Rss

  • stumble
  • youtube
  • linkedin

Archives for : UID

India – Bury this ‘bekaar’ Aadhaar

You can set up a maximum security biometric identity system in a high security facility with all round controlled access but the moment you take it to a national level, it develops any number of leakage points.

Ranjeev C Dubey
Bury this 'bekaar' Aadhaar

After 38 days of hearings over 4 months in what was the second longest case to be argued in India’s constitution history, the Supreme Court finally reserved judgment in the Aadhaar case on May 9, 2018. It may be several weeks before judgement is delivered but already, it is clear that events have overtaken the case: events that may have rendered the whole exercise futile. Curiously, the heat, dust and animated debates over the last years seem only to have clouded the issues, which in themselves are easy to understand.

As the situation stands today, the Supreme Court is called upon to decide amongst others what seem to me to be two key critical questions. First, given the control that government gets over citizens, should any government be allowed to make Aadhaar mandatory? Second, given Aadhaar’s data leak risk, is linking Aadhaar to PAN cards, driving licences, passports, bank accounts, mobile phones, property transactions, and whatever else besides, legally defensible?

Aadhaar started as a simple attempt to create a national data base, which could then be used for the simple task of verifying identity. It worked on the assumption that biometric data is idiot proof and unchangeable. If you have lived long enough to experience aging, a quick review of your old photo album will tell you different. Even if we ignore its false Aadhaar (basis!!), a simple database is not what Aadhaar has become today. It now encompasses all your interaction with the world both private and public. If you want roti, kapra or makaan, leave alone mobile phones and bank accounts, you need Aadhaar. The government wants it to be the ultimately proof that you exist at all. Indeed, the law obliges you to keep it up to date. When your biometrics change, Section 31 of the Aadhaar Act requires you to update your data. I must not forget to mention that you have no access to this data so you really have no way to know if your data has changed.

This is simply the beginning of the Aadhaar’s Kafkaesque nature. To capture your biometric information, the government appointed vast numbers of fly by night low end operators who maintained no visible quality standards. I got my biometrics captured on an ancient computer in a village market on the seedy end of Gurgaon and I could see that my fingerprints looked like abstract art. That may be no problem for the operators since they themselves seem to have no significant obligation to maintain the integrity of their data about me. They could sell it, fake it or even switch it for someone else’s data. The really scary part of this identity card is that unlike a passport, PAN card, driving licence or voter card, you have no means to ascertain what is in the database. If you don’t know which part of you is not you in government records, you can’t get the government to recognise who you really are.

What happens if you can’t prove that you are you? The government says the supplementary OTP will do the trick. Figure this: once the biometric authentication fails, your mobile number is your whole identity! When you had your Aadhaar card made, do you recall if you shared your mobile number with that friendly neighbourhood bucket shop operator? Consider this: once biometric data is compromised, it can never be used again because it is now in the public domain. You have public property!

Let me assure you none of this is scare mongering. Reports of Aadhaar data leaks are common. In May 2017, the Bangaluru based Centre for Internet and Society reported that data of 13.5 crore cardholders had already leaked online. It revealed that four government websites had serious security flaws: National Social Assistance Programme, National Rural Employment Guarantee Act (NREGA), Daily Online Payment Reports under NREGA (Govt of Andhra Pradesh) and Chandranna Bima Scheme run by Government of Andhra Pradesh. This is only one of about thirty reports Google found for me within seconds. On July 20, 2017, the government admitted that around 210 government websites had been leaking sensitive information including Aadhaar.

The antics of mobile phone companies are the most Orwellian. Aadhaar data was never intended to land up in the hands of private business. The government’s insistence that mobile number be linked to Aadhaar has meant that these companies now have your name, address, Aadhaar card, and e-wallet details. If you use fingerprint security to control access to your smartphone, they have that too. Can you be certain that facial recognition software is definitely not working in the background of your phone? Is your Iris data compromised too? Mobile companies routine sell your information to third party marketing companies. In 2017, the website “magicapk” published a list of leaked personal details of 120 million Reliance Jio users. The website has since been suspended.

Today, we are at a point where the software architecture of Aadhaar has lost credibility too. On July 28th, 2017, the press reported that Abhinav Srivastava, co-founder of Quarth technologies, had created an “Aadhaar e-KYC” app that accessed the UIDAI API without authorisation. On September 10, 2017, in reports of the Kanpur Fake Aadhaar Enrolment scam, authorities stumbled on enrolment software that had been reverse engineered to bypass iris scan authentication for operators. On January 4, 2018, the Tribune reported that access to Aadhaar data could be purchased for as little as Rs 500 on social media. The next day, India Today reported a sting operation where details of Aadhaar card applicants were obtained from enrolment agents for as little as Rs 2 to 5 per applicant.

The latest twist in this tale is the saga of P Santosh Kumar (The Wire July 2, 2018) who paid the prescribed fee and obtained copies of Sale Deeds containing finger prints of persons who had registered property transfers at the local Sub Registrar’s office. The Sub Registrars of many states ask for Aadhaar details as well. Other states have these records digitised and available on-line. Santosh Kumar then inverted the image and used the well know polymer printing technique to create fingerprint moulds. This allowed him to activate 6,000 SIM cards which have a substantial value in the black market where criminals and terrorists pay premium bucks for SIM cards without KYC (or someone else’s KYC). As I said, when Aadhaar fails, UIDAI’s prescribed “biometric locking” requiring the linked mobile phone to be used as proof of identity. If someone can access your Aadhaar number, fake your finger and get a SIM card in your name, fundamentally, your identity is gone and you are toast. That’s for life. Now anyone can be you, for as long as you live, and considerably after that too.

