In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Tuesday, June 26, 2018

13731 - India’s digital identity platform obfuscates privacy concerns again - Asia Times


By ANAND VENKATANARAYANAN JUNE 21, 2018 5:42 PM 

India’s controversial digital identity system, Aadhaar, is in the process of rolling out Virtual Identity Aadhaar (VID) in an effort to assuage privacy concerns, as referenced in the first circular put out on January 8. 

Before delving into the specifics, what exactly are those privacy concerns? It is important to know what they are in order to evaluate the VID solution and how it assuages those concerns.

Why is an Aadhaar number sensitive, unlike a driver’s license number or a voter ID card number? Because it is used for authentication to avail services, while other ID numbers are not. Hence its leakage compromises both the privacy and the security of the resident. Further, the ubiquitous seeding of the same number across multiple databases allows states and private parties to create a 360-degree profile of an individual, as argued in the Supreme Court case on Aadhaar.

The Unique Identification Authority of India (UIDAI), however, has denied that these concerns exist, even in theory. It has argued this in the Supreme Court. But, paradoxically, it now is making an attempt to fix these concerns, which proves they in fact do exist.

The circular by UIDAI divides the authentication user agencies into global and local AUAs and mandates that local AUAs must use VIDs henceforth. Further, another circular classified telecoms, payment banks, wallets, insurers, digital lockers and eSign providers as local AUAs (should use VIDs) and everyone else as global AUAs (can use Universal IDs or VIDs).

Entities that have Aadhaar data
There are a total of 326 e-KYC (electronic know-your-customer) user agencies (KUAs) and 254 AUAs that have access to Aadhaar numbers. The UIDAI has further indicated in a Right to Information (RTI) reply to GoNews that it does not know or won’t tell if there are other entities that have access to Aadhaar numbers. The leak list maintained on the Medianama site lends credence to the view that the authority does not know who else apart from these entities has access to the Aadhaar numbers.

If the authority does not even know the entities that have Aadhaar data in their database, how can it ensure their deletion and move toward VIDs?

It is also very unclear on entities that have Aadhaar data and over which the authority has notional jurisdiction, what is the data that they hold (for instance states and AUAs), and what they should alter or delete, and how. For instance, the Department of Telecommunications in a circular to telecom companies instructed them to replace the Aadhaar numbers with UID tokens, without outlining how this process would be achieved.

Consider the plight of telecom subscribers who have already linked their Aadhaar number to their mobile-phone accounts. Will they now be forced to give their VID to telecom companies, under further threat of disconnection, to ensure their own privacy? And even if they are forced to do so, what prevents the telecom companies from creating a cheat sheet of the old UIDs and the new VIDs?

Therefore, the natural conclusion is that only new users who do an e-KYC authentication to get SIM cards will use VIDs. But how will they know how to generate their virtual IDs?

The default VID
The latest enrollment software, by default, not only generates a virtual ID but also prints them on every Aadhaar letter. This breaks the assertion that UIDAI made in its January 2018 circular  that “it is not possible to derive an Aadhaar number from a VID.”

Further, even the UIDAI-friendly State of Aadhaar report has reiterated what is already well known. The most common use of Aadhaar is its paper form. Given that paper cards are used as peanut wrappers, are found in wells by the thousands, are sold to scrap dealers and abandoned in dumps, this allows anyone to register the mapping of a virtual ID to an Aadhaar number.
But why would UIDAI choose this design of printing a default VID on physical cards, when there are alternatives to generate a VID such as the resident portal and the easy-to-hack mAadhaar mobile application?

The clue lies in the list of local authentication user agencies (AUAs), all of which have ambitions to enter the digital lending market, which Aadhaar is promising because of the digital trail it generates when used everywhere. Given that the population it intends to target is mostly digitally illiterate, UIDAI chose the shortcut of generating a default VID, even without them wanting to, knowing very well they will not change it.
While it is possible for the digitally literate population to generate one more VID to revoke the default VID, even this can only be done after a minimum period set by UIDAI. This in effect reduces the privacy value of VIDs further.

