Rss

  • stumble
  • youtube
  • linkedin

Archives for : UID

Thousands docs deleted by UIDAI in 2017 can be found on Wayback Machine #DestroyTheAadhaar #mustshare

 

by- 

 

Dear anti-Aadhaar activists, ex anti-Aadhaar activists, generally Aadhaar-opposed citizens, lawyers fighting Aadhaar & others, do check out lists of thousands of Aadhaar documents available on Wayback Machine, donwload and  expand your fight.

 

The documents include  RTIs, tenders, MoUs, terms and conditions, technical docs etc. . If you want to download the actual docs and save/upload somewhere else,be my guest.

 

Summary: Available archived urls of UIDAI:

3034 PDFs:

188 ZIP/RAR:

141 XLS/XLSX:

36 DOC/DOCX:

32 PPT/PPTX:

24 AV media:

 

Read more https://destroy-the-aadhaar.blogspot.in/2018/04/archived-pdf-documents-of-uidai-more.html

Related posts

#Aadhaar: “Fingerprint information is only of interest to palmists and for the growth of palmistry” – UIDAI Counsel Rakesh Dwivedi

The five-judge Constitutional bench headed by Chief Justice Dipak Misra, comprising Justices AK Sikri, AM Khanwilkar, DY Chandrachud and Ashok Bhushan on Thursday resumed hearing in the Aadhaar case.

Additional Solicitor General (ASG) Tushar Mehta, appearing for the Unique Identification Authority of India (UIDAI), contended that Rules can prescribe penalties under Prevention of Money-laundering (Maintenance of Records) Rules (PMLA Rules) for not providing or linking Aadhaar number for a bank account. However, the Bench raised several questions on this logic. Chief Justice Misra even asked Mr Mehta to show legal authority to show Rules may prescribe consequences of non-compliance as drastic like freezing bank account when the Act does not provide for it.
The ASG was submitting requirement for linking Aadhaar with bank account, and how failing to which can lead to account being frozen. He said, “There is plenary legislation of a valid statute Section 12 and 15 give the statutory status to the PMLA Rules under challenge.”

sflc.in

@SFLCin

ASG: only plenary law is considered with respect to “procedure established by law” is wrong. The rules can also be considered.
Freezing of bank account is not a penalty but just a consequence.
J. Sikri: It is a penalty. You’re depriving someone of their property.

sflc.in

@SFLCin

ASG says the point of such a consequence ( freezing of bank accounts) is so that money launderers render their account non operational.
CJI: Our only question is whether the consequence is mandated under law or is it an overreach.

Chief Justice Misra and Justice Bhushan pointed out that those provisions under the Act cannot give sanction to render a new account inoperative after six months. This is violation under Section 300A as alleged by Senior Counsel Arvind Datar in his submission.
“Conditions, limitations, consequences are all different under law,” the Chief Justice pointed out. Senior Advocate Rakesh Dwivedi, who is the representing Gujarat Government, contended that Aadhaar is mere a condition for opening a continuance of account.
Justice Bhushan pointed out that the condition mentioned in 12(c) only applies to verification and not about continuance of accounts.
Referring to existing accounts, Justice Sikri asked, “How you can freeze those accounts under the Act…even those validly opened accounts.”
Justice Chandrachud also opined that by any stretch Section 12 and Section 15 cannot sanction prescribing penalties by Rule making power.

sflc.in

@SFLCin

J. Chandrachud:Is the penal consequence authorized by the Act or rules itself?The Act only talks about verification of bank accounts.
Asg: The rules are part of the Act.Penal consequence is just an ancillary provision and can be provided by the rules.J. Chandrachud does not agree

However, ASG Mehta continued to contend that consequences of non-compliance can be prescribed by Rules.
Both Justice Sikri and Justice Chandrachud did not agree with the contention of the ASG. Justice Sikri says, “When someone cannot withdraw his property, it is a deprivation under Section 300A.”
Earlier, Justice Sikri had asked about status of a pensioner who can be deprived from receiving pension and operating own account. “A pensioner who is known to be a pensioner for so many years…what is the need to trouble him and harass him by not allowing him to withdraw on just the ground of no Aadhaar?”

Prasanna S@prasanna_s

Sikri J and DYC J roar at TM when he says this is only a consequence of non compliance and not penal.

Sikri J says when someone cannot withdraw his property, it is a 300A deprivation.

Sikri j earlier also asked about what about a pensioner who has been known to be a pensioner..

Prasanna S@prasanna_s

…who is known to be a pensioner for so many years…what is the need to trouble him and harrass him by not allowing him to withdraw on just the ground of no aadhaar.

The ASG contended that the power under PMLA Act of the law being able to reach the right beneficial owner of any entity is not under challenge.
Interjecting, Justice Sikri pointed out that Rule 9 (4) is challenged on proportionality where there are several other officially valid documents. He said, “What is the need to make Aadhaar compulsory when there are other officially valid documents available?”
Mr Mehta, however said that Aadhaar is the most robust and most fraud proof identity and other IDs do not have biometric.
While the ASG was reading the Rules under PMLA, Justice Chandrachud asked him to respond to contentions from Mr Datar.
Mr Datar had contended that “That the Rules are just subordinate legislation and that it is ultra vires Act. There is no provision under PMLA  to render a validly opened account in-operational and how is life insurance or health insurance included under the Rules?”
Senior Counsel Shyam Divan also raised the question of one time verification versus continuous verification.