This is why very few countries have ever adopted national UID systems. Malaysia’s MyKad, which dates back to 2001, is one of the oldest biometric identification systems. It is a chip-enabled card and operates as a single point of authentication in places like ATM kiosks, highway toll booths, electronic cash counters and as a public identifier. Malaysia is unique. Only Brazil, Ghana and Indonesia have tried something similar, but none of them have tried to set up a single point all-purpose mandatory identikit. The reasons seem obvious.

It is for the same reason that no first world country has anything like it. The liberal democratic impulse imbedded in post war Europe and America makes it difficult to get a buy in. Indeed, the EU has come up with stringent Data Protection Guidelines that would torch Aadhaar in a minute. America does have its Social Security Number (SSN) tool to ascertain the income of any American individual and calculate the amount of social security credit they’re entitled to based on their individual financial health. The US issues SSNs only to its citizens and doesn’t collect any biometric data of the individuals that are enrolled in the scheme. SSN is a dumb number that attaches to an individual’s profile in a company or US government agency’s database. In that, it’s like a PAN card. Ultimately, there are federal and state-level laws in the US that restrict the use of SSN across different government databases as a marker to identify a person’s identity. In 2007, the US firmly decided against encapsulating its citizens’ biometric profile to the Social Security Number cards. Why have all these countries refused to establish an Aadhaar like system?

This is what it comes down to. You can set up a maximum security biometric identity system in a high security facility with all round controlled access but the moment you take it to a national level, it develops any number of leakage points. It takes too many players to keep the show on the road, and it is impossible to guarantee that every player will be secure. Second, gizmos and software to crack the system are coming on the market all the time: if you can build it, someone can hack it. It’s not that Aadhaar has been terminally compromised: it’s that a system like this will always be easily compromised and in a hundred ways. Given the foregoing facts, is ‘what do we do with Aadhaar’ even a meaningful question to ask? If this is not a disaster already, what more remains to go wrong? Given the brutal and now well-known facts, what is it exactly that we want the Supreme Court to decide for us?

Related posts

Aadhaar for banking is in contempt of the orders of the SC’

Dr Anupam Saraph an expert in governance, informatics and strategic planning, speaks out against the interests involved in linking bank accounts to Aadhaar despite an apex court stay against it

The Department of Financial Services under the Ministry of Finance which supervises the banking sector is aware of the problems faced by citizens who cannot avail of services because they are being denied access to their accounts due to the Finacle software used by banks. This program makes it essential for customers to share Aadhaar numbers before their applications can be processed despite a Supreme Court order staying this as a requirement in banking operations. A recent article in the website Moneylife detailed the woes of customers being denied access. Infosys, which developed and installed Finacle, a core banking software, says it upgraded it last year and sorted out all problems. But obviously all is not well.

Dr Anupam Saraph an expert in governance, informatics, and strategic planning has served as advisor to several national and international organisations, including UNESCO and the World Economic Forum through its Global Agenda Council for Complex Systems. He was also Information Technology Advisor to the Government of Goa. He has designed and implemented identity schemes and has in depth knowledge of what is right and wrong about biometric ID systems. He has written extensively on Aadhaar and has been a vocal critic of it being linked to banking and payment systems. Dr Saraph answers questions posed by Ajith Pillai on Finacle and explains the interests involved in linking the 12-digit Aadhaar number to bank accounts. Excerpts:

Infosys seems to suggest that the need to link Aadhaar for availing banking services has been sorted out in its new version of the Finacle software for banks? Is this true?

To reassure banks and their customers that Aadhaar is not hardcoded into Finacle, Infosys should make public a comparison of the steps of how core banking functions can be undertaken with or without Aadhaar using Finacle. Particularly, the opening of bank accounts, transacting with existing bank accounts, and the closing of accounts. Since customers usually don’t know if their bank uses Finacle, Infosys must list out the banks using the corrected version of Finacle that can follow the procedures that will not discriminate persons for want of Aadhaar.

Should banks scrap Finacle and opt for a more compatible system?

Banks should replace every software that attempts to end good banking practices, colonise its data to enable third party access, control and corrupt its operations, create un-auditable transactions and destroy core banking.

Don’t you think banks insisting customers must link their Aadhaar numbers to avail of services is in violation of Supreme Court orders?

The five-member bench of the SC on October 15, 2015 ordering “Union of India that it shall strictly follow all the earlier orders passed by this Court commencing from 23.09.2013” and “We will also make it clear that the Aadhaar card Scheme is purely voluntary and it cannot be made mandatory till the matter is finally decided by this Court one way or the other” have not been overruled by any larger bench.

Further, the three-member bench passing orders on August 11, 2015 had restricted of use of the Aadhaar to “PDS Scheme and in particular for the purpose of distribution of food grains, etc. and cooking fuel, such as kerosene. The Aadhaar card may also be used for the purpose of the LPG Distribution Scheme”. This was extended to “The Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS), National Social Assistance Programme (Old Age Pensions, Widow Pensions, Disability Pensions) Prime Minister’s Jan Dhan Yojana (PMJDY) and Employees’ Provident Fund Organisation (EPFO)” by the five-member bench on October 15 2015.

The five-member bench also directed that “The information about an individual obtained by the Unique Identification Authority of India (UIDAI) while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a Court for the purpose of criminal investigation.”

