uid

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win. -Mahatma Gandhi

In matters of conscience, the law of the majority has no place. Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.” -A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.
Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant. Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017


Special

Here is what the Parliament Standing Committee on Finance, which examined the draft N I A Bill said.

1. There is no feasibility study of the project]

2. The project was approved in haste

3. The system has far-reaching consequences for national security

4. The project is directionless with no clarity of purpose

5. It is built on unreliable and untested technology

6. The exercise becomes futile in case the project does not continue beyond the present number of 200 million enrolments

7. There is lack of coordination and difference of views between various departments and ministries of government on the project

Quotes

What was said before the elections:

NPR & UID aiding Aliens – Narendra Modi

"I don't agree to Nandan Nilekeni and his madcap (UID) scheme which he is trying to promote," Senior BJP Leader Yashwant Sinha, Sept 2012

"All we have to show for the hundreds of thousands of crore spent on Aadhar is a Congress ticket for Nilekani" Yashwant Sinha.(27/02/2014)

TV Mohandas Pai, former chief financial officer and head of human resources, tweeted: "selling his soul for power; made his money in the company wedded to meritocracy." Money Life Article

Nilekani’s reporting structure is unprecedented in history; he reports directly to the Prime Minister, thus bypassing all checks and balances in government - Home Minister Chidambaram

To refer to Aadhaar as an anti corruption tool despite overwhelming evidence to the contrary is mystifying. That it is now officially a Rs.50,000 Crores solution searching for an explanation is also without any doubt. -- Statement by Rajeev Chandrasekhar, MP & Member, Standing Committee on Finance

Finance minister P Chidambaram’s statement, in an exit interview to this newspaper, that Aadhaar needs to be re-thought completely is probably the last nail in its coffin. :-) Financial Express

The Rural Development Ministry headed by Jairam Ramesh created a road Block and refused to make Aadhaar mandatory for making wage payment to people enrolled under the world’s largest social security scheme NRGA unless all residents are covered.


Search This Blog

Wednesday, August 23, 2017

11839 - Triple talaq and right to privacy: Supreme Court judgments expected this week - Hindustan Times

Triple talaq and right to privacy: Supreme Court judgments expected this week
The government is in favour of scrapping triple talaq, saying it violates the right to equality and is biased against women.
INDIA Updated: Aug 20, 2017 23:50 Ist

Ashok Bagriya 
Hindustan Times, New Delhi

The Supreme Court will hear two major cases this week.(REUTERS)

This week could be a turning point for gender justice and civil rights in India, with the Supreme Court expected to decide on the controversial Muslim divorce practice of triple talaq and if privacy is a fundamental right.

Reserving judgments, Chief Justice of India JS Khehar, who presided over hearings in both the cases, had said the verdicts would be pronounced soon.
The CJI retires on August 27, which leaves him only five days to come out with the verdict in the cases that have generated a lot of interest and political heat.
In the Shayara Bano case, the court will decide if the practice of triple talaq discriminated against Muslim women.
Bano, a resident of Uttarakhand, turned to the court in 2015 after her husband ended their 15-year marriage by sending a letter with the word talaq written thrice.
Subsequently, several Muslim women and organisations petitioned the court to scrap the custom.


The government is in favour of scrapping triple talaq, saying it violates the right to equality and is biased against women.
The Muslim personal law board has opposed “judicial interference” in matters of Muslim faith.
The decision in the privacy case will have a bearing on Aadhaar, the 12-digit biometric unique identity number, which the government is pushing for to plug leaks in various welfare schemes.
Critics say it violates privacy and helps government spy on people. While hearing petitions against Aadhaar, the court said it first needed to decide if privacy was a fundamental right.
The government says citizens have a right to privacy but it is not an absolute right.
Judges have differed with the government, saying, “Textually it is correct today that there is no right to privacy in the constitution. But even freedom of press is not expressly stated. This court has interpreted it.”

11838 - Crime branch video records accused preparing fake currencies - TNN

TNN | Updated: Aug 20, 2017, 10:55 AM IST

NAGPUR: The crime branch sleuths on Saturday video recorded the manner in which the racketeers, now in police custody till August 23, prepared the fake Aadhaar cards and currency notes for distribution in several districts, including Hingoli, in the last couple of months. The video recording will be used as an evidence against them for preparing fake currency notes and Aadhaar cards. 

Two more persons involved in the racket, apart from the five already in custody, are now under radar of the crime branch for playing the role of suppliers who took the fake notes to Hingoli. The five accused have been identified as Mohd Ikrar, Mohd Zeeshan, Abdul Rajik, Ashish Sathe and Shoaib Khan. Sathe helped his accomplices in editing the Aadhaar cards. 

The racketeers, who operated from Awasthi Nagar chowk-based mobile shop owned by Ikrar, were nabbed on August 17. Hingoli police got whiff of the racket after they seized fake currency worth Rs90,000 from two persons at Mominpura. The racketeers, including Ikrar, earlier worked as auto-dealers, police said. 

Ikrar and his gang have already admitted their involvement in supplying the fake currency notes to Hingoli but refused to divulge more before the cops.

A senior officer said the fake currencies prepared by the racketeers appear to be almost similar to that of the original ones. "The gang has been using various types of papers to bring almost similar feel of the fake notes," the officer said. 

LATEST COMMENT
Special team should be formed with a dedicated task to ensure the entire racket should be unearthed and put behind the bars.
Soumitra Bose

"The gang is not cooperating with police during the interrogation. We believe that they have their networks in other districts also and were in the process of spreading it across the state," said a senior officer.

He further said the investigation in the case is likely to gather pace after the probe enter the advanced stage. "At present, police are trying to assimilate maximum number of evidences against the gang," said the officer and ruled out of any international or anti-national link of the racket.


11837 - Haryana to Prepare Aadhaar-Based Database of its Residents - Khabhar India



BY MAINLOGIN ON AUGUST 19, 2017

Haryana government today said it has decided to prepare an Aadhaar-based database of all the residents of the state which would enable in providing benefits of various schemes in a transparent manner. Under state resident database (SRDB) scheme, a public service survey would be conducted and data would be collected from all the households. PK Das, Haryana Additional Chief Secretary, School Education Department, divulged the details in this regard while presiding over a meeting with officers in Sonepat today, said an official release. Preparations for implementation of SRDB were discussed in the meeting. He said the survey needs to be conducted in an efficient manner so that every person could get benefits of various schemes launched by the government in the state. He said that under SRDB, Aadhaar number of every state resident would be noted and his/her finger prints would be scanned on a machine to ensure that he/she has been getting benefits of all the schemes through banks.