Prasanna S@prasanna_s

TM says that is the very mischief sought to be remedied.

DYC J says the overall purpose is clear but that we are into the nitty gritty legalities.

Prasanna S@prasanna_s

Sikri J raises a question about “Designated Business” under the definition of Reporting Entity under PMLA.

TM says may be there are no notifications.

Shyam Divan points out that it is defined under 2 (sa).

TM now defends that (!) saying these are about prize schemes etc.

Senior Counsel Rakesh Dwivedi contended that nobody has been forced to get an Aadhaar and everyone has voluntarily gone and obtained an Aadhaar number!

Gautam Bhatia@gautambhatia88

RD says that he has never felt that he is under surveillance.

RD says that nobody has been forced to get an Aadhaar. In no city or village or any part of India has anyone been forced. He says that we all have voluntarily gone and gotten an Aadhaar card.

Gautam Bhatia@gautambhatia88

RD says that we have all gotten an Aadhaar card because we think it’s a useful thing.

RD says that if the government wants to surveil me, it has ample means. It doesn’t need Aadhaar. For example, it can monitor bank accounts for unusual activity under a master circular.

Calling petitioners to be engaged with ‘rhetorics’, Mr Dwivedi contended, “Reality of India is that the top 1% have 73% of the wealth. And the petitioners are saying that the government is spending time in real time surveillance.”
Mr Dwivedi admitted that surveillance has been happening, but there is not need of Aadhaar for this. “No government needs Aadhaar to surveil anybody. Every time he made a speech, some person from the special branch was present. If the government wants to surveil, it will do so without Aadhaar.”
Justice Chandrachud said the point is that technology is a powerful enabler of surveillance and misuse of data is one of the most pressing problems.
Responding to this, Mr Dwivedi, asked “Which data? Merely saying ‘metadata’ does not lead us anywhere. Aadhaar data cannot be compared with Google and Facebook. UIDAI does not have those kinds of tools.”

Gautam Bhatia@gautambhatia88

RD says that we don’t have learning algorithms. He says that the petitioners have been trying to confuse the Court. He says that S 32 prohibits the UIDAI from knowing the purpose of a transaction.

Chandrachud J says that that’s only a prohibition on sharing.

Gautam Bhatia@gautambhatia88

RD says that it is for the petitioners to show that the Act allows such powers.

Chandrachud J says that the Act doesn’t preclude you from acquiring those powers.

RD says that if the Court finds there is such power, it can strike it down.

The Counsel for Gujarat contended that the only purpose of Aadhaar is authentication.
Justice Chandrachud asked, “Then why you store the metadata? When the CEO of UIDAI made his presentation, technical experts showed that they learnt a lot about him from that.”
Replying to this, Mr Dwivedi said, “I do not know about Pandey. But I challenge anyone to disclose what they know about me, on any media. I am issuing an open challenge to technical experts”
Justice Sikri pointed out that the metadata tells you a lot about the nature of transaction. Mr Dwivedi, said, “The UIDAI does not know this.”
Justice Sikri says, “You will know if the authentication request has come from a hospital, or a chemist, or…”
Mr Dwivedi argued that this does not work like that. “The authentication request will come from, say, http://nic.com. I will not know if it comes from a hospital, or from anything else. Let us assume an authentication request comes from Apollo Hospital. I will not know which Apollo it is in the country – Chennai or Mumbai or Delhi. I will only know that it was Apollo. The only way in which surveillance can happen is if the government breaks the law and colludes with the UIDAI and sends the Central Bureau of Investigation (CBI) to find out if it was Apollo Delhi or Apollo Chennai. This is far fetched.”
Justice Chandrachud said, “The problem is not only at your end. We still do not have a data protection law. What about the requesting entity?”
Mr Dwivedi asked “What will the requesting entities surveil?”
Justice Chandrachud said, “Commercial surveillance is exactly what is happening. This will happen to your farmers as well.”

sflc.in

@SFLCin

RD: The authentication request will show from where the authentication request came (for example from Apollo hospital) but there’s no way to know the location from where it came. Also the identity of the person who requested authentication is not revealed.

sflc.in

@SFLCin

J. Chandrachud: the requesting entity can store the data, considering there is not even a robust data protection law. Commercial information about an individual is also a gold mine. Surveillance doesn’t have to be interpreted in the traditional sense.

The Counsel for Gujarat told that Bench that individual information about his is ‘trash’ and has no worth. “What use are my photographs to anyone. It is like molasses thrown out by factories. It later became a goldmine but at that time it was a nuisance. Mr Divan might be worried about privacy, but I am not. And I have spoken to hundreds of people and they are not either,” Mr Dwivedi said.
Justice Chandrachud, however, disagreed with this contention. He said, “It is not about whether 1.9 billion people care about privacy, but about information being unavailable.”
Mr Dwivedi contended, “Fingerprint information is only of interest to palmists and for the growth of palmistry.”
Justice Chandrachud said that, “The concern is not about fingerprints per se. The American cases are about the localised use of fingerprints such as entering some place. The issue is storage and then use for authentication.”

sflc.in

@SFLCin

RD: Millions like me do not care about privacy.
J. Chandrachud: Giving fingerprints for a limited particular purpose is okay. Under Aadhaar, fingerprints are means for storing data in a central database for the purpose of authentication. Thats a problem.

sflc.in

@SFLCin

RD says the biometrics are encrypted. Also the data is not shared with anyone. Even EU data protection law does not have the kind of protection that Aadhaar act has.
There is no reasonable expectation of privacy wrt demographic information

Ignoring this observation, Mr Dwivedi argued that the only pleading of petitioners is that the UIDAI can surveil and there is no pleading by them (petitioners) that the requesting entities can surveil and there is no challenge. “Petitioners are NGOs, they are better off suggesting improvements than picking at all the stitches,” he said.
Justice Chandrachud and Justice Sikri pointed out Section 29(3)(b) read with Section 57 allow for information to be shared with third parties even under contracts.
Mr Dwivedi, contended, “This is why you need a data protection law, to specify the terms of consent and an overseeing mechanism. In any case, you can never share core biometric information under Section 29(1).”

