In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Monday, January 22, 2018

12743 - Existence of other biometric databases may pose new challenge to Aadhaar - Hindustan Times


Existence of other biometric databases may pose new challenge to Aadhaar

The existence of independent biometric databases means the information the UIDAI holds under lock and key is also scattered among scores of government departments. The real database problem for Aadhaar is not as much with its database but with these other databases.INDIA Updated: Jan 21, 2018 07:39 IST


Aman Sethi
Hindustan Times, New Delhi


Employees mark their attendance through Aadhaar-based system at the Yojana Bhawan.(Vipin Kumar/HT File Photo)

The widespread and largely unsupervised use of biometrics for everything from accessing university classrooms to identifying sea-faring fishermen along India’s coasts has resulted in the proliferation of public and private databases that could compromise the integrity of India’s Aadhaar-based authentication system.

“Ordinarily, the existence of these biometric databases would not scare me,” said Subhashis Banerjee, Professor of Computer Science Engineering at IIT Delhi. “But given the UIDAI uses biometrics for authorising transactions, these databases are a risk.”

In effect, the real database problem for Aadhaar is not as much with its database but with these other databases.

The Unique Identification Authority of India (UIDAI), the agency responsible for the Aadhaar programme, did not respond to HT’s request for comment.

Earlier this month, The Tribune reported that Aadhaar numbers and demographic information could be purchased for as little as Rs 500.

The UIDAI insisted that the biometrics of over 1 billion citizens were secure in the Central Identities Data Repository (CIDR) maintained by the agency.

That’s true, but the existence of independent biometric databases means the information the UIDAI holds under lock and key is also scattered among scores of government departments, many of whom have little conception of data security.

UIDAI to allow Aadhaar authentication using face recognition from July

Aadhaar database has never been breached since its existence: UIDAI

Repeated government directives to seed databases with Aadhaar numbers has only worsened this threat, two senior IT administrators said.

This is because any biometric database that seeds Aadhaar numbers, by default, has the same information as UIDAI’s CIDR for those particular Aadhaar numbers.

Thus far, there have been no public reports of hackers stealing Indian biometric stashes, but in 2015 hackers believed to have ties with Chinese security agencies stole 5.6 million fingerprints from the servers of the Office of Personnel Management, the human resource department of the US government.

50 million prints

From 2012 to 2016, the Employees State Insurance Corporation (ESIC) of India gathered 50 million biometric records to issue identity cards for workers and their family members, according to project documents reviewed by HT.

The ESIC then switched to Aadhaar-based authentication, and had linked 10 million Aadhaar numbers to their insurance database by 31 July 2017, according to a reply to a Lok Sabha question.

This means a server in the ESIC office on Delhi’s outskirts, and its backup in Hyderabad, hold a database that integrates Aadhaar numbers with biometrics and demographic details, effectively mirroring a portion of the UIDAI’s top secret CIDR.

In an interview, Mr. Sanjay Sinha, Additional Commissioner at the ESIC, said the database was safe, and encrypted. But databases must be continuously upgraded to stay secure. The ESIC system was built by Wipro in February 2009 under a five-year agreement to maintain it.


I stand by every word, have earned the FIR: Tribune reporter on Aadhaar breach story

Mamata ready to lose phone connection, but won’t link Aadhaar: 7 times scheme the card created controversy

When the agreement expired in 2014, ESIC signed a maintenance contract with Railtel Corporation of India, a subsidiary of the Indian Railways, Mr. Sinha said. This means the corporation no longer receives security upgrades from Wipro, and relies on Railtel to secure a system they haven’t built.

Databases galore

The ESIC is not the only organisation to unwittingly build a slice of the CIDR.

Gujarat’s ration card project captured the biometrics of 7 million residents. This database is being seeded with Aadhaar numbers as well, a senior IT official in the state said, implying that the Gujarat government has their own abbreviated version of the UIDAI’s CIDR as well.

Meanwhile, the fingerprints of 2.1 million coastal fishermen are stored in the “National Marine Fishers Database” built by a consortium of public sector companies.

“The enumeration of fisherman by conducting many number of camps in fishing villages has been completed,” a spokesperson for Bharat Electronics Limited, the consortium leader said, “The data collected has been converted to smart cards and issued to fishermen through state authorities.”

BEL did not explain how the information was stored, but a 2012 order by the Central Information Commission notes that the data is the “proprietary information of the Registrar General” and that these “PSUs will take all care to safeguard the confidentiality of this information.”

These 2.1 million fingerprints would probably be held by the Department of Animal Husbandry, Dairying and Fisheries, an official said.

“Who knows what they know about data security,” the official observed, seeking anonymity as the matter is deemed too sensitive to discuss with the press.

From database to fingerprint

Biometrics are protected by encryption and by condensing fingerprints into templates obtained by using software to extract unique features of a given print.

But encrypted data needs decryption keys, which may be leaked if a database is accessed by multiple users.

Templates do not offer total security either.


There’s an orchestrated campaign to malign Aadhaar: Former UIDAI chairman Nilekani

“There was a misconception that a template cannot be inverted, but that is not true anymore,” said Anil Jain, Professor at the Department of Computer Science and Engineering at Michigan State University. “It is possible to use a template to reconstruct a fingerprint to a high degree of accuracy.”

The reconstructed fingerprint, Prof. Jain has shown, can be used to build spoof fingerprints that fool most biometric readers.

Meanwhile the ESIC continues to sit on its enormous archive of fingerprints. “We can’t just delete the data,” said an ESIC official. “That will happen as and when we get the appropriate orders.”
CLICK ON TITLE TO SEE ORIGINAL ARTICLE - Posted by
Labels: ,