In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Sunday, January 22, 2017

10756 - Despite the comparisons, India's Aadhaar project is nothing like America's Social Security Number- Scroll.In


It has more uses and fewer safeguards.
Sunday, January 22nd 2017
Anumeha Yadav


From food rations to marriage certificates, entrance exams to train ticket concessions, mobile phone cards to banking, Indians are now being asked to produce a 12-digit Aadhaar number to access both government and private sector services.

This number is connected to their fingerprint and iris scans that are stored in a centralised database. As of September 2016, this database held the demographic and biometric information of more than 105 crore people – more than 80% of India’s population, and three times the population of the United States.

India’s Unique Identification project is the world’s largest biometrics-based identity programme. Initially, the project had a limited aim – to stop theft and pilferage from India’s social welfare programmes by correctly identifying the beneficiaries using their biometrics. But now, the use of Aadhaar is expanding into newer areas, including business applications.
As the uses of Aadhaar proliferate, what are the rewards and risks?

Over the next week, a special series on Scroll.in will take a closer look at the many dimensions of Aadhaar, from its use for social welfare, to its expansion in the private sector, to concerns over privacy and data violations.

First, a quick comparison with the Social Security Number of the United States. The nine-digit number, which is used widely by government agencies in the US, is seemingly as ubiquitous as Aadhaar. It is often used as an example of an advance economy successfully doing something similar to India’s unique identity project. But there are important differences between the two, starting with the fact that the Social Security Number is, well, not an identity number.

Aadhaar is an identification number. Social Security Number is not.
The Social Security Number has its origins in the years of the Great Depression. During this period of economic recession in the US, the Roosevelt government launched the “New Deal”, a series of programmes to provide relief and employment to the poor.
In 1936, under the Social Security Act, it began using a nine-digit number, the Social Security Number, to track the earnings of workers and compute the amount of social security benefits to be credited to their accounts.

Over the years, the ease of using the number led more government agencies to incorporate it in their records. In 1961, for instance, the Internal Revenue Service began using the Social Security Number for taxpayer identification, similar to the Permanent Account Number in India.

With no legal restrictions on use of the Social Security Number by private companies, several businesses such as credit bureaus started asking individuals for their Social Security Number and storing it.

But in 1977, the Carter administration clarified that while it may used to be verify whether an individual had the legal permit to work, the Social Security Number could not serve as an identification document.

The Social Security Administration website states in a 2009 bulletin: “The card was never intended to serve as a personal identification document that is, it does not establish that the person presenting the card is actually the person whose name and SSN appear on the card.”

By contrast, Aadhaar has been designed as a single, universal, digital identity number that any registered entity, whether public or private, can use to “authenticate” an Indian resident. Anyone who has lived in India for 182 days can enroll in Aadhaar for proof of identity, while only citizens and those authorised to work in the US can obtain a Social Security Number.

Aadhaar authenticates a person. The Social Security Number does not.
Aadhaar authenticates a person by matching his or her demographics or biometrics with the records in its database. The government says this will help prevent identity fraud – for example, no one will be able to collect wages or food subsidies in another person’s name.
The Social Security Number was never intended for authentication purposes and has not been built to do this on a national scale. It matches a name and associated Social Security Number against its records only in limited circumstances, such as before issuing a replacement Social Security Number, or establishing a claims record.
It “does not verify an individual’s identity”, notes the Social Security Administration website, explaining the verification methods.

Aadhaar captures biometrics. The Social Security Number does not.
Aadhaar collects biometrics, which include the scan of all fingerprints, face and the iris of both eyes. Aadhaar Act’s section 2(g) states that “other biological attributes” may be collected in the future, a provision that was intensely debated in Parliament.