Gautam Bhatia@gautambhatia88

RD says that in any case you can never share core biometric information under Section 29(1).

Gautam Bhatia@gautambhatia88

Chandrachud J says that this Act is not just about Section 7 or the UIDAI, but goes much beyond, and must be interpreted very carefully.

RD says that the Court can interpret the Act to make it reasonable. The court should not be a crusader, but a medical man.

Justice Chandrachud pointed out that Section 29(3) makes it possible to share biometric information.
“It can be read down to exclude sharing of biometric information. The requesting entity cannot retain a copy of the PID block. So it must be read like that. The core biometric data is kept in the CIDR and cannot be shared,” Mr Dwivedi replied.
Justice Chandrachud pointed out that UIDAI can only control what it has control over.
https://www.moneylife.in/article/aadhaar-ldquofingerprint-information-is-only-of-interest-to-palmists-and-for-the-growth-of-palmistryrdquo-ndash-senior-counsel-rakesh-dwivedi/53724.html

Related posts

Supreme Court refers to Cambridge Analytica breach in #Aadhaar hearing, raises concerns

By Samanwaya Rautray, ET Bureau|

New Delhi: The Supreme Court on Thursday raised the controversy involving Cambridge Analytica (CA), which was accused of analysing personal data to help target voters, to express its concern over Aadhaar data leaks.

“Purloining of data… for the purpose of influencing elections in some of the most powerful nations… is an issue,” Justice DY Chandrachud said, referring to the recent controversy surrounding Cambridge Analytica.

Justice Chandrachud is part of a five-judge bench led by Chief Justice of India Dipak Misra that is hearing a challenge to the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act.

Rakesh Dwivedi, counsel for the Unique Identification Authority of India (UIDAI), which administers Aadhaar, dismissed such fears, saying the authority doesn’t have the tools or the algorithms used by Facebook and Google.

“We do not have the tools to analyse these data. The Act precludes us from getting any. If we have that power, please strike it down. To undertake any surveillance, we will have to conspire and collude with the Central government,” he said.

Justice Chandrachud then demanded to know the purpose of storing metadata. “Storage opens up a whole new universe. Technology is a great enabler to surveillance,” he told Dwivedi when he argued that the state did not need Aadhaar to act as a “big brother” and put everybody under surveillance.

“We cannot even tamper with the servers,” Dwivedi told Justice Chandrachud, who was far from happy with the explanations. “The 1.2 billion Indians may be poor, but their data is a goldmine of commercially sensitive information,” Justice Chandrachud said.

The senior advocate, who also argued for the state of Gujarat, tried to explain that identity information without biometric data can only be shared with third parties after getting the consent of the person.

However, Justice Chandrachud dismissed the consent forms as standard forms that deny a service if consent is not given. 

The judge flagged his concerns over the alleged lack of control of UIDAI over data shared with third parties requesting verification or authentication. 

“You have no control over registering entities. They are in the uncharted sea,” he said. 

The court debated whether the government could insist on validation of pre-verified old bank accounts with Aadhaar. The government insisted that it could in view of the spurious bank accounts through which terror financing was carried out.

Read more at:

//economictimes.indiatimes.com/articleshow/63740617.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

Related posts

“Tomorrow May Say Give Blood Sample”: Supreme Court Judge On Aadhaar Body Powers

During Wednesday’s hearing, judges of the Supreme Court questioned the government about “excessive delegation of powers” to the UIDAI.

All India | Reported by A Vaidyanathan, Edited by Aloke Tikku | 

'Tomorrow May Say Give Blood Sample': Supreme Court Judge On Aadhaar Body Powers

Centre told Supreme Court not to intervene with its Aadhaar law, saying it would slow down development

NEW DELHI:  The UIDAI, which runs the Aadhaar identification programme, has been given wide powers and could tomorrow ask people to give their blood samples too, a Supreme Court judge asked on Wednesday, expressing concern at the extent of powers that the 2016 Aadhaar law had given to the UIDAI, or the Unique Identification Authority of India. “Is this not an excessive delegation of power and violation of right to privacy,” Justice DY Chandrachud observed during the five-judge bench’s hearing today on a batch of petitions that challenge the programme.

Justice Chandrachud was pointing to provisions in the Aadhaar law that empowers the UIDAI to enrol, apart from fingerprints and Iris scan, “any other biological attributes” of an individual.

It is too open-ended, he remarked.

“Tomorrow, UIDAI may even say give your blood sample for doing DNA test,” the judge asked.

The centre’s top lawyer KK Venugopal said he couldn’t say about tomorrow.