Do unique tokens really work?
One of the concerns that were raised by Supreme Court Justice Dhananjaya Chandrachud on using Aadhaar everywhere was about commercial surveillance by private entities. In theory, VIDs being unique and revocable, these entities will not be able to do the same. However, this defeats the business models of digital lending and financial-technology companies, which need to know if the same person has availed two different loans, using two different VIDs.

They could easily do that by matching demographic information and permanent account numbers (PANs). However, the target population, to whom they intend to provide loans and services, do not even earn enough to come within the ambit of income tax, and hence will not have a PAN, which makes deduplication slightly harder.

Hence every local AUA who is mandated to use VIDs gets the same “token” as described by the Aadhaar authority, which remains constant, for multiple VIDs of the same UID.
This is functionally similar to using the same UID as before and incentivizes AUAs and KUAs to become bigger, as it enables large-scale commercial surveillance more viable.

Conclusion
The primary concern of using the same Aadhaar number everywhere and the numerous leaks is that it compromises biometric authentication. VID was only a viable solution for this problem if it had been rolled out in 2010. But in 2018, every database is already seeded with the Aadhaar numbers across all public and private entities, rendering this move completely meaningless.

The current circulars, however, do not make “VID only” the primary authenticator and instead take a differentiated model between public and private entities. Now most entities still use UIDs for authentication, and only some use VIDs. Further, extraneous considerations have forced UIDAI to publish the VID, defeating safe authentication using VIDs entirely.
Using Aadhaar numbers everywhere also created a surveillance problem for the government and private entities. The classification of global AUAs was specifically created to avoid dealing with the government-surveillance issue, while the same UID token per local AUA ensured commercial surveillance through consolidation and collusion.

In effect, the virtual ID feature is just an attempt to save Section 57 of the Aadhaar Act, which allows unlimited use of Aadhaar by private parties, through technological obfuscation, completely bypassing the core privacy concerns.
Asia Times is not responsible for the opinions, facts or any media content presented by contributors. In case of abuse, click here to report.


Anand Venkatanarayanan is an independent security researcher who focuses on India's digital identity project called Aadhaar. He tweets as @iam_anandv
Comments
3 Comments
Sort by Oldest


Add a comment...




VID is obviously printed cause not everyone is saavy enough to generate their own VID. Once the entire authentication system shifts to VID, then only VID will be used. I don't understand where is the problem in this? Obviously the existing UID numbers can't be convereted into VID by just anyone as the mapping from UID to VID is not a constant. Take a bunch of new UID and corrspodning VID and try to derive the mapping yourself- you can't !
Like · Reply · 1 · 4d


please report this article
Like · Reply · 4d


A supporter of fs0c131y . 
Like · Reply · 4d

More on this topic














  • Easy to Use VPN on All Devices. Ultra Fast Servers in 94 Countries. expressvpn.com








  • India’s response to UN’s Kashmir report is distasteful, erroneous

    By ANGSHUMAN CHOUDHURY JUNE 21, 2018 4:21 PM (UTC+8)
    • 0
    • 0
    When the UN Office of the High Commissioner for Human Rights (OHCHR) released its first-ever report on Kashmir on June 14, India went into fierce denial. Its Ministry of External Affairs (MEA) released a sharply worded rebuttal the same day, accusing the 49-page report of building a “false narrative” and violating India’s sovereignty and territorial integrity.
    It is understandable that New Delhi, in a tight spot, had to respond before the international community drew any hasty conclusions. But the MEA response shows nothing except taking blunt offense and boiling the entire issue down to only “terrorism.”
    Must-reads from across Asia - directly to your inbox


