In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Tuesday, July 24, 2018

13784 - Are People Who Sign up for Aadhaar Actually Who They Say They Are? UIDAI May Not Know - The Wire


With the Aadhaar agency noting that there is a significant gap between enrolments done and documents handed over by operators, what does this mean for e-KYC and fraud?

Why do Aadhaar enrolment agencies delay in passing on identification documentation to UIDAI? Graphic credit: Karnika Kohli.

23/JUL/2018
The Unique Identification Authority of India (UIDAI) has for six years quietly struggled with a problem that has consequences for its ability to detect fraudulent enrolments and implications for its utility as a sprawling and integrated identification system.
The problem: Are the people who sign up for an Aadhaar number actually who they say they are?  Or, to be more precise,  are all of UIDAI’s enrolment agencies  actually collecting and verifying the ID proof of people who sign up for Aadhaar?

Internal UIDAI documentation shows that for a substantial chunk of enrolments, it just may not be sure.

According to the agency’s internal correspondence with its regional offices, this is mainly because a large number of enrolment agencies and registrars have dragged their feet over a crucial part of the sign-up process: handing over to UIDAI the physical documents that are part of each Aadhaar enrolment they handle.

While these prolonged delays have multiple explanations, some of which are mundane, they nevertheless raise troubling questions over the issue of fraudulent enrolment.
One internal UIDAI estimate – which was part of a set of documents sent by a whistleblower to nine Supreme Court justices in late 2017, a couple of months before the Aadhaar hearings – indicates that the agency allegedly does not have access to identification documents (proof of identity, proof of address) for up to 38% of total Aadhaar enrolments. While parts of these documents could be corroborated, The Wire could not independently verify the final estimate.

How does this work?
Aadhaar identity, to put it simply, consists of two parts: body (biometrics) and biography (demographics).

When enrolment agencies sign up people for Aadhaar, they take their biometrics through scanning and record their demographic information by asking them to submit a number of documents. This includes documentation that verifies a person’s proof of identity (PoI), proof of address (PoA) and date of birth (DoB). These documents can be photocopies of anything from a driver’s licence to a ration card.

The UIDAI’s document management policy – which was written along with Hewlett Packard (HP) – outlines the process that all enrolment agencies and registrars must follow in collecting and collating physical documents submitted during enrolment.
A crucial part of process involves handing over these physical documents to HP, which is what UIDAI calls the the document management system (DMS) agency. HP will then store those documents and digitise them for future access by UIDAI.
An Aadhaar enrollment generates an enrollment ID (EID) and documents are typically attached with an EID, digitised and stored for later retrieval in the CIDR.

Why is this important? Namely because the process of digitising the physical documents allows UIDAI to audit the values entered by the operator at the time of enrolment, if the need arises. It is an important check to ensure the trustworthiness of the Aadhaar database for eKYC.

‘Significant gap’
In December 2015, in an office memorandum circulated to all of its regional offices, the UIDAI noted sternly that there was a “significant gap in enrollments done and documents submitted by Registrars/EAs to the DMS agency for Phase 1 as well as Phase II”.

The note then goes lay out a new process to be followed for the “reconstruction of missing DMS” whereby the DMS agency would share a list of all enrolment IDs for which accompanying documents are “missing”.

Using this information, the UIDAI stressed, all enrolment agencies and registrars were supposed to hurry up and hand over the physical documents (photocopies of PAN cards, ration cards, passports, driver’s licenses etc) they took during the enrolment process.



Screenshot of UIDAI’s office memorandum in December 2015. Credit: The Wire

These instructions came after a slew of show-cause notices issued to non-state registrars in October 2015 over “non-submission of documents” and plans to schedule “reconciliation meetings” that would track the process of reconstruction in the months ahead.

Despite this increased push, the UIDAI, it appears, wasn’t satisfied with fidelity of the process. In April 2016, it quietly rolled out a feature that allowed enrolment agencies (EAs) to scan the identification documents themselves. In a notice titled “Mandatory Scanning of Documents Through Enrolment Clients”, it announced that individual EAs no longer had to hand over documents to the DMS agency but could scan it themselves.

The only catch? This system was rolled out only for states where Aadhaar saturation was greater than 80%. There are two broad implications of this decision:
1) Firstly, UIDAI knew that the existing offline document management system had problems, both security and logistical in nature, and yet introduced it anyway.
2) It appears as if the agency initially preferred the quicker, and less secure, method of using a flawed document management strategy to increase Aadhaar penetration.

Stemming the dam
Nearly nine months later, the UIDAI issued a set of guidelines in January 2017 that appeared to allow “offline scanning of ADMS documents” to all enrolment agencies and registrars across the country.
In the accompanying office memorandum, the Aadhaar authority once again acknowledges the problem that it faced, stating that a “large number of documents” had not been handed over by enrolment centres.
“It is understood that there are a large number of documents lying at enrolment centres, for which the EA [enrolment agency] is responsible for safe-keeping. Thus, to mitigate Registrar and EAs liability in case of loss of documents, the UIDAI is providing an opportunity for EAs to scan the pending documents at their end and upload to CIDR,” the notice states.

How big is the problem?
In November 2017, a person who only identifies himself as a “qualified and responsible citizen” sent a series of documents to nine Supreme Court justices. At least two judges confirmed to The Wire receipt of the papers.

These documents, which The Wire has reviewed, contain a list of Aadhaar enrolment agencies and a corresponding number of enrolments that are allegedly missing accompanying documentation.

