In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Monday, January 31, 2011

1082 - Invitation to a Conference on Privacy Matters on 5th Feb at Bangalore

 

 

We invite you to participate

 

  in

 


PRIVACY  matters

 

 


 A conference about the challenges

 

  and concerns of privacy in India  


 


 

TERI Southern Regional Centre,

 

Bangalore

 

 


  On 

Saturday, February 5th

 at 10.30am




 


 


 How is your privacy important?

 


To Yourself? 

 

Your Family?

 

Your community?

 

Your country?

 

Your world?


                                                                                                                          





RSVP  

  




1081 - Security threat: Cops blacklist lax SIM dealers - Deccan Chronicle

Security threat: Cops blacklist lax SIM dealers

January 31st 2011
DC Correspondent

Jan. 30: More than a hundred agencies which were selling sim cards by various service providers, have been blacklisted by the state police. A senior police official said that for the past year, a strict vigil has been kept at the agencies and it was found that many were issuing sim cards without demanding legitimate identity proof.

Police said cases have been filed against agencies providing sim cards without address verifications and against all leading service providers across the state.

“There were incidents in which shopkeepers have deliberately disbursed sim cards on fictitious address proofs. We have also slapped cases on service providers across the state. 

Admitted, it’s the agencies which sell sim cards to the customers, but the onus is on the service provider to cross-check the address proof in each case before activating the sim card. These companies need to make surprise visits to ascertain the authenticity as well as the efficiency of the agency,’’ a police official said.
 
Sources said that after cases were filed against the heads of the service providing companies, there were efforts to obtain a stay on the investigation. “Some of the companies had approached the courts to get a stay on the investigation and also to obtain anticipatory bail. We have held a series of meetings with the service providing companies to communicate the importance of verification of the documents. However, despite all this there were still instances of sim cards being issued based on fictitious documents,’’ a police official said.
 
In fact, the verification of the end user, or the Know Your Customer (KYC), will soon be a complicated process with the entry of Unique Identification (UID). It was recently announced that UID would be used as a proof of identity for telecom purpose. Which means UID will replace the responsibility of KYC obligations on mobile service providers.
 
An official said while this is `good news’ for the mobile service providers, it might also be used as a tool to avoid KYC. “It is true that UID is tied up with the biometric identification and biometrics can be linked only with one UID. However, at the same time, one fraudulent UID can be used for multiple fraudulent mobile connections in various frauds. While banks are liable if the KYC on the fraudulent customer fails, similar liability falls on UIDAI,” an official said.
 
“Hence, there’s a possibility that banks and mobile service providing companies might swear by the UID to fulfill their Know Your Customer obligations,’’ the official added.

1080 - ID project needs proper security mechanism - DNA

Sunny Waghela
30th January 2011

The advent of the mega project, Unique Identity Number (UID) has been constantly catching my eyes and to say the least, it will be a good project to start with, except if India is deciding to follow a certain pattern of a country, which I guess you all already know. Following the system as well as the ideas of US is never going to get the poor Indian government anywhere near to the pinnacle, but it may suddenly counter-react to what may prove to be a disastrous project of all.

Not to mention the likes of the most experienced technical people at the very core of project, we will be having something which the US calls as SSN (Social Security Number). Now, SSN has a very bad past and some shaky and unseeingly ugly future with no clue whatsoever happening in the present.

Recent reports from their sites have suggested that they have been conned and have stipulated an annual cost of almost $50 billion in 2007 alone. With this huge an amount, Indian government may get obvious another reason to convert it into a 2G or a CWG!

Coming back to India, we have been already launched the project and UID will suppress a lot of paper work and will provide for the e-governance for the Lok Sabha as well as local assemblies. UID also promises to help transact online for pensioners and other working class as they will extend to get revenue with e-cash via the UID for basic amenities and other supplies of power, gas, as well as the real estates and many more. Though there wont be any doubt with an ex-Infosys heading the project, but actually, how secure can he keep all these transactions, where even the private banks tend to fail against the blackhat hackers?

Going back to US, the reports have shown that the websites as well as servers hosting the SSN database online are under constant attacks from hijackers all over the world. The Indian version of UID Aadhar promises of keeping up with it, but trusts me, I have visited that site, and looking at it, I hope to bring to the notice of government once again, that dealing with this systems is risky and the best of people require to handle this, or else it can be big a massacre, in the history of Indian cyber space.

It will shake the very foundations of the UID project. The websites showing links to the site of UID are so vulnerable, that it may be easy to enter through them. Apart from that, the UID site is not hosted on the NIC server, which Indian government touts blindly as its most secure server.

Bringing to the end, the UID process is only and will be successful if and only if, there is secure sense and information handling done properly, and not handed into some hands which can make it a repeat of other various disastrous projects, which I need not mention.

1079 - Errors plague Aadhar cards - DECCAN CHRONICLE

JANUARY 31ST 2011.
DC Correspondent

Jan. 30: Thanks to a software flaw, faulty details on lakhs of city dwellers are being fed into the Aadhar cards being prepared under Nandan Nilekani’s ambitious Unique Identification Project.
 
The enrolment software is unable to register certain particulars related to addresses in the Greater Hyderabad Municipal Corporation area because of inadequate default settings.
 
New wards that are formed after expansion of the GHMC as well as certain pin codes are not present in Aadhar software. This has created problems for lakhs of people particularly those living in surrounding municipalities.
 
For instance the Aadhar application takes 500094 pincode as Trimulgherry of Hyderabad though it is of Sainikpuri in Ranga Reddy district. Likewise, 500056 of Ramakrishnapuram in Ranga Reddy is taken as Trimulgherry. Similarly, there is no ward number 136 in the application.
 
Alarmingly, the flawed data being fed into the UID card enrolment forms would also appear in the unique identification cards which would be the ‘master document’ for citizens in the future.
 
The commissioner of civil supplies, Mr Sanjay Jaju, however, said that these complaints had not come to his notice so far and he would verify them.

1078 - Numbers and NREGA - CARAVAN

NUMBERS & NREGA

The landmark job scheme should not be a testing ground for UID
 
By MEHBOOB JEELANI
Published : February 2011

ON 7 JANUARY 2011, a group of science students staged a silent protest as Nandan Nilekani began delivering a lecture on ‘Adhaar’s role in the transformation of public service’ at the National Institute of Advanced Studies in Bangalore. The students were holding printed posters that read: “Secure electronic archive is a myth.”
Nilekani, a husky man in his mid-50s, left his company, Infosys, in 2009 to take up a new role as the chairman of the Unique Identification Authority of India (UIDAI), a government agency charged with creating an identification number for every resident of India. The project, known as Aadhar—meaning “foundation” or “basis”—aims to create a universal database, backed with biometric data such as fingerprints and retinal scans, capable of verifying the identity of every Indian. The goal, as Nilekani has said, is to establish “one single, non-duplicate way of identifying a person.” The project’s supporters argue that UID will simplify registrations and transactions for rural or poor Indians, eliminate fraud and corruption in the distribution of public funds and goods, and bolster national security against illegal immigration and terrorist threats.

But as the protestors in Bangalore demonstrate, the initiative remains hotly controversial: its cost has been estimated at 1.5 trillion rupees, and it aims to cover a population of 1.3 billion people—likely the largest numbering process in human history. Activists have raised a series of further questions about the programme. Can the security of the central database, containing personal information, be guaranteed? Will this storehouse of personal information be misused by police or intelligence agencies? Will those who fail to enrol—in what has been advertised as a voluntary programme—be excluded from government services or benefits?