Das said that a ‘Saksham Yuva’ would accompany each enumerator while conducting the survey. He directed the officers of health department to prepare Aadhaar cards of new-born babies. “It is the responsibility of the education department to update Aadhaar of the child by taking finger prints when he or she turns three-year-old, he said. Later, while presiding over meeting with officers of Excise and Taxation Department today, Das said that Goods and Services Tax (GST) had been implemented by the Central Government to simplify the tax system.

Therefore, it is the responsibility of the concerned officers to clear the doubts of all traders and businessmen, he said adding that all traders would have to get themselves registered under GST by September 30, 2017. District Excise and Taxation Commissioner informed Das that the registration work was being carried out efficiently in the district. He said that two slabs have been created, one for traders with a turnover above Rs 20 lakh and other for those with a turnover below Rs 20 lakh. He said there were 27 traders with turnover above Rs 20 lakh who have migrated and 12,843 traders with turnover below Rs 20 lakh of which 11,079 have migrated. He informed that a nodal officer has been appointed in the district for providing assistance with regard to GST. Apart from this, a help desk has been set up in the office and WhatsApp groups have been created to assist the traders, he said.

11836 - The accountability framework of UIDAI: Concerns and solutions - Medianama



By Guest Author editor@medianama.com    August 21, 2017   
Share This:          Share via Email   


The public discourse on Aadhaar has largely focused on concerns about the privacy issues associated with the collection of personal information, and the constitutionality of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“the Act”). Regardless of the outcome of the case at the Supreme Court, most residents will likely have to interact with the UIDAI, which is the body empowered to roll out an enrollment and authentication program for beneficiaries of welfare programs.

The UIDAI is an Agent established by the Principal (Parliament), with three powers. The law allows the State to compel an individual seeking a state-sponsored subsidy to undergo the enrollment and authentication processes designed by the UIDAI (although Aadhaar has now been made mandatory for certain non-welfare schemes as well, which goes beyond the conception in the law). The UIDAI is empowered to license and regulate Registrars and enrolling agencies to collect the demographic and biometric information of individuals, and enroll them under the Act. Finally, the UIDAI has quasi-legislative powers, such as the power to suspend the licenses of such enrolling agencies and Registrars.

In this article, we examine the foundations required to make UIDAI work properly: the performance and accountability standards. Under the present law, UIDAI is neither performance oriented nor is there accountability for failure. The problem of accountability at UIDAI is a little explored issue, other than occasional media reporting which expresses angst about data breaches and authentication failures (see herehere, and here). There is considerable knowledge from the global and Indian literature on public administration on how to achieve performance of such an Agent. Drawing on this body of knowledge, we propose that the UIDAI should be held to appropriate accountability standards, so as to create an environment where it will perform well.

Agencification and its associated challenges
Since the 1980s, governments have established specialised organisations which perform certain functions. These Agents have diverse mandates such as regulating a specific sector (SEBI and TRAI); administration of social welfare schemes (the erstwhile Benefits Agency in the UK); and running prisons (such as the HM Prison Service (HMPS) in the UK or the Dienst Justitiële Inrichtingen – National Agency for Correctional Institutions (DJI) in the Netherlands).

The Agent performs its mandate through the exercise of three kinds of powers, namely, quasi-legislative powers, quasi-executive powers, and quasi-judicial powers (FSLRC, 2013). While some agencies have all three kinds of powers at their disposal, others have some of them. For instance, while SEBI has all three powers, agencies which are tasked with administrative functions such as the UK Benefits Agency or the HMPS have limited quasi-legislative powers and no quasi-judicial powers. Whatever may be the scope of powers of these agencies, two features cut across all such agencies: (a) they perform functions that the sovereign would have otherwise performed; and (b) they wield the power of the State in being able to coerce certain private persons in certain ways.
Broadly speaking, agencification has worked well in improving State capacity. However, this has come from establishing an array of mechanisms to deal with a few important concerns:
  1. Weaker links between the people and agencies: When a sovereign delegates functions to agencies, this reduces accountability through elections (Maggetti, 2010). The persons manning such agencies are one more step away from the people, as they are autonomous from the government and are not politically accountable to the people. Power in the hands of unelected officials also creates concerns about democratic legitimacy (Majone 1998). For instance, agencies which have been tasked with the administration of social welfare have been accused of opacity (Pollitt et al, 2004).
  2. Unfettered discretion: When agencies have the power to write subordinate legislation (i.e. regulations), this power is often not accompanied by checks and balances. In liberal democracies, there are elaborate checks and balances that are placed upon Parliamentary law. These checks and balances can, and often are, diluted in the context of the “regulatory state”. For example, in all these years of SEBI’s establishment, only one of its quasi-legislative instruments has been challenged. Compare and contrast this to the constitutional challenge that virtually every significant parliamentary law faces in India. Similarly, in the last 30 years, no order issued by RBI has been challenged by the person penalised. This leads to the possibility of abuse of power (Cochrane, 2015).
  3. Size and ever-growing footprint in administration of public affairs: Autonomous bodies, especially those entrusted with the administration of social security benefits, end up assuming significant proportions, both in terms of their size and budget allocations. For instance, in 2000, the Benefits Agency which was responsible for the administration of social welfare schemes in the UK employed a staff of 70,642 and accounted for 30% of the overall state budget (Pollitt et al, 2004). Similarly, the Social Security Administration in the United States now has a staff strength of 60,000. In the Indian context, the annual expenditure of the RBI is larger than that of the States such as Goa.
An accountability framework for agencies of the State
The power to coerce or the power to spend, that is conferred upon the Agent, must be associated with commensurate accountability mechanisms (Stone and Thatcher, 2002). Accountability mechanisms are ex-ante and ex-post. Examples of both are enumerated below:
Ex-ante accountability mechanisms:
  1. Having an adequate strength of independent directors on the board of the agency
  2. Regular internal audits to review the performance of the agency and ensuring that it complies with the law in exercising the discretion vested in it
  3. Setting out the objectives of the agency and the instruments to be used to achieve them, clearly in the law
  4. Setting out performance oriented goals and metrics for measurement of performance, in advance
  5. Defining formal processes for the exercise of the powers vested in the agency
  6. Mechanisms to facilitate transparent decision making, such as public consultations before making delegated legislation, maintaining a website, publishing a clear rationale for each decision of the agency
Ex-post accountability mechanisms:
  1. Laying all quasi-legislative instruments before the Parliament
  2. Reports showing the goals set out at the beginning of the year, the extent to which they are achieved at the end of the year and a statement of reasons for failure
  3. Resource allocation towards different goals and year-end utilisation
  4. Performance and audit by external independent agencies and publishing the reports of such audits
How do other social security administrators account for their performance?
Since the Aadhaar number is so often compared to the social security number issued by the Social Security Administration (SSA) in the United States, we can usefully draw a comparison with the annual performance and financial report published by the US SSA. The report sets out the strategic goals of the SSA that were determined at the beginning of the year. It divides the strategic goal into multiple objectives, specifies measurable performance metrics to ascertain the extent to which the objectives have been met, and the extent to which the goal was achieved. An example of how the performance reporting for the SSA works, is given below.
  1. For FY 2012, a pre-determined strategic goal of the SSA was to deliver “quality disability decisions and services”.
  2. This strategic goal was divided into three objectives. One of the objectives was to “Reduce the wait time for hearing decisions and eliminate the hearing backlog”. The metrics used to measure the performance of the SSA on this objective was to complete “the budgeted number of hearing requests” and “reduce waiting time between hearings and decisions”. SSA reported its performance on these two metrics as under:
Example of performance reporting by the SSA
Objective: Reduce the wait time for hearing decisions and eliminate the hearing backlog
Performance Measure
FY 2012 target
FY 2012 Actual
Whether target achieved
Complete the budgeted number of hearing requests
875,000
820,484
No
Minimize average wait time
from hearing request to decisions
321 days
362 days
No
The SSA’s performance report also shows the funds allocated to each objective and a statement of reasons where the performance metric is not met.
The current accountability framework of the UIDAI
A reading of the objectives and functions assigned to the UIDAI under the Act would suggest that the UIDAI must, at the very least, be held accountable for:
  1. The enrollment and authentication of persons [sections 11 and 23(1)]
  2. The regulation of enrollment agencies and other service providers licensed by it [section 23(2)(i)]
  3. The security and confidentiality of the data shared by persons who have enrolled with the UIDAI [section 23(2)(j) and (k)].
The Act and the accompanying Regulations specify a limited accountability framework, which is not oriented towards performance or service delivery to the citizen. Three accountability measures are present under the Aadhaar Act and Regulations:
  1. An annual CAG audit, and requiring these certified accounts of the UIDAI to be laid before each House of Parliament [Section 26 of the Act]; and
  2. Requiring an annual report in a prescribed form describing UIDAI’s past activities, accounts, and future programmes of work, to be laid before each House of Parliament [Section 27 of the Act]. However, no such manner and form for the publication of the report has been laid down in the Aadhaar Regulations, nor does such a Report seem to be available in the public domain.
  3. Requiring certain processes to be followed by the CEO in transacting business at the UIDAI (Transaction of Business at Meetings of the Authority) Regulations, 2016, although these only relate to the number of meetings, quorum, voting procedure etc.
Apart from an annual financial audit, the law lacks any performance accountability mechanisms for the UIDAI. For instance, there is nothing in the law requiring the UIDAI to set performance standards for itself or account for core responsibilities such as number of people enrolled and not enrolled, number of authentication failures or number of data and security breaches. The law is similarly completely silent on ex-post accountability mechanisms. It neither requires a performance audit nor demands a justification for failures on its part.