The elderly and the poor is India have hardened, wrinkled hands.
In contrast, when the Social Security Number was created in the 1930s, the US government decided not to collect fingerprints. “The use of fingerprints was associated in the public mind with criminal activity, making this approach undesirable,” notes the Social Security Administration website. The Social Security Number is thus printed on a small paper card and does not carry even a photograph.
In recent years too, the Social Security Administration has restrained from collecting biometrics of residents. In 2007, when the Intelligence Reform and Terrorism Prevention Act asked the SSA to improve the security of Social Security Number cards, the SSA considered adding the holder’s photograph or biometrics to the card but eventually decided against it.
“A biometric identifier, such as a fingerprint, can be an effective and highly accurate way to establish the identity of an individual, but it can also facilitate a much higher degree of tracking and profiling than would be appropriate for many transactions,” said Marc Rotenberg, the president of Electronic Privacy Information Center, a research organisation, in a testimony to the House of Representatives.
He added: “The problems that will arise when biometric identifiers are compromised are severe. What will happen at the point that your biometric identifiers no longer identify you?”
Around 2011, American authorities considered introducing a new biometrics-linked identity card for work authorisation for residents. Called the Biometric Enrollment, Locally-stored Information, and Electronic Verification of Employment or BELIEVE card, it aimed capture fingerprints or scans of veins on the back of hands.
BELIEVE card supporters presented it as necessary for immigration reform but many opposed it. “We pointed out that a biometrics ID system would be expensive, intrusive and ineffective, and requiring such an ID card would fundamentally transform the information demands the US government places on its citizens,” said Michael Froomkin, a professor of law at Miami University.
Ultimately, the proposal was dropped.

Aadhaar links databases. The Social Security Number does not.
One of the key concerns around Aadhaar is that the government has “seeded”, or introduced the number in multiple databases, which makes it easier for government agencies to converge personal information of individuals across databases.
Millions of Aadhaar numbers have been linked to the bank records, ration lists, educational records, and telecom documents of individuals. New analytical data techniques mean this “big data” could reveal much more about a person than standalone data could in the past.
The PRS Legislative Research has pointed out the Aadhaar Act of 2016 does not specifically prohibit law enforcement and intelligence agencies from using the Aadhaar number to search various datasets. This could lead to inappropriate profiling and innocent individuals identified incorrectly as potential threats by law agencies could face harassment.
There is no seeding done using the Social Security Number. Federal agencies and private entities that collect the Social Security Number for a specific service store the number at the organisational level. The US government has cautioned against the use of the Social Security Number as a single, unique identifier.
For instance, the Department of Homeland Security in 2007 directed its officials: “Department of Homeland Security programs shall not collect or use an SSN as a unique identifier; rather, programs shall create their own unique identifiers to identify or link information concerning an individual.” The Department of Defence removed SSNs from military identity cards by 2011, and instead issued departmental-level IDs.
The emphasis is on using different identifiers for specific purposes, to reduce the risks associated with a single identifier.

Aadhaar does not have privacy safeguards quite in the same way as the Social Security Number.
In response to growing concerns over the accumulation of massive amounts of personal information, the US government passed the Privacy Act of 1974. The law was passed in recognition of the dangers of the widespread use of Social Security Numbers as universal identifiers.
Subsequently, the Computer Matching and Privacy Protection Act of 1988 tightened regulation, by providing for the establishment of Data Integrity Boards at each agency.
India does not have a privacy law either at the national or state level. As per section 8 of the Aadhaar Act, requesting agencies are required to obtain the consent of individuals before collecting their identity information and inform them of what information will be shared. But as per section 47, a person whose information is collected and shared without their consent cannot invoke the criminal penalty. The Act says such a complaint can only be made by Unique Identification Authority.
Further, when the Unique Identification Authority of India authenticates the identity of individuals against the Aadhaar database, it generates millions of authentication logs every day, containing the request received, the response, and the metadata related to the transaction.
The Authority retains the authentication data for six months, and archives it for five years. It also requires the requesting entities – both public agencies and private companies – to maintain the logs, including the Aadhaar number, for two years, and then archive it for five years, and even longer in case of a court order.
Experts caution against the retention of data for such long periods. Data breaches could potentially violate people’s privacy. In 2014, European Union’s highest court ruled that data retention is illegal.