In late August 2010, the activists intensified their anti-UID campaign with newspaper op-eds, TV interviews and blog posts outlining their objections to the project after the Ministry of Rural Development signed an agreement with the UIDAI to make possession of a UID number compulsory for participation in the National Rural Employment Guarantee Act (NREGA). The job cards of more than 20 million workers in the five-year-old employment scheme—the main plank of the Congress party’s pro-poor policy—are set to expire in 2011. The fear expressed by the activists, in short, is that the requirement for UID enrolment will prove an obstacle for workers; the numbering scheme, which is still in its early stages, remains untested and unproven.

Five years after its introduction, NREGA has made a decisive impact on the lives of India’s rural poor: the job scheme covers 619 of India’s 626 districts; it has dispensed 784 billion rupees and employed 44.1 million people. Villages that had been idle for decades buzzed with activity: harvesting rainwater, planting trees, digging canals, laying down drains and roads. The programme is not without its problems: studies have found ample evidence of corruption on the part of local pradhans and administrators, who have siphoned off NREGA funds by inflating daily attendance or drawing money for fictional workers.

For Nilekani and the backers of the UID project, the irregularities in NREGA and other large-scale social welfare schemes provide the most compelling rationale for introducing a universal identification database, which they suggest will eliminate fraud and ensure that government funds pass directly to labourers. According to UIDAI, worksites will be equipped with devices for fingerprint capture and authentication in order to prevent the compilation of false attendance records or payments to “ghost workers.” Through handheld devices, the attendance data would be transmitted into databases by using mobile phone or nearest Internet connectivity. It would be harsh to question this idea as it has the potential to speed up the payment of wages. But the law already contains provisions intended to detect fraudulent accounting through “work measurement,” which requires tangible evidence of asset creation. What is needed now is for these rules to be backed with a more robust regime of inspection and enforcement. Though attendance fraud has been given wide attention in the media, by far the largest amount of corruption in NREGA comes from false receipts for the acquisition of construction materials, not the invention of “ghost workers.”

The use of biometric data, according to the UIDAI, will further ‘financial inclusion’ among the rural poor by enabling cash transfers outside of the banking system: if the local corner store is equipped with a device to read fingerprints, a worker or pensioner could verify his identity and receive a payment from the owner of the store, who will in turn be reimbursed by a bank or government agency.

At present, the government of India, as per the muster roll data, deposits the wages into the labourer’s bank account. Contrary to popular assumptions, 83 percent of NREGA job card holders already have bank accounts, and payments in cash are no longer used in most parts of the country. The labourer goes to the nearest bank and stands before the cashier, who after identifying him from his passbook, distributes the money. The cashier cannot refuse money to the labourer; and the labourer cannot deceive the cashier. The same cannot necessarily be said of the store owner.

At the same time, the UIDAI’s own “Biometrics Standards Committee” has noted that retaining biometric efficiency for a database of more than one billion people “has not been adequately analysed” and the problem of fingerprint quality in India “has not been studied in depth.” Here the accuracy of fingerprint matching is the point of concern: the fingers of labourers are prone to cuts and scars while working, which can lead to a negative reading from the biometric device. What if someone’s fingerprints won’t match?

The UIDAI has suggested that retinal scans will provide a backup method for identification—but these are expensive, and it would be impossible to conduct daily identification across thousands of worksites using a retinal scanner. How will workers prove their identity if the fingerprint reader rejects them?

It is possible, of course, that a properly functioning UID database and the successful deployment of all the required technology and training could indeed improve the efficiency of NREGA. The sheer size and complexity of the job scheme, which makes it an ideal target for the backers of the UID project—who are eager to enrol as many people as quickly as possible—also makes it unlikely that UID can be seamlessly integrated into NREGA without disrupting the programme and hurting the millions of people in poverty who depend on its wages.

The government’s decision to make UID enrolment mandatory for work under in NREGA runs the distinct risk of limiting participation in the jobs scheme: it is hard to imagine that the 23 million workers whose job cards are set to expire will join UID prior to the deadline. The process of enrolment—which requires the completion of multiple forms and the registration of fingerprints—is not simple, and its details and prospective benefits have not yet been made clear to the rural poor who are supposed to be its primary beneficiaries. Further awareness campaigns on this front are still required. Given this reality, the government’s decision to make the possession of a UID number compulsory for job card renewal may prove dramatically detrimental to NREGA.

The government has batted away inquiries about UID and NREGA with a series of vague responses. Mihir Shah, a member of the Planning Commission, told me that he believes “putting UID into NREGA is the way forward.” He admits that there are likely to be “teething problems” at the outset, but says he believes that in the long run the UID system will be better because “the electronic database will be secure.”

Nilekani did not respond to the protestors at his lecture in Bangalore, and continued to emphasise the positive benefits of UID: “It’s an opportunity for people to open bank accounts, have micro-ATMs and mobile phones,” he said. All this may indeed be true, and yet none of it proves UID is necessary, or beneficial, for the health of NREGA—which should not be used as a registering agency for identification numbers.
 

1077 - A Nation with an Identity- The UIDAI Project by Nandan Nilekani - Legal Moksha

January 21st 2011

On September 29 Our PM Manmohan Singh landed in Tembhli Villege Nandurbar district in Maharashtra with a 12 digit number to a new era.   Ranjana Sadasiv Sonawane (782474317884) created a history by becoming the first person to get an unique identity number under the UPA govt’s ‘Adhar’ project. Her five year old son Hitesh also got a UID number. The PM declared that everyone will get this UID soon. This was a revolutionary step taken by our government. Definitely it is going to be very useful in this new technical world. Poor people in India don’t have any identity proof because of this shortcoming they couldn’t open bank accounts or get other benefits of government welfare programs and several times, these benefits are pocketed by others. Sonia Gandhi said “The goal of this project in not only development but inclusive growth.”

Brains behind the Project
 A graduate from Indian Institute of Technology Bombay with a B. Tech. in electrical engineering batch 1978, after his graduation he joined Patni Computer Systems where N. R. Narayana Murty took his interview. After three years there was a dispute in company and Murty walked out of Patni. His entire division walked out with him and the defectors established a new company INFOSYS. Later on he became the CEO of INFOSYS in March 2002, taking over from Murty. In July 2009 he left INFOSYS to serve the chairperson of Unique Identification Authority of India after getting an invitation from our prime minister Dr. Manmohan Singh, in the rank of a cabinet minister.

 An IAS officer Ram Sewak Sharma of Jharkhand Government cadre has been appointed as the Director General and Mission Director of the authority. He is a well-known person in the e-governance project in Jharkhand, he worked as an IT secretary and during his job period he has won a number of awards for best Information Technology Trends State in India. 

Unique Identification Authority of India

 Also known as UIDAI project is a part of planning commission of India under which government of India will provide unique ID number to all Indians but not smart cards. The authority would provide a database of residents containing very simple data in biometrics. It will create world’s largest biometric database covering around one billion people. It will be a multipurpose identity card which will help people in several ways like in poverty alleviation programs such as NREGA, addressing Illegal Immigration into India and terrorist threats is another goal of the program. They are actually planning to link voter ID, passports, ration cards, licenses, fishing permits and a few more alike things into one card. The Union Labor Ministry has offered its verified Employment Provident Fund (EPFO) database of 42 million citizens as the first database to be integrated into the unique ID system.