The use of Aadhaar for banking or any other purpose than that permitted by the Court on15 October 2015, therefore, continues to be a contempt of the orders of the Supreme Court of India.

Aadhaar is the brainchild of Nandan Nilekani

What exactly are the interests involved in Finacle pushing Aadhaar?

The spread of Aadhaar enables money laundering, corruption, illegal transactions, un-auditable transactions, creates unfair trade practices and enables monopolisation of money flows. The web of conflict of interests in pushing Aadhaar is deep and widespread. The spread of Aadhaar across India is littered with the violation of the rule of law, propriety, respect for freedom of people or enterprises, national interests, and ethical practices.

Aadhaar is the brainchild of Nandan Nilekani (co-founder of Infosys and currently non-executive chairman of the company). He was appointed Chairman of the UIDAI in January 2009. Aadhaar payments is the brainchild of the National Payments Corporation of India (NPCI), founded in December 2008, whose founding Chairperson was N R Narayana Murthy, Co-founder and Chairman Emeritus of Infosys.

(To elaborate on the complex issues involved and the moves made to pushing Aadhaar into the banking system, Dr Saraph highlighted the following):

RBI Objections Brushed Aside From The Outset

File records show that the RBI maintained that the use of the Aadhaar number was in conflict with the Prevention of Money Laundering Act (PMLA), the Basel Standards for maintaining customer information and its own extant guidelines. It underlined that the use of Aadhaar would dilute its practices of keeping customer records. However, even when the use of Aadhaar was not permitted in banking, in January 2011, the UIDAI and NPCI signed an MoU stating that several banks were opening new bank accounts or linking existing bank accounts with Aadhaar numbers.

It further stated that these accounts would be Aadhaar Enabled Bank Accounts (AEBA). It proposed that NPCI would offer switching, clearing and settlement services or Aadhaar based financial transactions from such accounts. Pressured by the UIDAI the RBI issued a January 27, 2011 notification allowing the use of Aadhaar to open small bank accounts and specified restrictions on these bank accounts under the PMLA. But UIDAI was not satisfied and increased the pressure on RBI till finally under advise from the Department of Revenue, Ministry of Finance, on September 28, 2011, the RBI lifted the PMLA restrictions on bank accounts opened solely with Aadhaar.

It also enabled the presence-less and paperless opening of bank accounts using eKYC or remote Aadhaar authentication. This allowed opening of bank accounts solely on production of Aadhaar numbers as the banks no longer retained account opening forms, customer acquisition documents or were required to have customers’ presence while opening bank accounts. RBI data suggests a doubling of bank accounts since the UIDAI pushed for opening bank accounts solely with Aadhaar.

Interestingly in 2010 itself, before any MoU with UIDAI or the Aadhaar numbers going live, NPCI had already developed Aadhaar Enabled Payment System (AEPS) which went live in November 2011. The AEPS transfers money to Aadhaar numbers instead of bank accounts.

The Push for Aadhaar Enabled Payments

In March 2012, the Nandan Nilekani-led Task Force on an Aadhaar-Enabled Unified Payment Infrastructure pushed for Aadhaar enabled payments. Replacing RBI’s NEFT (National Electronic Funds Transfer from bank to bank) to transfer funds with Aadhaar is an implicit claim that the uncertified, unverified, and unaudited Aadhaar, where no one identifies anyone nor is anyone responsible for identification, identifies the beneficiary better than the KYC process used by RBI that make the branch managers liable for fraudulent bank accounts.

Once linked with Aadhaar, bank accounts opened with the traditional KYC practices of the RBI become indistinguishable from those opened solely with Aadhaar. They also become susceptible to Aadhaar Enabled Payment Systems. The auditability of payments made through AEPS and its eerie resemblance to hawala system of money laundering has been under controversy since 2014.

Enter The Payment Banks

In October 2013, Nachiket Mor, Member of the Board of RBI and now also the country head of the Bill and Melinda Gates Foundation, floated the idea of the Payment Bank. Such Payment Banks do not have branches and are operated in a cashless, presence-less and paperless mode. Payment Bank accounts are typically opened with only Aadhaar.

In October 2017 the Airtel Payments Bank was able to create 37 lakh bank accounts based on Aadhaar data without any customer request to open those bank accounts. These accounts received 167 crores of LPG subsidy from the Consolidated Fund of India. Clearly someone benefits by replacing an auditable NEFT money transfer with an un-auditable AEPS. Furthermore, the Ministry of Finance is not able to identify who are the 52 crore beneficiaries who have since inception received Rs 246,133 crore under various schemes through direct bank transfers (DBT) using Aadhaar payments.

According to Nilekani, who continues to advise the NCPI, over Rs 95,000 crore was transferred to beneficiaries in 2017-18 using AEPS. No one has established that the recipients of the Rs 95,000 crore are real persons and genuine beneficiaries. No one has certified the delivery of benefits and subsidies from the Consolidated Fund of India to those it was meant to target.

The Interests Involved

Shrikanth Nadhmuni, former technology head of UIDAI, is on the board of HDFC Bank Ltd since September 20, 2016. He is also the Chairman of Novopay Solutions Private Limited, a company involved in the area of mobile payments and is also the Chief Executive Officer of Khosla Labs Private Limited, a company promoting Aadhaar Bridge, a set of APIs (application programming interface or a set of defined methods of communication between various software components) to access the UIDAI’s database. He is also attributed as having developed Aadhaar banking and financial protocols including MicroATM, Aadhaar Enabled Payment system and Aadhaar Payment Bridge

Both ICICI and HDFC, major players in the National Payments Corporation of India, have also been instrumental in creating the Goods and Service Tax Network (GSTN) for collecting government taxes. Aadhaar has been made mandatory for registration to pay GST. HDFC and ICICI have been aggressively pushing Aadhaar linkage, and causing suffering to those customers who did not, in complete violation of Supreme Court orders.