“It is possible that blood, urine or saliva samples are collected. As and when it happens there are several NGOs who will challenge the same and this court can examine it at that stage,” Mr Venugopal told the constitution bench headed by Chief Justice of India Dipak Misra.

To Mr Venugopal’s assertion that collection of biometric and demographic data including fingerprints for Aadhaar did not violate privacy, Justice Chandrachud said “pervasive use” of fingerprints beyond a specific purpose appeared to be a problem and breaches proportionality. It isn’t a problem when it is used at a limited level like in the case of prisoner identification.

The centre, however, insisted that finger printing was no more considered a stigma and used for various purposes.

The court, which has held about 25 day-long hearings since it took up the petition for a final decision in January, also heard the government’s top lawyer insisting that the court should steer clear of intervening in policy decisions taken by the government.

“If there is judicial review of every administrative action, then development will slow down,” Mr Venugopal said, underlining that the court should not interfere if the legislation is in national interest. He went on to describe Aadhaar as a critical step towards access to benefits by marginalised sections of society and for promoting inclusiveness.

Aadhaar was launched by the previous UPA in 2009-10 to reduce the government’s subsidy bill and improve the delivery of services.Campaigners and experts have raised concerns about privacy and the safety of the data, the susceptibility of biometrics to failure, and the misuse of data for profiling or increased surveillance.

Related posts

Aadhaar hearing: Petitioners question UIDAI on verification of residency requirement, de-duplication rejections and authentication failures

On Day 23 of the Aadhaar case, the questions posed by the petitioners on the PowerPoint presentation made by the UIDAI were answered. The questions posed included: number of authentication failures and de-duplication rejections, on whether a person’s identity was actually verified or only biometrics matched, whether the documents provided at the time of enrolment were verified and whether any actual verification was done to ensure that the persons enrolling were actually residents for 182 days.

Representational image. Reuters

Representational image. Reuters

Thereafter, the Attorney General continued his arguments on the constitutionality of Aadhaar.

Questions to the UIDAI

First, the CEO of the UIDAI answered the questions raised by the petitioners.

The main responses provided by the UIDAI are as follows (The full list of the UIDAI’s answers to the petitioner’s questions are here):

1. Six percent authentication failure: On authentication failures, the UIDAI claimed that there were 9.2 lakh failed iris-based authentication transactions or 8.54 percent failure, and 3.6 crores failed fingerprint-based authentication transactions, or six percent failure. The UIDAI could only provide national figures since it did not collect location details (for state-specific details).

2. Biometric exceptions: When questioned on the issue of biometric exceptions, for people such as leprosy patients whose fingerprints failed, UIDAI said that they have the option of using iris-based authentication. A digitally signed QR code in e-Aadhaar has been implemented as an exception handling mechanism, which allows agencies to verify the Aadhaar card in an offline manner. The Section 5 of the Aadhaar Act and Regulation 6 of the Aadhaar (Enrolment and Update) Regulations were cited as the legal backing to biometric exceptions.

3. School as introducer: The school cannot act as an introducer for the enrolment of children aged 5-15 years. Parental consent is required.

4. No opt-out mechanism: There will be no opt-out mechanism under the Aadhaar Act, even once children reach 18 years. People only have the option to lock their biometric authentication.

5. 6.9 Crore de-duplication rejections: So far, there has been 6.9 crore de-duplication rejections by the UIDAI. The UIDAI sees the lack of complaints to the authority or the Courts for denial of Aadhaar numbers as evidence that those who were genuine enrollers have re-registered, and the rest were fraudulent applications.

6. Eighteen crore enrolment packets rejected: As of 2018, 18 crore enrolment packets have been rejected for various reasons including data quality-based rejections (such as incomplete address), head of family or introducer’s biometric validation failed, etc. Further, enrolment packets, even of rejected applications, are archived in the CIDR.

7. Responses to authentication query: It was clarified that Section 8(4) of the Aadhaar Act, which allows a response of ‘yes’, ‘no’, or ‘any other appropriate response’ to an authentication query, refers to either a ‘yes’ or ‘no’ response or to an e-KYC authentication.

8. Verification of enrolment documents: The documents provided for enrolment or updating are verified as genuine or false by the person appointed by the Registrar or Enrolment agency for this purpose.

9. Verifying person’s identity during authentication: The UIDAI was asked if it actually identifies the person, or simply matches biometric received at the time of authentication with its records. To this, the UIDAI simply confirmed that biometric matching is done with its records, and a ‘yes’ response indicates a positive identification of the Aadhaar number holder. The Aadhaar enrolment procedures and the standards of its matching systems were also cited. De-duplication to ensure uniqueness of identity was also cited.

10. Probabilistic matching of biometrics: The UIDAI stated that Aadhaar is based on 1:1 matching, and ‘in that sense’ is not probabilistic. Aadhaar Proof of Concept of Studies was cited which show that over 98 percent people authenticated successfully using Aadhaar.

11. Removal of 49,000 enrolment operators: When asked why 49,000 enrolment operators were removed (failure to verify documents, failure to maintain records of submitted documents, misuse of submitted information or aiding false enrolments), the UIDAI stated that the blacklisting maybe for one of these reasons: illegally charging a resident for Aadhaar enrolment, poor demographic data quality, invalid biometric exceptions, and other process malpractices.

12. Verification of residence of 182 days or illegal immigrants: When asked if any verification was done to ensure that the person enrolling was resident in India for 182 days, or was not an illegal immigrant, the UIDAI stated only the resident’s signed declaration that he had been a resident was required and that Aadhaar could be provided to a foreign national also.