Weak law will deliver weak performance
The conduct of an agency is largely shaped by the law governing it. For instance, Burman and Zaveri (2016) find that there is a correlation between the laws which mandate transparency of a regulator and the responsiveness of such regulators to citizens’ preferences. Similarly, the detailed performance reporting by the SSA is underpinned by a law called the Government Performance and Results Act, 1993, a law that set up a performance-oriented framework of reporting for the US federal agencies to show the progress they make towards achieving their goals.
In the absence of such statutorily mandated accountability standards, measuring the performance of the UIDAI is difficult. Stories of security breaches and authentication failures for availing benefits abound. For instance, Scroll.in queried the UIDAI about the authentication requests received between September 2010 (when the first Aadhaar number was issued) till October 2016, and how many failed or succeeded. The query was aimed at assessing the efficacy of biometric authentication. 

The UIDAI replied that it had not maintained any records between September 2010 and September 2012 and that it did not maintain authentication data state-wise. More importantly, the UIDAI revealed that data about the success or failure of the over 331 crore authentication requests was “not readily available”, nor was the breakup of the negative reply to the requesting authority on each of the five modes of authentication “readily available”.

Similarly, cases of fake Aadhaar cards have also been reported. Pertinently, in response to an RTI filed by PTI, seeking details related to all cases of duplicate and fake Aadhaar cards and the action taken on them, the UIDAI refused the request on the grounds that the disclosure might affect national security, or lead to incitement of an offence. The UIDAI also informed PTI that its CIDR facilities, information assets, logistics and infrastructure and dependencies, are all classified as “protected system” under the IT Act, and are thus, exempt from RTI. It further stated that the format in which it held the information contained identity details, which may be prone to identity theft, if divulged. The practical reality thus is that cases of unauthorised leaks/disclosures of identity information are being dealt with on a case to case basis, with zero clarity in the law on who is to be held accountable for such lapses in the future.
Conclusion
In previous decades, when we first set up state agencies in India, we were driven by concerns of efficiency and expertise that such agencies would bring to public administration. We now have sufficient experience about the endemic failure of State capacity in that approach. If one more new agency is built, on the lines of existing agencies, there is a high chance that it will reproduce the failures of existing agencies.
The climate of thinking on these questions in India is shifting.

 The FSLRC report, which proposes a new financial regulatory architecture, made extensive recommendations on the accountability framework for financial sector regulators. These recommendations were codified in the Indian Financial Code (IFC), a draft law that accompanied the FSLRC report. For example, the IFC contains provisions that mandate (a) regulators to build a system of periodical internal audits and publish the reports of such audits, (b) performance audits by an external auditor, (c) building systems for measuring the performance and efficiency of regulators, and (d) public consultation and a cost benefit analysis before exercising quasi-legislative powers. Some of these provisions that do not require legislative amendments are being implemented by the Ministry of Finance through a Handbook on Governance enhancing recommendations of the FSLRC, adopted by the four financial sector regulators in October 2013.

The report of the Bankruptcy Law Reforms Committee (2015), drew on the regulatory governance framework recommended by the FSLRC and recommended four elements for achieving accountability of the Insolvency and Bankruptcy Board of India, India’s new insolvency regulator. While some of these elements were codified in the Insolvency and Bankruptcy Code, others are sought to be implemented in the course of setting up the Insolvency and Bankruptcy Board of India. Recent events at TRAI are pushing the organisation towards sound processes.
While the subject of regulatory governance seemed remote and a second order issue in setting up institutions in India, policy thinking today has increasingly started recognising that enhancing governance standards is as important as technical soundness, when designing new frameworks. Every government agency is an Agent, and the journey to building high performance agencies lies in setting up a sound principal-agent relationship, in the law. UIDAI is an important new organisation, and it should emerge as a high performance agency. We must harness our experience and our knowledge, to build appropriate accountability standards for the UIDAI in the law.