Unless traditional bank accounts are linked with Aadhaar, they don’t become indistinguishable from those opened remotely or solely with Aadhaar. Nor do they become Aadhaar enabled or able to receive or transfer money using NPCI’s AEPS. Once indistinguishable from bank accounts that have been opened with RBI’s traditional KYC practices, it becomes difficult, if not impossible, to detect money laundering, corruption, illegal transactions, un-auditable transactions, creating unfair trade practices and monopolisation of money flows.

Why are these companies pushing Aadhaar aggressively in complete contempt of the existing laws, Constitutional rights of Indians as well as the orders of the Supreme Court of India?

Finacle also devised the system for GSTN which has not lived up to expectations. Isn’t it time the government weighs its options before awarding software contracts?

If the recent appointment of Ajay Pandey (Chairman of UIDAI) as the Chairman of GSTN says anything, the same network of interests that drive Aadhaar, drive the GSTN. Why would the development of GSTN’s information systems be any different? After all, like Aadhaar, it does not serve the people but different masters. Dr Subramaniam Swamy has raised serious concerns about the national security implications of Aadhaar and GSTN in Parliament and these need to be addressed.

This experience also underlines the need and importance of open source in government. The UIDAI has not placed the source code of the API (application programming interface) used to access the Aadhaar database in public domain. It even refuses to reveal under RTI who developed, maintains or owns this API. Yet strangely, Khosla Labs offers a version of this software as Aadhaar Bridge and another group of “volunteers” calling themselves iSprit offer it as “Indiastack”. Which code is being used by Infosys to build software for the GSTN? Under what licensing terms? It’s all kept out of the public domain.

https://southword.thestate.news/current-affairs/2018/06/25/aadhaar-for-banking-is-in-contempt-of-the-orders-of-the-sc

Related posts

Karnataka -No Aadhaar, no pay: Bruhat Bengaluru Mahanagara Palike to staff #WTFnews

Circular was issued to bring more transparency and financial discipline.

Aaadhar Card (File Image for representational purpose)

For representational purposes

BENGALURU: In order to bring more transparency and financial discipline, Bruhat Bengaluru Mahanagara Palike (BBMP) has issued a circular to all its employees that says that if their biometric attendance system is not linked with Aadhar, they won’t be receiving salary from July.According to the official sources, with no proper monitoring system, salary has been credited to the dead employees too. A few BBMP staff members who do not exist are also getting salary. Nobody knows their whereabouts.

“For contract pourakarmikas, contractor would claim more than the actual number of pourakarmikas and get more salary. To put an end to such issues, Aadhar enabled biometric  system was proposed,’’ said sources.This system will reduce irregularities in BBMP, according to officials. “BBMP has over 35,000 employees including Pourakarmikas. Many of these employees are working on contract, some even on deputation. There is no discipline here. The Cadre and Recruitment Rules are very old. There are many old posts which are not relevant and are still there and at the same time there are some new-era posts under contract system. There are so many irregularities which is resulting in financial loss,’’ sources from the BBMP said.

The Biometric attendance was there in BBMP head office for sometime. However, in November 2017, the then BBMP Commissioner Manjunath Prasad had extended this to all the zones and other offices. This year, in February during the BBMP budget, the Palike announced that they would make Aadhar enabled biometric attendance system mandatory. Since then BBMP authorities had been sending circulars to all the employees in eight zones to link their Aadhar to biometric, but even then, the compliance was low.

On June 20, Additional Commissioner (Administration) Nalini Atul issued an official note to all zonal heads and other concerned officials to implement Aadhar-based biometric attendance system at their offices. His official note states, “Inspite of many circulars and reminders issued to implement, it has been brought to our notice that some employees have not linked their biometric attendance to Aadhar.”

Additional Commissioner also said concerned officials should install Aadhar-based biometric finger authenticator instrument and details have to be sent to the head office on or before June 27, failing which salary of employee will be held from July. Speaking to The New Indian Express, “Like any change in a new system, there will be initial hiccups and resistance, which will eventually be sorted out. Also, under this system, whoever does not use their thumb impression to mark biometric attendance , that particular day will be considered as leave,’’ he said.

http://www.newindianexpress.com/cities/bengaluru/2018/jun/24/no-aadhaar-no-pay-bruhat-bengaluru-mahanagara-palike-to-staff-1832869.html

Related posts

NCRB chief: Give police ‘limited access’ to #Aadhaar data #WTFnews

Aditi Mallick| TNN | U

HIGHLIGHTS

  • NCRB chief Ish Kumar said nearly 50 lakh cases are registered across the country every year
  • 80-85% of the offenders are first-timers without any police record
  • “Limited access” to Aadhaar data will help police trace first-time offenders and unidentified bodies: NCRB director

HYDERABAD: National Crime Records Bureau (NCRB) director Ish Kumar on Thursday proposed that police be given “limited access” to Aadhaar data to help them trace first-time offenders + and unidentified bodies.

Kumar’s suggestion comes at a time when the Supreme Court is hearing a raft of pleas challenging the constitutional validity of Aadhaar on the ground that it violates citizens’ right to privacy.

