In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Sunday, May 23, 2010

30 - India 's UID And The Fantasy Of Dataveillance

24th August 2009
India 's UID And The Fantasy Of Dataveillance
By Binu Karunakaran
24 August, 2009 -Countercurrents.org
http://www.countercurrents.org/karun240809.htm

The perils of establishing nationwide identity systems have always been a hot topic of debate in countries that attach great value to privacy and human rights of its citizens. Plans to launch national ID cards have met with stiff opposition in UK , which announced the final design of its card in end of July 2009. The United States Senate too is getting ready to debate the PASS ID bill, a renamed version of George Bush regime's REAL ID that will bring in a national ID through the backdoor.

Compare this with the scenario in India where the UPA government is pushing ahead with a national ID program through the Unique Identity Development Authority of India (UIDAI), a body created blatantly bypassing the authority of parliament. And there is not even a whimper of protest from civil society groups or politicians. The government presumably does not want to lose time on creating consensus or engage in a national debate on a project which has irrevocable implications on data security and privacy of individuals. The government knows that no questions on its limit of stupidity will be raised because the whole business has been outsourced to a CEO with brand equity called Nandan Nilekani. Now we hear that the illegitimate UIDAI will be made legitimate by an Act of Parliament - that loud thumping of desks drowned by the blabbering of many tongues.

According to one estimate Rs. 150,000 Crore (US$ 30.9 bn) of taxpayers' money will flow out into the gargantuan task of making our lives similar to that of aquarium fish and no less secure. Imagine that kind of money and political will power going into healthcare and sanitation or basic education and poverty alleviation.

Show me your UID?


If media reports can be believed there won't be any human-readable intelligence loaded into the UID . It will be a random generated number (no physical card) that citizens can quote in dealings with government authorities, banking/taxation transactions or while interacting with e-governance applications. That would mean that personal information will exist only in a database and need to be paired with the UID when the situation demands. A unique number that will subsume our multiple and divisive identities, the mark of the perpetually wired beast

Some reports indicate having a UID might not be mandatory at all. But chances are that even if the UID is made voluntary the large inconveniences of non-participation will make it effectively mandatory.

The draft report on Personal Identification Codification (PIC) released by the Expert Committee on Metadata sheds some light on the data elements that would be stored in the database of the national identity system. The report says the objective of the PIC is to identify each and every person uniquely at the national level to ensure interoperability of information related to individuals collected by various govt/non government organisations. This throws up several questions: Will the government be the only authority which can use or request the UID? What information in those databases will be linked explicitly to other databases? Who has the authority to create this linkages and who all can access this information? Would the people who use the UID for various transactions be informed of the algorithms used to analyse their data. Will the data collected stored forever? Article 20, clause 3 of the Indian constitution states that " No person accused of any offence shall be compelled to be a witness against himself ." Will data records generated by the UID be used against the accused in a court of law? There is not much clarity on this as the confidentiality level of data elements (open to all, open only to security agencies/NGOs) are yet to be finalised.

But the security agencies will definitely have a say on this. They would be specifically interested in Data mining, a process that involves the use of mathematical analytical tools to detect patterns in large sets of data with the purpose of predicting certain kinds of behaviour, such as the propensity to engage in criminal activity or to purchase particular consumer goods. They would also be looking at data matching - the technique of comparing different databases so as to identify common features or trends in the data.

Oxford dictionary defines Function Creep as the way in which information that has been collected for one limited purpose, is gradually allowed to be used for other purposes which people may not approve of: The Social Security Numbers (SSNs) in the US, initially designed as only for administering social security benefits are now a common element in public and private sector databases, allowing for easy sharing and correlation of disparate records. In India the electoral ID cards currently fulfill a similar role. UIDs in the future might become mandatory when you apply for a cell phone connection, book an airline ticket or make a hotel reservation. The existence of common cross-references will make it easy for anyone setting out to create linkages between different sets of information that exists in a database.

How personal is your mobile number?


An alarming feature of the UID, if the PIC document is to believed is the proposal to include mobile phone and landline numbers as a data element for identification. Most telephone companies and ISPs store records of customers' telephone calls and it is now easy to map movements of a cell phone user by reading the way it locks with towers. A plan to centralise communications data in a government database will make it amenable for datamining for unusual patterns of behaviour. More than terrorists, in a country like India where the security agencies are known to toe the ruling party line, such facilities would be used to target political adversaries. More such hair-rising ideas are being researched by the government including conversion of Unique Identity Number (UID) into your very personal mobile number.

In the words of C-DOT Executive Director P.V. Acharya: "What we have thought is why not have one unique number associated with the person like the social security number in US or the UID. So that unique number we can use for the purpose of mobile communications also."