This project is known as AADHAR which means base or foundation.

            They have planned to introduce a micro-payment system in order to make banking services easy for rural people. The idea is to appoint Business Correspondents for every Gram Panchayat and they will be selected among the people themselves they could be kirana shop owner or any reputed person fromthat area and they will be working like instant ATM’s.

Nandan Nilekani says, ”This device will be based on a mobile phone connection and would be made available at every BC. Customers would just have to get their identity authenticated and withdraw or put money into their bank accounts. This money will not come from the ATM, but from the cash drawer of the BC”

 Critiques

 The main critique is technical difficulty as in November 2009 WikiLeaks said that “The UID Database will be susceptible to attacks and leaks at various levels.” and a national database could allow police or intelligence groups to discriminate against people by caste, religion or birthplace.

Besides this Biometric verification is not 100% accurate. This technology is can’t distinguish between the upper skin of the finger and technically made dummy fingers of acrylic paint, silicon rubber etc and in this 21st century fingerprint can be altered very easily by paying a very few thousand bucks .

             According to The Wall Street Journal, “Numerous social studies show that knowledge of these identifiers adversely impacts delivery of services such as education and health care to disadvantaged citizens.”

            Except this there are people making statements about Article 21 of Indian Constitution and relating that with this project. A few more stating that it’s a gross violation of fundamental human rights and many more rumors are there including that NandanNilekani is misleading Indian government.

On the brighter side

 Now the government is using technology to better our lives. It is very helpful in making the system transparent and ensures speedy recovery of resources to the needy without any malpractice. It is a boon for our people.

 This project is not just for enabling the poor to access the government programs it will help them in so many ways and it is not just for villagers or poor people even urban educated persons will be getting profits from it. This way a ’ 12 digit no’ will be making the life of every Indian more lavish and beautiful.

-Article by Piyush Raj Verma from Dr. RML National Law University, Lucknow.


1076 - How Aadhaar, or the UID project, can get you into deep trouble-Money Life

January 28, 2011 03:06 PM
Ramdass Keshavamurthy


The UID project which is being rolled out with much fanfare by the government has innumerable pitfalls. Here are a few of them

Aadhaar with its biometrics and the ability to facilitate convergence of information-bona fide or otherwise-has the potential to compromise privacy and put people in trouble.

When such privacy concerns are raised, the oft-repeated rhetoric among the educated middle class is: "I am a law-abiding citizen and I do not have much to hide and fear. So, why should I be concerned with my personal data, including biometrics, being stored under the Aadhaar project, especially if it can make my life convenient?" 

Well, if you are one of those who thought likewise, here are a few plausible ways in which you could be in trouble, thanks to Aadhaar and its indiscriminate use in the not too distant a future.

Scenario 1: Techie tries to change his job…

Ram is an upwardly-mobile young techie who is proud of his status. He is in love with the digital world; not bothered too much about issues around privacy. He is active on most of the social networking sites. He is proud of his connectedness. He has been the first one to get Aadhaar; he felt it would make his day-to-day transactions a lot more hassle-free. He has submitted his Aadhaar ID to all his previous employers, since it afforded him some additional benefits and privileges.

Recently, he has got a call from an MNC promising him an overseas assignment. He is excited about the opportunity. He has had a successful technical round. However, to his dismay, he is rejected after the HR round.

Trying to find the reason, he contacts an acquaintance in the company. To his surprise, he comes to know that the culprit is Aadhaar. A background check using Aadhaar by a company engaged by the MNC has revealed his problems with his boss in one of the companies he had worked for a long time back. He is not given a chance to explain himself but is presumed troublesome and rejected. He curses himself for being overzealous in his usage of Aadhaar.  

Scenario 2: Sham tries to buy Medical Insurance...

Though Aadhaar was optional in the beginning, most of the clinics and hospitals have started insisting on it citing identity reasons. Sham is a middle-aged IT manager who has seen the convenience of using digital identity cards in his office. It is logical for him to think that using Aadhaar would prevent any misplaced identity. He does not think twice when someone asks him for Aadhaar.

Over the past few years, given the stress of his job, he has had episodes of "High Blood Pressure", treated occasionally at a few local clinics. In all those clinics he has unwittingly used Aadhaar. His doctors have told him that there is nothing chronic or serious about his occasional high BP. He has been able to manage his condition with minor lifestyle changes.

Now that he is approaching middle age, he decides to take out a medical insurance cover for himself. Most of the insurance companies have started insisting on Aadhaar for enrollment. After completing all the required formalities, he gets his insurance policy. He is puzzled to find that he has been denied insurance coverage for 'heart ailments'. He verifies that his BP, ECG and other conditions were normal during the prescreening test. On further questioning, he is told that he has a preexisting high BP condition. The culprit - Aadhaar! 

The insurance company has done a background search on him using his Aadhaar ID  and found out that he had taken some medicine for high BP sometime back in the past, though he is no longer on any medication. His argument that he has no chronic heart condition goes in vain.

Scenario 3: Saralamma becomes a suspect in a crime she did not commit…

Saralamma is a retired school teacher; very law-abiding. As soon as Aadhaar is rolled out, she is the first to get one. Someone has told her that her pension collection and bank transactions would be a lot easier with Aadhaar. She is not the one who is too concerned about what data is being collected; most of which she does not understand anyway. 

Recently, she has received some arrears. She has decided to buy some silverware for her only daughter. She has checked out a specific set, but decides not to buy, as the cost is beyond her budget. After a few days, to her surprise, she gets a call from a security agency. There is a theft at the same jewelry shop she had visited. One of the items in the set that she had looked at is stolen. As part of the investigation, fingerprints are collected from items in and around the set. They are run against the biometrics stored by the UIDAI managing Aadhaar.

Alas, one of the fingerprints on the silverware matches that of Saralamma. She is asked to explain as to why she should not be considered a suspect. Saralamma is aghast as she does not understand how she got linked to the crime she did not commit!

Scenario 4: John loses money on a transaction he did not make…

John runs a travel business. He maintains his account with a cooperative bank which has signed up with Aadhaar for complete authentication services. In addition to the account number, he is required to give his Aadhaar number and fingerprints (biometrics) to complete any transaction.

One of his assistants has his eye on this account. He has found out that if he could capture the fingerprints of his boss, he could have fakes made to defraud the system. He transfers the drinking glass which has his boss' fingerprints to one of the petty shops which have recently sprung up to create fake fingerprints using digital scans, illegally.

With the dummy fingerprints of his boss in hand, he successfully withdraws the money. When John gets his monthly transaction report, he is shocked to find a huge withdrawal. When he questions his bank, he is told the Aadhaar-based biometrics has confirmed his identity and there is not much they can do about it!

Scenario 5: Ajay's son is denied admission to school …

Ajay has lived most of his life in the US. He has relocated back to India a couple of years back. He admits his son to one of the pre-schools. As part of the admission process he is asked for his son's Aadhaar; it has become more or less compulsory to monitor the progress of the child. Unfortunately, Ajay's son has some minor developmental disability. His pre-school documents this fact against his son's Aadhaar.

Now that his son is six years old, Ajay is desperately looking for a school for his son. He can even afford admission to any of the newly started international schools. To his surprise, he finds most of the schools denying admission. On investigation, he finds that the unique identity provided by Aadhaar is the cause. A background checking agency, employed by the schools, has done a search based on the Aadhaar ID and discovered that his son has a mild development disorder. Given that information, none of the schools want to take a chance!

