhaar’s ambition is a worthy goal for the world’s social welfare policy makers, including the World Bank and Gates Foundation. Imitating a system that has barely reached version 1.0 and is already showing serious architectural flaws would be serious policy malpractice.

                            Illustration: Chad Crowe

Gates said that biometric identity authentication raises no privacy issues “in itself”, and went on in the next breath to say that every application built on top of it must be assessed individually for risks to privacy. Like TSB, the UK bank that ludicrously asserted before Parliament this month that its “basic banking engine” was working perfectly even though most of its customers could not access their accounts and some customers were able to access other peoples’, this idea that “the base is fine, it’s just everything else that might be broken” makes nonsense of any sane concept of technical architecture.

In theory, Aadhaar is indeed one base for a society wide digital infrastructure. Digital society requires reliable means of quickly and inexpensively asserting and confirming individual identity. The approach Aadhaar takes appears to be elegant and effective: collect everyone’s social and biometric identifiers (name, address, fingerprint, retinal data, eventually genomic sequence data), put them in one great big single database and provide a network access protocol to that database.

But this “one base for everything” approach contains both an architectural fallacy and a barrel full of unintended consequences. The rush to make Aadhaar mandatory for all sorts of social activities, from mobile telephone ownership to university enrollment, has been pressed on by a government eager to reap the theoretical advantages regardless of the burgeoning evidence of practical weakness. No reasonable evaluation of risks incident to security compromise and identity data loss has occurred. Implausibly, Aadhaar’s proponents have simply insisted that this one datastore will never be hacked or compromised, despite the overwhelming evidence that no data system (from the Swift system that ties together the world’s banks, to the security classification data on US federal employees, to UK national social security data) permanently and successfully resists intrusion.

What consequences will follow – and what measures of remediation will be possible – when a national-scale single-token identity store like Aadhaar is cracked, no proponent has explained. It will be as though we all used the same password on every website, and the list has gotten out all at once. Without a serious and complete explanation of the risks, their management, and the course of remediation after failure, no government should accept responsibility for the adoption of the technology.

In actual use, Aadhaar is presenting other operating flaws. Errors in biometric data acquisition in the field have left individuals who should be Aadhaar’s most important beneficiaries – those in receipt of public assistance – unable to receive subsistence benefits. The price at which parties can buy access to Aadhaar numbers in bulk has dropped low enough, according to press reports, to prove that leakage is occurring on a significant scale. Reports of false Aadhaar card scams are so frequent they no longer make the front page.

These difficulties are not merely “bugs in the system”. They are indicative of an underlying reality: using one single database and one single identity management scheme for everything from buying vegetables in the market to getting a passport will not work.

Neither overreaching government surveillance nor widespread criminality can be prevented if a society’s identity management structure is one big pile of infinitely valuable data surrounded by a macrocosm of arbitrary software. Aadhaar’s proponents have trumpeted the “open APIs” that can connect every Tom, Dick and Harry’s apps to the well-spring of government-managed identity. They have not, as they should, required that all programmes using the APIs be open source code, available for public inspection and auditing.

Privacy cannot be assured at all, illegal government surveillance cannot be prevented, and protection of the economy from widespread crime is impossible if government mandatorily collects information capable of compromising every citizen’s identity and then takes no responsibility for the management of risks downstream. As the Supreme Court considers the relationship between this technology and privacy rights of citizens, all parties – including billionaires from abroad – would benefit from some additional modesty.

It is right to begin learning how to bring the benefits of digital society to the entirety of the population, including by making digital identity a universal commodity. But we should be constantly improving not only the details but the fundamental design of our technology in light of experience. And we should not accept the present light-hearted “I’m just fine, it’s everybody else who has problems” attitude that Aadhaar’s public and private sector cheerleaders have adopted.

Eben Moglen is Professor of Law and Legal History at Columbia Law School. Mishi Choudhary is legal director of Software Freedom Law Centre, New York

DISCLAIMER : Views expressed above are the author's own.