    Is the report actually biased?
    A cursory reading of the report shows that the OHCHR focused on India’s alleged excesses in Kashmir much more than Pakistan’s. Even the section on human-rights abuses by “armed groups” runs just a little over three pages.
  • Learn How Vanadium Batteries 
  • are Cornering the Rare Earth 
  • Market-Stock Report.
  • secure.outsiderclub.com








  • The key question here is, why did the authors do so? The report, in its methodology section, explains that the degree of access for neutral observers in conflict zones, including OHCHR, is greater in India than in Pakistan. Contrary to the MEA’s perception, this speaks well of India and thus strengthens its case on Kashmir.
    In its response, the MEA said “the authors have conveniently ignored the pattern of cross-border terrorism emanating from Pakistan and territories under its illegal control.”
    On the contrary, however, the report pointedly talks about not just cross-border terrorism in Kashmir, but also the direct support that the Pakistani state provides to such disruptive entities. Clauses 5 and 135 refer precisely to this, while also pointing out that the prominent cross-border militant entities in Kashmir are all proscribed by the United Nations Security Council under the “ISIL (Daesh) and al-Qaeda Sanctions List.”
    The MEA also argued that the report deliberately ignored India’s legal and constitutional safeguards on fundamental rights and freedoms for its citizens, including those living in Jammu and Kashmir state. It is unclear how it arrived at this conclusion, as it is inconsistent with the report.
    In several sections, the report refers to India’s court rulings and institutional directives to make the case for human-rights abuse. For example, Point 73 talks about a 2017 Supreme Court order “that made filing of First Information Reports (FIRs) by police officials and a magisterial inquiry mandatory in every “encounter killing” in context of security forces relying on internal inquiries rather than civilian investigations.
    Point 82 is another example, which talks about an Indian Supreme Court observation that asked for immediate assurances from authorities “that pellet shotguns would not be used indiscriminately.” This was made during a hearing on a petition filed by the Jammu and Kashmir High Court Bar Association in 2016 demanding a repeal of pellet guns.
    The report also cites outcomes of the Right to Information Act, which gives every Indian citizen the power to request specific information about state practice and policies from the government of the day. Clause 88 of the report explained how an RTI application revealed that “over 1,000 people were detained under the Jammu and Kashmir Public Safety Act between March 2016 and August 2017” and how these detentions operated on arbitrary procedures.
    The report also made several references to J&K’s “active civil society” (as the MEA put it) in context of alleged excesses. Clause 126 mentioned a petition filed by the “Support Group for Justice for Kunan Poshpora Survivors” before the State Human Rights Commission in February 2018. The group had reportedly “provided the Commission with documentation in 143 cases of alleged sexual violence committed between 1989 and 2017.” There were several such references to civil society in action.
    Contrary to the MEA’s assertion that the report ignored the role of India’s “free and vibrant” media, Clause 111 narrated how the J&K police raided the offices of three prominent newspapers in the Kashmir Valley in July 2016 and barred them from publishing for three days.
    Instead of lashing out at the OHCHR for using rhetoric, the MEA could have built a serious, comprehensive defense through a substantive dissection of the report and the exact machinations behind its production.
    For example, the OHCHR’s “remote monitoring” methodology and the selective sourcing of events, perceptions, and outcomes render the report’s conclusions problematic. The MEA could have highlighted this, while also unilaterally outlining the specific human-rights safeguards that India offers to its citizens, including those in J&K.
    Most of all, it could have expressed some willingness at least to look into the allegations made, if not acknowledge them.
    Instead, the MEA chose to accuse the OHCHR of falling prey to “individual prejudices.” But what good is an accusation without evidence? Barring some out-of-context precedents from the past, there is nothing irrefutable to suggest any personal prejudice by the High Commissioner or his staff in this particular case.
    India and Myanmar in the same boat
    Interestingly, India’s response to the report bears striking similarities to Myanmar’s repeated denials of UN reports and statements on the Rohingya crisis in Northern Rakhine.
    For example, both have distilled multivariate issues – Kashmir and Rakhine – down to a single variable, that is, “terrorism.” There is also scant emphasis on human rights in both narratives. Implicit in this is an unfortunate reality of contemporary state-building: Human rights are relegated to the lowest rung of priorities, while “national security” is amplified as the sole pillar of state sovereignty.
    Both countries also insist that the UN’s narrative is based on “unverified information,” but refuse to provide independent investigators access to the core conflict zones. This creates space for vague assessments and overreaching presumptions on both sides. One wonders how the MEA expects the UN to verify its information unless the government provides unfettered access to the disturbed zones.
    Arguably, the UN human-rights regime is not foolproof or politically agnostic. It has major structural inefficiencies and a track record that speaks of selective coverage. But the institution itself stands for certain universal principles – human rights, proportionality, and accountability in conflict situations – that most nations, including India, have duly acknowledged through various means.
    Within this global consensus, India’s response to the OHCHR report on Kashmir reads like a distasteful outlier. It only negates India’s stated commitment to the principle of human rights as an integral component of democratic state-building.
    This is, at the very least, unbecoming of a responsible UN member state that is also a signatory to several international rights-oriented instruments. That said, the Indian government still has time to reverse this by issuing a detailed response that takes into account all variables and realities in the restive Kashmir Valley.
    Asia Times is not responsible for the opinions, facts or any media content presented by contributors. In case of abuse, click here to report.