The above examples are just a small sample of the scenarios that are very plausible. Though Aadhaar is currently optional, it is apparent that overtime it would be mandatory. Even if some of the scenarios depicted above can be avoided with stronger privacy laws, in a country where enforcement is lax, one wonders whether such misuses can be completely prevented.

Vulnerability of securely-stored digital information to theft has been exposed by recent leaks that have surfaced both nationally and internationally. As someone has commented, a safe digital record is an oxymoron. Some of the recent experiments have amply demonstrated how biometric fingerprints can be duplicated using technologies that are almost homemade. If you are still skeptical, read Arthur Conan Doyle's Sherlock Holmes's story, The Adventure of the Norwood Builder. 

(Ramdass Keshavamurthy is a Bengaluru-based Technology Consultant) 

Saturday, January 29, 2011

1075 - Beware of gullible politicos tinkering with data privacy

 Friday, January 28, 2011

KARLIN LILLINGTON

Today is international data privacy day, and It’s a shame we do so little to mark the event

WITH THE Seanad passing the data retention – oops, communications – Bill without amendment last week, and Data Protection Commissioner Billy Hawkes warning political parties on Monday that they are not to illegally use (again, for some) unsolicited text messages, calls or emails in the looming election, how ironically appropriate that today is International Data Privacy and Data Protection Day.

We sure need it. Our own knowledge of the issues and implications around data privacy remains shockingly low. What else explains the ill-informed speeches of Senators and TDs welcoming data retention – the storage of transmission data about every one of our phone calls, e-mails and some internet use – as an aid for criminal investigations even as they wave in longer retention periods for Ireland than almost any other country?

Along with creating a more unwelcoming business environment for exactly the internet and technology “knowledge industries” the state supposedly wishes to attract, our new data retention legislation goes against all evidence that shows that police do not need data for investigations held longer than the six months advocated by Europe’s Data Protection Commissioners. Not for one to two years (as under the new proposals), not for three years (as was the case before).

Read that again: not one court case the politicos will cite during their speeches about why we need data retention made use of, or required, a single piece of data retained for longer than six months.

Meanwhile, as so few restrictions apply to the Garda in requesting retained data, tens of thousands of requests have been made for records. We do need legislation to protect data from wholesale trawling – but that does not mean we also need to continue to store it for longer than is recommended or than most of our European partners hold it for.

But our pending legislation ignores that the very concept of long-term data retention is under serious threat now in several EU countries including Germany. Our own poorly drafted, existing data retention legislation has been referred to the European Court of Justice for consideration on the very grounds of whether storing data on an entire population before any one of it has committed a crime – just on the possibility that someone might – is grossly disproportionate.

So we certainly have much to consider today. It’s a shame then that we seem to do so little with a day that has become an annual fixture elsewhere, with many events happening across the US and Europe. Not so much in Ireland, which is a lost opportunity for teachers in particular.

Many schools and universities internationally do awareness- raising activities with students around the subject, including debates on the subject of privacy and workshops on options for protecting your data online.

This is critical knowledge needed by new generations growing up having known nothing else but mobile phones, social media profiles, and public photo and video sites. And given that the default settings on Facebook, which more rather than less of us now use, still share your data and images with friends of friends, education in the area of privacy and data protection is crucial for all of us.

But it isn’t just students – many citizens say they feel powerless when they deal with social services and are asked for information that they do not need to hand over. This can be especially the case with the more vulnerable in society – homeless people, or the elderly; people less sure of what authorities are allowed to ask.

Would you know yourself? Most of us would not. And as the government prepares to bring in a universal identity card which would give access to so much of our most personal data, we need to understand what we may be trading away in the name of bureaucratic convenience.

There has been no public debate at all on whether citizens should have to carry ID cards much less cards connected to our health and social welfare information, the kind of card widely opposed by privacy advocates worldwide.

There are some easy ways to learn more about your personal and business rights to privacy – and if a business, obligations towards data protection.

For individuals, the Irish Council for Civil Liberties produces a range of free brochures on a variety of topics, one of which is called Protect Your Privacy.

This offers an excellent, easy to understand overview and list of resources and can be viewed online, downloaded from their website or obtained from their offices. You can find it at: tinyurl.com/6l6xt5d.

The Data Protection Commissioner’s website, dataprotection.ie, also has a wealth of information for businesses and citizens. The menu on the left-hand-side of the site offers a link for individuals or organisations, depending on what a visitor is looking for.

The website for European Privacy Day, europeanprivacyday. org, offers a booklet for this year’s event that summarises some of the key issues and provides a handy overview.

These are going to be topics that only become more pressing as we become ever more technologically intermeshed. In particular, we need to watch what our politicians are doing as it is clear they have a very low level of knowledge about data retention – much less data protection.

1074 - Gates: US Behind India on accepting ID cards for Individuals

July 27, 2009
By Mike Ferro


Bill Gates recently spoke at a conference in India, where he criticized the U.S. for being behind on data privacy, immigration and a centralized method for maintaining an individual’s information. Gates is currently working on developing an identification card system for India.

According to CNET, Bill Gates spoke at a conference in New Delhi, India to an audience of hundreds of government officials and IT executives from the country. Gates spoke of his vision of a world where cell phones can recognize people around them and computers with advanced voice recognition technology.

Gates indicated that Microsoft will be working on India’s national identity card project along with Nandan Nilekani, the Cabinet minister heading the project. Nilekani used to run one of India’s largest tech company, Infosys. Nilekani is now heading the project to develop a new ID card system starting in 2011 for India’s 1.2 billion. Currently, India keeps most of its information on hard copies distributed across different government offices.

Gates believes in the developing a central ID card program and criticized the lack of initiative from the U.S. government on adopting a similar system. He also indicated that the government should at least allow health care data to be centralized.

Gates also criticized the U.S. government’s policy on immigration, stating that individuals with higher education or “smart people” should get some leeway with immigration. He cited Canada as being progressive in this area. Gates indicated that Microsoft has created “a lot of jobs in Canada for that reason.”

Sharing health care information sounds like a great idea, but the dream of centralizing the data could be next to impossible considering the health insurance infrastructure in the U.S. Unlike many of the countries in the world, the U.S. relies on medical insurance companies to maintain individual’s information in data centers. A central ID card system similar to a driver’s license with health care information could help doctors identify an individual’s allergies or medical history quickly.