There are other worrying factors in the Personal Identification Codification like the inclusion of occupation and suffix (titles) code that speaks of a built-in class bias. The document envisages unique codes for all citizens - legislators to senior officials, corporate managers to office clerks and farm labourers to technicians. The suffix code according to the report will be used to identify titles bestowed by the state - Bharat Ratna, Padam Vibhushan, IAS and IFS. What could be the need for including census data relating to your status in society as an identification element? Will not this give rise to a situation where citizens will be discriminated against. How would an ordinary traffic policeman searching your ID papers in a highway react when he comes to know that you are an IAS official?

Annoyingly the PIC report depends on dubious online sources for defining its metadata elements - blogs and online dictionaries. For eg: Finger Print is defined by a definition copy pasted from an obscure website ppsblogs.net/crimescene/files/2007/06/forensics-terms.doc . I am not implying that the given definition is any way incorrect. Only that the task assigned to them deserves a bit more seriousness than a high school home assignment.

Digital sovereignty


Identity, security and privacy are terms that represents highly complicated, nuanced and deeply philosophic issues. The UID project itself deals with digital sovereignty of India and the privacy and dignity of its citizens. The project now certain to be linked to India 's multi-billion dollar e-governance program should also be viewed in the context of ongoing tussle between votaries of 'multiple-standards' (read proprietary software) and 'single standard'(read open source).

Pressure is on the government from the IT industry lobby to go in for 'reasonable and Non Discriminatory ( RAND )' terms and multiple standards. If accepted this will lead to multiple, proprietary standards. In a meeting held in June 2009 Nasscom pleaded the case of 'multiple' standards, while the Department of Information Technology (DIT), was of the view that 'complete interoperability could possibly be achieved only through single standard.' But statement made by the DIT secretary during the meeting also hints at a possibility of ensuring interoperability through multiple standards in consultation with Industry.'

Database state and the right to Information Self-determination


In 2006 a Congress MP from Maharashtra Vijay J. Darda introduced an obscure piece of legislation in the Rajya Sabha. Though limited in scope and feeble in approach, The Personal Data Protection Bill, 2006 was an attempt to engage some of the dangers posed by the modern database state. The bill seminal in many ways is still gathering dust tucked deep inside the file of still pending bills in Rajya Sabha. One of the sections of the Bill read: The personal data of any person collected by an organization whether government or private, shall not be disclosed to any other organization for the purposes of direct marketing or for any commercial gain. The personal data could be disclosed to voluntary or charity organizations only after obtaining prior consent of the person.

Such a clause would have defeated the very purpose of data protection bill because a very thin line separates the modern NGOs from Corporate houses. The distinction between public sector and private databases are now increasingly blurred. We are also living at a time when services are increasingly being provided through public-private partnerships and joint ventures.

The newly amended IT Act has some provisions that deals with data protection but it is not clear if they can tackle issues of privacy thrown up by the sensitive nature of personal information coded in an Unique ID that can be mapped or mashed up in the realm of cyberspace. The section 43A states that if a “body corporate” possessing, dealing or handling any “sensitive personal data or information” in a computer resource which it owns, controls or operates is negligent in implementing and maintaining “reasonable security practices and procedures”, and thereby causes wrongful loss or wrongful gain to any person, this "body corporate" will become liable to pay damages as compensation to the affected person.

Vijay Darda's Bill for the first time in India was talking about the right of an individual to decide on what information about self should be communicated to others and under what circumstances. The right of Informational Self-determination is considered crucial with regard to the protection of privacy of an individual in the age of internet and real-time updated computer databases which makes total surveillance possible.

The term was first used in the context of a German constitutional ruling relating to personal information collected during the 1983 census. The German Federal Constitutional Court ruled: “[...] in the context of modern data processing, the protection of the individual against unlimited collection, storage, use and disclosure of his/her personal data is encompassed by the general personal rights of the [German Constitution]. This basic right warrants in this respect the capacity of the individual to determine in principle the disclosure and use of his/her personal data. Limitations to this informational self-determination are allowed only in case of overriding public interest. ”

A 2009 report commissioned by the Joseph Rowntree Reform Trust Ltd on the perils of the British Database State analysed 46 UK government databases and found that only six of them have a proper legal basis for any privacy intrusions and are proportionate and necessary in a democratic society. It found that nearly twelve of them are illegal under human rights and data protection law and should be scrapped or substantially redesigned. The remaining 29 databases were recommended for an independent review because of significant privacy concerns.

It would be an absolute misadventure on part of India , which lacks even basic legislation to protect the personal data of its citizens, and a climate for informed debate on the ethical and moral implications of the UID project to play into the hands of a few dataveillance fantasists.

References

Database State, Report by Rowntree Reform Trust Ltd

IDs—Not That Easy, Questions about nationwide identity systems

Informational self-determination

Draft Person Identification Codification

Generic Data Elements