The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholarUsha Ramanathandescribes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the#BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Monday, June 25, 2018

13711 - Privacy advocates seek stronger laws - The Hindu

NEW DELHI, JUNE 18, 2018 01:45 IST

A citizen advocacy group has put together a model Bill that focuses on user rights, data protection

The Cambridge Analytica scandal and the Aadhaar database security concerns have provoked a citizen advocacy group to launch a campaign to protect the privacy of individuals in India.
A set of lawyers and policy analysts have put together a model Bill — the Indian Privacy Code, 2018, — with an overriding effect over the Aadhaar Act. The initiative, backed by the Internet Freedom Foundation (IFF), is looking to garner public awareness and nudge the government into adopting a strong law focused on user rights.

The model Bill envisages a law that will prevent some of the fundamental features of the Aadhaar Act from allegedly operating against citizens. This, the advocacy group expects, will shift power from the Unique Identification Authority of India (UIDAI) to the people.

Advocate Apar Gupta, a co-founding member of IFF, said fundamental features of the Aadhaar Act make its use mandatory while being a universal digital ID not tied to a specific purpose.

Sensitive form of data
“It relies on biometrics, which are an incredibly sensitive form of data. It results in mass surveillance as precondition to availing essential services. Due to its architecture, it makes people vulnerable to data breach and identity theft,” Mr. Gupta said.
However, the model Bill seeks to allow people the option of knowing how much of their data are collected, what information is parted with and what are its consequences. More importantly, it will clearly demarcate an option for the people to refuse consent. This undercuts the Aadhaar Act but more importantly the administrative practices which have resulted in making it mandatory, Mr. Gupta said.

IFF members were also part of the ‘Save the Internet’ campaign that was instrumental in pushing back Facebook’s Free Basics in India.

The advocacy body said its latest campaign, ‘Save Our Privacy’, was to make sure that India gets a privacy and data protection law that protects the fundamental right to privacy.

Privacy law
There is no separate law in India on privacy and data protection. While many drafting efforts have been made since 2010, little has come out of it. In 2012, an Expert Group on Privacy, chaired by former Delhi High Court Chief Justice A.P. Shah, had submitted a report to the Planning Commission. The report had recommended passing a law that makes privacy safeguards technology-neutral and applicable to both government and private sectors.

During the Aadhaar hearing before the Supreme Court in mid-2017, the Centre had constituted a committee of experts under the chairmanship of former Supreme Court Justice B.N. Srikrishna. This committee had released a White Paper and is expected to recommend a draft law to the Ministry of Electronics and Information Technology.

A nine-judge Bench of the apex court had last year declared privacy as intrinsic to life and liberty, and an inherent right protected under the Constitution. This means that an ordinary citizen can now directly approach the court in case of violation of his/ her privacy. The verdict armed the common man against unreasonable State intrusions and protected informational privacy in a digital age.

During the hearing, the top court had expressed apprehensions against the State passing on personal data collected from citizens to private players.

Privacy commission
The model Bill is built on seven progressive privacy principles, including use and purpose limitation (personal data collected for specified purposes cannot be further processed for other purposes) in collection and processing of data. It said a strong and independent privacy commission was necessary to ensure that data protection rights are enforced. The model Bill provides the privacy commission wide powers of investigation, adjudication, rule-making and enforcement.

The model Bill said the government, its arms, bodies and programmes should be made compliant with the privacy protection principles through a data protection law. “We support the use of digital technologies for public benefit. However, it should not be privileged over fundamental rights,” the advocacy group said.

Mass surveillance
“The government is responsible for delivery of many essential services to the public. These services must not be withheld from an individual due to such individual not sharing data with the government...Withholding services on the pretext of requirement of collection of data effectively amounts to extortion of consent. Individuals cannot be forced to trade away data and citizenship at the altar of being permitted to use government services and access legal entitlements on welfare,” the advocacy group said.

The group said the data protection law will have to limit mass surveillance as it contravenes the principles of necessity, proportionality and purpose limitation. It said that evidence gathered illegally, such as telephone intercepts without valid tapping orders, is inadmissible as proof in legal proceedings. To ensure further accountability, all such orders need to be communicated to the person who was surveilled.

Collection of data
The model Bill seeks to ensure that no government or private entity collects sensitive personal data without consent from an individual. The individual will have the right to obtain information from the data controller. This information will include purposes of storage and processing; categories of personal data; recipients to whom personal data have been or will be disclosed; the right to lodge a complaint with a supervisory authority; and existence of automated decision-making.

More importantly, the individual will have a right to request erasure and destruction of data at any time, and data controllers and processors will have to comply with such requests within a fixed time frame.

Offences and penalties
The model Bill also seeks to provide punishment for those found illegally collecting, receiving, storing, processing, disclosing or otherwise handling any personal data. Punishment for this offence may include a fine of ₹1 crore and a three-year imprisonment. Even illegal surveillance of another person will be liable to a fine, which may extend to a fine of ₹10 crore and a five-year jail term.

The foundation has sent an e-mail to the Srikrishna Committee, with a copy of the model Bill. It said this was a policy fix for recurring concerns and controversies, including issues such as Aadhaar, Cambridge Analytica, the social media communication Hub and Edward Snowden’s revelations on mass surveillance.