References
Heidenheimer, A.J., Heclo, H. and Teich Adams, C. (1990), Comparative Public Policy: The Politics of Social Choice in America, Europe, and Japan, (3rd edition) New York: St. Martins.
Maggetti, Martino (2010). Legitimacy and Accountability of Independent Regulatory Agencies: A Critical Review, Living Reviews in Democracy Vol 2.
Pollitt, Christopher, Colin Tablot, Janice Caufield, and Amanda Smullen (2004), Agencies: how governments do things through semi-autonomous organizations, New York: Palgrave Macmillan.
Young Han Chun, Hal G. Rainey (2005), Goal Ambiguity in U.S. Federal Agencies, J. Public Adm. Res. Theory 2005, 15 (1): 1-30.
Majone, Giandomenico (1998), The Regulatory State and its Legitimacy Problems, Political Science Series No. 56, Department of Political Science of the Institute for Advanced Studies (IHS)
Sweet, Alec Stone and Thatcher, Mark (2002), “Theory and Practice of Delegation to Non-Majoritarian Institutions”, Faculty Scholarship Series, Paper 74
Burman, Anirudh and Zaveri, Bhargavi (2016), Regulatory responsiveness in India: A normative and empirical framework for assessment, IGIDR Working Paper WP-2016-025, October 2016.
*
Vrinda Bhandari is a practicing advocate in Delhi. Renuka Sane is a researcher at the National Institute of Public Finance and Policy, Delhi. Bhargavi Zaveri is a researcher at the IGIDR Finance Research Group, Mumbai.
*
Source: The accountability framework of UIDAI: Concerns and solutions by Vrinda Bhandari and Renuka Sane and Bhargavi Zaveri,  Ajay Shah’s blog, August 20, 2017.

11835 - How to protect data in era of less privacy and identity theft - Indian Express

By Dia Rekhi  |  Express News Service  |   Published: 20th August 2017 01:21 AM  |  
Last Updated: 20th August 2017 07:46 AM  |   A+A A-   |  


CHENNAI: “Could I have your name and number, ma'am?” the cashier at the clothes store asks politely.
“Of course!” the eager shopper replies and rattles off her name and 10 holy digits linked to everything from bank accounts to food delivery apps.

This shopper could have been any Indian who is always looking to gain ‘loyalty points’ to get a freebie or discount — if not immediately, at least in time for Diwali. But, does an average Indian shopper stop to think of how their safety and security are being jeopardised while trying to make a quick buck?

“I give my name and number at all shops and restaurants,” says K Soumya (name changed), who works at a bank. “The reason I give out my details is simple: I want a discount the next time I come back to shop or eat. Sometimes it is also to genuinely give feedback to the restaurant manager. I never perceived it to be risky which is why I did it.”

This lack of awareness about the ill-effects of compromising on privacy is leading to a number of issues like data theft and cyber fraud. “We have to realise that we should not trade our privacy for a few extra rupees,” says Pavan Duggal, a Supreme Court lawyer and cyber law expert. “Giving out information at stores and restaurants is like walking into an open-ended net. It must be completely avoided. Stores monetise your data and may also share that data with other parties. You are a product for them, after all, so why must you trade your data? It is a losing bargain!”

‘Privacy’ has been the buzzword ever since the Supreme Court in July said the word is an ‘amorphous’ term, and not an absolute right that can prevent the State from making laws imposing reasonable restrictions on citizens. This becomes particularly important as petitions challenging Aadhaar say biometric data like iris scans and fingerprints violate a citizens’ privacy.


Making a case against Aadhaar, cyber law expert Na Vijayashankar says n a bid to simplify and ensure a seamless system, Aadhaar is resulting in the unification of risk, becoming a single point of vulnerability. “Aadhaar is a recipe for disaster,” says Vijayashanker. “It primarily uses a citizen’s mobile number and biometric details. While our biometric information is supposed to be safe, with the right software, it is possible that data can be siphoned before it gets sent to the encryption application, in a matter of a microsecond. Further, these biometric devices  are Chinese devices which are known to have embedded chips that can be accessed by fraudsters.”

11834 - Is privacy a right? Verdict soon - TNN


TNN | Aug 21, 2017, 01:29 AM IST

A nine-judge Constitution bench is set to give its judgment on whether a fundamental right to privacy exists under the Constitution. The verdict will remain authoritative for decades, defining the relationship between citizens and the state in the digital era. It will right away impact the outcome of about 24 cases where various aspects of Aadhaar have been challenged, petitioners arguing that the scheme and making it mandatory violates fundamental rights to privacy and equality. Here, a lowdown ahead of the privacy hearing 


Will the nine-judge bench decide on Aadhaar? 

The bench will decide whether a fundamental right to privacy exists under the Indian Constitution. This bench will not decide the fate of Aadhaar, only the nature and status of the right to privacy under the Constitution. The SC ruling will, however, be extremely important in deciding the fate of Aadhaar and will impact all public and private services with which Aadhaar is linked, from requesting an ambulance to opening a bank account. It will have far-reaching ramifications in this digital age: how much can the state know about us, and what it can do with that knowledge? The right to privacy impacts many more issues than just Aadhaar and will allow claims in the context of beef ban laws, prohibition, women's reproductive rights as well. 

What are the arguments on either side? 

The petitioners say that the SC has recognised the fundamental right to privacy in an unbroken chain of judgments. They say privacy is associated with and is the bulwark of other rights. There can be no dignity without privacy, and dignity is part of the Preamble, which is part of the Constitution's basic structure. Privacy is located in the golden trinity of Articles 14, 19, and 21. They argue that the Constitution is a living document. Its interpretation must be in accord with passage of time and developments in law. They say India has international obligations to recognise a fundamental right to privacy. The respondents say that privacy is a vague concept, and vague concepts cannot be made fundamental rights. Some aspects of privacy are covered by Article 21 and its other aspects should be regulated by laws only, not separately as a fundamental right. Right to life of others is more important than right to privacy. If right to privacy impedes Aadhaar, then it would deprive millions of food and shelter. They argue framers intentionally did not include privacy in fundamental rights section. 

Without linking Aadhaar, will government schemes be impacted? 

There is conflicting data. A 2012 study by National Institute of Public Finance and Policy estimated that linking Aadhaar could save a tenth of money spent on PDS and MGNREGS schemes. But the study was criticised for using outdated data on leakages, and overestimating the number of ghost beneficiaries.

It is also unclear how much of the 'savings' from linking Aadhaar to schemes is because genuine beneficiaries are now excluded. In a study of Hyderabad PDS outlets linked to Aadhaar, nearly 10% of households reported technical problems with Aadhaar due to which they did not receive rations. The Economic Survey 2015-16 claimed that linking Aadhaar to LPG subsidies had saved the government 25%. But the Comptroller and Auditor General (CAG) estimated that 92% of this 'saving' was due to the fall in global oil prices. Apart from these uncertain savings, rollout of government schemes would continue as earlier without Aadhaar, since Aadhaar is meant to help existing schemes. In fact, there have been reports that rollout of Aadhaar-based systems is posing some problems. Fingerprint authentication often does not work if labourers' hands are callused; the elderly and disabled have trouble accessing affordable transport go to government centres, instead of sending others as they did earlier; technical problems abound with uneven quality of connections and devices.