13. Storage of information in biometric readers: Introduction of registered devices, according to the UIDAI, ensures the encapsulation of the biometric capture, signing, and encryption of biometrics all within it. This rules out the possibility of stored biometrics and replay.

A man goes through the process of eye scanning for the Unique Identification (UID) database system, Aadhaar, at a registration centre in New Delhi, India. Image: Reuters

A man goes through the process of eye scanning for the Unique Identification (UID) database system, Aadhaar, at a registration centre in New Delhi, India. Image: Reuters

14. Retention of data by Aadhaar entities: The UIDAI stated that no logs were required to be kept by entities in relation to IP address of the device, GPS coordinates of the device and purpose of authentication. The data logged by them includes Aadhaar number, parameters of submitted authentication request and response, and record of consent of the Aadhaar number holder for the authentication. When asked to confirm if such entities, AuAs, KuAs, authentication service agencies such as Airtel, etc., formed a part of the Aadhaar architecture, the UIDAI stated that such entities were appointed by it under the Aadhaar (Authentication) Regulations.

15. Traceability features: The UIDAI was asked if ‘traceability’ features allow the UIDAI to track the specific device and its location from where each authentication takes place. The UIDAI responded that it stores data on Authentication User Agency (AUA) code, Authentication Service Agency (ASA) code, unique device code, registered device code used for authentication, but not information on IP address and GPS location.

Aadhaar Act is a just, fair, and a reasonable law.

After completing the responses to the petitioner’s questions, the Attorney General resumed his arguments for the State. He argued that Aadhaar fulfilled the tests laid down in the Puttaswamy judgement for a reasonable restriction on the right to privacy. He argued that Aadhaar collected the least possible data required for the purpose. He also cited the Right to Information Act as an example of a reasonable restriction on privacy in the larger public interest.

The Aadhaar Act, he argued, is a just, fair, and a reasonable law. The motive of Aadhaar was in the larger public interest, to prevent dissipation of social welfare benefits, preventing black money, and money laundering. These, he argued, were legitimate state interests, and further, the Court could not second-guess the intent of the legislature. The Aadhaar Act, thus, meets the test of proportionality by showing a rational nexus between the means used and the goals to be achieved.

The hearings will continue on 4 April 2018.

Sources of arguments include live-tweeting of the case by SFLC.inGautam Bhatia and Prasanna S, and Responses of the UIDAI to the Petitioners questions, available here

The author is a lawyer and author specialising in technology laws. She is also a certified information privacy professional.

Related posts

India – Privacy, profit and control #Aadhaar

 

 

by- Usha Ramanathan

Is privacy dead? These are strange times when this is treated as a reasonable inquiry. Or even as rhetorical, not needing any serious response: of course, it is dead. Let it be laid to rest, and let the ambitions of control, commerce and profit be pursued unhindered. The conversation about privacy has been deliberately turned on its head.

 

About half a decade ago, as technologies were developed that could make huge profits out of personal data, and when state and corporate control of people began to emerge as clear political and commercial possibilities, we began to get asked: why do you want a right to privacy? Why would you ask for privacy if you have done no wrong? Corollary: if you have done wrong, why should you be allowed to hide? The real question, however, was: why did we have guilt thrust on us if we asserted the right to privacy? Who was it that wanted the privacy right to disappear?

 

In 2013, Edward Snowden gave us a graphic narrative. What he introduced us to was a surveillance state that was collecting large amounts of personal information about anyone they could get their metaphorical hands on. A secret court, with secret hearings, issuing secret orders authorising the collection of information about whole populations from whatever source they could tap.

Even before Snowden warned us that the state was trying to erase the right to privacy and we needed to beware, the UID project had already begun to roll out another narrative. A project that was launched as intending to provide those in poverty with a means of identifying themselves to the state so that they could get their entitlements soon became something entirely different. Three words that were used to describe the project spoke volumes: unique, ubiquitous, universal. Initially, we were led to think that each of us would acquire a unique identity through the project. It took a few years for it to become plain that it was not about a unique identity at all-for the biometrics on which such identity was based had been untested and is, in fact, failing with remarkable frequency in the field; it was about being identified by ‘user’ and ‘requiring’ agencies. The UID is a number attached to a biometric; but the biometrics often do not work. What is left is a number, which we are asked to seed in every database, facilitating profiling, tracking, labelling, tagging. Soon, it was not voluntary any more. Consent became irrelevant. And, from being marketed as an enabler for inclusion, it soon began to exclude those not on the database, those whose biometrics would not work, those without mobile phones, and those who refused to submit to the bullying and threats. By the time the Aadhaar Act was passed as a Money Bill in 2016, the focus had shifted from the citizen to the resident to the customer-hence e-KYC, with ‘C’ being customer. Companies-and Khosla Labs is one such-have joined the litigation asking that nothing be changed in either the law or the project as it is now, or else their businesses will fold up! Their business is all about our personally identifiable information.

 

This being the project, it is no wonder that the government declared in the Supreme Court, through the Attorney General, that the people of this country do not have a right to privacy. In August 2017, a bench of nine judges unanimously declared that privacy is not just a fundamental right but that the right to dignity, life and personal liberty would all be set at nought without the right to privacy. The UIDAI stubbornly refuses to acknowledge the problems with the project.