    Angshuman Choudhury is a New Delhi-based policy analyst, currently coordinating the Southeast Asia Research Program at the Institute of Peace and Conflict Studies (IPCS), New Delhi
    Comments
    7 Comments
    Sort by Oldest


    Add a comment...




    The truth is the UN as a whole is a fetid political mud-pit and these "reports" are frankly meaningless and irrelevant. 

    A studied reply would have been given had it actually been worth refuting- this reply indicates that the Indian Govt has brushed it off. 

    The irony is also that the UNHRC contains Saudi Arabia, China, Russia, Cuba, Venezuela and others who are supposed to "judge" India's actions. A bigger farce couldn't be engineered even if it was designed.
    Like · Reply · 1 · 4d


    we should have put the HUman Rights comission people in a CRPF jeep and given them a tour of the streets of kashmir. i am sure once they encountered the stone pelting mob descending on you like rabid dogs and waving pakistan/ISIS flags things would have looked completely different to them .
    Like · Reply · 4d


    Kashmir is the English vexing finger up Indian behind for ever, a punishment for asking for freedom.

    Departing Raj could have solved Kashmir but intentionally chose not to. Divide and Rule, then Divide and Leave. English specialty par excellence. They divided India (Ireland, ME) to perpetuate their influence. Dimwit Indians and Pakistanis do not know that they have been had. 

    Kashmir will always keep India pre-occupied with security, and poor. Those with internal conflict only think of survival, not of growth. 
    At least Pakistan via a civil war is solving its internal problems and building b...See More
    Like · Reply · 3d


    Kashmiri are religious fanatics and they throwaway all hindus from valley. same should be done once again but reverse to regain balance..
    Like · Reply · 3d


    Writer is more interested in playing dirty politics to establish himself as sickular journalist
    Like · Reply · 1 · 3d
    Load 2 more comments

    CONTINUE READING
    You May Also Like
    More on this topic










    We use cookies to collect statistical data anonymously and ensure that we give you the best experience on our website. By continuing to use this website, we will assume that you consent to it.OK