TOP COMMENT
When the Aadhar act itself unequivocally stipulates that enrolment is voluntary, how can the Govt., make it mandatory in every aspect of public life where the citizens are involved with Govt., Institutions, Agencies and Public utilities? This itself clearly goes against the very essence and spirit of the Act and is violative of its principles and an assault on Citizens basic rights. 

The Supreme Court should have taken cognisance of this aspect and reprimanded the recalcitrant Govt., with harsh indictments and strictures.
Shravan


Is the demand for citizen data the issue, or the security of the data?

Both. Creating one database of all details for an all-purpose ID (Aadhaar) creates its own problems — the spectre of surveillance, the possibility of exclusion from all government services, among others. On the security front, several experts believe that for centralised databases, "the question is not whether it can be hacked, but when."

(With inputs from Vidhi Centre For Legal Policy) 

11833 - Punjab to have PoS at fair price shops- PTI News


Chandigarh, Aug 20 (PTI) Punjab's food and civil supplies department is in the process of acquiring Point of Sale (PoS) machines for fair price shops to bring transparency in distribution and check pilferage under the PDS.

The machines are handheld devices which will allow Aadhaar authentication at the moment of distribution, ensuring that beneficiaries receive their allocated ration, a spokesperson said.

The PoS machine also has a scale, which will ensure that the beneficiary receives their full amount of ration.

Additionally, these PoS machines allow real time location information, allowing the department to track the movement of food grains from storage godowns to the receipt of ration beneficiary at the Point of Sale, the spokesperson said.

All such information allows for greater transparency and accountability in the scheme, effectively eliminating the chances of pilferage, and increasing the management capability of the department, he said.

The spokesperson said the device related to the computerisation of operations at fair price shops is based on Aadhaar authentication.

All fair price shops (FPSs) will be equipped with PoS terminals for the purpose of authenticating and verifying beneficiaries before commodity distribution, he said.

One crucial feature of the process is that the closing balances were updated in database through all PoS transaction from FPS.

PoS terminal comes with in-built finger print scanner designed for Public Distribution System (PDS) and all Aadhaar based transactions, the spokesperson said.

It was based on charge coupled device (CCD) finger print and comes with connectivity options like GSM/GPRS, CDMA and Ethernet, he said.

Apart from this, POS supports interfaces with all types of payment gateways and Aadhaar server with related logical interfaces for magnetic stripe reader and smart card reader for Aadhaar authentication.

Spokesperson said that it would reduce diversion, besides ensuring transparency in the movement of wheat from de-centralised procurement (DCP) godown to the Point of Sale.

11832 - SC verdict on right to privacy this week: How this crucial case will impact Aadhaar, state action - First Post



IndiaFP StaffAug, 22 2017 09:16:50 IST

Among a few historic judgments the Supreme Court is expected to pronounce this week is the verdict on whether right to privacy can be elevated to the status of a fundamental right under the Constitution. This verdict is likely to define the relationship between Indian citizens and the state in the digital era, and will impact the outcome of several cases where aspects of Aadhaar have been challenged, with petitioners arguing that making the scheme mandatory violates rights to privacy and equality.

The verdict on right to privacy and Aadhaar, on which much has been speculated on in public debates, is one of the final verdicts Chief Justice JS Khehar will deliver before retiring on 27 August. Other judgments likely to be announced this week include a verdict on triple talaq.

The other judges hearing the case are Justice J Chelameswar, Justice SA Bobde, Justice RK Agrawal, Justice Rohinton Fali Nariman, Justice Abhay Manohar Sapre, Justice DY Chandrachud, Justice Sanjay Kishan Kaul and Justice S Abdul Nazeer.

On this case, while critics have said that the 12-digit biometric unique identity number Aadhaar violates privacy and helps government spy on people, the government has said citizens have a right to privacy but it is not an absolute right. Judges have differed with the government, saying, “Textually it is correct today that there is no right to privacy in the constitution. But even freedom of press is not expressly stated. This court has interpreted it.” Here is a summary ahead of the apex court's verdict:

On the concept of privacy
The counsels for the petitioners, who include top legal eagles like Gopal Subramanium, Soli Sorabjee and Shyam Divan, have made an argument showing how linking of Aadhaar number violates personal privacy of citizens. So far, the apex court appears to be in agreement that there exists an 'amorphous' or undefined concept of privacy in the fundamental rights.

The government asserted that the linking of Aadhaar with PAN cards was made mandatory to weed out fake PAN cards, which were used for terror financing and circulation of black money, while terming the concerns over privacy as "bogus". It said that while citizens have a right to privacy, it is not an absolute right under the Constitution.

What will the Supreme Court decide on?
The nine-judge bench will not decide the fate of Aadhaar in terms of its validity, but only the nature and status of the right to privacy under the Constitution. The ruling will, however, have a far-reaching impact on the function and currency of the Aadhaar card.

According to a report in The Hindu, the court said that in order to recognise privacy as a right, it would first have to define it. That would pose a serious challenge as an element of privacy pervaded all fundamental rights enshrined in the Constitution.

Effect of a fundamental right to privacy on State action
Petitioners argued that the entire degree of protection granted to the right to privacy is higher as a fundamental right, Asheeta Regidi reported. Recognising privacy as a fundamental right will create a change in the relationship between the State and the citizen. For example, taxi aggregators in Mumbai have to mandatorily hand over their professional and personal data to the State. Once it is a fundamental right, the State's power to collect and handle data will change, and perhaps be diluted. 

Also, the State's collection of biometric data for Aadhaar through the exercise of executive fiat wouldn't have been possible without first enacting a law which passes the muster of Articles 14, 19 and 21.

Kharak Singh and MP Sharma cases as bad law
The main reason for the reference of this case to a nine-judge bench are the conflicting cases of Kharak Singh and MP Sharma, six and eight-judge judgments respectively which denied the right to privacy, and numerous other judgments that followed based on them. There are now over 40 judgments today given by Indian courts which recognise the right to privacy, but these are given by benches of a lower strength. Thus, a lot banks on the Supreme Court's decision on whether the Kharak Singh and MP Sharma cases are 'good law'.
The counsels for the petitioner have made an arguments that they are not, particularly focusing on the fact that neither of these cases dealt specifically with the right to privacy. Also, these judgments were passed in the 1950s and 1960s, long before the digital age, they said.