This project started off as an identity project; quickly morphed into an ‘identification’ project through the seeding of numbers in multiple databases; prodded the technology community to see its potential as ‘an identity platform on which many apps may be built’; and, very recently, has been projected as being a ‘universal infrastructure’ with ‘universal access’. It should cause no surprise that Google, WhatsApp, Microsoft, Amazon, Facebook have all become eager to collect the UID number.

The universe of the UID has been expanding amidst coercion and threats. Demonetisation pushed the cashless agenda. Cashless is, of course, not just cashless, but also promoted as being paperless, ‘presenceless’, with e-sign, e-KYC, digital locker and a ‘consent architecture’, all of which ride on the UID infrastructure. The National Payment Corporation of India, and its product, the UPI or Unified Payment Interface, is based on the UID number. GSTN, the Goods and Services Tax Network, which is a private company handling all governmental data generated through the GST regime, has the UID number embedded with every GST return filed; and the prime minister has said that he wants them to create algorithms that will profile those in the MSME sector, and he will decide how to use that information. A medical insurance plan launched by the government has Nandan Nilekani working with a committee to leverage the UID number in the infrastructure that is being installed.

In the meantime, Nilekani, who has been leading from the front in gaining ubiquity for the UID project, GSTN, NPCI, cashless, vehicle tracking systems and more, has made another ambition clear. He calls it ‘trickle up’. Simply stated, most people in this country do not have wealth that they can spend in the market. They do, however, have what business wants, and that is data, about themselves-personal information. Services, including credit, will be provided only to those who leave digital footprints, and who will render themselves visible to technology controllers and agencies. The personal information will trickle up and create business and profits for those who gather this information and make products and services that they will then put in the market.

There is a striking similarity between this imagination and the social credit system that is in place in China. The social credit system uses digital presence, activity and inactivity to assess how acceptable or otherwise each individual is. Who your friends are, what their habits and propensities are, how they speak of the government and what they think is funny, whether they are rebellious or complaisant; and all that they garner will determine their rating. That will decide what they will be allowed to do, including the class of travel by train. Those who have little or no activity on the networks that allow them to be tracked and profiled will not escape the net; they will simply fall outside it, disentitling them from most of civil life.

It is this rampant takeover of all our information, and the collaboration between the state and business interests, that is raising the pitch about the possible end of privacy.

Facebook and Cambridge Analytica have kindly presented us with another view of privacy invasions. It is now plain that privacy policies do not say much, and are understood even less. When there is a breach of privacy, we may not even know it, nor understand its implications. In this case, Facebook provides the platform on which we park our information, and Cambridge Analytica uses it to manipulate people, for a price. This is not about privacy. This is about business without ethics, and without boundaries.

 

In these strange times, governments and businesses see the potential for control, and profit, in denying the right to privacy even as a constitutional court likens privacy to liberty, dignity and autonomy. People stand somewhere in between, unsure how to defend themselves from the allegation that interest in privacy is a sign of guilt.

Related posts

UIDAI CEO Gave The Supreme Court His Aadhaar Logs, Now Twitter Knows Everything About Him

Read the thread to know more about Pandey’s life.

HINDUSTAN TIMES VIA GETTY IMAGES
Ajay Bhushan Pandey, CEO of UIDAI.

Ajay Bhushan Pandey, CEO of the Universal Identification Authority of India (UIDAI), the agency that implements India’s controversial Aadhaar project, shared his authentication logs with the Constitutional bench of the Supreme Court last week.

His aim, ostensibly, was to show how Aadhaar incorporates “privacy by design”, to quote the accompanying power-point presentation.

It wasn’t long before Aadhaar critics on Twitter poured through his logs and proved just the opposite.

Cybersecurity analyst and software developer, Anand Venkatanarayanan, revealed how just looking at six months worth of authentication data could offer clues to Pandey’s physical movements, his phone service provider, the banks where he has his accounts, and even his daily schedule.

Two failed attempts to link his ICICI bank account to his Aadhaar at midnight on Republic Day, for instance, suggests seeding bank accounts with Aadhaar is giving the UIDAI CEO sleepless nights as well.

Other gems include the fact that only one transaction in the past six months was authorised using his biometrics. The transaction, which was conducted at IDFC bank a day before the Court re-convened to discuss the Aadhaar matter, failed.

Privacy advocates have long maintained that seeding Aadhaar with other forms of identification allows for the creation of detailed databases that can be used to track citizens.

Read the thread to know more about Pandey’s life.

Anand V@iam_anandv

So everyone is citing Authentication failures on @ceo_uidai‘s authentication history, but I can understand quite a bit about his life with just that. Let us begin. 👇

Anand V@iam_anandv

He has a Vodafone phone and did not link it until last week for the court demo (OR) He just bought a new one. Given his position and status, this is most likely a Post Paid connection.

Anand V@iam_anandv

He used “UIDAI Services”. That is not an internal AUA and not a public one. So we can conclude that he was browsing the web then from the confines of his office during this time among other things.

Anand V@iam_anandv

Another “internal” AUA. With the transaction name of the AUA, it is easy to conclude that he was using a Demo Application. Hence most likely he was giving a Presentation to someone on the greatness of Aadhaar.

Anand V@iam_anandv

Another “Internal AUA” at 8 PM in the night, one after another within a minute. OK. Pandeyji had a busy day in office that day. He definitely came home late and did not reach before 9 PM.