    RBP



    Bright and spacious 2 bedroom apartment
    Orpington Street, Ashfield









    1 HOUR AGO
    3 HOURS AGO
    5 HOURS AGO
    Must-reads from across Asia - directly to your inbox


    16 HOURS AGO
    17 HOURS AGO
    17 HOURS AGO
    THE BRIEF
    MAINLATEST
    25-06-2018 21:08
    25-06-2018 20:26

    Bright and spacious 2 bedroom apartment
    Orpington Street, Ashfield

    Learn More







    25-06-2018 18:54
    25-06-2018 18:04
    25-06-2018 17:57
    25-06-2018 17:28
    25-06-2018 17:27
    25-06-2018 17:10
    25-06-2018 16:47
    25-06-2018 16:13
    25-06-2018 16:06
    25-06-2018 14:42
    25-06-2018 13:19
    25-06-2018 12:44
    25-06-2018 12:01
    25-06-2018 11:55
    25-06-2018 11:38
    25-06-2018 05:08
    25-06-2018 04:55
    25-06-2018 04:47
    24-06-2018 17:02
    24-06-2018 14:57
    24-06-2018 14:28
    24-06-2018 13:35
    24-06-2018 12:01
    24-06-2018 11:46
    23-06-2018 17:41
    23-06-2018 16:04
    23-06-2018 14:51
    23-06-2018 14:47
    India’s digital identity platform obfuscates privacy concerns again

    By ANAND VENKATANARAYANAN JUNE 21, 2018 5:42 PM (UTC+8)
    • 0
    • 0
    India’s controversial digital identity system, Aadhaar, is in the process of rolling out Virtual Identity Aadhaar (VID) in an effort to assuage privacy concerns, as referenced in the first circular put out on January 8. Before delving into the specifics, what exactly are those privacy concerns? It is important to know what they are in order to evaluate the VID solution and how it assuages those concerns.
    Why is an Aadhaar number sensitive, unlike a driver’s license number or a voter ID card number? Because it is used for authentication to avail services, while other ID numbers are not. Hence its leakage compromises both the privacy and the security of the resident. Further, the ubiquitous seeding of the same number across multiple databases allows states and private parties to create a 360-degree profile of an individual, as argued in the Supreme Court case on Aadhaar.
    Must-reads from across Asia - directly to your inbox


    The Unique Identification Authority of India (UIDAI), however, has denied that these concerns exist, even in theory. It has argued this in the Supreme Court. But, paradoxically, it now is making an attempt to fix these concerns, which proves they in fact do exist.





    Entities that have Aadhaar data
    The circular by UIDAI divides the authentication user agencies into global and local AUAs and mandates that local AUAs must use VIDs henceforth. Further, another circular classified telecoms, payment banks, wallets, insurers, digital lockers and eSign providers as local AUAs (should use VIDs) and everyone else as global AUAs (can use Universal IDs or VIDs).
    There are a total of 326 e-KYC (electronic know-your-customer) user agencies (KUAs) and 254 AUAs that have access to Aadhaar numbers. The UIDAI has further indicated in a Right to Information (RTI) reply to GoNews that it does not know or won’t tell if there are other entities that have access to Aadhaar numbers. The leak list maintained on the Medianama site lends credence to the view that the authority does not know who else apart from these entities has access to the Aadhaar numbers.

