In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Wednesday, July 10, 2013

4412 - Part vi - Best finger first, but let’s now scan the eye The Statesman

Best finger first, but let’s now scan the eye

The Statesman
10 Jul 2013
Usha Ramanathan
In December 2011, when the Standing Committee on Finance (SCF) readied its report on the National Identification Authority of India Bill 2010 to be placed before Parliament, there were as yet no reports on authentication - viz., on how the biometrics collected during enrolment would be used in identifying a person.
Among a few pieces of the puzzle that was presented to the SCF was a statement from the Planning Commission, in which the UIDAI is located, that read: "It is well acknowledged that there will be failures in authentication for various reasons. After proof of concept studies (PoC) on authentication, appropriate policies and processes will be developed to take care of situations where failure occurs for various reasons .. The choice of using the authentication services is left to the third party service provider ... Concerned agencies will have to develop policies and procedure to handle such exceptional situations .."
That is, there would be problems in authentication, no one could anticipate the extent of the problem because it was still untested, and responsibility would be diffused among service providers if authentication did not work.
This was a strange position to be adopted by an agency that had launched a nationwide project to biometrically de-duplicate and identify the entire population.
The Standing Committee had also seen an interview with the Mission Director and DG of the UIDAI, Mr R S Sharma, in Frontline in November 2011, where he had said: "Capturing fingerprints, especially of manual labourers, is a challenge. The quality of fingerprints is bad because of the rough exterior of fingers caused by hard work, and this poses a challenge for later authentication. ... Issuing a unique identity will not be a major problem. But authentication will be, because fingerprint is the basic mode of authentication."
In January 2012, a document was put out by the UIDAI which was incensed by a statistic that the Standing Committee had referred to which estimated that the "failure to enrol" would be as high as 15 per cent.
The UIDAI tried explaining that these were "misconceptions", that they could "state with confidence" to the contrary, and that "it is now safe to conclude" that biometrics will work over the entire population.
Except - they were relying on their Proof of Concept on enrolment which, as their own report reveals, (see earlier report dated 6 July 2013) does not convince that the system can deal with the complexity of the population.
More damning still, Prof Ramakumar, the expert who had provided the statistic was drawing on an estimation made by a company, 4G Identity Solutions, which is partnering with the UIDAI! He quotes them as saying: "It is estimated that approximately five per cent of any population has unreadable fingerprints, either due to scars or aging or illegible prints. In the Indian environment, experience has shown that the failure to enrol is as high as 15 per cent due to the prevalence of a huge population dependent on manual labour." And, the DG and Mission Director's interview stands unrebutted.
The first report on "authentication accuracy" was released in March 2012.  This would indicate whether persons can be identified by their fingerprint. The PoC involved about 50,000 UID number holders.
It was carried out "in a controlled manner using different authentication devices.
The collected data was sent to the UIDAI Technology Centre. Further statistical analysis was performed at the Centre." This was a UIDAI exercise, and a statistic emerged from it: "accuracy of 96.5 per cent can be achieved using one best finger and 99.3 per cent can be achieved using two fingers" up to three attempts. "Accuracy," the report went on to say, "could be further improved by using the additional factors such as one-time-password (OTP), demographical data or second modality such as iris." A separate study was recommended to check that out.
What do these statistics mean? What is the `best finger'? What are two fingers in three attempts? What else does the report say? The "best finger" first.
Though all 10 digits are captured during enrolment, not all fingers work equally well when they have to be used to authenticate a person.
So, when enrolment is done, the report said, a person would have to go through a "best finger detection" (BFD) process, because: "The best finger to be used for authentication depends on the intrinsic qualities of the finger (ex. ridge formation, how worn out they are, cracked, etc.) as well as the quality of images captured during enrolment process and the authentication transaction."
Someone in the team that prepared the report clearly had a sense of humour: this description is accompanied by the sketch of a wrist and fingers, with the index finger pointing skywards with a bow tied to it as a sign of how special it is!
The fingerprints are sorted on the basis of "match scores" by comparing them with what has been enrolled and stored. This helps to rank the fingers: rank 1- best finger, rank 2- second best finger. "Further," the report reads, "the fingers are labelled Green, Yellow, or Red - depending on their suitability for single finger authentication." In addition, it continues, "some residents could be determined to be not suitable for reliable fingerprint authentication".
About the devices, there is the profound statement: "The best set of devices did much better than the good set of devices, which did much better than the rest of the devices." "In online authentication system, providing multiple attempts of the same finger was seen to improve resident's chances of successful authentication." And the inference that was drawn was that "the resident learns to place fingers appropriately over multiple attempts". And, "residents in the 15-60 years group showed best authentication accuracy". The young and the old are somewhat troublesome. In sum, for those whose fingerprints work, if they have a best finger, or two yellow fingers, and more fingers are used, and if labelled matching works, and best devices are used, and when there are high quality fingerprint images, and immediate feedback, then .... fingerprint authentication may work 99.13 per cent of the time. That is the value of the statistic.
Then, multimodal authentication with both fingerprint and iris, OTP, buffered authentication, multiple attempts and with different fingers - these are recommended, "to not only improve accuracy but also to ensure inclusion."
The recommendations harbour the underlying unease about the capacity of fingerprints to identify the entire complex of people in this country.
That explains why, even as the report starts out, it says "although currently only fingerprint biometric is being offered ... it is likely that in the near future iris biometric authentication will also be supported." And, in conclusion: "Low cost iris capture devices are becoming available in the market. A combination of fingerprint and iris is expected to improve accuracy by a factor of 10 to 100, while reducing failure to enrol (red fingers) rate by a factor of 10. A detailed study such as this should be done on iris authentication."
In the meantime, this report lends context to Mr Nilekani's statement at the Centre for Global Development in Washington in April this year about having "created huge opportunity for fingerprint scanners, iris readers".
(The author is an academic activist. She has researched the UID and its ramifications since 2009)