Friday, January 28, 2011

1073 - A Letter to UID Chief by Unknown Indian - UIDAI Cards.com

Dear Nilekani Sir and other Staff members,
Thank you a lot for implementing / working on such an Innovatice product. When UID was started, it was like dream coming true of “corruption free India”. I was very exited. As a part of my social activity, I have been fighting here and there against corruption. UID must be used as a tool to make India corruption free by automating the monetary transactions through UID. Request you to go through the followings and confirm your views on their implementation.
Recently Posted in in many blogs :-
“Subject : Corruption – One-stop Proactive Inevitable Approach to eradicate all Corruptions
During the last 60+ years, nothing has worked-out to stop the ongoing Competitive Corruptions. This omnipresent & omnipotent corruption has ultimately resulted into Government Deficit across India. In such situation, Automation of monetary transactions is the last resort, which will make people electronically & digitally responsible for what they give & take and sell & purchase. It is time to change our stand from Postmortem approach of investigations to Proactive Inevitable approach/controls, which no one could penetrate under any circumstances. The followings Proactive Inevitable measures are suggested to eradicate Corruption* once for all :
1.   The UID Card (being issued under Adhaar scheme) should be applicable
and issued to all citizen of India. The UID should have swiping facility, like any Smart card /Debit/Credit. Merely distributing UID cards and linking it with welfare programs/benefits or making any other policies cannot make India free of corruption.
2.   Every citizen should have bank account/s, which need to be linked with the UID online.
3.   Every citizen should be asked to deposit all their money in their bank by a particular date.
4.   All vendors, retailers, business dealers etc to have banks accounts and
deposit all their money in their banks. They also need to get configured Card Swipe devices for fund-transfer by a particular date.
5.   Now restrict the use of manual currency to a maximum amount Rs.100/-.
For all transactions (sale & purchase) above Rs.100/-, it will be mandatory to swipe the UID card (like we do transaction through Debit/Credit card) with biometric details for online verification. Thus people will have to swipe the card for all their transactions (sale & purchase), which would add online entries to one’s bank account/s with relevant remarks about the nature & details of transactions. This way the fund will keep travelling online from one account to other (from giver/purchasers to receiver/sellers) with digital proofs.
6.   The answer to why limit it to Rs.100/- is “people can carry petty cash for small-time transactions e.g. local bus fares, and other small things”.
Going forward in 2nd phase, we can go for 100% online transaction to prevent misuse. We can also go for SMS way of fund transfer with online verification of biometric details.
7.   In cities, most people already use their smart/debit/credit cards for their routine transactions. We just have to modify / extend it to all, making it mandatory thru UID.
8.   The existing ways of on-line funds transfer and through cheque system can continue as it is.
9.   Now we need to develop/program the online system in such a way that the online transactions are automatically & periodically monitored/reviewed and any undue/irrelevant transaction immediately raise alarms to the Govt Agencies without fail, which in turn can proactively take action against the defaulter, who does not have any excuse for escape.
10. The UID Authority has to centrally set-up a 24hrs helpline to handle the Citizen’s queries and the local administrations can be made responsible for handling queries of lost cards and its re-issuance.
*Let’s start this exercise from major metros and side by side communicate and build the required infrastructures in other cities and villages. Let’s do it in phases and see its magical effects as under :-
1.   It would prevent people from freely indulging into any type of money laundering.
2.   It would stop evasion of TAX. Approx 60-80% of vendors, retailers, small firms, black-marketeers, self-employed professionals, huge income from rent/properties, etc do not pay tax. Thus Billions Crores rupees are not accounted for tax, resulting into tax-hike for the actual tax-payers every year.
3.   It would stop evasion of STAMP DUTY on transaction like Land Registration. Example – property sold at market price of 20 Lacs but registry is made at circle rate for only 5 Lacs. Thus Billions Crores rupees transactions escape stamp duty every day. It would stop the menace of Benami Properties.
4.   It would stop illegal storage of food-grains leading to enormous price-hike, Fake Currency, Cash for Vote, “Sale & Purchase of Leaders & Bureaucrats pre & post forming the Govts”, “Undue expenditure during election in hope of making endless money after winning (from Pradhan, Block, Municipal to MP & MLAs etc)”, Endless Dowry, Bribes for Jobs / transfers, “Leaders / Bureacrats / Officials / Babus acting in proportion to bribe received”, Rangdari Tax collected by local Mafias, “Illegal sale & purchase of Govt land/properties/medicine/equipments etc”, Theft / Cheating / Kidnapping / Terrorism (internal & external) / Outlaw extremists, Naxalites, etc.
5.   It would online capture & update, as soon as a BPL migrates to APL status and the BPL benefits can automatically stop or vice-versa. The Govt can online identify and help the real destitute/needy ones.
6.   It would stop the omnipresent huge donations for admission and hefty fees in Private Schools / Colleges, which restrict the quality education to limited ones.
7.   It would stop exploitation of Laborers & employees, Child Labour, Bonded Labour etc.
8.   The Govt can easily online block the cards of Terrorist (internal & external) / Naxalites / Outlaws etc, sothat they do not do any transaction, and are forced to surrender.
9.   Everyone knows that Contractors give bribe to take contracts which result into compromising with the quality of project and shutting officials’ mouth towards bad quality of the project. Due to its bad quality, most the projects undergo repair-works many times within very short span, which results into leakage of millions crores. Many of the contractors have to give Rangdari Tax to local Mafia also. This would stop automatically.
10. It would stop the flow of Black money and reduce the disparity in income and gap between rich & poor.
11. It would not allow people to use their looted money (lying in sacks & Foreign Banks). It would also deter them from hiding their disproportionate wealth.
12. As this will stop the flow / use of black money, the economy will boost manifolds and the Govt can disburden the common men from unnecessary hike in Tax & Price.
If we study carefully, 80% of our population is involved in some or other sorts of corruption / manipulations / adulterations and the black money so gathered has been giving rise to their purchasing power, resulting into Tax and Price-hike for Common men. With the prevalent easy loop-holes, people adopt corruption way to become millionaire in just few years. Most people aspire / compete for MP/MLA/Pradhan/Panchayat, IPS/IAS/Babus and other lucrative post in Govt & Corp, mainly with a view to make easy & quick money through corruption/manipulations. As nothing proves them guilty for adequate punishment, they keep on doing this at the cost of common men.
Everyone knows, what happened to these scams  – Bofors Scam, Cattle Taming Scam, Hawala Scam, Harshad Mehta Scam, Telecom Scam, Fodder Scam,  Ketan Parekh Scam, Barak Missile Deal Scam, Tehalka Scam, Taj Corridor Scam, Telgi Scam, Oil in place of Grain Scam, UP Foodgrain Scam, Cash for Vote Scam, Satyam Scam, Madhu Koda Scam, PF Scam, Adarsh Society Scam, 2G Spectrum Scam, CWG Scam, other Land and high profile scandals/scams. Millions of crore have gone into these scams; then the Govts’ postmortem approach like investigations and prolonged court proceedings have further eaten-up multi-crore, leaving the common men with hefty tax & price hike. Venting our rage/despair against corruption through Letters, RTI, news papers, TV Channels, filing court cases have yielded abysmal results. Nothing has punished the culprits to stop corruption for the next time.
UID supporting online monetary transaction is the only one-shot proactive inevitable way to abolish corruption. Other schemes/methods are just time-pass / eye-wash and do not have proactive inevitable features / approach.
I had written a letter to Govt (President, PM & other leaders) initially in
June’2002 and sent its reminders thereafter on 26th Jan’04, 15th August’05, 15th August’07 and 26thJan’09. Again wrote afresh to Govt in February’2010 and sent through UPC. Further wrote emails to Govt & its stake-holders in March’2010. Govt had implemented the first part of my suggestion in form of UID. However, the vital suggestion of allowing monetary transactions through use/swiping of UID is yet not considered. So I raised a PIL to Supreme Court on 21st Dec’10 (through email and speed post no.EU85697923). Action is still pending.
Like other policies, it too has challenges in its implementation.  However, it is a principally, technically, financially and practically doable program. I have its complete plan ready and have solutions to all its challenges/hiccups likely to be faced during its implementation.  I do have solutions for handling and channelizing the Corporate/Organizations’ transactions (non-individual) through similar UID scheme. For NRIs also.
The corrupt ones will oppose it. This needs strong determination & will power from Govt and relentless support from Public. It would be a sure-shot success. I would like to participate in its debate and implementation. Please contact me at bsr18170@gmail.com.       .
There is no bigger issue than corruption. There is nothing more patriotic than implementing the above and save the nation & its people.*
Kindly confirm your view and support on this. I am available for all further clarifications.
Thanking you,
BSR (bsr18170@gmail.com)”
*BSR (a common man)
Cannot give my full name and address due to security reasons*
1. Letters/emails sent to Govts on how to control corruption

1072 - Identifying a Billion Indians - The Economist

Reliable identity numbers could create many opportunities for business
Jan 27th 2011 | BELGUMBA | from PRINT EDITION


IN A small village north-west of Bangalore, peasants queue for identities. Each man fills in a form with his name and rough date of birth, or gets someone who can read to do it for him. He places his fingertips on one scanner and stares at another. A photograph of his face is snapped. These images are uploaded to a computer. Within a few weeks he will have an identity number.

