In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Thursday, January 11, 2018

12685 - Government Mustn’t Be In Denial Over Aadhaar Security; It Is Real, But Largely Fixable - Swarajya

Aadhaar verification. (Vipin Kumar/Hindustan Times via Getty Images)
Snapshot
  • The government is making a serious mistake by pushing it too hard without fixing the privacy and security issues to everybody’s satisfaction.
The Unique Identification Authority of India and the National Democratic Alliance (NDA) government need to get off their high horses and accept that the security ring around Aadhaar is not as rock-solid as they want us to believe. If they remain in denial, they will be compromising the biggest thing India has ever created, the world’s biggest identity establishment platform that benefits both poor and rich – the former to obtain state benefits, and the latter to create customers where they need to be clearly identified as real.
The government is making a serious mistake by pushing it too hard without fixing the privacy and security issues to everybody’s satisfaction. The unstated fear, that it needs to be made ubiquitous before the Supreme Court pronounces its verdict on its constitutionality, is unwarranted. With over 1.1 billion numbers already issued, Aadhaar is already too big to fail. Even if the Supreme Court decrees that in future the Unique Identification Authority of India (UIDAI) can collect biometrics only with consent, or that Aadhaar cannot be made compulsory even for receiving any government benefit, it will remain the ID of choice purely because it will be the easiest one to obtain. By pushing Aadhaar with undue speed, the government is only building needless resistance to it.
The simple point is this: by making Aadhaar optional like getting a Gmail or a Facebook ID, the government will, in fact, ensure its quiet adoption even while it fixes the issues surrounding it. An expert committee under retired Supreme Court judge B N Srikrishna is already looking to create a strong data protection law, and this needs to be complemented by an external audit of UIDAI’s own internal data security protocols.
While it may be true that biometric data cannot be easily obtained, everything else can, as a Chandigarh Tribune journalist found out recently. She procured illegal access to Aadhaar data for as little as Rs 500. So, going after the journalist, and pretending that it is only the odd crook linked to the organisation who may be compromising security and privacy, is neither here nor there.
The vulnerabilities include the following:
First, there are corporate and other users, who use the Aadhaar number to authenticate your identity. Fingerprint machines are used to do this. But how difficult would it be for the same fingerprint device to be simultaneously hooked to a private database? And even while authenticating IDs, companies can access some of your details: name, address, gender, date of birth, etc. So, when a Vodafone, Airtel or Paytm seek to validate a new customer, they can electronically download the details required for the eKYC (electronic know your customer) process. This data is now in private hands, and can be used and even sold to outsiders. Data protection needs to extend far beyond just UIDAI, to all its users.
Second, there could be relatively less protected information logs with UIDAI itself. Anarticle in Scroll.in suggests that when companies seek authentication, UIDAI creates logs related to this query. While the authority is not supposed to retain details of who sought what information about whom, enough logs remain for a while for an intrepid hacker to infer personal information about the person and his history. One is not sure if this vulnerability remains. It means unless the related logs are destroyed immediately after authentication, and multiple layers of internal security protocols are regularly checked and made foolproof, chances of data leaks cannot be ruled out.
Third, there are state governments and public sector organisations, which sometimes publish the names of beneficiaries along with their Aadhaar numbers. AJharkhand government website published details of over a million Aadhaar numbers, including bank details, of old age pension beneficiaries last year. Clearly, this is simply about a lack of privacy awareness among government staff, and this needs remedying quickly.
What all this suggests is that there is a climate of carelessness and non-accountability among the users of Aadhaar data and authentication. Also, when private sector users of eKYC obtain details from the Aadhaar database, they are effectively getting to build their own database, which can then be mapped to service usage and other behavioural details of their customers to create an even more comprehensive database on their clients, which again remains relatively unprotected.
At the end of the day, Aadhaar is not the villain, for the details it is gathering are often no different from what many private parties do even today for various purposes. When you use fingerprints to unlock your phone, your biometrics are given to the phone company. When your apartment complex uses fingerprint validation for access, the same thing happens. Property registration processes involve photographing you at the registrar’s office. Publicly placed cameras in lifts, corridors and streets record your movements regularly, and one does not know who views these videos of slices of your private life. When Uber gives you daily rides, it knows where you are going and when, and, over a period of time, it can literally know what you are about. Your bank or credit card company owns data about what you buy, when you buy, and what you may be worth. This data is yours, and needs to be protected, but there is no such law that can effectively do so.
Aadhaar is no different – except for one thing. It is being mandated in many places by government. The question the government needs to ask itself is this: would Aadhaar be less used if it were optional for everything except the receipt of government benefits? The answer is the same as for Gmail or Google maps. As long as it is free, and there is value in the ID authentication, people will adopt it. Only the secretive rich may avoid it, but the rich are easy to spot. Making it compulsory for all kinds of reasons is what makes people resistant to Aadhaar.
A larger point is worth making: all security systems can ultimately be breached or hacked. This means security must be in continuous upgrade mode. UIDAI needs some ethical hackers on its payroll helping it go beyond denials.