In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Sunday, May 23, 2010

47 - Digital Identity Indian Summer By Dave Birch

Digital Identity Indian Summer
By Dave Birch posted Jan 11 2010 at 8:16 AM

The Indian government has ambitious plans to issue a billion Unique Identifiers (UIDs) in the next few years, thus creating a national population register. There were many reasons for this, but one was social inclusion.

The upper and middle classes have many forms of identity but the poor often have none

[From ‘The idea is to be inclusive. The upper and middle classes have many forms of identity but the poor often have none’]
This is something that can get overlooked in the discussion about identity cards. One of the reasons why an identity card of the type conceived by the British government is so uninteresting to people like me is that I already have plenty of other forms of primitive identity documentation (ie, identity documentation that doesn't work online)such as a driving licence. So the marginal benefit of an additional expensive mini-passport is vanishingly small. But if I didn't have something like a driving licence, then how could I prove who I am? This may not matter when my horizon extends no further than my village. But suppose I want to get a mobile phone, or a mobile money account, something that will improve my lot in life significantly? Then the lack of documentation is a real barrier and means exclusion. Yes, of course the security services and law enforcement agencies want an national ID register, but the issue about the relationship between identity and inclusion is genuine, and important.

Lamenting that lack of identity proof often resulted in harassment and denial of services to the poor and marginalised, Prime Minister Manmohan Singh on Wednesday urged all ministries and departments to support the initiative to provide a unique identity number to all Indian citizens in order to improve the delivery mechanism of the government’s pro-poor schemes and programmes.

[From Back UID scheme for sake of poor: PM to ministries]
A great deal of government help targeted at the poor never reaches the intended recipients.

digital identity electronic identity cards trust mobile, emerging markets, government, ID cards

The Indian ID scheme may not be the most privacy-sensitive, but I can understand their constraints. They need something that is cost-effective for a billion people, which rules out more sophisticated, privacy-enhancing schemes based on PKI, biometrics and smart cards. But I think they haven't worked hard enough on the revenue side. I think a more sophisticated solution is affordable.

Now, one way of funding such a system (to which I assert the moral right of authorship and therefore naturally anticipate bono-style royalties in perpetuity) is to allow people to buy vanity ID numbers. What Indian billionaire wouldn't cheerfully pay a billion dollars in order to get ID number "1", for example? The numbers aren't going to be secret and nor are they going to code any data about the individual, so why not just auction off the good numbers? Ten billion income from the auction will easily pay for a great system, so that villagers can rent mobile phones, initiate money transfers and vote in a very efficient manner. At the moment, the ID number is just random:

...when you apply for Unique Identification (UID) number... Computer would throw up a random 16-digit number and there is no way you can change it [according to] Chairman of the Unique Identification Authority of India (UIDAI).

[From No chance of getting number of your choice under UID project- Software-Infotech-The Economic Times]
It's fortunate that the ID number isn't going to be secret, because it's unlikely that the rest of the database will be either.

the database would be stored on a central server and enrolment of residents would be computerized... the data base management would be outsourced to the company (after the consultant helps UIDAI identify it) which would operate as a depository

[From UIDAI to appoint consultant to identify database management co- Software-Infotech-The Economic Times]
Setting aside the wisdom or otherwise of storing everyone's personal data in a single central database, the point I wanted to make here is that the major cost of an enterprise of this kind is actually the cost of enrolment, not the cost of the system, so we'll come back to that in a minute. The reason that I say it's unlikely that the database will remain secret is that project data has already found its way on the the interweb.

A confidential document of the Unique Identification Authority of India (UIDAI) got leaked on the Internet on Friday. The report acknowledges potential data vulnerabilities of the ambitious project.

[From Leaked UID plan on Net fuels data theft fears: India Today - Latest Breaking News from India, World, Business, Cricket, Sports, Bollywood.]
It's no secret that there have been some issues with personal data in India.

A criminal gang selling UK credit card details stolen from Indian call centres has been exposed by an undercover BBC News investigation.

[From BBC NEWS | UK | Overseas credit card scam exposed]
So it's not much of a prediction to say that the database won't remain secret. Personal data appears to be bought and sold in India fairly readily, and the ID database will be no different. Whether that matters or not is a question for another day: a few billionaires may well object to having their personal details freely available to all, but to the 700-800 million peasants, the net welfare will be hugely positive.

Anyway, back to my campaign of free advice for the Indian government. This costs are all to do with enrolment. The task of physically collecting one billion biometrics, photographs and other details in a short period of time is a logistics nightmare.

The UIDAI also needs to work out feasible enrolment strategies for rural and urban, literate and illiterate, rich and poor alike to ensure that no willing resident is left out of the project. In this context, the UIDAI has already floated the idea of roping in multiple registrars, ranging from government agencies to banks, oil companies and insurance firms for the task.

[From A crucial year for unique ID project]
Amongst this panoply of registration possibilities, the government has been looking at mobile operators (rather than banks, as tends to be the case in developed countries) as an enrolment (and, undoubtedly, enforcement) channel. Of the billion people that the country hopes to have in the database around 2012, an estimated 700m will have mobile phones.

