In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Saturday, March 19, 2016

9564 - The New Dimension to the UIDAI Debate: The Aadhaar Bill, 2016


Posted on March 4, 2016 by Joshita Pai

The discourse around Aadhaar has only aggravated since its inception, and one of the primary contentions of the debate has been the lack of a statutory force behind the initiative. Amidst all the speculations, the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 was introduced on 3rd of March as a money bill, on the grounds that subsidies and other benefits will be drawn from the Consolidated Fund of India. The Bill seeks to resolve the contention of the lack of a legislation backing Aadhaar. The Bill also allows for more schemes to be attached to Aadhaar in future. Presently, there are a handful of schemes attached to the Aadhaar which have been approved by the Supreme Court. The Bill is an ambitious task to provide a framework for operationalization of Aadhaar.

A Cursory Glimpse
The Bill, establishing the Unique Identification Authority of India (UIDAI) as the authority for the functionality of the Aadhaar process, provides for the conferment of an Aadhaar number, to every resident who submits her identity information. The Bill, in this context defines a resident in clause 2(5). Clause 2(n) provides that identity information includes biometric information and demographic information. Biometric information includes photographfinger print, Iris scan, or such other biological attribute of an individual as may be specified by regulations. The demographic information includes information relating to name, date of birth, address and other relevant information of an individual specified by regulations but significantly excludes information about race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history.
According to clause 9, an Aadhaar number shall not confer or be a proof of,citizenship or domicile The Bill also carries a provision which may require Aadhaar holders to update their biometric and geographic information. The inconsistency in predictability of biometric data of an individual has been a contentious issue but the object of the provision here is as mentioned, thecontinued accuracy of the information in the repository.

Dissecting the Clauses
The Bill elevates the existence of an Aadhaar number to a proof of identity by virtue of clause 4(3).
Chapter IV of the Bill establishes the UIDAI as a body corporate, consisting of a Chairperson, a CEO and two part-time members. The CEO of the Authority will not be below the rank of Additional Secretary to the Government and will be appointed by the Central Government. The chapter deals with functions of the members, grants by Central Government, accounts and audits, qualifications and enumerations of the members. The Authority is responsible for the establishment, operation and maintenance of the Central Identities Data Repository. Clause 49 provides that the members of the UIDAI will be deemed as public servants. Clause 50 provides that the Central Government is not empowered to issue directions pertaining to technical or administrative matters undertaken by the authority.
Clause 16 of the Bill places restrictions on the Chairperson and members of the UIDAI who have ceased to hold office. It bars them from accepting employment in any management or company, which has been associated with any work contracted by the UIDAI, for a period of three years after the expiry of their employment. Listing the functions of the UIDAI, clause 23 provides that the authority shall formulate policies, procedures for issuing Aadhaar numbers and for the performing authentication of the same. The Authority is designated to carve out regulations including process of collection of information, specify what includes biometric and geographic information. The specifications have been left open to the authority, including the appointment of an entity to operate the Central Identities Data Repository.
The Bill creates a Central Identities Data Repository [Clause 2(h)] which will be the centralized database containing all Aadhaar numbers and details thereto. It will also be responsible for authentication and verification of the information provided by Aadhaar holders, at the time of enrollment. The registration of Aadhaar, has been made voluntary by the force of the Court’s order in August, 2016.
In light of this, clause 7 of the Bill mandates that proof of Aadhaar number is  necessary for the receipt of certain subsidies, benefits and services. The clause carves out a potential exception to the effect that if an Aadhaar number is not assigned to an individual, an alternate means of identification shall be offered for delivery of benefits.
Enabling accessibility to the Aadhar process, clause 5 of the Bill provides for special measures for issuance of Aadhaar to senior citizens, children, persons with disability persons who do not have any permanent dwelling houses. The clause is inclusive in nature.
Chapter VII of the Bill deals with penalties and liabilities for several offences. Impersonation at the time of enrolment as well as impersonation for the purpose of changing the demographic information of an Aadhaar number holder, is punishable with imprisonment. Providing a heavy liability for companies, clause 43 states
Where an offence under this Act has been committed by a company, every person who at the time the offence was committed was in charge of, and was responsible to, the company for the conduct of the business of the company, as well as the company, shall be deemed to be guilty of the offence and shall be liable to be proceeded against and punished accordingly.
A provision which stands out in the chapter listing out penalties is Clause 44. It reads as follows:
(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any offence or contravention committed outside India by any person, irrespective of his nationality.
(2) For the purposes of sub-section (1), the provisions of this Act shall apply to any offence or contravention committed outside India by any person, if the act or conduct constituting the offence or contravention involves any data in the Central Identities Data Repository (5(f))

Privacy Provisions in the Bill
The statement of objects and reasons appended to the Bill states that it seeks to provide “for measures pertaining to security, privacy and confidentiality of information in possession or control of the Authority including information stored in the Central Identities Data Repository”. 

