In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Monday, July 26, 2010

315 - Without Foundation by Vickram Crishna

Without Foundation by Vickram Crishna
26th July 2010


Aadhaar, ‘the foundation’ (loosely translated) is a gigantic project, that will assign unique numbers to all people in India, to serve as a single reference point to firmly establish their identity. UIDAI, the Unique Identity Authority of India, has been set up, ad interim, as a department of the Planning Commission of India to steward this project.

A friend of mine, Ram Krishnaswamy, has tracked well over 200 articles extolling the merits of the project, and gathered them at the blog “Aadhaararticles.blogspot.com”. Specific references are linked in this blogpost.

Rather than reassure, however, they raise questions in the mind about the worth of the project. Ram and I decided to work together to compile some key questions. A detailed version of our study has been published in print, in MoneyLife, the magazine brought out by crusading journalists Sucheta Dalal and Debashis Basu. This blogpost reflects that article (which is part of an ongoing series).

Q1. Will the intended beneficiaries truly be people who live below the poverty line?
Q2. Will UID meet the needs of the poor?
Q3. How will UID contribute to the country’s economy?
Q4: Is UID (enumeration via a single reference high technology archive) the best way to reduce inefficiencies and prevent money leakages in subsidy programs?
Q5. How effective is the conduct of the pilot studies being carried out?
Q6. Will adequate precautions be taken to safeguard the database?

What is Aadhaar?

What is UID?: The Aadhaar scheme (the brand name has recently been assigned) proposes to assign each Indian resident a unique 12-digit number, thus enumerating Unique IDentity for all. Since the current population of India stands at around 1.2 bn people, in addition to which several millions of foreigners are temporarily based here (some welcomed, others not so, some for weeks, typically on holiday, others for months and years, on business or for many other reasons), UIDAI has set an initial target of issuing some 600 mn unique numbers within five years, ie around 2015 (Making a unique impression).

It seems an ambitious target, and certainly, the scale and cost (Rs 45,000 cr for the first phase) by themselves are ambitiously large.

One might be forgiven for thinking that, possibly, the size of this project, touted as the world’s largest single IT project ever commissioned, is more important than finishing it successfully. So much so, that it is hard for me to define what success might mean.

Q1. Will the intended beneficiaries truly be people who live below the poverty line?

Several press releases and announcements say the primary purpose is social welfare: a problem of dividing wealth equitably. Of course, ‘wealth’ is not really in the picture, India is just trying to guarantee everyone the bare minimum needed to live healthily. Benefits in cash or kind are distributed under various schemes, such as the National Rural Employment Guarantee Scheme, Sarva Shiksha Abhiyaan, National Rural Health Mission and Bharat Nirman.

One of the problems with all these projects, initiatives and schemes is apparently the difficulty of ensuring that benefits are given wholly to the specific people identified as qualifying for specific programs, typically persons living below the poverty line. Such people are easily disenfranchised by an endless cycle of verification of records, ruining efforts made to ensure fair distribution, and is one of the reasons that real delivery rates falter, between 6 and 15 per cent, as estimated by the late Prime Minister Rajiv Gandhi and others.

With Aadhaar, this problem is expected to be dealt with firmly. Aadhaar is a one-time verification system, against which all records will be inextricably linked (Unique Identification Number Project: Cautious Optimism). Any scheme wishing to verify a beneficiary or applicant, given the number, need only check a few critical details – for instance, name, fingerprints and now, perhaps, iris scans – in order to quickly assure the identity. Actually, largely due to the additional need found for iris scans to reduce error rates, the per-user cost estimate has shot up from Rs 31 to Rs 450.

Now, here’s an interesting statement : “The UID will become the single source of identity verification”(Law Resource India). It means that once residents are enrolled, they can use the number in many places – they will be spared the hassle of repeatedly providing supporting identity documents for each service they wish to access.

However, it is pertinent to note that the services that will actually, in the near term, be simplified by Aadhaar numbers, are obtaining a bank account, passport, driving license, and the like (Law Resource India). The public distribution system, the NREGS and other public benefits services have neither budgets nor plans to harmonise their systems with Aadhaar referrals.

It seems clear that, after spending this huge amount of money and putting in all this effort, the UID will, in the initial few years, primarily benefit people who access relatively sophisticated and upmarket services.

What should be particularly sobering is the fact that the home page of the project, which states the Mission, has no mention of benefits, to the poor or anyone else: the task is limited to issue of an unique identifier for all. There is no explanation of why this is a priority. The Mission statement reads: “The role that the Authority envisions is to issue a unique identification number (UID) that can be verified and authenticated in an online, cost-effective manner, and that is robust enough to eliminate duplicate and fake identities.”

Further down, both cost-effectiveness and robustness are examined.

Q2. Will UID meet the needs of the poor?

If a poor person gets money that is due to him directly in his bank account, he will have no reason to plead with tyrannical local officials or grovel before his elected representatives (Against insecurity – UID is a Good Idea).