Speaking at the 19th All India Conference of Directors of Fingerprints Bureau here, the NCRB chief said nearly 50 lakh cases are registered across the country every year, adding that 80-85% of the offenders are first-timers without any police record. “Also, more than 40,000 unidentified bodies are found every year,” Kumar said.

SC concerned about misuse of Aadhaar data by private firms

“With access to Aadhaar data, these (bodies) could be identified and handed over to their relatives,” he added.

Junior minister (home) Hansraj Ahir said Kumar’s proposal would be discussed in the ministry along with amendments to the Identification of Prisoners Act.

The NCRB director also stressed on the need to float a scheme to modernise all state fingerprint bureaus, so that experts could at least visit most crime scenes.

“Though 50 lakh cases are registered across the country every year, fingerprint experts are able to visit only around 55,000 crime scenes. The reason is many states don’t have adequate fingerprint cadre strength nor do they have proper equipment and labs. Hence, there is an urgent need for the home ministry to float a scheme for modernisation of all fingerprint bureau from all states,” he said.

ncrb

M Mahendar Reddy, DGP of Telangana who attended the event, said automation of the fingerprint Identification process is a tool by which criminals can be identified more quickly and efficiently and AFIS has played a key role in investigation, virtually replacing traditional manual methods of fingerprint matching and classification.

“Telangana is the first state to incorporate a palm print-based live scanner system for enrolment of criminal’s Fingerprints electronically and also deployed an Android-based single finger identification system to verify the criminal antecedents of a suspect in-the-field within seconds by the SHO himself without any manual intervention at Police station level,” he added.

Altogether 868 undetected cases were solved since installation of Papillon AFIS, of which 480 cases were old unsolved scene-of-crime cases that were not identified by the older FACTS system.

Minister of State (Home Affairs) Hansraj Gangaram Ahir, said the fingerprints being the scientific evidence, it decreases crime rate and increases conviction rate and its accepted by the court and society. If the conviction rate increases, the offenders and people who intend to do crime will have fear, he added. Later the chief guest also released a book titled “Compendium of Finger Print equipment 2018”.

Another issue that required an early intervention by the Home Ministry was the amendment to the Identification of Prisoners Act, 1920, so that other modern biometrics such as iris, veins, signature and voice could also be captured. There was also need to do away with the clause of one-year rigorous imprisonment, as very few sections in the IPC have that provision. The NCRB had sent a proposal to the Centre.

Kumar also stressed the urgent need for modernisation of all State fingerprint bureaus.

“At present, fingerprint experts were able to visit only around 55,000 crime scenes, which was just 1 percent of the 50 lakh cases filed annually, and grossly inadequate. This is because, many States neither have adequate fingerprint cadre strength nor proper equipment and labs,” he said, adding that fingerprint experts should also be sent abroad for advance training with the Interpol or the FBI.

TOI

Related posts

RTI reveals there’s no way you can opt-out of #Aadhaar #WTFnews

RTI on Aadhaar reveals alarming details

Some would say Aadhaar has been pushed into the lives of Indians without limits. People aren’t even being able to get new SIM cardswithout Aadhaar, despite the government explicitly stating they should be able to.

A fresh RTI reveals more alarming details: turns out, once you sign up for Aadhaar, you can’t revoke it under any condition, even if you give up citizenship.

In context: RTI on Aadhaar reveals alarming details

History

First things first: What is the Aadhaar scheme?

The Aadhaar project began in 2009. Under the initiative, each applicant is assigned a 12-digit unique identification number (UID), which is linked to their demographic as well as biometric details (fingerprints and iris scans).

Though it was initially touted as a voluntary ID, the government has gradually made it mandatory to access a number of schemes, like opening of new bank accounts.

Laws

Who is it for, who is it not?

According to the Aadhaar Act, “Every resident shall be entitled to obtain an Aadhaar number by submitting demographic and biometric information.”

A ‘resident’ is one who has resided in India for at least 182 days “in the 12 months immediately preceding the date of application for enrolment.”

So your citizenship status won’t matter as long as you have stayed in India for 182 days.

RTI

What does the new RTI reveal?

An anonymous Redditor (u/onlinerti) has now posted what his RTIrevealed. The plea notes that Aadhaar is for Indian ‘residents’ and not just ‘citizens,’ so what’s the procedure for revocation of Aadhaar number from the database if someone foregoes Indian citizenship, it asks.

“As per the present policy of UIDAI and the Aadhaar Act, there’s no provision for revocation of Aadhaar,” the reply states.

OthersThere are laws for de-linking Aadhaar from these services though

Technically, there are ways to de-link Aadhaar from services. According to Point 5 of UIDAI’s Compendium of Regulations, “The Aadhaar number holder may, at any time, revoke consent given to a KUA (e-KYC User Agency) for storing his e-KYC data…and the KUA shall delete the e-KYC data.”

This covers all public and private agencies- banks, telcos, PAN, voter ID, LPG connection, passport and more.

Reality

But are laws helping us any?

Since no company has explicitly mentioned the process for de-linking Aadhaar, the first step is to contact customer care and enquire about the method.

However, it might not be easy. TBI reports they tried de-linking Aadhaar from SIM, but when they called up customer-care, the executive insisted there was no way to do it.

Meanwhile, telcos continue to send away new customers without Aadhaar.

Impact

Only the common people will bear the brunt

In one case, there are no laws at all, and in the other, no one is ensuring they are being followed.

In all practicality, they are the same thing.

The impact is being felt by the masses, who have reported being harassed for Aadhaar by various agencies.

