Why this Blog ? News articles in the Wide World of Web, quite often disappear with time, when they are relocated as archives with a different url. Archives in this blog serve as a library for those who are interested in doing Research on Aadhaar Related Topics. Articles are published with details of original publication date and the url.
Aadhaar
The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018
When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy
First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi
In matters of conscience, the law of the majority has no place.Mahatma Gandhi
“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi
“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.
Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.
Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.
Rajeev Chandrasekhar, MP Rajya Sabha
“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh
But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP
“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.
August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution
"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden
In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.
Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.
Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.
UIDAI's security seems to be founded on four time tested pillars of security idiocy
1) Denial
2) Issue fiats and point finger
3) Shoot messenger
4) Bury head in sand.
God Save India
Monday, January 22, 2018
12725 - Insider Leaks Biggest Threat to Aadhaar Data Protection: IIT Profs - News 18
The experts are of the opinion that with a large fraction of the population lacking necessary cultural capital to self-manage Virtual IDs, it may cause distress to many.
Eram Agha | News18.comEramAgha
Updated:January 19, 2018, 3:18 PM IST
Delhi: All of our private data submitted with the UIDAI for Aadhaar have been stored in a system that is “too open to abuse”. This is what three IIT professors have concluded in their study on Aadhaar, which is now lying with the UIDAI.
IIT-Delhi professor, Subhashis Banerjee said, “We have identified insider leaks and attacks as the biggest threat to data security and recommended a complete overhaul of the access control architecture.”
The three professors had earlier suggested the introduction of an additional Virtual ID along with the Aadhaar number for added security, soon after which the UIDAI introduced the 12-digit security cover.
In a bid to address privacy concerns, the UIDAI had on January 10 introduced the Virtual ID, which Aadhaar-card holders can generate from its website and submit for various purposes, including SIM verification, instead of sharing the actual 12-digit biometric ID.
The IIT professors have identified other security flaws in Aadhaar and have presented their observations as “Privacy and Security of Aadhaar: A Computer Science Perspective”.
Looking at the reception that UIDAI may have given to their suggestions on Virtual IDs; the experts have now suggested that these new IDs should not become effective instruments only for the privileged ones and a cause of distress for others.
Shweta Agrawal from IIT-Madras, Subhashis Banerjee and Subodh Sharma from IIT-Delhi presented their paper to UIDAI last year.
The three believe the infrastructure looks strong against external attacks but perhaps would be inadequate against insider leaks.
Moreover, according to the study, in the system used to store all symmetric and private keys and hashes within the UIDAI, “perhaps obfuscated, but trust is implicitly assumed and this is a design flaw.”
The presentation further talks about how there is “no well-defined approval procedure for data inspection for investigation or for analytics. No audit, certification of codes and programs.”
The entire system of Aadhaar has been seen as “too open to abuse” where “insider leaks and unauthorized inspection by personnel and organizations with access are the biggest security risks.”
PRESENTATION TO UIDAI
Speaking to News18, Banerjee said that they completed their paper in August 2016 and submitted it to the UIDAI in September 2017.
“We had suggested the option of Virtual IDs in our paper and their initial reaction to the paper was that it was too theoretical. But on the whole UIDAI have been receptive to the suggestions,” said Banerjee. He is working on data protection law and would like to send the recommendations to the government-appointed Srikrishna Committee which has invited suggestions on data protection, portability and consent etc.
Banerjee has been engaging with UIDAI officials since summer 2017 on several issues. The three professors have identified three major architectural flaws in UIDAI’s design of Aadhaar.
THE THREE FLAWS
Listing the three flaws, Banerjee said, “The use of biometrics should be limited to only identity verification instead of making it the sole factor for authentication and authorization.
“The second flaw is the use of a single global identifier such as Aadhaar in different unrelated application domains. We have suggested that local virtual identifiers should be issued for each silo and that UIDAI should securely maintain the mapping between them.”
And, thirdly, it is the big risk of insider leaks and threats, which is a severe program design flaw.
The three professors have recommended that data should be accessed only through pre-approved and tamper-proof computer programs, and that an online and independent regulatory authority should authorize, facilitate and monitor all data accesses.
THE DILEMMA OF VIRTUAL ID
Professor Banerjee explained, “Virtual IDs prevent unauthorized linking of databases using a global ID, thus preventing illegal profiling of individuals. Information theft, however, can happen in other ways as well — both due to architectural flaws and due to incorrect implementation.”
Since virtual IDs are being introduced post-facto, the professor believes it’ll be crucial to ensure that all services that use Aadhaar irrespective of whether it is by the state or private companies, should only use Virtual IDs.
“Ensure that there is an effective migration plan to replace the Aadhaar IDs with Virtual IDs. This should preferably be done by the authorities themselves without causing distress to people or making them run around.”
“Considering the complex demographics of our country, with a large fraction of the population lacking the necessary cultural capital to self-manage Virtual IDs, it may cause distress to many. Otherwise, the Virtual ID will end up becoming an effective instrument only for the privileged and a cause of distress for the others.”
CRITICS AND DATA PROTECTION LAW
The IIT professors are of the notion that criticism around Aadhaar is essential. Banerjee said, “Dissent and debate are essential for working out effective solutions and critics and the civil society have done a great job in pointing out the exclusion and disruption that Aadhaar has caused. It would only put a much-required emphasis on data privacy and brought in the scholarly privacy judgment.”
He added, “The chances of an effective data protection law being worked out are now high. I, however, wish that there were more rigorous and causal analyses and even more alternative design suggestions.”
Banerjee is currently working on data protection law and would like to send the recommendations to the Srikrishna Committee.