How other countries view privacy
In the United States, while the right to privacy is not mentioned in their constitution, the Supreme Court has interpreted several amendments to say that the right does exist. The Fourth Amendment prevents search without a "probable cause". Other amendments allow Americans to take certain decisions about their bodies and their private lives without government interference. There are several other laws  as well to protect privacy in the United States.

In 2015, Japan adopted a system of citizen identification which united personal tax information, social security and disaster relief benefits. It was launched amid protests by critics who were worried by the privacy concerns it posed. The 'My Number' programme has been implemented in co-existence with the privacy laws in Japan. As it is still being integrated into the Japanese daily life, the effects and clashes between privacy and governance are yet to be seen.

Europe is governed by the Data Protection Directive which restricts how information can be processed and used. It requires that member states "implement technical and organisational
measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access”, and to establish judicial remedies for breaches.

With inputs from agencies

11831 - Bangladeshi national held with fake Indian passport, Aadhaar, PAN cards - TNN

Ishita Bhatia | TNN | Aug 20, 2017, 11:08 PM IST

Meerut: Special Task Force (STF) of UP Police on Sunday claimed to have arrested a Bangladeshi national from city’s Falavada area. The foreign national, Abu Hanaan, was nabbed during a drive against foreigners staying illegally in India. 

Additional superintendent of police (ASP) Alok Priyadarshi and superintendent of police (SP) Brajesh Kumar are heading the drive.

“Bangladeshi resident Abu Hanaan has been staying in Meerut’s Falavada area for long. He had managed to acquire local residential proof from nagar panchayat, on the basis of which he also got an Indian passport, Aadhaar card, PAN card and voter ID,” Priyadarshi said.

“During questioning, Hanaan told us that he had run away from his house in Bangladesh and entered India illegally several years ago. He worked in different shops in Kolkata, Bihar, Delhi and Ludhiana. In 2006, he married one Shabana – a resident of Falavada. It was with the help of her parents that he got a residential proof, which further helped him in getting an Indian passport, Aadhaar card, PAN card and voter ID," he said.

His wife, Shabana, currently works at a beauty parlour in Saudi Arabia and is set to return soon.


Police said that Hanaan was making efforts to purchase a land and construct a house here. A case has been filed against him under relevant sections of IPC and investigation is going on. He will be deported soon, police said.


11830 - DNA Edit | ‘Stock-taking’ Aadhaar: Linkage to bourses will weed out illicit money - DNA



Updated: Tue, 22 Aug 2017-08:00am IST, DNA

From the very beginning, the Narendra Modi government hit the pedal to the floor when it came to establishing new and untouched heights of financial transparency and accountability. Be it the unwavering and unflagging commitment of the government to root out black money or the effort to provide banking to all by linking these services to Aadhaar, the BJP government has left no stone unturned in ensuring that the twin evils of corruption and pilferage of government funds are stopped dead in its tracks.

Another initiative under this wide banner comes in the form of the recent directive by the Securities and Exchange Board of India (SEBI). The stock exchanges have been asked to apprise the market regulator on the preparedness of the brokers to have their client submit their Aadhaar IDs before December 31. This move was inevitable in the scheme of things. Once the bank accounts of citizens are linked to Aadhaar, asking them to link their demat accounts naturally follows.

What’s more, citizens who have been conducting transactions in the market with utmost probity and above-board business practices have nothing to fear. Once implemented, the links with Aadhaar will help smoke out brokers and clients who channel illegitimately-earned money into the markets — either to make a killing on the back of inside information or to transfer the wealth to shell companies and consequently avoid tax liabilities. 

Obviously, change is painful. There already are murmurs from the brokers’ domain complaining that many customers won’t be willing to come on board or won’t proactively submit their Aadhaar cards. This is bunkum. 

The retail investor is more than keen to secure his investments, and if it involves submitting an Aadhaar ID, it is little sweat off his brow to submit the same.

The real reason many brokers are bemoaning this initiative is because it adds to their cost burden. Irrespective of how inconvenient the exercise may be, it is essential to weed out the few who use the markets for their nefarious ends. With the Aadhaar matrix in place, an intelligent framework will be standing on its feet that will help link shady investments and transactions back to the market participant. Essentially, even the PAN is supposed to serve the same purpose, but it has been vitiated given that myriads of fake PANs and counterfeit demat accounts are the norm in the market. Once this additional parameter of linking Aadhaar accounts with PAN and bank accounts take off, a prodigious chunk of the underhand dealing will be quelled.

11829 - The story of India's uncertified deaths: Why the Grim Reaper can't link up with Aadhaar - Money Control

Aug 21, 2017 08:07 PM IST | Source: Moneycontrol.com


Linking deaths to Aadhaar would have allowed the government to know when to terminate entitlements and direct transfer of benefits to a recipient once deceased.


RN Bhaskar
Recently, the government flip-flopped on linking the Aadhaar card to deaths. It was a good idea. Linking deaths to Aadhaar would have allowed the government to know when to terminate entitlements and direct transfer of benefits to a recipient once deceased.

But almost the very next day the government hurriedly clarified that linking Aadhaar to deaths would not be compulsory. It was as if wiser counsel had prevailed.  Someone in the government had possibly realised that this was just not possible. At least not now.

Why? A good explanation could lie in a circular that RK Gautam, deputy registrar-general, sent out to all chief registrars of all the states in India on August 28, 2014.  The contents of the circular were startling. For almost 67 years, the government at the Centre had not bothered about deaths. It could have been out of ignorance.  Or it could have been a clever way to ensure that benefits were collected by someone in the names of people who did not exist anymore.

The circular mentioned that “The present coverage to medically certified deaths to the total registered deaths is 20.2 percent, and only 14.3 percent against the total estimated deaths.”

In other words, where is the question of linking Aadhaar to deaths, when so many deaths are not even medically certified?

It is evident that the circular was issued on the basis of the ‘Report on Medical Certification of Cause of Death, 2010’  brought out by the Office of the Registrar General, India, Ministry of Home Affairs, New Delhi.

How Aadhaar will transform India in the future
http://www.youtube.com/watch?v=sTdNMODsu54

It states that the report is the “thirty sixth in the series of the publication, presenting statistics on causes of death obtained through the Civil Registration System under the Registration of Births and Deaths Act, 1969. Section 10(2) of the Act empowers the State Government to enforce the provision relating to medical certification of cause of death in specified areas taking into consideration the availability of medical facilities. Section 10(3) of the Act provides for issuing a certificate of the cause of death by the medical practitioner who has attended on the deceased at the time of death. At present, the scheme has been made applicable to limited areas and selected hospitals.”

What this also means is that the central government sat over such damning numbers despite 36 reports being submitted earlier. It highlights the callousness with which government officials treat death. As the old saying goes, when people forget to respect and remember the dead, they even forget to respect the living. And as the chart alongside shows, the least registered deaths are in those states that are also the most oppressed. Clearly, someone had found an incentive in not registering deaths.