Aadhaar is designed to be used by private companies. The Social Security number was not, but its use by the private sector has led to identity theft.
Identity theft affects over 90 lakh Americans every year.
Over the years, commercial enterprises, particularly in the financial services sector, have created a system of files containing the personal and financial information of a majority of the American adult population, based on their Social Security Numbers. This information is sold and traded freely, in some instances leading to identity theft, particularly of elderly pensioners and students. Privacy expert Rotenberg has described financial companies as “among the strongest opponents of SSN restrictions.”
A major government report on privacy in 1973 said that legislation should be adopted prohibiting use of the Social Security Number “for promotional or commercial purposes”.
In most states, legally, an individual is required to provide their Social Security Number to a business only if the transaction requires so under Internal Revenue Service or federal Customer Identification Program rules. A few states such as Colorado, Arizona and California have passed laws that restrict the disclosure and use of the Social Security Number by private actors.
In contrast, Aadhaar has been designed for use by both public and private entities. Billionaire software entrepreneur Nandan Nilekani, who is the founder chairperson of Unique Identification Authority of India, while explaining the differences between Aadhaar and the Social Security Number, said Aadhaar had been designed “as an open platform on which you can build applications”.
In a foreword to a Credit-Suisse report, he noted that the use of Aadhaar by the financial sector could open up a $600 billion business opportunity.
The Unique Identification Authority of India has already entered into agreements with a number of companies providing authentication and identification services using Aadhaar as a platform.

Aadhaar functioned without a legal framework till recently. The Social Security Number was created through a law.
Since its inception, the Social Security Number has been governed by the Social Security Act of 1935.
In contrast, the Aadhaar project functioned without a legal framework for seven years since it was launched by the United Progressive Alliance government in 2009. It was run under an executive order, which meant Parliament had no oversight over it.
An Aadhaar Bill was introduced in 2010 but it was rejected by a parliamentary committee over legislative, security, and privacy concerns. In March 2016, the National Democratic Alliance government passed the Aadhaar Act as a Money Bill, bypassing the Rajya Sabha – a move that was widely criticised.

The use of Aadhaar is expanding. The use of the Social Security Number is getting restricted.

The Privacy Act of 1974 makes it unlawful for a governmental agency in the US to deny a right, benefit, or privilege merely because the individual refuses to disclose his Social Security Number, except when disclosure is required by federal statute.
Section 7 of the Act provides that any agency requesting an individual to disclose his Social Security Number must “inform that individual whether that disclosure is mandatory or voluntary, by what statutory authority such number is solicited, and what uses will be made of it.”
Given privacy concerns over the use of Social Security Numbers, governments have passed several laws and orders since 1996 to restrict and limit its use and collection.
The Social Security Administration website says state entities have begun to delete Social Security Numbers on electronic public records. An executive order of 1943 that required federal agencies to use the Social Security Number when establishing a system of permanent account numbers was rescinded by an Executive Order, which made such use optional in 2008.
Several US states have also passed laws. New York and West Virginia have statutes that limit the use of the Social Security Number as a student identity number. Kentucky allows students to opt out of the use of Social Security Numbers. Arizona law requires companies to give a right to users to opt out. California prohibits businesses from printing Social Security Numbers on bills, and companies must notify individuals in case of data breaches.
The Intelligence Reform and Terrorism Prevention Act of 2004 prevented the printing of Social Security Numbers on driver licenses and other government- issued identity cards. A 2015 law prohibited the inclusion of Social Security Numbers on Medicare cards, though this has not yet been achieved.
In contrast, since the first Aadhaar number was issued in 2010, the government in India has tried to link maximum schemes and benefits to Aadhaar, pausing briefly when the Supreme Court issued orders restricting the government from making Aadhaar compulsory.
The Supreme Court passed at least six orders since 2013 saying the government cannot require people to register for an Aadhaar number and no one can be deprived of a government service for not having an Aadhaar number.
But under section 7 of the Aadhaar Act, the government can ask a resident to produce Aadhaar for any “benefit, subsidy or service”, which has made the ambit of the project very wide. Now even private companies have incorporated the Aadhaar number in their systems.
The current trajectories of two ubiquitous numbers – Aadhaar and the Social Security Number – appear to be in opposite directions.

We welcome your comments at letters@scroll.in.