In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Thursday, January 27, 2011

1069 - 4 POPULAR MYTHS ABOUT UID - PRIVACY INDIA

January 22, 2011
Posted by Prashant in Uncategorized.

By now, there is already a lot of material in the public domain that is critical about the UID/Aadhar project (See aadhararticles.blogspot.com for an exhaustive catalogue). Much of this material has criticized the UID for the ‘big brotherly’ techno-surveillance regime that it threatens to unleash, usually under the guise of delivering assured benefits to the marginal peasant. Many commentators have questioned the haste with which a project of this scale and complexity has sought to be pushed through. Some have expressed doubts on the feasibility – financial, technical or  logistical – of the scheme.

I do not intend to rehearse these arguments in this post. Instead, I pick four somewhat obscure, but troublesome assertions made about the UID and test their veracity against documents available on the UIDIA site itself. The purpose is to cut through all the equivocation behind the claims that UID officials have been making, and arrive at some minimal clarity on what the UID is (and isn’t).

1) Registration is voluntary!

How does one make sense of Nandan Nilenkani’s cryptic remark, “I wouldn’t call it compulsory. I would rather say that it will become ubiquitous”?

In a sense, this is true enough. Nowhere in the entire bulk of UID documentation will you encounter the express words “mandatory” or “compulsory”. Hence, proved!  But that isn’t to say, however, that there is any way you will be able to avoid getting registered.

Very rapidly, accessing basic services and your very status as a citizen will be conditional on your possessing an Aadhar number. This is owing to the complex operational structure that the UID Scheme adopts which leaves the task of enrollment entirely in the hands of third party ‘Registrars’ who include a host of Central and State social security and welfare departments (including the Ministry of Rural Development which administers the Rural employment guarantee scheme), banks and insurance companies. There is nothing in the Aadhar Scheme that forbids these Registrars from making access to their services conditional on one’s consent to UID registration. In practice, many of them have and will continue to make UID registration a preliminary formality before access is granted to their services. So your ‘freedom’ to resist UID registration will depend on your ability to forego your minimum guarantee of the right to employment, cooking gas, banking and insurance services, food rations etc.

And if miraculously you are able to subsist without these services, there is still one minor detail that is seldom mentioned in conversations about UID: without a UID number, you will not be counted as a citizen of India. This is owing to the fact that the Registrar General of India, the authority responsible for compiling the National Population Register of India under the Citizenship Act, also happens to be a ‘Registrar’ for the purposes of the UID. Which means that one’s registration in the NPR will entail automatic enrollment in the UID. The Citizenship (Registration of Citizens and Issue of National Identity Cards) Rules, 2003 makes it mandatory for everyone to be enrolled in the National Population Register. So, paradoxically, although the Aadhar number does not confer citizenship, one cannot be a citizen anymore without owning an Aadhar number.

In other words, the UID scheme avoids the charge of being compulsory, by outsourcing its compulsion entirely.

2) The UID Scheme will only collect a minimal set of information

A frequently made assertion about the UID scheme is that the data collected will be limited to a standard set of information like one’s name, residence, date of birth, photo, all 10 finger prints and iris image. Once again, this is only a half truth. As mentioned previously, the entire process of enrollment is carried out through Registrars who have absolute freedom to expand the categories of information collected to include data that is entirely orthogonal to the purposes of the UID. This freedom is typically guaranteed by a clause in the MOUs which the UIDAI has signed with Registrars enabling them to collect additional data that “is required for their business or service”. Thus, for instance, in Himachal Pradesh, citizens are asked to provide additional details such as information about their ration cards, PAN cards, LPG connection and bank accounts[i]

To employ a telling epithet found in one of the UID documents, the ‘Registrars own the process of enrollment’.

3)Privacy is guaranteed

Although the UIDAI makes repeated assertions regarding its intent to respect privacy and ensure data protection, the precise mechanism through which these objectives will be secured is extremely unclear.