In Feb 2018 .in yet another case of medical apathy, a 25-year-old pregnant woman in Gurugram was forced to deliver a baby girl outside the Civil Hospital near the parking lot without any medical support as she wasn’t carrying her Aadhaar card.

Though she furnished her Aadhaar number, the woman was denied an ultrasound-test before the delivery as she didn’t have an Aadhaar copy.

Aadhaar can be a strong tool, or it can be highly intrusive. Laws can dictate its direction.

https://www.newsbytesapp.com/timeline/India/25293/114707/rti-on-aadhaar-reveals-alarming-details

Related posts

Andhra Pradesh Tracked You As You Bought Viagra, Then Put Your Name and Phone Number on the Internet for the World to See

Just another day in the data disaster that is our country.

Bengaluru — If you are the gentleman who bought Suhagra 50, a generic version of Viagra, and some Vomiford anti-nausea drops, on June 13 from a government-run Anna Sanjivini store in Anantpur in Rayalseema, your name, phone number and purchases, were listed on an Andhra Pradesh government website — until HuffPost alerted the authorities.

The link has since been taken down (you’re welcome).

An unsecured dashboard on the Anna Sanjivini website allowed anyone with an internet connection to access the names and phone numbers of everyone who has bought medicines from every single such store, HuffPost has learnt.

This interface, discovered by security researcher Srinivas Kodali, contains thousands of pages of daily data and each order shows the Order ID, the Store Operator ID, Customer name, Customer phone number, details of the medicines, and the money paid.

This latest privacy breach, experts say, vividly illustrates how the head-long push to digitise everyday government processes has been accompanied by a blatant disregard for the privacy of citizens.

Andhra Pradesh’s careless indifference to the confidentiality of medical data acquires significance in the context of the draft Digital Information Security in Healthcare Act (DISHA).

This act will enable the sharing of personal health records between patients, hospitals, and clinics. This means an exponential increase in the quantum of confidential data flowing between government departments, and private parties — raising the repercussions of future privacy breaches in every Indian state.

“Medications indicate the possible conditions a person or someone in their family may have,” said Pam Dixon, founder and executive director of the World Privacy Forum. “This information can be especially sensitive when employers gain access, or even just neighbours who learn of a sensitive condition.”

Medical conditions like AIDS and depression continue to carry a stigma in India; publishing such data, Dixon noted, could cause real harm.

“People who are discovered by employers to have serious medical conditions can be fired, children can be treated unfairly in school due to a past or current medical condition,” Dixon said. “People have quite literally been stalked and harmed as a direct result of inappropriate personal information disclosure.”

HUFFPOST STAFF

Leaky Pradesh

This is not the first time the Andhra Pradesh government has unwittingly exposed its residents by publishing their intimate details online.

In April this year, Huffington Post revealed that it’s possible to geolocate people in Andhra Pradesh by caste or religion down to their doorstep, allowing for the targeting of every minority family, in a state that has witnessed outbreaks of communal violence.

“This is an important issue because it is not the first time that something like this is happening in Andhra Pradesh,” said Kodali, the researcher who first spotted both leaks. “But no one is held accountable for the loss of privacy for citizens.”

Kodali said he wrote to the authorities when he discovered the vulnerabilities, but did not hear back from them.

HuffPost reached out to the Society for Elimination of Rural Poverty, the agency responsible for the Anna Sanjivini programme, but they did not respond.

HuffPost also reached out to the Chief Minister’s Office Realtime Executive (CORE), whose dashboard leads to Anna Sanjivini. They locked down access to the site, but did not respond to HuffPost’s questions.

“Governments do collect a lot of data. But it is rare for a government to also expose the data about its citizens in such an open fashion, as there are substantial risks of multiple types of harms associated with this kind of broad, identifiable data release,” said Dixon, from the World Privacy Forum. “There are many risks with collecting the data. But there are far more risks with exposing the data to anyone with an Internet connection.”

Private Interests

While the Indian government drags its feet over drafting a robust data privacy law, private companies are already hoovering up personal information wherever they find it, even if they don’t quite know what to use it for.

For instance, a database of phone numbers, linked to the medicines purchased by the holder of that number — of the sort published by AP — can easily be leveraged by medical insurance companies looking to snoop on their clients before they sell them insurance.

“A couple of years ago, the election commission website had leaked people’s voter ID data,” said a Bengaluru-based start-up entrepreneur speaking on the condition of anonymity. “It was all just there district-wise as open PDF files.

“I wasn’t sure if it would be useful, but I wrote a scraper to download all the voter IDs anyway, in case we could find a use later. I also did a few e-commerce campaigns where we bought people’s data from brokers who had ‘acquired’ the data from IRCTC. I don’t know how they got that, but I’m guessing someone junior somewhere probably put in a USB drive and just copied everything.”

HUFFPOST STAFF

The Human Factor

“Whether it’s a massive cybersecurity incident or small-scale one, about 80 percent of them point to having been caused by human error,” said a representative from Kaspersky Lab, a multinational cybersecurity firm. “Even with the most secure systems, the human element can lead to leaks. So we go back to the people, the employees.”

“Educating the governmental staff on the motivations of security policies, the importance of working safely and how to contribute to the security of their organizations can help mitigate the risk of security incidents and safeguard what is truly important – their data,” the Kaspersky representative said.

KK Mookhey, the founder and CEO of Network Intelligence, a global cybersecurity company, agreed with this perspective.