Sadly, banking in India barely scratches the surface: the total number of bank branches as of March 2002, the latest published figures I could find (Source: Reserve Bank of India), was just over 66,000, and less than half of these were in rural areas, which account for around 70 % of the population.

A quick back-of-the-envelope calculation shows that each and every rural branch would need to service over 22,700 accountholders – clearly beyond their reach, in a land where urban customers struggle to get decent and timely bank services from branches who need to reach only around 9,000 customers each. If disbursements are to be paid mandatorily to bank accounts (the process to be simplified using UID), it sure won’t target the poorest of the poor.

I’ll go one step further: talk about bank accounts is risible. Rural banking is so far from a reality that any leveraging of it for the poorest is highly unlikely.

One emerging solution is microbanking, but microbanking organisations will need to upgrade their technology considerably to deliver services, if UID referrals are to be included. Microbanks are also not included within the broad banking framework, meaning that security measures in place ensure they cannot access clearing house operations, and other such enablers of modern banking, without which none of this leveraging can happen.

The upgrade cost of banking operations is not factored into UID budgets, nor is UIDAI mandated to drive the changes that are needed in the banking system, without which the UID referral is irrelevant.

Q3. How will UID contribute to the country’s economy?

This (Unique ID for Indians – Boon or Bane?) is a big vision project through which government services can be provided, tracked and accounted, together with enabling a multitude of private sector products and services that rely on accurate and positive identification of consumers.

Various departments, based on their needs, will refer to this number. The UID will help remove duplicate names from their service lists. While this would help clean up lists for NREGS (National Rural Employment Guarantee Scheme), senior citizen Pension Schemes, PDS (Public Distribution System) etc, it may also help clean up benami (faux) bank accounts etc. Informally, the Income Tax Department is said to have projected an additional tax collection of about Rs.40,000 crores annually!

These claims might be true, were the scheme intended to act against the continuing use of unaccounted money for trading. In that case, the target community would only be the economic ‘arrivistes’, the people who already have enough money to regularly feel the need to spend or acquire it by underhanded means. This would include all government officers, their extended families, politicians, businesspeople, agriculturists controlling upwards of 25-50 hectares of land, and so on.

In fact, the projected gains, in terms of enhanced income tax collection, simplifying transactions and dealings with government agencies for cash-related activities and so on primarily benefit this economically stable or upwardly mobile class.

However, the scheme is sought to be justified on the basis of deliverables to the downtrodden, not to uncover the moneys conceivably being hidden by the well-off.

It is doubtful whether this project will really boost the country’s economy directly, or will assist it by reducing the outgo on avoidable subsidies, a combination of both these things, or whether the true objective depends on who asks the question.

It seems far more likely that the unstated purpose of the scheme is to target the upwardly mobile class, but to do that, all Indian residents will have to be induced, by one means or another, to register themselves “voluntarily”.

Q4: Is enumeration via a single reference archive the best way to reduce inefficiencies and prevent money leakages in subsidy programs?

Most articles about Aadhaar (see, for instance, The Unique Identity number — putting all eggs in one basket?) harp on the superior quality of technology to be used, and that this will significantly cut the cost, time and hardship of necessary verifications.

The reality is somewhat different: to suggest that the UID assignation process will be robust enough to eliminate duplicate and fake identities, and can be verified and authenticated in an easy, cost-effective way, is somewhat premature, if not simply hype.

Some of the potential flaws in the process are listed briefly:

(a) digitally stored fingerprints are not image scans of real fingerprints, they are digital maps, reduced to a finite number of ‘points’. This computerised system was designed decades ago to cut down the time and effort needed to manually match thousands of prints of previously convicted criminals with a criminal suspect, not to provide perfect identifiers;
(b) digital representations of biometrics invariably allow for both false positives and negatives, as the original purpose is either to facilitate security pass-throughs for a relatively small number of people (convenience), or to rapidly filter through large numbers of images by pre-matching each image to a reduced set of digital markers;
(c) the value addition of iris scanning is unknown for testing on such a scale. The immediate cost is stupendous: per-identity costs go up from about Rs 31 to about Rs 450, but the results are not known, as such testing has never been done. This is quite different from scaling up a relatively reliable known procedure: iris scanning may well be quick and reliable (even after optimising it with a digital shortcut, and securing it from man-in-the-middle attacks during data transfers), but this is currently untested.

Again, it must be emphasised that the purpose here is mission-critical: every single genuine person must be allowed to move ahead with whatever activity is being filtered, without fail, or else the expenditure on UID is wasted.

Similarly, every single fraudulent attempt must be detected and stopped, without fail. Neither achievement is even claimed at this point in time.

By the time the database is created and verification scanners become commonplace, we could end up with a database with a population that exceeds the census figures, and UIDAI will again have to spend again for de-duplication, which would involve knocking on doors of suspected fraudsters (and genuine applicants who may have failed one of the tests or another, for a host of reasons) for identification. This is the present problem, that databases of applicants cannot be absolutely verified.