The Indian government is trying to give all 1.2 billion Indians something like an American Social Security number, but more secure. Because each “universal identity number” (UID) will be tied to biometric markers, it will prove beyond reasonable doubt that anyone who has one is who he says he is. In a country where hundreds of millions of people lack documents, addresses or even surnames, this will be rather useful. It should also boost a wide range of businesses.

So far the process has gone smoothly. More than 1m people have been enrolled since October, and the pace is accelerating. It needs to: 1m is less than 0.1% of the population. The scheme presents difficulties both for the people in charge, many of whom were recruited from software firms, and for the private contractors who are doing much of the work. How do you ensure that the data are accurate? How do you build a robust database containing biometric information about more people than any other? How do you deal with peasants whose fingerprints are unreadable after years of manual work? (Adding moisture to their fingertips helps.)

When an individual is enrolled, his biometric data must be compared with everyone else’s to ensure there is no duplication. Sometimes the workers who show people how to place their fingers on the scanner accidentally scan their own fingerprints. As enrolments hit a peak of about 1m a day, the system will need to carry out a staggering 14 billion matches per second.

This mighty task has been awarded to private contractors in an unusual way. There are three vendors: Accenture and L-1 Identity Solutions of America, plus Morpho of France. The firm that does the fastest, most accurate job gets 50% of the work; the others get 30% or 20%. This allocation is frequently reassessed, so if the second-best firm starts doing better, it picks up some work from the leading firm. This keeps everyone sharp.

One database, many possibilities

The government’s aim is to improve services and reduce corruption. A shocking two-thirds of the subsidised grain that the government allocates to the poor is either stolen or adulterated. When middlemen say they have delivered so many bags of rice to so many thousands of peasants, there is no way to tell if they are lying. But if each peasant has to scan her irises every time she picks up her ration, it will be harder to scam the system. Similar controls could be used to curb voter fraud.

A reliable way of identifying people would also smooth financial transactions. Some 42m poor households toil for a government scheme that guarantees them up to 100 days of work at the minimum wage each year. The money is welcome; the trek to the bank to collect it is not. Ram, a peasant in Madhya Pradesh, walks 6km (4 miles) to the bus stop, travels 14km clinging to the roof of a bus, waits two hours in the bank and then does it all again in reverse. The trip swallows a fifth of his earnings, in the form of fares and the opportunity cost of missing a day’s work.

The identity scheme could help Ram avoid this hassle. The plan is to supply scanners to village shops and link them to distant banks via mobile phones. The man could walk in, scan his fingers and authorise the bank to transfer his money to the shopkeeper’s bank account. The shopkeeper could then advance Ram the money, minus a small fee.

Small shopkeepers are salivating. B.C. Manjunath, who runs a tiny kirana store selling boiled sweets, soap and single eggs, sees two ways to profit. As well as charging fees, he would benefit from customers with more cash in their pockets. At present he has little choice but to extend credit. Customers owe Mr Manjunath’s family 20,000 rupees ($440), interest free.

Because the UID system is an open platform, businesses will be able to graft inventive applications onto it. Hospitals could match medical records with patients who are far from home. This would help make records portable, says Shivinder Singh, the managing director of Fortis Healthcare, a chain of private hospitals. Insurance would become easier to provide. Barely one in 100 Indians has health insurance, not least because identities are so hard to verify. Indeed, all kinds of insurance would be much cheaper if companies had a reliable way of discovering, for example, that a man applying for car insurance in Mumbai had been convicted of drink-driving in Delhi.

Microfinance should start to work better, too. It enjoyed a huge boom in recent years, followed by a bust. Many poor people found they could borrow more than they could ever hope to repay by going to several lenders. As a result, some microfinance outfits collapsed. The UID scheme ought to allow for greater control over such small loans.

A secure identity system will also help schools, reckons Suhas Gopinath, the boss of Globals, a firm that helps schools handle information. It would make it easier to monitor each student’s progress, he says. And if a student migrates to another state, his school records could move with him.

Even with strict controls for privacy, the UID scheme will help companies understand more about the population they serve. “It would be fantastic for just about any business,” predicts Mr Singh. There is a caveat, of course: the scheme must work. Britain has put off plans for biometric identity cards partly because of worries about soaring costs and technical snafus. Building and running India’s database is a challenge as gargantuan as India itself.

1071 - Youth to get UID through youth affairs ministry - Hindustan Times

Chetan Chauhan, Hindustan Times

New Delhi, January 27, 2011

Youth to get UID through youth affairs ministry

Indian youth can now get the unique identification (UID) number with the help of youth and sports affairs ministry.

Ajay Maken, the minister in-charge, has decided to provide UID to 20,000 youth enrolled with National Youth Corps, in the first go. Thereafter, the young Indians with the Nehru Yuva Kendras, having about youth clubs around the country, would get UIDs.

“I have asked the officials to speak with the UID Authority of India in this regard,” Maken said. Under the UID scheme, every Indian resident will get a unique number based on biometric identification in the next three to five years.

Enrolling those in youth corps has a twin purpose. First to track whether they are actually getting Rs 2,500 every month under the national youth scheme. Second, is to find out whether they got employed with the help of skill training under the programme.

Maken said through the UID the ministry can have a large database of youth in India for whom existing programmes will be reformed.

One such initiative has been taken for youth in the north-eastern India following a suggestion from Congress general secretary Rahul Gandhi. “I have called a meeting of all youth affairs ministers from north-east to discuss how skills of youth there can be upgraded with the help of industry body FICCI,” Maken said.

The announcement comes at the time when one of the biggest states in the region, Assam, is going to polls. The move is being seen as a last ditch effort to woo youngsters, who have been launched a campaign against the government for over-exploitation of natural resources in the region.

Already, Right To Information activist Akhil Gagoi has launched a people’s movement against the state government for allowing a large number of dams on river Brahmaputra. The government thinks that such sort of activities can be checked if youth are given skill training for employment purpose.

Maken said if the youth are given skill training to help them in getting livelihood the problem of insurgency in the region could also be checked. The ministry has identified naxal affected areas and Jammu and Kashmir for starting similar programmes.

Thursday, January 27, 2011

1070 - Aadhaar to be identity, address proof for telephone connections - Business Standard

Mansi Taneja / New Delhi January 27, 2011, 0:34 IST
The Unique Identification (UID) number, or Aadhaar, will soon be considered a valid proof of identity and address for getting new connection for mobile or landline phones.