“No system is fully secured and government systems don’t necessarily have the highest security levels in place always,” Mookhey said. “There’s always a chance that a highly motivated set of attackers can find their way around the best defences in the world.”

https://www.huffingtonpost.in/2018/06/17/andhra-pradesh-tracked-you-as-you-bought-viagra-then-put-your-name-and-phone-number-on-the-internet-for-the-world-to-see_a_23459943/

Related posts

Australia -Biometrics project scrapped after massive delays and budget blowouts

Image: getty

A project to introduce fingerprint and facial recognition technology across the country has been scrapped, after massive cost blowouts and delays.

The Australian Criminal Intelligence Commission (ACIC) inked a $46 million deal with tech company NEC Australia in 2016 to expand the nation’s fingerprint database to include other biometric information, such as facial recognition and footprints.

But the project has been hampered by missed deadlines and overspends of millions of dollars.

“The Australian Criminal Intelligence Commission has decided to discontinue the Biometric Identification Services (BIS) project,” ACIC chief executive Mike Phelan said in a statement.

“This decision was taken in light of project delays.”

Mr Phelan also confirmed the commission had asked the National Audit Office to investigate the management of the project.

“The ACIC is committed to delivering projects that enhance capability for our law enforcement partners,” Mr Phelan said.

“As part of this approach we regularly review the scope, expected benefits and ongoing feasibility of our projects.”

NEC Australia said it was “extremely disappointed” by the decision to dump the project, and launched a spirited defence of its work.

“NEC has worked closely with the ACIC to deliver the BIS project and have clearly demonstrated to the ACIC that we already have a high quality solution that will meet their needs,” the company said in a statement.

“It is important to note that the ACIC terminated the contract under the ‘termination for convenience’ clause, and not because NEC had been in breach of its obligations.

“The termination for convenience clause allows government departments and agencies to terminate a contract, regardless of whether or not the contractor has committed a default or breach of that contract.”

NEC said it had a strong reputation around the world for its work in biometrics.

The Federal Government has continually spruiked its aim to become a world leader in digital transformation, but the Opposition has pointed to this project as being just one example among many of serious failures in administration.

The Australian Criminal Intelligence Commission (ACIC) has just announced its decision to discontinue the Biometric Identifiaction Services (BIS) project, citing delays as the cause.

This announcement comes after the project was suspended earlier this month and NEC Australia staff were escorted out of the building by security on Monday June 4.

Here is the full statement from Michael Phelan, the Chief Executive Officer of the ACIC:

The Australian Criminal Intelligence Commission (ACIC) has decided to discontinue the Biometric Identification Services (BIS) project. This decision was taken in light of project delays.

The contract with NEC Australia to deliver the BIS project has today been terminated. The project was suspended by mutual agreement on 4 June 2018 while commercial negotiations were ongoing. NEC Australia was contracted to deliver the capability in April 2016.

The Australian National Audit Office is conducting an audit into the project as requested by the ACIC in February 2018. The ACIC is committed to delivering projects that enhance capability for our law enforcement partners. As part of this approach we regularly review the scope, expected benefits and ongoing feasibility of our projects.

The ACIC is committed to providing national criminal information and intelligence services, including fingerprint data, to more than 70,000 police officers and other accredited users on a daily basis, to keep them and the Australian community safe.

ACIC contracted the NEC for the $52 million Biometric Identification Services project with the view of replacing the fingerprint identification system that is currently in place. The aim of the project, which was supposed to run until 2021, was to include palm print, foot prints and facial recognition to aid in police investigations.

The Australian government stated that it wanted to provide Australians with a single digital identity by 2025. However Innovation Aus reported that the project is said to have been roughly $40 million over budget and returning a large amount of false positives.

At this time it’s unclear if the project will be revisited in another form in the future, or if its termination will impact on the Digital Transformation Agency’s (DTA) biometric projectwhich received over $90 million in this year’s federal budget announcement.

 

https://www.businessinsider.com.au/australia-biometric-identification-project-terminated-2018-6

Related posts

Bullied Into Linking Aadhaar With Your Phone, Bank Account, Mobile Wallet? UIDAI Guidelines Say It Can Be De-Linked

Aadhaar linking to bank accounts and phones numbers is not a one-way street

BLOOMBERG VIA GETTY IMAGES

Bengaluru – There is a lot of confusion around the Aadhaar number and its linking to services such as bank accounts and telephone numbers. As a result, it’s linked to these accounts, and also mobile wallets, and other online services. But it’s not a one-way street, and if you want to de-link your Aadhaar, the UIDAI says it can be done.

Last year, the Department of Telecom made it mandatory to link Aadhaar numbers to cellphone numbers, saying it was on the basis of a Supreme Court order. The move raised concerns and the Supreme Court eventually said that linking accounts was not necessary.

But very many of us, seeing the deadlines loom closer, would have decided to cave in and link the Aadhaar to our bank accounts and phone numbers. Others may have linked it to our mobile wallets, like Paytm for example, in order to do KYC and get a more feature-rich account. But after the Cobrapost sting on Paytm a lot of people wanted to delete their accounts, and remove their Aadhaar data from the company.

The next issue was that it was not at all easy to delete your account – almost all Indian companies try and keep you from deleting accounts – and even then, what happens to your Aadhaar data? Although there’s not been much clarity on this, a recent report pointed out that you can indeed de-link your Aadhaar data.

As it turns out, the UIDAI has said that users should be able to revoke consent to any e-KYC User Agency (KUA), which must then stop storing the user’s e-KYC data, or sharing it with third parties. The KUA must in fact delete the e-KYC data of a user who requests revocation.

