In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Thursday, August 2, 2018

13813 - Can the Aadhaar Act and a Data Protection Act Coexist? - The Wire



The data protection draft bill and report add to the conversation around meaningful, just and fair data protection and its simultaneous existence with the unjustifiable privacy-related incursions of the Aadhaar project.


Credit: PTI


30/JUL/2018

Much like the finale of an exasperatingly long-drawn out TV series, the Srikrishna Committee submitted its final report to the law and IT minister on Friday. However, it appears that this emotionally and physically exhausting data privacy drama will be prolonged as the Aadhaar judgment isn’t out yet.

The Srikrishna Committee was constituted during the pendency of the hearings in the constitutional challenges to the validity of the UID project. The Union government had in fact stated during its submissions to the Supreme Court that it was setting up a committee and intended to introduce laws related to data protection and privacy. Those following the Aadhaar project have waited to see the kind of impact a data protection bill might have on the project, with many feeling that any data protection bill would by its very nature, have to deal with, and curtail it. The idea of a privacy/data protection law has been proposed various times in the country’s recent past. None of the various official drafts and deliberations have occurred in a time quite like this, when over one billion Indian citizens were, in most cases, coerced into enrolling in a centralised mandatory biometric identification system.

After the composition of the Committee was finally announced, by November 6, 2017, several eminent jurists and concerned citizens raised concerns about possible conflicts of interest of various members of the Committee, specifically related to Aadhaar. The Committee chose not to respond to this letter, nor did it increase the diversity of the members of the Committee. Lack of transparency and public participation has been a ‘feature’ of the deliberations of the Committee. The first public document put out by the Committee was its White Paper, which was published solely in English and no other language.
When the minutes of the meeting of the Committee was released, after denial and then appeal, in response to an RTI application filed by RTI activists Anjali Bhardwaj and Amrita Johri, it was found that the same think-tank involved in drafting the Aadhaar Act played a prominent supporting role in the deliberations of the Srikrishna Committee. The Ministry of Electronics and Information Technology later illegally denied providing the submissions and recommendations made to the Committee in response to RTI applications filed by the same activists. Most recently, 150 citizens once again wrote to the Committee demanding greater transparency and accountability in its functioning. The Committee remained determinedly silent, giving no response and continuing to valiantly and illegally deny RTI applications for the draft bill, notes and submissions made to the Committee. The release of the draft bill and the final report of the Committee are thus very welcome, but further public consultation is clearly needed. In fact, the pre-legislative process created by an empowered group of ministers in 2014 legally mandates it.

In its final report, the Committee recognises that, “The Aadhaar Act needs to be amended significantly to bolster privacy protections and ensure autonomy of the UIDAI. Since the context of the Committee’s functioning has been shaped by a vigorous public debate about Aadhaar and its impact on data protection, the Committee would be remiss if it did not deal with this issue.” The best way to understand the Committee’s proposed amendments to the Aadhaar Act and the suggestions it makes in its reports are to imagine being a ‘data subject’ – elderly, below the poverty line, significantly if not totally dependent on welfare entitlements for survival – who was coerced into submitting her biometrics as a necessary condition for her to receive her pension.

Concerns around the Aadhaar project have broadly coalesced around welfare and privacy; these have included questions of surveillance, liberty, access to basic rights, data commercialisation, coercion and choice.

               Justice B.N. Srikrishna. Credit: LiveLaw

At first glance, the draft data protection bill appears to provide massive exceptions for welfare that seemingly apply to Aadhaar. Section 13 makes the processing of personal data without a person’s consent possible for any function of the Parliament or State Legislature. It allows the processing of personal data, if necessary for the exercise of any function, for the delivery of services or benefits or issuance of certificates. In addition, Section 19 states:

Sensitive personal data may be processed if such processing is strictly necessary for: (a) any function of Parliament or any State Legislature and (b) the exercise of any function of the State authorised by law for the provision of any service or benefit to the data principal.

This appears to be the exception allowed for the State to process personal data and looks ominous when you think about the expansion of the Aadhaar into so many aspects of our lives – for welfare programmes, IT returns, for healthcare subsidies, sim cards etc.

But is Aadhaar or Aadhaar authentication strictly necessary to fulfill any function of the state? The draft bill opens a space in which we can and must ask this question. As Prof Reetika Khera points out, for example, “welfare needs Aadhaar like a fish needs a bicycle.” Much has been written about how Aadhaar is an inappropriate technology for welfare. Why should Aadhaar or Aadhaar authentication be necessary for a person to receive her pension?

Critics of the Aadhaar project have since the very beginning highlighted the sweeping nature of the Aadhaar project. While the Aadhaar Act posits itself as an act to “provide for, as a good governance, efficient, transparent and targeted delivery of subsidies, benefits and services”, its expansion into various other fields has been unchecked and indiscriminate. Section 5 of the draft data protection bill deals with purpose limitation and states that the “personal data shall be processed only for purposes that are clear, specific and lawful.” The processing of Aadhaar data so far has been for purposes that are anything but clear and specific, while the lawful bit is under challenge in the Supreme Court of India.

With the enormity of the unwieldy Aadhaar project occupying our imagination, one thing has become very clear – that while data protection laws around the world and this one in particular largely deal with protecting personal data, there might be times when I may need to be protected from data. For example, if I am poor and elderly and go to a ration shop, currently, I am mandatorily required to authenticate my fingerprint on a machine that decides whether or not I am the person I say I am. Once the machine decides, on the basis of data I gave it at an earlier date, only then can I get access to my entitlements. While various authorities keep assuring us that other means of identification are acceptable, this message has still not permeated to the people administering these programmes and in many cases, the technical architecture itself does not allow for any other means of identification.

In the case of Aadhaar authentications – for the elderly, differently abled, those engaged in manual labour, people genetically predisposed to not have fingerprints – Aadhaar-based biometric authentication does not work. The draft bill and report propose a new system of offline verification, only proving how broken Aadhaar really is. We have not been told what this system of offline verification will be, nor why it is necessary, nor what purpose it will serve or where exactly it will be used.
Section 9 of the draft bill relates to data quality and sub-section (1) states that:

“The data fiduciary shall take reasonable steps to ensure that personal data processed is complete, accurate, not misleading and updated, having regard to the purposes for which it is processed.”

As per section 2(13) of the bill, a “data fiduciary” means any person, including the state, a company, any juristic entity or any individual who alone or in conjunction with others determines the purpose and means of processing of personal data.” This would mean possibly, that the burden of maintaining data quality would be placed on the UIDAI, and not on the data subject.

The data protection draft bill and report further add to the conversation around meaningful, just and fair data protection and its simultaneous existence with the unjustifiable privacy-related incursions of the Aadhaar project. It remains to be seen how and whether the Aadhaar Act and a Data Protection Act can coexist.

The speed with which the Committee has been forced to work is an obvious side-effect of the vacuum created by the existence of the Aadhaar project, new proliferating technologies and the growing global conversation around data protection standards. It is vital that there be further discussion and public consultation on the data protection bill. The conversation around data protection is incomplete without the voices of those whom it will affect the most, including those that are entitled to welfare from the state.


Praavita is a lawyer and a SaveOurPrivacy volunteer.