Outlets will have to be nominated where people can go to have their data uploaded on to the database. Here again, the 10 million-strong mobile sales and distribution machinery may hold the key. This is because India has 97% mobile subscribers in pre-paid category who return month-after-month to renew the charge on their SIM cards.

[From Unique identity project to mine cellphone data - India - NEWS - The Times of India]
How can you make this even more cost-effective? Get people to enrol themselves. When a peasant goes into a mobile phone shop to buy a phone, they put their finger on the reader or they look into the iris scanner or whatever. If they're in the database, the UID is displayed, if they're not in the database... well, they are now, and the system can generate a UID on the fly. The UID can then be attached to the SIM.

The issue of storing personal details should be a logically separate issue, and should be managed separately, but that's for another day. The point I wanted to make was that the Indian government is planning to create a national identity register for a population twenty times bigger than the UK for a lower cost than the UK.

[UIDAI] will also be responsible for gathering and electronically storing their personal details, at a predicted cost of at least £3 billion.

[From India to issue all 1.2 billion citizens with biometric ID cards - Times Online]
So if it costs three billion quid to register one billion people, we should be able to do it in the UK for a fiver per person, or a quarter of a billion quid. But that's what the government's ludicrous Children's Index cost by itself and less than the Rural Payment Agency (*) spent on making an Excel spreadsheet with a list of all UK farmers in it.

* Note for foreign readers, I should point out that the Rural Payments Agency is a fantastic example of UK public sector information technology, hence my gratuitous reference to it:

The systems... were “cumbersome, overly complex and at risk of becoming obsolete” and continue to “soak up huge sums of money”... yet the data they offered was full of errors... the 100 consultants, working to maintain the system, constituted an “incredible” number considering the scheme only paid out to 106,000 farmers. The consultants earned on average over £200,000 a year

[From Rural IT disaster boss awarded annual bonus]
I would have been much, much cheaper to have paid the farmers to retrain as management consultants, wouldn't it? Anyway, UK taxpayers may wish to turn away at this point:

The chief executive at the heart of a failed £350 million farmer subsidy system has been awarded a substantial bonus on top of his six-figure salary. Tony Cooper, head of the Rural Payments Agency, was paid £134,000 in the last financial year, and awarded an additional £12,000 bonus... Other executives were paid even more, in an office with a quick management turnover. A temporary human resources director took home a salary of £460,000 over two years, and a finance director took £353,000 over a similar period. The existing chief operating officer earns around £260,000 annually.

[From Rural IT disaster boss awarded annual bonus]
I am definitely, definitely in the wrong job.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c4fd753ef0120a7c1f846970b

Listed below are links to weblogs that reference Indian summer:

Comments

One of the rules of thumb in macroeconomics (ok, maybe not the most inspiring guide at the moment) is only try to hit one target with one instrument. Maybe one of the main problems with identity cards is that govts are trying to achieve too many things at once. Well, our government anyway. The competence and waste issues are logically separate I think, albeit always gobsmacking.

Posted by: Diane Coyle | 11/01/2010 at 09:16 AM

Dave

For goodness sake. One minute the Indians need ID numbers to get mobile phones, according to you, then it turns out that 7 or 8 hundred million of them already have mobile phones, also according to you. Come on!

As you and I have established over the years, incontrovertibly, the mobile phone *is* an ID card equivalent. The Indians don't need an additional ID number, any more than the Brits do.

Which suggests that the Indian agency trying to flog the idea of UIDs is probably in the same class as the UK Rural Payments Agency -- an expensive con(sultancy).

And biometrics! When are you going to acknowledge the point? The present state of the art in mass consumer biometrics is pitiful. The biometrics industry cannot deliver on its promises to deliver one-for-one correspondence between people and their electronic ID. You know that. You've been told that. Several times. When are you going to stop pretending?

L-1 Identity Systems are working with the Infosys man to getUIDs up and running in India. Take a look at http://dematerialisedid.com/BCSL/Genealogy.html and then tell me you think biometrics will deliver.

Pah!

Next door in Pakistan, they have biometric ID cards. Result? Domestic calm? All state benefits getting to the intended recipient? I don't think so. And look at Africa. As you often do. Vodafone is the bank. You've argued that for years. I add that, in that case, the phone is the ID card. No different for India. Or the UK. QED.

Posted by: David Moss | 17/01/2010 at 10:18 AM

" One minute the Indians need ID numbers to get mobile phones, according to you"

I didn't say that, because they don't. However, if the Indian government wants to push UID then, as they themselves have already identified, requiring a UID against each SIM would be a way to do it.

"then it turns out that 7 or 8 hundred million of them already have mobile phones, also according to you"

Indeed. Which is why I am advocating attached the UID to the SIM. I'm not commenting on whether the UID will enhance the commonweal, just on what might be a practical way to do it. If it were up to me, then I would attached the UID to the SIM with local (SIM-based) authentication for Indians who want it, and leave the UID as a number (with no card or other token) for those who do not. The crucial distinction that I make, as always, is between using the UID to ensure uniqueness in other, existing databases (a good thing, I imagine, if you're trying to cut fraud) and using the UID as a single identifier across all database, which is generally a bad thing.