The Department of Telecommunications (DoT) has finalised its proposal to use the UID numbers for issuing new connections and detailed guidelines, including the activation procedure, will be issued shortly.

A senior official from the communications ministry said, “The strength of the UID system will be utilised for telecom growth. As a first step, UID numbers will be used as proof of identity and address.”
In a notice, DoT said Aadhaar would be taken as a valid proof of identity and address after details are confirmed through its authentication procedure.

The letter issued by the Unique Identification Authority of India (UIDAI) telling the name, address and the Aadhaar number might be used as a valid proof, the notice said.

The government plans to issue UID numbers to about 600 million people by 2014. The whole project involves an expenditure of about Rs3,023 crore, which includes project components for issuing the numbers by March 2011, and recurring establishment costs for the entire five-year phase, ending March 2014.

The UID number would help in expediting growth in the telecom sector, especially in rural areas, the official said. It will get over various hurdles while issuing a new mobile or landline phone connection, as the UID number can also be verified and authenticated online, thus saving time.

The UID system will also eliminate duplicate and fake identities. If the system is used in the telecom sector, the subscriber verification will no longer be a problem. The government has already asked telecom operators to follow stringent norms for verification of subscribers, especially prepaid mobile users.

1069 - 4 POPULAR MYTHS ABOUT UID - PRIVACY INDIA

January 22, 2011
Posted by Prashant in Uncategorized.

By now, there is already a lot of material in the public domain that is critical about the UID/Aadhar project (See aadhararticles.blogspot.com for an exhaustive catalogue). Much of this material has criticized the UID for the ‘big brotherly’ techno-surveillance regime that it threatens to unleash, usually under the guise of delivering assured benefits to the marginal peasant. Many commentators have questioned the haste with which a project of this scale and complexity has sought to be pushed through. Some have expressed doubts on the feasibility – financial, technical or  logistical – of the scheme.

I do not intend to rehearse these arguments in this post. Instead, I pick four somewhat obscure, but troublesome assertions made about the UID and test their veracity against documents available on the UIDIA site itself. The purpose is to cut through all the equivocation behind the claims that UID officials have been making, and arrive at some minimal clarity on what the UID is (and isn’t).

1) Registration is voluntary!

How does one make sense of Nandan Nilenkani’s cryptic remark, “I wouldn’t call it compulsory. I would rather say that it will become ubiquitous”?

In a sense, this is true enough. Nowhere in the entire bulk of UID documentation will you encounter the express words “mandatory” or “compulsory”. Hence, proved!  But that isn’t to say, however, that there is any way you will be able to avoid getting registered.

Very rapidly, accessing basic services and your very status as a citizen will be conditional on your possessing an Aadhar number. This is owing to the complex operational structure that the UID Scheme adopts which leaves the task of enrollment entirely in the hands of third party ‘Registrars’ who include a host of Central and State social security and welfare departments (including the Ministry of Rural Development which administers the Rural employment guarantee scheme), banks and insurance companies. There is nothing in the Aadhar Scheme that forbids these Registrars from making access to their services conditional on one’s consent to UID registration. In practice, many of them have and will continue to make UID registration a preliminary formality before access is granted to their services. So your ‘freedom’ to resist UID registration will depend on your ability to forego your minimum guarantee of the right to employment, cooking gas, banking and insurance services, food rations etc.

And if miraculously you are able to subsist without these services, there is still one minor detail that is seldom mentioned in conversations about UID: without a UID number, you will not be counted as a citizen of India. This is owing to the fact that the Registrar General of India, the authority responsible for compiling the National Population Register of India under the Citizenship Act, also happens to be a ‘Registrar’ for the purposes of the UID. Which means that one’s registration in the NPR will entail automatic enrollment in the UID. The Citizenship (Registration of Citizens and Issue of National Identity Cards) Rules, 2003 makes it mandatory for everyone to be enrolled in the National Population Register. So, paradoxically, although the Aadhar number does not confer citizenship, one cannot be a citizen anymore without owning an Aadhar number.

In other words, the UID scheme avoids the charge of being compulsory, by outsourcing its compulsion entirely.

2) The UID Scheme will only collect a minimal set of information

A frequently made assertion about the UID scheme is that the data collected will be limited to a standard set of information like one’s name, residence, date of birth, photo, all 10 finger prints and iris image. Once again, this is only a half truth. As mentioned previously, the entire process of enrollment is carried out through Registrars who have absolute freedom to expand the categories of information collected to include data that is entirely orthogonal to the purposes of the UID. This freedom is typically guaranteed by a clause in the MOUs which the UIDAI has signed with Registrars enabling them to collect additional data that “is required for their business or service”. Thus, for instance, in Himachal Pradesh, citizens are asked to provide additional details such as information about their ration cards, PAN cards, LPG connection and bank accounts[i]

To employ a telling epithet found in one of the UID documents, the ‘Registrars own the process of enrollment’.

3)Privacy is guaranteed

Although the UIDAI makes repeated assertions regarding its intent to respect privacy and ensure data protection, the precise mechanism through which these objectives will be secured is extremely unclear.

To begin with, the entire responsibility for devising schemes for safeguarding information during the collection phase rests entirely on the Registrars. The UIDAI’s own responsibility for privacy begins only from the moment the information is transmitted to it by the Registrars – by which time the information has already passed through many hands including the Enrolling Agency, and the Intermediary who passes on information from the Registrar to the UIDAI.
Rather than setting out an explicit redressal mechanism and a liability regime for privacy violations, the UID’s documents stop at loosely describing the responsibility of the Registrars as a ‘fiduciary duty’ towards the resident/citizen’s information.  The Registrars are tasked with maintaining records of the data collected for a minimum period of six months. No maximum period is specified and Registrars are free to make what use of the data they see fit.
In addition, the Registrars are mandated to keep copies of all documents collected from the Resident either in physical or scanned copies “till the UIDAI finalizes its document storage agency.”[ii]
The ‘Data Protection and Security Guidelines’ which the UIDAI requires all Registrars to observe merely contains pious injunctions calling on them to observe care at all stages of data collection and to develop appropriate internal policies. There is mention of the desirability of external audits and periodic reporting mechanisms, but the details of these schemes are left to the individual Registrar to draw up.
Although the Draft National Identification Authority of India Bill penalizes the intentional disclosure or dissemination of identity information collected in the course of enrollment or authentication, this does not guard against accidental leaks and does not mandate the service providers to positively employ heightened security procedures. Prosecution of offences under the Act can only proceed with the sanction of the UID Authority, which further burdens the task of criminal enforcement in these cases and would make it difficult for individuals to obtain redress quickly. The total absence of a provision for civil remedies against Registrars makes it unlikely that they will take the task of protecting privacy seriously.
In other words, the individual’s right to privacy is only as strong as the weakest link in the elaborate chain of information collection, processing and storage.
 
4) The UIDAI will not disclose any information and will only authenticate information with Yes/No answers

This is another of the frequently misleading claims made by the UID Authority. Thus, for instance, in April, 2010, in response to a question in the course of an interview, Nandan Nilekani said “UID itself has very limited fields, it has only four or five fields — name, address, date of birth, sex and all that. But it also does not supply this data to anybody. .. the only authentication you can get from our system is a yes or no. So, you can’t query and say what’s this guys name or what’s his date of birth, you can’t get all that.”[iii]

This statement is, however belied by many of the UIDAI’s own documents.