Mercifully, the present government has woken up to this situation.  It has issued the circular to register deaths properly. Presumably, the collation of such data is now being monitored. And till such data is actually collated, expect more than 80 percent of India’s deaths to go unreported. They remain the unknown and forgotten.

To set right this situation, the government should use the Aadhaar registrations more effectively. Get someone – preferably the postal department which is the only department which actually visits houses periodically – to verify online the registration of the living at least once in three years. If the person is not registered in three years’ time, an alert should go to the local police station.  Benefits and entitlements should be promptly withdrawn, and the person’s name should appear on the list of missing persons with the local police station.

It is possible that the person has been killed, and the body disposed of. Or the person may have gone to a relative’s place. The police will have a clear list of people whose movements need to be tracked. Today, it happens only when a body is discovered accidentally, or someone becomes a stool-pigeon and spills the beans about a murder.
For people over 60 years of age, the registration verification should be done at least once every year.
Only if this is done, will it be possible to clearly establish who has died, and the causes thereof. Without this mechanism in place, linking the Aadhaar to the dead person will service no purpose.  We need to know who is living. That will let us know who is dead. At least then, someone in bureaucracy will know that that a human being has died.

11828 - Datar for firewalls on sharing Aadhaar info - Deccan Chronicle

DECCAN CHRONICLE.
Published
Aug 20, 2017, 1:59 am IST

While UK, tried Aadhaar experiment but dropped, Germany has the most secure and comprehensive data protection laws, he claimed.

Chennai: With the Supreme Court indicating that it may deliver its verdict on whether right to privacy constitutes a fundamental right under the Constitution, senior advocate Arvind P. Datar has stressed the need to draw firewalls or limitations where Aadhaar information could be shared.

“SC should recognise the fundamental right to privacy. If it doesn’t, (then) it will be very difficult to comprehend that in our country whose founding fathers have given fundamental rights,” Arvind said during an interaction after delivering the tenth Rajaji memorial lecture on ‘The controversial right to privacy.’ The lecture was held under the aegis of the Triplicane Cultural Academy and the Kasturi Srinivasan Library here on Saturday evening. He said, “What we are saying is: We have taken the Aadhaar, at least draw firewalls, draw limitations where information can be shared.”

At least the court could make it clear because when arguing the case, “We heard a case from Roorkee, the M. Tech thesis was not accepted because he did not have an Aadhaar card,” he said, highlighting the heights of insistence for Aadhar card, originally issued to help the poor avail the government subsidy. 

While UK, tried Aadhaar experiment but dropped, Germany has the most secure and comprehensive data protection laws, he claimed.

11827 - Aadhaar related data completely safe, assures Ravi Shankar Prasad at India TV’s special show on mobile hacking- India TV news

Ravi Shankar Prasad that with the help of Aadhaar, the government has managed to curb the duplicity and has saved crores with the decision of linking Aadhar with bank accounts.

Reported by: India TV Business Desk, New Delhi


Ravi Shankar Prasad, the Union Minister for Electronics & Information Technology and Law & Justice, today reiterated that Aadhaar related data is safe and government has taken many steps to ensure it remains out of reach of cyber criminals.

Speaking at India TV’s special show on mobile hacking, he said that with the help of Aadhaar, the government has managed to curb the duplicity and has saved crores with the decision of linking Aadhar with bank accounts.

“With Aadhar duplicity has ended. Aadhar law is very strict, any violation will attract punishment. Govt wants to make India digitally powerful,” he said.

“There is no need of fear. We are committed to make India digitally the most powerful country,” he added. 


Several questions have been raised on the safety of the Aadhaar data following incidents of leakage of some people’s details. It should be noted that Aadhaar has become very important now keeping in view the fact that the Aadhaar number has been made compulsory by the government for a host of financial transactions as well as social schemes. What has worried the people most the involvement of third-party agencies in collection of Aadhaar data. However, government has repeatedly assured that it has been making every possible effort towards the safety and security of biometric data.

11826 - We need a trust model for Aadhaar - Live Mint


The model should match ordinary people’s expectations in terms of factors such as identity, authentication, service-level agreements and, of course, privacy


As Aadhaar data gets linked with banking apps, credit cards, mobile connections and other services, there are transactional data logs associated with authentication.

Privacy is a complex topic by any stretch of imagination—be it in a modern Western democracy with an elevated, even entitled sense of individual privacy or an emerging economy like India that is only beginning to grapple with the issues associated with it. So when any overarching technology initiative such as Aadhaar—which deals with the biometric authentication data of over a billion people—begins to come into full force through integration with a lot of services, data privacy concerns among common folk are repeatedly bound to be raised.

A “trust model” can help by directly addressing those concerns. The model should match ordinary people’s expectations in terms of factors such as identity, authentication, service-level agreements and, of course, privacy. The model should also encompass how those factors are dealt with from a people, process and technology perspective. So how what kind of a trust model can we build in the Indian context?

Such a model, I believe, should be based on four substantive principles. 
One, it should allow an own your own data (OYOD) consent process. 

Two, it should keep the data confidential. 

Three, there should be adequate contractual arrangements among the Unique Identity Authority of India (UIDAI—which issues Aadhaar) as the hub and the registrars/enrolment centres in the public and private sector as spokes. 

And four, it should have robust, end-to-end security, connectivity and access measures among the hub and spokes.

The Aadhaar technology and architecture document (2014) advocated a “minimalistic approach to data” and a “federated model” with one-way linkage. In simple terms, existing identities such as bank account numbers and permanent account numbers were not to be originally captured within Aadhaar. Instead, such identities were to be linked “one-way” to Aadhaar. This would imply precluding the mandatory linking of other non-DBT stuff (DBT, or direct benefit transfer, allows the government to directly transfer money to beneficiary accounts under various subsidy schemes). The exceptions included attendance systems in government institutions (used in Jharkhand, for instance) and opening basic savings deposit (BSBD) accounts under the Prime Minister’s Jan Dhan Yojana, which were DBT-related linkages. Other than that, the Aadhaar linkages should be made voluntary and consensual in nature—such as regular bank accounts, income tax, air/train travel, exam results, medical and employment records and registration of marriage.

Another point is that the Aadhaar Act envisaged UIDAI as both a “custodian” of Aadhaar data and the “measure of last resort” in an emergency response situation for data breaches. This makes UIDAI the data custodian as well as its own regulator. Indeed, in case of a data breach, it is the UIDAI—and not the citizens whose data is breached—that gets notified. The authority then decides how best to proceed in the case. Here, it is pertinent to note that the citizen has little legal recourse, as Section 47 of the Aadhaar Act states that any criminal complaint can only be filed by the UIDAI. Furthermore, the Aadhaar Act grants the UIDAI complete immunity from liability and prosecution of any kind. All this makes the “consent” part of the trust model absent or incomplete.

