In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Monday, November 6, 2017

12299 - The Maharashtra case shows pitfalls of Aadhaar use - Sunday Guardian Live

The Maharashtra case shows pitfalls of Aadhaar use

By ANUPAM SARAPH | 4 November, 2017



The problem affecting tens of thousands of crore loan waiver in Maharashtra to benami Aadhaar bank accounts exposes the inability of Aadhaar to 100 per cent identify individuals or always prevent money laundering. Aadhaar is not a magic wand, it is merely a number to access an unaudited or unverified record from UIDAI’s database. The Maharashtra Aadhaar issue calls to question the methods now used to link it to bank accounts, SIM cards or others

FARM LOAN WAIVER SCHEME
The Chhatrapati Shivaji Maharaj Shetkari Sanman Yojana (CSMSSY), or the Maharashtra Farm Loan Waiver Scheme, invited online applications at the official website of CSMSSY 2017 www.csmssy.in for registration of farmers under the scheme for loan waiver. Applicants on the website were required to choose either OTP or biometric to authenticate the mobile phone or biometric associated with Aadhaar. Applicants could also physically fill the application form along with the photocopies of the Aadhaar card, PAN card (if applicable), and bank savings passbook to any of the Aaple Sarkar Seva Kendra.

Till 22 September 2017, the website received 10,512,040 registrations from farmers in Maharashtra from which 5,659,187 applied for farm loan waiver under the scheme. Under this scheme, farmers who had defaulted on crop loan or term loan between April 2009 and June 2016, if found eligible, would be given a loan waiver of Rs 1.50 lakh.

Various newspapers reported that the government has discovered that lakhs of farmers, according to the data provided to the government, have identical Aadhaar and savings account numbers. They quoted Principal Secretary (IT) V.K. Gautam as having been perplexed with duplicate Aadhaar numbers: “We are perplexed to see the identical Aadhaar and savings account numbers of several thousand farmers.”

This difficulty clearly exposes the inability of Aadhaar to always identify persons uniquely, prevent leakages, and participate in banking. The unwillingness or inability to audit the processes that deliver subsidies, benefits and waivers affects its intention to clean up the corruption and theft. Aadhaar is not a magic wand, it is merely a number to access an unaudited or unverified record from UIDAI’s database.

AADHAAR DOES NOT IDENTIFY ANYONE
The complex “ecosystem” and the processes for creation of these records provided multiple opportunities to create records for ghosts and duplicates. According to IT Minister Ravi Shankar Prasad, 34,000 operators who tried to make fake Aadhaar cards have been blacklisted. Even if each operator worked for a year before being blacklisted, at about 100 cards a day amounts to over a billion fake records. That is more than 95% of the database.

No one from the UIDAI or even the government even sign the Aadhaar card that is mailed back to the enrolee. The very same organisations that were declared by the UIDAI as holding databases full of ghosts and duplicates were asked to serve as “registrars” to the enrolment process. They were even given flexibility in the collection, retention and use of the data (including biometric) that they collected. The very same documents that were called suspect by the UIDAI, were used as proof of identity or address to enrol for Aadhaar. Aadhaar enrolment has been unlike that of any other identity document, easily scaling the creation of duplicate and ghost identities.

No one in the Aadhaar enrolment process was required to identify anyone. At best they had to merely verify documents that were submitted for enrolment. Needless to say, anyone in possession of your documents could enrol with minor changes in any demographic information or with different biometrics. Field stories of enrolments are full with descriptions of biometric jugaad, including using combination of persons, use of biometric masks, biometric modifications, and other ingenious methods to maximise registrations. There is also no evidence of any biometric de-duplication of ever having happened, let alone being able to demonstrate duplicates and ghosts cannot be enrolled.
Aadhaar is often unable to identify anyone. It is also not geared to remove ghosts and duplicates from other databases as it was built upon those very databases it claims to clean.

AADHAAR IS PROBLEMATIC
There is a widespread myth that biometric or OTP authentication at the time of transaction—enrolment for loan waiver, for example—is proof of consent of the person whose biometric it is. It ignores the reality that the biometric or OTP authentication could have been phished from a victim. It ignores that a stored biometric could have been used. It ignores that OTP generated on a SIM obtained and associated with an Aadhaar could be used. There are multiple possibilities. Above all, it ignores that mere authentication of a biometric or OTP does not imply a person is consenting to any process or transaction.

This belief of use of Aadhaar as consent to a transaction also ignores the field realities of processes using plain simple photocopies of Aadhaar or parallel Aadhaar databases to undertake transactions like on-boarding beneficiaries, delivering subsidies or waivers, issuing SIM cards or even open bank accounts. The CSMSSY also used mere photocopies of Aadhaar to enrol farmers. The use of Aadhaar to replace traditional processes to obtain consent opens up a Pandora’s Box of legal illiteracy and denial of human rights and justice.

With Aadhaar, no one has any trace of the real beneficiary or customer. The real beneficiary or customer may simply be masked by a benami owner using an Aadhaar number. Even your Aadhaar can be used without your knowledge by a perpetrator to claim multiple benefits multiple times, obtain SIM cards, open multiple bank accounts in order to use it to obtain loans, collect bribes, park black money, or siphon your subsidies. In the eyes of law enforcement, if these benefits or accounts are discovered, you will be the criminal.

PROBLEM OF LINKING AADHAAR
The Maharashtra difficulty exposes the loopholes in the government’s plan to link mobiles and bank accounts to Aadhaar numbers. It calls to question whether public interest and national interest are being protected by the bureaucracy. It calls to question the understanding of bureaucracy about processes delivering subsidy, benefits or waivers, and their audit. It calls to question their understanding of consent and shows the inability of authentication processes to capture consent. It calls to question their comprehension about Aadhaar. It highlights their inability to recognise that Aadhaar is not an identity or consent; it is merely a framework to store and retrieve records.

Traditionally, bank accounts are opened with strict KYC that leaves customer records with the branch for the lifetime of the accounts and branch managers are liable to ensure the identification of every customer they onboard. Aadhaar eKYC has incorrectly, as in the case of enrolment for CSMSSY, assumed identification. Aadhaar eKYC does not leave any customer acquisition records with the branch. It does not identify any person and give branch managers any confidence that they are not dealing with ghosts or benami individuals managing shell bank accounts.

SIM cards do not identify the user. At best they identify the location they are used from. It makes absolutely no sense to insist on a KYC or to link a SIM to an Aadhaar and treat OTP from the SIM as a means to authenticate the person.
For more than a decade, governments across India have been using the RBI’s own payment system, the NEFT or RTGS, to undertake electronic money transfers. This is also evidenced by the fact that Aadhaar leaks have exposed that bank details are already present in every record of the leaked data. There is absolutely no reason to switch public payments from NEFT to any Aadhaar enabled payment systems, run by any non-government company. The replacement of a time tested standard of electronic money transfers under government regulation, by a non-standard payment system run by a non-government company, raises several serious questions of national and public interest, propriety and possible conflicts of interest. The CSMSSY issue has called to question the reliability of using Aadhaar for governance and banking. The coercion behind linkage of Aadhaar to bank accounts and mobile phones to enable the Aadhaar payments raises serious questions of those who continue to push it despite repeated caution and alternatives. Prime Minister Narendra Modi must himself look at the entire matter and ensure only fail-safe modes of identity and transactions are used, as the scheme still has several of the defects that caused him as Chief Minister to oppose its mass introduction.

Professor and Future Designer @AnupamSaraph is an internationally renowned expert on governance of complex systems.