The draft NIA Bill, for instance, permits the Authority to issue regulations on the sharing of “the information of aadhaar number holders, with their written consent, with such agencies engaged in delivery of public benefits and public services as the Authority may by order direct”. In practice, prior “written consent” for sharing is obtained from the resident as a matter of course at the time of enrollment itself, and it is impossible to obtain an Aadhar number without consenting to sharing by the UID Authority.[iv] In practice, in India, a large number of forms will be filled in by assistants and the written consent box will be ticked as a matter of course without the resident understanding the full implications of her “consent”.
 
The draft NIA Bill permits the authority to “make any disclosure of information (including identity information) made in the interests of national security in pursuance of a direction to that effect issued by an officer not below the rank of Joint Secretary or equivalent in the Central Government after obtaining approval of the Minister in charge”. There is nothing in the Act that requires that this information be made available on an individual basis – in other words, it is possible for the data to be shared en-masse with any agency “in the interests of national security”.
 
There is nothing preventing “Registrars” who carry out the actual data collection functions from sharing this information with anyone they choose. Thus, for instance, the Aadhar information collected during the exercise of compiling the National Population Register will can be shared in whichever manner the Registrar General of India chooses – irrespective of what the UIDAI does with that information.
 
So, while ordinarily, the UIDAI would not authenticate information other than giving Yes/No responses, there are mechanisms already in place that presume that all this information will be made available, on demand, to whichever agency that happens to be interested.

[i] 2011. UID project picks up pace. Indian Express. Available at: http://www.indianexpress.com/story-print/735790 [Accessed January 22, 2011].

[ii] UIDAI – Document Storage Guidelines for Registrars Ver. 1.2, August 2010

[iii] 2010. To issue first set of UIDs by Feb 2011: Nilekani – CNBC-TV18 -. Money Control. Available at: http://www.moneycontrol.com/news/business/to-issue-first-setuids-by-feb-2011-nilekani_449820-4.html [Accessed January 22, 2011].

[iv] For instance, a flowchart of the Resident Enrollment Process issued by the UID stipulates  “Record Resident’s consent for Information Sharing” as the tenth step in the enrollment process. Unless this step is followed, the enrollment process cannot proceed!


___________________________________ 


Comments»

1. Niranjan - January 26, 2011
Good article in the middle of so much privacy . The author has done good study of UIDAI and Registrars. I suggest other people targeting UIDAI should instead work towards securing data at the Registrars. As per this Article that is the most likely place breach of privacy will happen.
 
2. Ram Krishnaswamy, S - January 27, 2011
Thank you Prashant for expressing your thoughts so very clearly and concisely, exposing so many half truths coming out of UIDAI. It is almost like Nandan Nilekani saying GoI has commissioned me to create a Nuclear Bomb and how others will use it is not my responsibilty..
 
3. Ashok Kalbag - January 27, 2011
1) Registration is voluntary! How does one make sense of Nandan Nilenkani’s cryptic remark, “I wouldn’t call it compulsory. I would rather say that it will become ubiquitous”? If you want to lead a hermits life with hardly any society interaction, you need not have UID. However, if you want to lead a normal life and require a Passport, PAN, Ration Card, Voter ID, etc. would it not be simpler to have just a UID with an assuarance it is unique and cannot be duplicated. Most existing IDs have problems in ensuring individuals do not have multiple IDs, for misuse or otherwise. 2) The UID Scheme will only collect a minimal set of information The registrars are generally the benificiary of UID and have their own ID system which is not fool-proof. Hence, if there is an issue with the information demanded by the registrars (which is anyway given to them by individuals to avail their service eg.PAN, Passport, Gas connection, etc.) then why not take it up with them? IUD is only providing a service to the other service providers who have no system in place to ensure duplicate ID is not provided to same individual. Presently they have to rely on other IDs which can have duplicates for a given individual. 3)Privacy is guaranteed Presently, most registrars are already collecting the data relevant to them and linking it to other currently accepted IDs such as Ration cards, utility bills for address proof, bank passbooks, etc. which rely on voluntary disclosure of personal details to avail services from a particular service provider. This information remains with the registrar and is not stored with UID as part of its database. Hence there is no additional “loss of privacy” because of UID. UID only comes into picture once it has received the data which is required by them, and this data is not shared with anyone. Hence Privacy by UID is guaranteed – there should not be any issue once the process is clear. Data collected by most service providers who are also registrars for UID do it because they appreciate the non-duplication guarantee that UID provides and they cannot ensure it presently. Also, if one has issues with a particular registrar because of the additional data he is collecting, one can approach another who does not demand data that one is uncomfortable in disclosing. Hence all “loss of Privacy” issues begin and end with the service provider (even presently without UID) who is also a registrar for UID. The UID data cannot be duplicated and get registered with UID (get allotment of 2 UID numbers for same set of finger prints + iris prints). 4) The UIDAI will not disclose any information and will only authenticate information with Yes/No answers The NIA draft Bill can be amended before passing in Parliament to ensure whatever safe guards are required without impacting what UID is doing in the process of generating the UID number. It needs to be made legally acceptable for a query by any entity with respect to finger print + iris data and the other fields that UID retains to be verified by the UID duplication check process and accept the Yes/No verdict. In which case the data need not be shared. With newer technology our legal system should keep pace, otherwise the benefits of new technology will be lost to our people.
 
4. Amit Srivastava - January 27, 2011
wow! it amazes me to see how disconnected can people be from the realities of the nation. Height of skepticism. @Ashok: You are absolutely right on all the four points raised. Also, if there are any problems then that can be sorted out through a constructive dialogue. We may not need to scrap this whole project.
 
5. Prashant - January 31, 2011
Thanks for the encouraging comments Niranjan and Ram.   Ashok, I think you underestimate how influential the UID is going to be in making everyone switch over, or attempt to switch over, to a biometric authentication scheme even where this is not required. You may think this is a welcome development, I have my reservations. Secondly, you think the UID is a card. It is not. It is only a number. Each “Registrar” will continue to provide its own card – which returns you to your initial problem of multiple Ids. Thirdly – I find your remark about leading a hermit’s life both bizarre and simultaneously revelatory of your ideological moorings in this debate. That you see no irony in the fact that it will be impossible to live anything but a hermit’s life without a UID, and that this is an acceptable, even desirable situation to you, is a grim reminder of the extent to which one man’s (I mean Chidambaram) totalitarian technocratic wet-dream can override common sense. The threat the Aadhar poses, as many commentators have repeatedly drawn attention to is interlinking of databases. This is a serious threat – one that has prompted other countries to abandon similar projects. It may be wise not to rush where “angels” have feared to tread. Another illusion you have about the UID is that biometric authentication will be mandatory and will be customary in all transactions. Not only is this untrue but also impossible given India’s current state of connectivity. The UIDAI plans differential charges for biometric and demographic authentication, with the latter costing half the former. Even without the financial barrier, it will be impossible to obtain real time authentication of biometric data given the state of connectivity in most of India (I should make this my 5th myth) Amit – I welcome your timely reminder to pay attention to the “realities of India” – as opposed to the totalitarian technocratic fantasies of our corporate and political elite. In India, the UID has been thrust upon us without any manner of public discussion whatsoever.  Phrases like “Constructive dialogue” in this context have only the chilling effect of a gun pressed to one’s temple.   I think more people need to start thinking this through independently, rather than automatically assuming the role of the B Team of the UID’s Public Relations apparatus.