To begin with, the entire responsibility for devising schemes for safeguarding information during the collection phase rests entirely on the Registrars. The UIDAI’s own responsibility for privacy begins only from the moment the information is transmitted to it by the Registrars – by which time the information has already passed through many hands including the Enrolling Agency, and the Intermediary who passes on information from the Registrar to the UIDAI.
Rather than setting out an explicit redressal mechanism and a liability regime for privacy violations, the UID’s documents stop at loosely describing the responsibility of the Registrars as a ‘fiduciary duty’ towards the resident/citizen’s information.  The Registrars are tasked with maintaining records of the data collected for a minimum period of six months. No maximum period is specified and Registrars are free to make what use of the data they see fit.
In addition, the Registrars are mandated to keep copies of all documents collected from the Resident either in physical or scanned copies “till the UIDAI finalizes its document storage agency.”[ii]
The ‘Data Protection and Security Guidelines’ which the UIDAI requires all Registrars to observe merely contains pious injunctions calling on them to observe care at all stages of data collection and to develop appropriate internal policies. There is mention of the desirability of external audits and periodic reporting mechanisms, but the details of these schemes are left to the individual Registrar to draw up.
Although the Draft National Identification Authority of India Bill penalizes the intentional disclosure or dissemination of identity information collected in the course of enrollment or authentication, this does not guard against accidental leaks and does not mandate the service providers to positively employ heightened security procedures. Prosecution of offences under the Act can only proceed with the sanction of the UID Authority, which further burdens the task of criminal enforcement in these cases and would make it difficult for individuals to obtain redress quickly. The total absence of a provision for civil remedies against Registrars makes it unlikely that they will take the task of protecting privacy seriously.
In other words, the individual’s right to privacy is only as strong as the weakest link in the elaborate chain of information collection, processing and storage.
 
4) The UIDAI will not disclose any information and will only authenticate information with Yes/No answers

This is another of the frequently misleading claims made by the UID Authority. Thus, for instance, in April, 2010, in response to a question in the course of an interview, Nandan Nilekani said “UID itself has very limited fields, it has only four or five fields — name, address, date of birth, sex and all that. But it also does not supply this data to anybody. .. the only authentication you can get from our system is a yes or no. So, you can’t query and say what’s this guys name or what’s his date of birth, you can’t get all that.”[iii]

This statement is, however belied by many of the UIDAI’s own documents.

The draft NIA Bill, for instance, permits the Authority to issue regulations on the sharing of “the information of aadhaar number holders, with their written consent, with such agencies engaged in delivery of public benefits and public services as the Authority may by order direct”. In practice, prior “written consent” for sharing is obtained from the resident as a matter of course at the time of enrollment itself, and it is impossible to obtain an Aadhar number without consenting to sharing by the UID Authority.[iv] In practice, in India, a large number of forms will be filled in by assistants and the written consent box will be ticked as a matter of course without the resident understanding the full implications of her “consent”.
 
The draft NIA Bill permits the authority to “make any disclosure of information (including identity information) made in the interests of national security in pursuance of a direction to that effect issued by an officer not below the rank of Joint Secretary or equivalent in the Central Government after obtaining approval of the Minister in charge”. There is nothing in the Act that requires that this information be made available on an individual basis – in other words, it is possible for the data to be shared en-masse with any agency “in the interests of national security”.
 
There is nothing preventing “Registrars” who carry out the actual data collection functions from sharing this information with anyone they choose. Thus, for instance, the Aadhar information collected during the exercise of compiling the National Population Register will can be shared in whichever manner the Registrar General of India chooses – irrespective of what the UIDAI does with that information.
 
So, while ordinarily, the UIDAI would not authenticate information other than giving Yes/No responses, there are mechanisms already in place that presume that all this information will be made available, on demand, to whichever agency that happens to be interested.

[i] 2011. UID project picks up pace. Indian Express. Available at: http://www.indianexpress.com/story-print/735790 [Accessed January 22, 2011].

[ii] UIDAI – Document Storage Guidelines for Registrars Ver. 1.2, August 2010

[iii] 2010. To issue first set of UIDs by Feb 2011: Nilekani – CNBC-TV18 -. Money Control. Available at: http://www.moneycontrol.com/news/business/to-issue-first-setuids-by-feb-2011-nilekani_449820-4.html [Accessed January 22, 2011].

[iv] For instance, a flowchart of the Resident Enrollment Process issued by the UID stipulates  “Record Resident’s consent for Information Sharing” as the tenth step in the enrollment process. Unless this step is followed, the enrollment process cannot proceed!


___________________________________ 


Comments»

1. Niranjan - January 26, 2011
Good article in the middle of so much privacy . The author has done good study of UIDAI and Registrars. I suggest other people targeting UIDAI should instead work towards securing data at the Registrars. As per this Article that is the most likely place breach of privacy will happen.
 
2. Ram Krishnaswamy, S - January 27, 2011
Thank you Prashant for expressing your thoughts so very clearly and concisely, exposing so many half truths coming out of UIDAI. It is almost like Nandan Nilekani saying GoI has commissioned me to create a Nuclear Bomb and how others will use it is not my responsibilty..
 
