In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.

On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.

In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.

In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.

In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.

"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi

Ram Krishnaswamy

Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Saturday, March 31, 2018

13157 - Insights from CEO of UIDAI's Aadhaar authentication log - Media nama

Insights from CEO of UIDAI's Aadhaar authentication log

Vidyut

By Vidyut ( @Vidyut vidyut@medianama.com ) March 29, 2018
Share This: Share via Email

Among the submissions made by Dr Ajay Bhushan Pandey, CEO of UIDAI to the Supreme Court on the 22nd day of ongoing hearings on the constitutional Validity of Aadhaar was his Aadhaar authentication history between November 1, 2017, and March 29, 2018. Here are some insights from examining the log.

The CEO of UIDAI himself has a 19% authentication failure rate

There are details of 26 authentication attempts, out of which 5 failed, which amounts to a failure rate of about 19.2%. This is higher than the failure rate claimed by Dr Pandey before the Supreme Court, even as he provided documents to the contrary. Vakasha Sachdev of The Quint has written in more detail about this.

The authentication failure rate for personal use of Aadhaar seems to be much higher

While the UIDAI work related authentications appear to be uniformly successful, Dr Pandey’s luck with authentications for using services Aadhaar is linked to appears to be worse, or at least no better than the examples brought up by the petitioners. Out of 9 authentication attempts (1 Vodafone + 7 ICICI + 1 IDFC), only 4 succeeded (1 Vodafone + 3 ICICI), which amounts to a failure rate higher than 50%.

All services for authentication require an AUA. UIDAI has several “Internal AUAs” for it’s own purposes. An AUA is just a 10 digit code that is recognized by the internal authentication system. So, in effect, the sucess rate that with “Internal AUAs” is literally similar to connecting your OTP system to your laptop and typing the OTP. Most of the variables are removed except your mobile sim connectivity. If you knock those out, his authentication success is less than 50% of attempts made.

The CEO of UIDAI has locked his own biometrics – to prevent misuse?

While the UIDAI is arguing before the Supreme Court that biometrics are perfectly safe, it turns out that the CEO of UIDAI himself has disabled the use of his own biometrics. Not a ringing endorsement, this.

OTP authentication does not appear to be easy either

Dr Pandey had explained in Court that Aadhaar is superior to Debit Cards, because of the complexity of entering a PIN for the illiterate masses. However, Dr Pandey’s own authentication history shows failures in authenticating Aadhaar using OTP for PhD holder and CEO of the UIDAI himself.

The authentication rate of 95% claimed for banks appears to be exaggerated

Dr Pandey’s log shows 7 attempts made at within a span of 1 minutes and 51 seconds at the ICICI Bank – 4 out of 7 failed, which is more than half the attempts made. One attempt made at IDFC Bank failed and was not attempted again.

How are there only 26 authentication attempts when UIDAI HQ has Aadhaar based attendance?

According to Nandan Nilekani (2013), the UIDAI headquarters attendance system is based on Aadhaar. Marking attendance is usually mandatory for all in government organizations. This raises several questions (Credit Twitter user @kingslyj):

Does Dr. Pandey work from home?
Was Nandan Nilekani lying in 2013?
Did UIDAI later abandon the use of Aadhaar for recording employee attendance? or
Or make exceptions because of authentication failures?
Or exceptions for specific officials?
Or is it that Dr. Pandey bypasses AEBAS and disables biometrics? Under what government rule?

UIDAI’s claim of not storing personal data is refuted by Dr Pandey’s authentication history log

The authentication history log clearly shows important information about Dr Pandey that we did not know before examining it. (Credit: Thread by Anand V)

Dr Pandey has at least one new or newly linked Vodafone number (Successful authentication with Vodafone). He also does not have any other phone numbers linked with Aadhaar after November 1, 2017.
Dr Pandey probably has 3 accounts with ICICI that he linked with his Aadhaar just before midnight on Republic Day. Any other accounts he may have were not linked within the last 5 months.
Dr Pandey has at least one IDFC account not linked with Aadhaar. They probably insisted on biometric authentication, since there do not seem to be any attempts made for OTP authentication.
Based on Dr Pandey’s use of Internal AUAs and the non-standard AUA “UIDAI Services”, Anand was able to make inferences and educated guesses about his patterns around management or demonstrations of the UIDAI services, namely:
- “UIDAI services” is probably custom access he has from his office.
- He probably gave someone or tested an authentication Demo at around 5:30 pm on the 5th of February.
- Two authentications 5th Jan 2018 at 00:39:30 (think of it as a very late night on the 4th) and 6th Jan at 20:48:05 have the same UKC – sounds like extensive troubleshooting after Rachna Khaira’s expose in the Tribune about access to the UIDAI database being sold for Rs. 500 on WhatsApp.
- He probably checked the authentication services on Republic Day at 7 pm – from office, likely.
- He probably checked/tested something on 31st Jan just after 8 pm or, to extrapolate, like Anand “He definitely came home late and did not reach before 9 PM.”
- A series of authentications in November and December on UIDAIEKYCPOC seem to indicate testing or demonstration of new KYC features – Limited KYC?

The vast majority of Dr Pandey’s Aadhaar authentications appear to be for work

Dr Pandey does not appear to link or authenticate using Aadhaar extensively in his personal life other than for the bank accounts with ICICI and mobile phone with Vodafone. He appears to avoid using the Aadhaar based attendance system as well. This is below average adoption of Aadhaar if we consider their “more than 4 crore successful authentications daily” – implying at least once a month use of Aadhaar per individual, higher if you consider the inactive Aadhaar numbers (children, dead people, wrong information, authentication failures…)

At 19% overall failure rate and much higher – closer to 50% for personal use like authenticating Aadhaar for phone or bank, and with locked biometrics, other than the work-related logins on non-public AUAs, Dr Pandey appears to be on the “exclusion” side of the Aadhaar argument rather than the “efficiency”.