This means that even if your Aadhaar has been linked somewhere – with your phone company, bank, mobile wallet, or even income tax department – then you can request revocation of your authentication. This is mentioned in a compendium of regulations of the Unique Identification Authority of India (UIDAI). On page 11, point 5 states: “The Aadhaar number holder may, at any time, revoke consent given to a KUA for storing his e-KYC data or for sharing it with third parties, and upon such revocation, the KUA shall delete the e-KYC data and cease any further sharing.” Point 6 adds that the entities which received your information will also have to follow the same norms, and de-link your number.

This means that if you contact your service provider – whether it’s Airtel or Vodafone, or Paytm, or even the government – they should follow the rules set out by the UIDAI, and remove the linkages. Not doing so is against the UIDAI’s rules, and should not be permitted.

https://www.huffingtonpost.in/2018/06/13/bullied-into-linking-aadhaar-with-your-phone-bank-account-mobile-wallet-uidai-guidelines-say-it-can-be-de-linked_a_23457591/?utm_hp_ref=in-homepage

Related posts

Stop Aadhaar-linked pay to anganwadi staff: Activists

Anganwadi workers had protested earlier this year, demanding an increase in the honorariumAnganwadi workers had protested earlier this year, demanding an increase in the honorarium
PUNE: Activists have demanded that Aadhaar-linked payments be stopped for anganwadiworkers as technical issues have affected their payments for nearly eight months to a year.
They alleged that an anganwadi worker committed suicide in minister Pankaja Munde’s constituency in Beed districtbecause she was deprived of honorarium for six months as her biometrics did not match.

In a written statement, the activists demanded a probe into the death and blamed the government for not simplifying the process of disbursement of funds to anganwadi workers.

Activist Shubha Shamim blamed the government for the ‘faulty system’ of disbursement of honorarium to anganwadi workers. “Anganwadi worker Neeta Shinde, 32- year-old widow from Gevrai in Beed district, ended her life as she was deprived of honorarium for the last six months,’’ alleged Shamim who demanded a probe by the government.

The aadhaar-linked disbursement of salary from banks has been an issue and many anganwadi workers have not been paid honorarium for several months. Shamim said that after several follow-ups, she managed to receive honorarium for two months but did not receive the same for another eight months as her biometrics did not match.

‘We feel that the government is responsible for her suicide,’’ she said. This is not the first instance of suicide in Marathwada region as last year also, a 54-year-old anganwadi worker allegedly took her life in Parbhani district of Marathwada due to non-payment of honorarium for some months.

Anganwadi workers had threatened to go on a strike in March this year over non-payment of honorarium when the state government invoked the Maharashtra Essential Services Maintenance Act (MESMA) against them. The strike was called to protest the decision to lower the retirement age of anganwadi workers from 65 to 60, but it was revoked later. It was two years earlier that the honorarium of anganwadi workers was increased by Rs 1,000. Last year, it was raised further by Rs 1,500.

TOI

Related posts

Madras HC refuses ban on “anti-Aadhaar” Tamil film Irumbuthirai #Goodnews

 

Madras HC Rejects PIL Against Movie ‘Irumbuthirai’ Allegedly For Spreading Misinformation About Aadhaar And Digital India [Read Order]

Ashok KM

The Madras High Court recently dismissed a plea to stop the release of a movie titled Irumbuthirai which allegedly spread misinformation about the Central Government’s policy of Aadhaar card and Digital India.

A bench of Justice V Parthiban and Justice PD Audikesavalu dismissed a PIL filed one N Natarajan who submitted before the court that certain dialogues in the said film are creating a panic situation among the general public that the information given to the various authorities through Aadhaar will be used for any other purposes, which gives a wrong information to the public about the Aadhaar card and there is every likelihood of losing confidence on the Government of India over the policy of Aadhaar card and Digital India.

The bench observed that the petitioner has not stated what are the said comments and as to how they create panic among the general public in regard to the government welfare measures such as Aadhaar card and Digital India initiative.

Referring to a Supreme Court decision, the court observed that once the expert body has given clean chit for exhibition of the film, this court cannot sit over and override the decision of the board at the instance of the petitioner particularly on the basis of his individual perceptions with reference to the contents of the film. Dismissing the PIL, the bench said: ”Admittedly, the petitioner had seen only the trailer of the film and therefore, he cannot have any idea of the total contents and the full theme of the movie and the full context in which the so-called offending dialogues exchanged between the characters.”

 

The Vishal starrer cyber-crime thriller, ‘Irumbu Thirai’, hit the screens on May 11. One of the most talked about scene in the recently released Vishal’s film was the one on Aadhaar Card and Digital India. While there was not much of a mention of these in detail in the film, the makers have now released a hard hitting uncensored scene from the film, talking about Aadhaar Card and Digital India.

The one and a half minute deleted scene features a comedy scene between Robo Shankar and the popular Mullai-Gothandam duo at Samantha’s clinic.

 

Directed by debutant PS Mithran, ‘Irumbu Thirai’ stars Samantha Akkineni as the female lead, while actors Robo Shankar, Arjun Sarja and Delhi Ganesh play important roles. Particularly, ‘Irumbu Thirai’ was lauded for its racy screenplay and stellar performances by the lead actors. Produced by Vishal Film Factory, ‘Irumbu Thirai’ has music by Yuvan Shankar Raja.

Read the Order Here…

Read more at: http://www.livelaw.in/madras-hc-rejects-pil-against-movie-irumbuthirai-allegedly-for-spreading-misinformation-about-aadhaar-and-digital-india-read-order/

Related posts