Anand V@iam_anandv

OK. OTP linking at midnight. He definitely has 3 accounts with ICICI Bank. May be a credit card (OR) 2 bank accounts (OR) 3 bank accounts. He has linked them all on Republic day. So he was not in office but is doing it from his home. Why 3 accounts? UKC:XXX is different.

Anand V@iam_anandv

OK. OTP linking at midnight. He definitely has 3 accounts with ICICI Bank. May be a credit card (OR) 2 bank accounts (OR) 3 bank accounts. He has linked them all on Republic day. So he was not in office but is doing it from his home. Why 3 accounts? UKC:XXX is different. pic.twitter.com/RIPGA18rDl

Anand V@iam_anandv

Another “Internal Auth Service Monitoring” at Republic day at 7 PM? Hmnn, he was probably in office checking out some data centers. May be they have a special PIN based terminal for him to go in. That is one hypothesis. Let us keep that to ourselves for now. pic.twitter.com/3BnKZpfDJd

View image on Twitter

Anand V@iam_anandv

He has a Vodafone phone and did not link it until last week for the court demo (OR) He just bought a new one. Given his position and status, this is most likely a Post Paid connection.

Anand V@iam_anandv

He used “UIDAI Services”. That is not an internal AUA and not a public one. So we can conclude that he was browsing the web then from the confines of his office during this time among other things.

Related posts

Fake #Aadhaar Card of an actress used to book room in a star hotel #WTFnews

Narayan Namboodiri| TNN |

Police on Tuesday has registered a case of cheating, fraud and misusing the identity details of Bollywood actress Urvashi Rautela to book hotel room in a star hotel in Bandra (West).

Around 10:30 pm on Tuesday, a hotel employee told her that a room was booked in her name. She denied having done so and immediately went through the hotel’s booking details. It was found that the booking was done online,” said a police source.

At that the hotel staff approached Rautela and informed her that a room is being booked in her name through online booking. In the complaint, Rautela said, “I asked my secretary about it and learnt that there is no booking being done and some one has misused my Aadhar Card details to book a room in the star hotel.”

Bandra police has registered a case under the Indian Penal Code sections for cheating and impersonation and under the IT Act against unidentified person. “Preliminary probe has revealed that the fraudsters has used her name, address details and her photo of Rautela to book the room online. However the aadhar card number does not match. Probe is on to know the motive behind it. ”

Police have registered a case under section 420 (cheating and dishonestly inducing delivery of property) and relevant sections of the IT act.

“Investigators are also scanning the IP address records to find from where the booking was done,” said a police official.

Paramjit Singh Dahiya, DCP, Zone 9, confirmed that an FIR has been registered.

Rautela is an Indian film actress and model who predominantly works in Hindi films. She was crowned Miss Diva – 2015 and represented India at the Miss Universe 2015 pageant.

Related posts

Aadhaar: Is India’s biometric ID scheme hurting the poor?

Jama SinghImage copyrightRONNY SEN
Image captionJama Singh has an Aadhaar number but he can’t use it as his age has been listed as 102

For six to seven days every month, says Muniya Devi, her five-member family doesn’t get food to eat.

The frail 31-year-old lives with her children in an arid village in Jharkhand, one of India’s poorest states. Her husband, Bushan, works in a brick kiln some 65km (40 miles) away, earning 130 rupees ($1.90; £1.40) a day.

For the last three years, they have been deprived of subsidised food from India’s vast public distribution system, a lifeline for the poor. That is not because supplies have dried up at the neighbourhood shop, but because their ration cards have not been linked to their biometric-based 12-digit personal identification numbers.

A BBC investigation found many others in the state with similar complaints.

More than a billion Indians now have the ID number, called Aadhaar, meaning foundation in Hindi. What started as a voluntary programme to tackle benefit fraud has now grown into the world’s most ambitious, and controversial, digital identity programme. It has also become increasingly necessary for financial transactions and access to social welfare.

Three months ago Muniya Devi travelled some 35km to the nearest town to submit the forms and papers necessary to get her family’s ration cards linked to Aadhaar.

People at the office demanded a bribe to get the job done, so she paid them 400 rupees, nearly four days of family earnings.

Image copyright

“They say the network is down, the computer is not working. And I keep borrowing food to feed my family,” she told me.

In Vishnubandh where Muniya Devi lives, the majority of the 282 families are landless. On good days, a meal means rice and a potato and fava beans curry. On bad days, there’s nothing. Hunger is a constant companion.

At least Muniya Devi has company in her misery. The food rations of 60 out of 350 beneficiaries in the village have been discontinued after they failed to link their cards to Aadhaar in time.

Most of them tell stories about fruitless trips to government offices and paying bribes. The government made the linkage mandatory some two years ago, a move economist and activist Jean Dreze calls “coercive and anti-poor”.

‘Starvation death’

Things came to a head in September when reports emerged that an 11-year-old girl had died of starvation in the state’s Simdega district, months after her family stopped getting subsidised food because they failed to link their ration cards to Aadhaar.

Santoshi Kumari, a school dropout, had gone without food for four days before she had salt and tea. She died a few hours later. A senior official told me that the allegation that she died of starvation “could not be substantiated”.

“There have been half-a-dozen such reported deaths,” says Dr Dreze. “We can differ on whether they died of starvation, but the fact is that in all these cases there was no food at home for days because of some Aadhaar-related issue.”

That’s not all. Last March, Jharkhand cancelled some 760,000 “fake” food-ration cards. Dr Dreze believes most of them were annulled because they were not linked to Aadhaar, resulting in thousands of people being deprived of food.