3. Ashok Kalbag - January 27, 2011
1) Registration is voluntary! How does one make sense of Nandan Nilenkani’s cryptic remark, “I wouldn’t call it compulsory. I would rather say that it will become ubiquitous”? If you want to lead a hermits life with hardly any society interaction, you need not have UID. However, if you want to lead a normal life and require a Passport, PAN, Ration Card, Voter ID, etc. would it not be simpler to have just a UID with an assuarance it is unique and cannot be duplicated. Most existing IDs have problems in ensuring individuals do not have multiple IDs, for misuse or otherwise. 2) The UID Scheme will only collect a minimal set of information The registrars are generally the benificiary of UID and have their own ID system which is not fool-proof. Hence, if there is an issue with the information demanded by the registrars (which is anyway given to them by individuals to avail their service eg.PAN, Passport, Gas connection, etc.) then why not take it up with them? IUD is only providing a service to the other service providers who have no system in place to ensure duplicate ID is not provided to same individual. Presently they have to rely on other IDs which can have duplicates for a given individual. 3)Privacy is guaranteed Presently, most registrars are already collecting the data relevant to them and linking it to other currently accepted IDs such as Ration cards, utility bills for address proof, bank passbooks, etc. which rely on voluntary disclosure of personal details to avail services from a particular service provider. This information remains with the registrar and is not stored with UID as part of its database. Hence there is no additional “loss of privacy” because of UID. UID only comes into picture once it has received the data which is required by them, and this data is not shared with anyone. Hence Privacy by UID is guaranteed – there should not be any issue once the process is clear. Data collected by most service providers who are also registrars for UID do it because they appreciate the non-duplication guarantee that UID provides and they cannot ensure it presently. Also, if one has issues with a particular registrar because of the additional data he is collecting, one can approach another who does not demand data that one is uncomfortable in disclosing. Hence all “loss of Privacy” issues begin and end with the service provider (even presently without UID) who is also a registrar for UID. The UID data cannot be duplicated and get registered with UID (get allotment of 2 UID numbers for same set of finger prints + iris prints). 4) The UIDAI will not disclose any information and will only authenticate information with Yes/No answers The NIA draft Bill can be amended before passing in Parliament to ensure whatever safe guards are required without impacting what UID is doing in the process of generating the UID number. It needs to be made legally acceptable for a query by any entity with respect to finger print + iris data and the other fields that UID retains to be verified by the UID duplication check process and accept the Yes/No verdict. In which case the data need not be shared. With newer technology our legal system should keep pace, otherwise the benefits of new technology will be lost to our people.
 
4. Amit Srivastava - January 27, 2011
wow! it amazes me to see how disconnected can people be from the realities of the nation. Height of skepticism. @Ashok: You are absolutely right on all the four points raised. Also, if there are any problems then that can be sorted out through a constructive dialogue. We may not need to scrap this whole project.
 
5. Prashant - January 31, 2011
Thanks for the encouraging comments Niranjan and Ram.   Ashok, I think you underestimate how influential the UID is going to be in making everyone switch over, or attempt to switch over, to a biometric authentication scheme even where this is not required. You may think this is a welcome development, I have my reservations. Secondly, you think the UID is a card. It is not. It is only a number. Each “Registrar” will continue to provide its own card – which returns you to your initial problem of multiple Ids. Thirdly – I find your remark about leading a hermit’s life both bizarre and simultaneously revelatory of your ideological moorings in this debate. That you see no irony in the fact that it will be impossible to live anything but a hermit’s life without a UID, and that this is an acceptable, even desirable situation to you, is a grim reminder of the extent to which one man’s (I mean Chidambaram) totalitarian technocratic wet-dream can override common sense. The threat the Aadhar poses, as many commentators have repeatedly drawn attention to is interlinking of databases. This is a serious threat – one that has prompted other countries to abandon similar projects. It may be wise not to rush where “angels” have feared to tread. Another illusion you have about the UID is that biometric authentication will be mandatory and will be customary in all transactions. Not only is this untrue but also impossible given India’s current state of connectivity. The UIDAI plans differential charges for biometric and demographic authentication, with the latter costing half the former. Even without the financial barrier, it will be impossible to obtain real time authentication of biometric data given the state of connectivity in most of India (I should make this my 5th myth) Amit – I welcome your timely reminder to pay attention to the “realities of India” – as opposed to the totalitarian technocratic fantasies of our corporate and political elite. In India, the UID has been thrust upon us without any manner of public discussion whatsoever.  Phrases like “Constructive dialogue” in this context have only the chilling effect of a gun pressed to one’s temple.   I think more people need to start thinking this through independently, rather than automatically assuming the role of the B Team of the UID’s Public Relations apparatus.