Chapter VI of the Bill is built around the protection of information by the Authority, collected through the enrolment process. The Bill qualifies biometric information collected and stored in electronic form, as “electronic record” and “sensitive personal data or information” within the meaning of the Information Technology Act, 2000. The distinction between core biometric information and biometric information has been visibly emphasized. Clause 29 imposes a restriction on sharing information and bars the use of core biometric information for any purpose other than for the generation of Aadhaar numbers and authentication.
Clause 28(3) reads
“The Authority shall take all necessary measures to ensure that the information in the possession or control of the Authority, including information stored in the Central Identities Data Repository, is secured and protected against access, use or disclosure not permitted under this Act or regulations made thereunder, and against accidental or intentional destruction, loss or damage.”
Clause 28(5) further provides that the Authority or its officers or employees or any agency which maintains the Central Identities Data Repository shall not, whether during his service or thereafter, reveal any information stored in the Central Identities Data Repository or authentication record to anyone.
The Bill provides for information privacy at the stage of enrollment. According to Clause 3(2), the enrolling agency, which is appointed by the UIDAI for collection of identity information is bound to inform the individual at the time of enrollment, details about (i) the manner in which information collected will be used, (ii) the right of accessibility of information at the hands of the individual and the (iii) the nature of recipients of the information.  The manner of communication of such information has been left open to specific regulations which will be prescribed by the UIDAI.
The Bill provides for authentication of Aadhaar number by a requesting entityin relation to his biometric information or demographic information. Clause 2(u) defines “requesting entity” to mean an agency or person that submits the Aadhaar number, and demographic information or biometric information, of an individual to the Central Identities Data Repository for authentication.
Clause 8(2) makes it mandatory for the entity requesting authentication to obtain consent from the person whose information is to be collected for such authentication. It requires the requesting entity to ensure that the identity information of an individual is only used for submission to the Central Identities Data Repository for authentication. The clause further provides that the Authority shall respond to an authentication query with a positive, negative or any other appropriate response sharing such identity information excluding any core biometric information.
With respect to identity information, clause 29(3) restricts the use of such information available with a requesting entity and states that the identity information will only be used for the purpose specified to the individual at the time of enrolment and only with the prior consent of the individual.  Clause 32 enables an Aadhar number holder to access her/his own information and also mandates that records of request of authentication of an individual, should be maintained.
The functions of the Authority include performing authentication of Aadhaar numbers, deactivation of Aadhaar numbers. Clause 23(m) empowers the Authority to specify, by regulations, various processes relating to data management, security protocols and other technology safeguards under this Act; The UIDAI, according to Clause 23(q) is also entrusted with the function ofpromoting research and development for advancement in biometrics and related areas, including usage of Aadhaar numbers through appropriate mechanisms;
Disclosure of Information
Envisaging an exception to the protection of information provisions, clause 33 allows for disclosure of information in certain instances. It provides that disclosure of information, including identity information or authentication records is permissible if made in pursuance of an order of a Court (at least District judge), or in the interest of National Security by an officer of the level of Joint Secretary or above. However, the Bill does not define national security and the term in itself is vague and overbroad. It provides that such a direction shall be reviewed by an oversight committee consisting of Cabinet Secretary and Secretaries of Legal Affairs and DeitY. The problems of third party independent oversight and the volume of requests remain as is the case with the oversight committee under the Blocking Rules and the Telegraph Rules. The provisio appended to clause further provides that the direction in the interest of national security shall lapse after the expiry of three months from the date of issue.
Clause 37 of the Bill enshrines a penal provision for unauthorized disclosure of any identity information collected in the course of enrolment or the authentication process. This provision speculates a penalty for individuals as well as companies who engage in unwarranted disclosure. The Bill imposes a penalty for unauthorized access to the repository (clause 38), for tampering with data on the repository (clause 39). Chapter VII further provides for punishment of a requesting entity for unauthorized use of identity information.
The Bill contains vital provisions in terms of requesting entity applying for authentication, access of identity information by an Aadhaar-number holder to introducing liabilities. However, a deeper glance shows that several regulations are yet to be prescribed and have been left open-ended. The actualization of a legislation should however, not be conceived as a satisfactory response to the yet to be heard struggle for determining privacy as a constitutional right.