“Investigations are going on to find out why these cards were cancelled,” an official told me.

sxxxImage copyrightRONNY SEN
Image captionNajma Bibi says she had to pay a bribe to become eligible for her old age pension

Under the law, ration shops – there are more than 25,000 such shops distributing more than two million tonnes of subsidised food in Jharkhand – cannot deny supplies to those who are eligible just because they don’t have Aadhaar or have failed to link it to their ration cards.

But the evidence on the ground is mixed as many intended recipients are still being turned away.

“I admit that in some places there’s a problem with our messaging and people are not getting the information that no Aadhaar doesn’t mean no food,” Jharkhand’s top official in charge of food supplies, Amitabh Kaushal, told me.

“We will have to fix that.”

But critics say the government is speaking with a forked tongue. Dr Dreze says he has video evidence of a senior official telling villagers recently that “without Aadhaar it was not possible to get a ration card”, effectively cutting off access to subsidised food.

Mr Kaushal insists, though, that the number of people not getting access to subsidised food is paltry. “What you are seeing are the rarest of the rare cases,” he says.

He says the ration cards of more than 80% of the 26 million beneficiaries of subsidised food in the state have already been linked to Aadhaar. More importantly, he says, 99% of beneficiary households have been linked to the number, meaning that at least one member of the family has access to cheap food.

Dr Dreze says that the high linkage rates are “not surprising after you’ve cancelled so many ration cards not linked to Aadhaar in the first place”.

Railo DeviImage copyrightRONNY SEN
Image captionRailo Devi has not been receiving her pension for over a year

Mr Kaushal also denies the allegation that ration shops are turning away a large number of beneficiaries who are having problems authenticating their thumbprint on hand-held networked machines, which sometimes don’t work because of poor internet connections or power cuts.

In January alone, he says, 800,000 of the 4.7 million “food transactions” were “offline” – food given away despite Aadhaar-related glitches.

Many pensioners in Jharkhand are in the same bind. There are some 1.2 million elderly, widowed and disabled people who are eligible for monthly pensions of 600-800 rupees.

Last year, the government made it mandatory to link pensions to Aadhaar and also struck off 300,000 “fake” pensioners from the list of beneficiaries.

A study by independent researchers Risabh Malhotra and Anmol Somanchi found that fakes make up a fraction of deleted pensions.

“In the process,” they say, “many genuine pensioners have been excluded.” Critics say this has mainly happened because of mistakes made by data operators, resulting in discrepancies in name and age.

Faulty linking

Such errors have led to tragicomic results. Due to absence of birth certificates or mistakes by overworked data operators, residents of entire villages share the New Year Day of different years as their birth date.

Jama Singh, a wizened old farmer living in Sadwadih village, is unable to qualify for a pension because his Aadhaar card lists his age as 102 years.

“When we took him to banks to open an account, they told us that their software doesn’t allow them to enter a three-digit age. So now officials are telling us to declare him 80 years old and apply for a new Aadhaar,” Pachathi Singh, a neighbour, told me.

“I don’t know how old I am, but there are people younger than me here who are getting old age pensions,” Jama Singh told me. “Is that fair?”

Rajkumari DeviImage copyrightRONNY SEN
Image captionRajkumari Devi’s pension stopped last October because she had not linked her bank account to Aadhaar

In Khunti, some 100km away from Vishnubandh, some 20,000 pension holders – mostly women – have been deleted from the list of beneficiaries because of “faulty linking” with bank accounts, say activists. Rajkumari Devi’s pension, for example, stopped last October because she had not linked her bank account to Aadhaar.

The 84-year-old has spent nearly a month’s worth of pension money going to the banks in the nearest town to get the matter fixed. The bank tells her the “money is not coming”. Her savings have dwindled to 73 rupees, and her dignity is broken.

When her son tells her that he will continue to take care of her, Rajkumari Devi admonishes him.

“My money is my money,” she says. “Why should I live on your benevolence?”

 

BBC

Related posts

CBDT extends PAN-Aadhaar linking deadline to June 30 #Goodnews

NEW DELHI: The CBDT today extended the deadline for the PAN-Aadhaar linking to June 30.
The policy-making body of the tax department issued an order extending the deadline from the current last date of March 31.

The order said the deadline for PAN-Aadhaar linking for filing I-T returns is being extended after “consideration of the matter”.

It is understood that the latest order by the Central Board of Direct Taxes (CBDT) has come in the backdrop of the Supreme Court, earlier this month, directing extension of the March 31 deadline for linking Aadhaar with various other services.

The apex court ordered for the extension in the deadline till the five-judge constitution bench delivers its judgment on petitions challenging the validity of the biometric scheme and the enabling law.

This is the fourth extension given by the government for individuals to link their Permanent Account Number with their biometric ID (Aadhaar).

The government has now made quoting of Aadhaar mandatory for filing income tax returns as well as obtaining a new PAN. Section 139 AA (2) of the Income Tax Act says that every person having PAN as on July 1, 2017, and eligible to obtain Aadhaar, must intimate his Aadhaar number to the tax authorities.

As per updated data till March 5, over 16.65 crore PANs, out of the total about 33 crore, have been linked with Aadhaar. The earlier deadlines for linking the two databases were July 31, Aug. 31 and Dec. 31, 2017, with the last being March 31 this year.

Related posts