It estimates that 38% of total Aadhaar enrolments (45 crore out of 115 crore successful enrolments) have “missing documents”. That is, enrolment agencies and registrars have not transferred the accompanying PoI (proof of identity) or PoA (proof of address) documentation of 45 crore enrolments to UIDAI.
To what extent can we trust these figures? The Wire corroborated a number of things including the enrolment agency codes (publicly available with UIDAI) and successful total enrolments by operator, but could not independently verify the final estimate of 38%.

A detailed questionnaire asking about the extent of missing documents was sent to UIDAI CEO Ajay Bhushan Pandey and Vikash Shukla, Head of Media Outreach and Publicity, last week. This story will be updated if and when a reply is received.
It is noteworthy that right to information (RTI) queries on this issue have been stonewalled. An RTI request filed by Anupam Saraph, had asked UIDAI to provide the breakup of PoI/PoA for every Aadhaar generated; what methods of identification (passport, ration card etc) were used.

The request was met with the response “the information is not compiled/available”, even though as per the office memorandum, we know that the UIDAI has that information broken down to the enrolment agency level.

A more official source of missing documents, however, comes from UIDAI itself (archive).  A tucked away corner of its website gives details of “DMS pendency” for over 600 enrolment agencies for four months in 2016: a significant 7.8 crore Aadhaar enrolments were missing accompanying physical documentation between February 2016 and June 2016.

Why is this a threat?  
There could be multiple explanations for why these documents are missing.

Some of the reasons are mundane. For instance, logistical problems between enrolment agencies, registrars and the DMS agency could delay in the handing over of documents. A senior executive of one large enrolment agency confirmed that delays in picking up documents are natural, especially in less-connected and rural parts of the country, as it involves multiple levels of coordination.

Other reasons include physical documentation getting lost or destroyed by accident – a terrible nuisance for Aadhaar holders, who are forced to re-submit their documents or re-apply all over again.

There is another reason, however, whose implications are more troubling and sinister: namely that some of these documents are ‘missing’ because they simply don’t exist and that they are representative of fraudulent enrolments.

In 2012, the ‘missing documents’ problem translating into fraud came back to haunt the UIDAI and prove this last point. The Wire has it in its possession the FIR details of the ILF&S- Hyderabad scam, which while reported in 2012, did not nearly get the attention it deserved.

The scam involved  two different modus operandi:
1) The criminals enrolled ‘people’ through the biometric exception route to bypass the UIDAI’s deduplication system.
2) They also enrolled ‘people’ using their ration cards as proof of identity/proof of address with the document management system.
As per initial media reports, the operator enrolled 30,000 people in 2 months of which 870 were biometric exceptions. The kicker? Most of these enrolments were fraudulent.
When the investigators tried to locate the proof of identity/proof of address documentation, they found that the DMS agency did not have a copy of the identity documents and hence all of them were fraudulent.

When the whole enrolment system was audited for biometric exception misuse, the UIDAI discovered that operators all over the country had fraudulently enrolled 3.84 lakh people through the biometric exemption route.

It is puzzling therefore that the UIDAI not conduct an audit or launch an investigation into the issue of missing documents to determine how many potentially fraudulent PoI/PoA-based enrolments there could be out there.

The UIDAI may believe that the answer is zero – but that clearly isn’t the case. Would such an exercise have raised uncomfortable questions over the rapid speed of Aadhaar enrolment over the last six years?

National security issues
Over the last six years, missing documents have been a continuously-repeating story.
The following publicly-reported incidents prove that Aadhaar generation  without PoI/PoA documentation or verification are quite common. What makes this situation worse is that the government has implicitly encouraged the usage of ‘Aadhaar cards’ as a commonly accepted method of identification, even thought it was never meant for that purpose.

–> Zeebo Asalina, an Uzbek national was caught with a “real” Aadhaar that identified her as Duniya Khan, residing in Delhi. –
–> Pakistani, Bangladeshi and Rohingya refugees have been arrested with Aadhaar.

–> A Chinese national was arrested with Aadhaar (June 2018).
–> Only 188 of the 418 consumers were traceable in Delhi, after Aadhaar based PDS was introduced (55% were untraceable in their current address)

Aadhaar as a society-wide identification method
The basis for using Aadhaar as eKYC is the assumed sanctity of the database. When a significant percentage of the database has missing PoI/PoA documents and the UIDAI refuses to provide straight answers to these questions, it is obvious that the problem is indeed large, as the above checks show.
The biggest problem with  ‘missing documents’  – if a single Aadhaar is repurposed or one person gets two Aadhaar numbers – becomes less of an issue if the UIDAI’s system of ‘deduplication’ and authentication works as advertised. However, there is enough public data available to show that at least 5.32 lakh Aadhaar duplicates do exist and these are acknowledged duplicates, till August 2017.
As acknowledged by Triveni Singh, the IPS officer who investigated the UP Aadhaar hack scam, one of the operators arrested did have two Aadhaar numbers (7:18). Even if one of them had a missing PoI/PoA, then that Aadhaar is a “pure ghost”. Thus missing identity documents create scope for fraud, when biometric deduplication itself is not deterministic and is probabilistic.

Besides this, the UIDAI’s behavior does not leave its users with a sense of confidence. While it did ban enrollment agencies with questionable or fraudulent behaviour temporarily, they are allowed to come back to the ecosystem, as it would impact metrics (enrollment coverage). This is very similar to how it allowed Airtel Payment bank to restart operations – in what some believe as an attempt to shore up falling authentication attempts – after banning it from using e-KYC services.


In this aspect, the system of Aadhaar enrolment resembles a poorly-run ponzi scheme, where any fall in expansion brings the curtains down. So agents delegated to run the enrolment scheme may get banned for cheating too much, but are always brought back quietly when the storm dies down.