And it is not even as though the government is blind to the problem. Recently, the Rural Development Ministry launched its own revamped enumeration exercise to identify the poorest of the poor (who qualify for the designation ‘below the poverty line’, or BPL). This exercise is carried out every five years, and the current process is being revamped to eliminate the failures of previous surveys.

Q5. How effective is the conduct of the pilot studies being carried out?

Reports indicate that the rural studies being undertaken in several states fall short of standards of both accuracy and confidence. The National Census exercise, which has been merged this time with the National Population Register, at the urging of the UIDAI, is also contentious.

It is crucial, for a participatory democracy, that those surveyed be honestly and fully informed about the purpose of collecting personal information on such an intrusive and massive scale. Unfortunately, this appears not to be the case, as respondents later claim they were told that they would get free photographs and eye tests, or that this survey would assure them subsidies or the supply of free essentials.

Similarly, respondents of the National Census have been surprised to find that they are expected to reveal details of religion and caste, an enumeration that is against the letter and spirit of the Constitution of India. This has been sidestepped by replacing the census exercise with the creation of the National Population Register, a crucial component of the proposed UID database.

While doing this is evidently legal, it goes beyond the ambit of the Census. As such, it compromises the integrity of an institution that has an honorable and long history (the current Census is the 15th).

A recent article in the mainstream media describes how the trial runs take place: due to the lack of reliable electricity, officials take down data on laptops and even on paper, “to be transported to Bangalore some 75km away and filed electronically.” Will this data be erased from the laptops, and will the paper be destroyed? There’s not a word of caution in this article, which like many in this publication and others like it, seems uncritically laudatory of the mission (and by extension, its superhero-like leader). The thought of such personal information being casually or even criminally accessed, uncommonly easy due to the lack of safeguards, is frightening, or should be.

Q6. Will adequate precautions be taken to safeguard the database?

No system is completely immune to attack or, for that matter, internal leakages, other than one completely sealed off from outside links. Since a centralised digital identity store can only work when incoming data can be matched to the information in the database, one must take for granted that it will be prey to such attacks. This is the bane of all e-Governance scheme designs (Unique ID for Indians – Boon or Bane?).

Legally, there is no effective deterrent for such attacks. Worse, insiders (ie government personnel) are specifically protected by their sovereign work contracts from legal action, except with the specific permission of their superior officers. The existing laws on cybercrimes have not been tested against leakages in government systems, because their Draconian provisions (search and seizure without warrant, massive penalties) do not even apply to government servants.

There are three kinds of database faults: creational (deliberate or accidental falsification of identity, resulting in diversion of benefits from those entitled to them); design-based (incorrect verification due to compromise of the verification process, including man-in-the-middle attacks on data transfers); and procedural (for instance, when telecommunication faults or natural disasters create a need for rapid re-routing of verifications to alternate, or manual, methods). In the absence of an effective legal redressal framework, the process needs review, and should not proceed beyond the research stage.

Even at the research stage, the lack of judicial protection for the Constitutional right to personal privacy deserves highlighting. The conduct of research and live pilot studies inevitably places citizens and residents of India at risk of loss of privacy, particularly with regard to sensitive personal information, including biometrics. Much of this information is needed to safeguard property, ownership, both fixed and movable, especially money itself, and the addition of UID must be wholly positive, or else, not put property at risk.

UIDAI officials have repeatedly stated that such protection must be created, but its lack does not daunt them in practice from carrying out trial activities that in themselves place ordinary people at lifelong risk from abuse of personal information.

The consequences of wrongful identity matching, once UID becomes the standard reference point, are really harsh on the individual, and the current legal environment (civil cases take years and decades to resolve) is not up to the task of providing remediation.

For this reason alone, without completely foolproof systems in several areas of both technology and law (idealistic at best, if not far-fetched), going ahead with the UID is a deplorable waste of money.

To summarise, Ram and I narrowed down on six simple questions, to clear doubts about the deliverable merits of the Aadhaar scheme.

We find that firstly, it is not likely to provide benefits to the poorest of the poor in India, and secondly, is not designed to do so, definitely not in its first phase. We find that it is likely to benefit, on the contrary, the upwardly mobile part of the population, and the government, in the narrow terms of revenue collections, that may get enhanced due to the ease of tracking such well-off people and their financial transactions.

As far as solving the terrible problems that plague the delivery of benefits to the poor is concerned, a single reference point for verifications is neither the best solution known, nor is the exceeding difficulty of building and operating a centralised database achievable at a reasonable cost and effort. The systemic leakages that plague the delivery of social benefits hardly need misidentification, and that too, deliberate misidentification originating from faux beneficiaries. There is no clarity, therefore, on whether making this effort is sensible at all.

There is also no clarity on whether it will be possible to adequately safeguard the database, from its creation to its subsequent use as the ultimate reference. We found serious concerns with the methods being used to gather data in the pilot studies, that point to the possibility of future abuse, as well as manipulation of ill-informed people, in order to make them cooperate.