    Aadhaar logo. Photo: Wikipedia
    If the authority does not even know the entities that have Aadhaar data in their database, how can it ensure their deletion and move toward VIDs?
    It is also very unclear on entities that have Aadhaar data and over which the authority has notional jurisdiction, what is the data that they hold (for instance states and AUAs), and what they should alter or delete, and how. For instance, the Department of Telecommunications in a circular to telecom companies instructed them to replace the Aadhaar numbers with UID tokens, without outlining how this process would be achieved.
    Consider the plight of telecom subscribers who have already linked their Aadhaar number to their mobile-phone accounts. Will they now be forced to give their VID to telecom companies, under further threat of disconnection, to ensure their own privacy? And even if they are forced to do so, what prevents the telecom companies from creating a cheat sheet of the old UIDs and the new VIDs?
    Therefore, the natural conclusion is that only new users who do an e-KYC authentication to get SIM cards will use VIDs. But how will they know how to generate their virtual IDs?
    The default VID
    The latest enrollment software, by default, not only generates a virtual ID but also prints them on every Aadhaar letter. This breaks the assertion that UIDAI made in its January 2018 circular  that “it is not possible to derive an Aadhaar number from a VID.”
    Further, even the UIDAI-friendly State of Aadhaar report has reiterated what is already well known. The most common use of Aadhaar is its paper form. Given that paper cards are used as peanut wrappers, are found in wells by the thousands, are sold to scrap dealers and abandoned in dumps, this allows anyone to register the mapping of a virtual ID to an Aadhaar number.
    But why would UIDAI choose this design of printing a default VID on physical cards, when there are alternatives to generate a VID such as the resident portal and the easy-to-hack mAadhaar mobile application?
    The clue lies in the list of local authentication user agencies (AUAs), all of which have ambitions to enter the digital lending market, which Aadhaar is promising because of the digital trail it generates when used everywhere. Given that the population it intends to target is mostly digitally illiterate, UIDAI chose the shortcut of generating a default VID, even without them wanting to, knowing very well they will not change it.
    While it is possible for the digitally literate population to generate one more VID to revoke the default VID, even this can only be done after a minimum period set by UIDAI. This in effect reduces the privacy value of VIDs further.
    Do unique tokens really work?
    One of the concerns that were raised by Supreme Court Justice Dhananjaya Chandrachud on using Aadhaar everywhere was about commercial surveillance by private entities. In theory, VIDs being unique and revocable, these entities will not be able to do the same. However, this defeats the business models of digital lending and financial-technology companies, which need to know if the same person has availed two different loans, using two different VIDs.
    They could easily do that by matching demographic information and permanent account numbers (PANs). However, the target population, to whom they intend to provide loans and services, do not even earn enough to come within the ambit of income tax, and hence will not have a PAN, which makes deduplication slightly harder.
    Hence every local AUA who is mandated to use VIDs gets the same “token” as described by the Aadhaar authority, which remains constant, for multiple VIDs of the same UID.
    This is functionally similar to using the same UID as before and incentivizes AUAs and KUAs to become bigger, as it enables large-scale commercial surveillance more viable.
    Conclusion
    The primary concern of using the same Aadhaar number everywhere and the numerous leaks is that it compromises biometric authentication. VID was only a viable solution for this problem if it had been rolled out in 2010. But in 2018, every database is already seeded with the Aadhaar numbers across all public and private entities, rendering this move completely meaningless.
    The current circulars, however, do not make “VID only” the primary authenticator and instead take a differentiated model between public and private entities. Now most entities still use UIDs for authentication, and only some use VIDs. Further, extraneous considerations have forced UIDAI to publish the VID, defeating safe authentication using VIDs entirely.
    Using Aadhaar numbers everywhere also created a surveillance problem for the government and private entities. The classification of global AUAs was specifically created to avoid dealing with the government-surveillance issue, while the same UID token per local AUA ensured commercial surveillance through consolidation and collusion.
    In effect, the virtual ID feature is just an attempt to save Section 57 of the Aadhaar Act, which allows unlimited use of Aadhaar by private parties, through technological obfuscation, completely bypassing the core privacy concerns.
    Asia Times is not responsible for the opinions, facts or any media content presented by contributors. In case of abuse, click here to report.

    Anand Venkatanarayanan is an independent security researcher who focuses on India's digital identity project called Aadhaar. He tweets as @iam_anandv
    Comments
    3 Comments
    Sort by Oldest


    Add a comment...




    VID is obviously printed cause not everyone is saavy enough to generate their own VID. Once the entire authentication system shifts to VID, then only VID will be used. I don't understand where is the problem in this? Obviously the existing UID numbers can't be convereted into VID by just anyone as the mapping from UID to VID is not a constant. Take a bunch of new UID and corrspodning VID and try to derive the mapping yourself- you can't !
    Like · Reply · 1 · 4d