In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Wednesday, October 16, 2013

4837 - India is now tech capital of biometrics: Nandan - Money Control

Oct 14, 2013, 01.12 PM IST 

Nilekani UIDAI's focus will shift from innovating and developing new services inside to running a very efficient utility and innovative solutions built from the outside on top of Aadhaar.



Rohin Dharmakumar, Seema Singh, NS Ramnath/ Forbes India 

Nandan Nilekani on the Aadhaar project's scope, its vulnerabilities and its future 

Q. How long does the UIDAI hold transaction data and what steps has it taken to ensure that the privacy of users' data—demographic & transactional—will be safeguarded from any third party? 
We are in the process of finalising the policy for that. UIDAI only gets the location, time and the device from which the authentication request came from. It is a federated database with in-built optimal ignorance among various players. At the design level itself, we don't have transactional data, except that we had an authentication request. When we do authentication, if we get a claim that it is a 'false accept', we, in turn, have to investigate and that'll decide how long we retain the data. We have to strike a balance between privacy issues and liability issues, looking at practices of banks and switching companies. But let me tell you that we take great care to safeguard the data. We encrypt at source; we anonymise data when we send it for verification; the database itself is encrypted; we have layers and layers of security. In fact, as far as biometrics is concerned, once we have extracted the minutiae, we put it offline.  

Q. Is there a timeline for this policy? Will it come before this government goes? 
We are still formulating the policy. 

Q. If Aadhar's biometric data are compromised or stolen, what are the UIDAI's breach of disclosure and liability policies? 
We will formulate appropriate policies on liability. UIDAI has been at the forefront of disclosure on its design philosophy. We have a data sharing/security/architecture policy. What do we collect?  Apart from, of course, the biometrics for de-duplication and authentication, we only collect name, address, date of birth, sex and telephone number and email (the latter two are optional and help with communications). This data is similar to what is there in the voter ID system, the telephone book etc, much of which is often public on the internet. Aadhaar is a pure ID system, and data like medical and financial records are in their respective system and UIDAI does not have access to it. 

Q. In most areas, the UIDAI works with multiple vendors, often three. Yet, why is NPCI the only partner for the Aadhar payment bridge? 
We are in discussions with all the payment providers. Visa has already launched a product in Delhi using Aadhar; it's called Saral Money. Mastercard and Amex are in discussions, each of them will have their own Aadhaar payment bridge; which agency wants to use which bridge is up to the agencies. 

Q. How will you ensure that there will be a level playing field between various third parties who use Aadhar authentication, subsequent to your exit? 
We're putting policies and frameworks in place; we have a law under consideration that will limit the data that can be collected by the UIDAI. We want to ensure core system values are adhered to. The sustainability and legacy of UIDAI is important to all of us, so we are doing the best we can. Besides, we have a design principle, embedded in the architecture, which says we don't want vendor lock-in. In the context of what the system can do or will do, we have pretty much delivered what we had said we'll do —enrolment engine is in auto pilot; we've built multiple authentication capabilities; delivered eKYC; and we are rolling out data update procedures. UIDAI's focus will shift from innovating and developing new services inside to running a very efficient utility and innovative solutions built from the outside on top of Aadhaar. 

Q. If there is a change to the technology or architecture of Aadhar, how will it be communicated to the public? 
Lant Pritchett of Harvard [Kennedy School] talks about thin (to bosses) and thick (answerable to people) accountability. Our idea has been to create a dense ecosystem of users, banks and mobile companies and to get them to pay for it, in order to create thick accountability. Whoever is in charge tomorrow should be immediately accountable if something doesn't work properly or changes to design or policy are made without consulting stakeholders. The moment we commit ourselves to a certain level of service, say 99.9 percent uptime and so on, we are holding ourselves accountable to that performance. Creating rules is fine, but creating an organisation that responds to the outside pressure is the best safety net. 


Q. Is there a core R&D and tech team that will ensure continuous development and upgradation of Aadhar, especially in light of Indiawide field rollouts and scale? 
Most of the services of the organisation are up and running; they need to be scaled up a bit. We are not launching anything new. It's relatively less of a risk now; we are making sure the managed service provider we have hired is on board. We are also creating an external advisory board which will review its decisions…again to create 'thick accountability'. 

Q. Aadhar was expected to create a significant number of jobs and investment opportunities in India. 
While we had no such mandate, we did create many jobs through our approach. We chose to do this as an ecosystem approach rather than create a huge organisation and bureaucracy. We created a lean organisation (less than 300 people are working with us) and came up with ecosystem architecture. We have trained 50,000-75,000 enrolling agents and operators; the postal department has been a big partner. At any point, there are 25,000 live operators in the system. The project has moved the biometrics centre of gravity to India, all top players, Morpho/L1/NEC etc, are here. The device manufacturing is coming up. Innovation ecosystem is also seeded and you'll see many applications coming out. With its new iPhone, Apple has now brought biometrics to the consumer, but long before them we made India the tech capital for biometrics. 

Q. Given the criticality of Aadhar, do you or the government of India have a formal succession plan in place? 
Our new chief executive has come in a few months ago. A senior IAS officer, Vijay Madan, is an extremely competent person. His predecessor was Ram Sewak Sharma, who really laid the foundation of UIDAI. In fairness, they really run the organization and I do the media interviews! My goal would be that Vijay remains in this position beyond me, as mission director and director general of UIDAI. It will be the government which will decide my successor. 

Q. Should there be a clearer demarcation between people who design Aadhar vs those who influence its usage? You were, after all, on many committees? How will you ensure your successor does not misuse the power of the Aadhar platform in any way? 
All these committees are now wound up after having completed their assignment and delivered unanimous reports. The government is acting on the architecture that has been laid out to use Aadhaar for payments, do subsidy reforms and streamline benefits. These committees were essential as you cannot do such a transformational national reform without architectural integrity and ensuring that all the moving parts are meshed into each other. Aadhaar enabled change requires huge interoperability — LPG, kerosene, food, fertiliser, financial systems… all these need to be aligned. 

Q. Is biometric authentication a must for all Aadhar transactions? If not, what percentage of them do you reckon require it? 
Let us separate biometric and non-biometric uses of Aadhar. When you do authentication, a certain class of applications will require biometric authentication. For example, say all PDS [public distribution system] withdrawals will require biometrics so that the foodgrain goes to the lady of the house. But if you do e-commerce sitting at home, then you just need OTP [one time pin]. It's always a risk-reward situation. In LPG, there's no biometric authentication, but what is used to credit money is using Aadhaar as the financial address. We are agnostic to the final composition of usage. But we are fairly confident, the more we learn the more accurate this system will become and more people will use it. If people don't want to use biometric authentication, that’s fine. We have several value propositions. 

Click here to read more Other Forbes Stories How Nandan Nilekani Took Aadhaar Past The Tipping Point Despite Slowdown, Aspirations Propel Luxe in India Innovation Requires More Than Systems and Tools A New High: Personalised Private Jets