As Aadhaar data gets linked with banking apps, credit cards, mobile connections and other services, there are transactional data logs associated with authentication. Though passive in nature by way of simple “yes/no” mode of authentication, these transactions nonetheless capture “personal data” as they pertain to one’s day-to-day activity and behaviour. So this “electronic footprint” of transactional data—which comprises people’s lifestyle and consumption patterns—needs to be protected in addition to just the biometric Aadhaar data.
While the UIDAI’s stance is that the linkage to Aadhaar is “one-way”, even the uni-directional linkage cannot prevent encroachment on a person’s privacy by having artificial intelligence (AI) bots run through the interconnected web of databases where all those transactions are captured. Right from its Strategy Overview (2010), the Aadhaar project revealed a preference for building revenue models around data generated during authentication by private entities. While there is nothing wrong with building such an open tech platform and an ecosystem for young Indians to build innovative apps, the data itself—considered the new oil by many—must be safeguarded by adopting “defence in depth” safety principles, to borrow a concept from the nuclear energy business.

As a thumb rule, the more the number of endpoints accessing a database, and the more the methods in which the data can be accessed, the higher is the security risk in the overall system. And when DBT and other services are made available to individual or even entities such as hospitals, telecom companies, e-governance agencies, insurance firms and airports via open application programming interfaces (APIs) and authentication keys—including by start-up portals and mobile apps to provide e-KYC services—there is a cause for concern.
Such concerns are not without precedent. Recently in Jharkhand, unmasked demographic details were revealed—names, addresses, Aadhaar numbers and bank account details of the beneficiaries of Jharkhand’s old age pension scheme of more than a million citizens. Other concerns relate to illegal storage of Aadhaar biometrics at some service providers’ end, potentially for identity theft and improper access or misuse of transactional authentication logs by fraudsters. Finally, if there is a cyber attack on the encrypted biometric data itself and its concomitant demographic profile (no such evidence of that to date, though it is not unheard of), then one must be reminded that unlike the usual passwords, the biometrics cannot be “reset” or “re-seeded”. And this would constitute an irreversible and immutable loss of privacy to individuals.

In conclusion, even as the Supreme Court has proposed a three-tiered privacy doctrine—what I would term as Indian ingenuity of trying to please all but satisfying none—three aspects should be addressed if indeed this is the path that will be taken. 

One, within each tier, data should also be “ring-fenced” to disallow conjoint use, that is, opt-out should be the default option. For instance, in the government’s Project Insight, which intends to use data from social media to cross-tabulate citizens, the personal data of citizens ought to be kept away from prying. 

Two, what sub-elements fall in each tier, and how to distinguish them, could be a cause for litigation, appeal and public confusion. So those sub-elements should be defined as unambiguously as possible. And third, an OYOD-based consent process should be included to allow all individuals to view or “audit” their own data or decide what part of data to share, with whom and for what purpose.

Probir Roy is co-founder of PayMate (India) Pvt. Ltd, an early mover in the fintech space.

Comments are welcome at feedback@livemint.com

11825 - An Aadhaar umbrella - The Hindu


AUGUST 22, 2017 00:18 IST

The writer (“Naming a right”, August 17) is absolutely right when she pleads with courts to take up the right to privacy. The shifting grounds of the Centre’s arguments in just two years are indicative of the unholy urgency to thrust Aadhaar down the throats of the common man; it does not show a progressive government in good light.

Should there not be a clear-cut law framed to protect privacy which lays down stringent and swift punishment for any violation of such privacy? What is the rush to enforce Aadhaar even before such a comprehensive and well-thought-out law is passed and efficient implementation mechanisms put in place?

Every single day, the government is expanding the scope of Aadhaar, the most recent being the directive to stock brokers to furnish the Aadhaar details of all clients. This is strange because there is already a directive to link PAN to Aadhaar and one needs a PAN to open a demat account. It is not rocket science to get one from the other. If a matching Aadhaar number is not found for a PAN, get only those details rather than troubling every single demat account holder. That will cut costs and minimise trouble for all concerned.

Finally, this government often claims that it will not interfere in the functioning of the courts: the matter is ‘sub-judice’ is an oft-heard refrain. The honourable courts should take cognisance of this and place all Aadhaar-related implementations in abeyance until the courts rule one way or the other. 

If they rule that privacy is indeed a fundamental right and the linking of Aadhaar should be limited to a set number of schemes, how does the government propose to ‘forget’ the collected data?

M. Diwakar,
Chennai

Tuesday, August 22, 2017

11824 - Aadhaar Articles dated 22nd August 2017



Economic Times
In the case of companies, a manager, officer or employees holding "attorneys to transact" on a company's behalf have to submit their Aadhaar details.






Economic Times
“In case of failure to submit the documents within the aforesaid time limit, the account shall cease to be operational till the time Aadhaar number is ...
An Aadhaar umbrella - The Hindu



The Indian Express
Many a time information in Aadhaar needs to be updated owing to changes like address and phone numbers. So, how to update details for your ...






Livemint
As Aadhaar data gets linked with banking apps, credit cards, mobile connections and other services, there are transactional data logs associated with ...



India TV
Ravi Shankar Prasad that with the help of Aadhaar, the government has managed to curb the duplicity and has saved crores with the decision of ...






Deccan Chronicle
He said, “What we are saying is: We have taken the Aadhaar, at least draw firewalls, draw limitations where information can be shared.” At least the ...






Nagaland Post
The Unique Identification Authority of India (UIDAI), Regional Office, Guwahati has informed all responsible who have not enrolled for Aadhaar to get ...



Economic Times
The Narendra Modi-led government is having substantial impact on startups, particularly with Aadhaar boosting growth for financial services ...






The Hindu
The district administration has been making all out efforts to link the Aadhaar details of school students. The teachers were directed to fill the ...






Moneycontrol.com
Linking deaths to Aadhaar would have allowed the government to know when to terminate entitlements and direct transfer of benefits to a recipient ...






Daily Pioneer
Aadhaar-based State Resident Database (SRDB) will be prepared in Haryana to provide benefits of various schemes to every resident in the State ...






India.com
The existing clients will have to submit their Aadhaar details by December 31, 2017 whereas the new clients have to submit it within six months from ...



Trak.in (blog)
The issue of Aadhaar linked stock market trading has been subject to debates and apprehensions since last few months. Earlier this month, we had ...






Times of India
He had managed to acquire local residential proof from nagar panchayat, on the basis of which he also got an Indian passport, Aadhaar card, PAN ...






Firstpost
The verdict on right to privacy and Aadhaar, on which much has been speculated on in public debates, is one of the final verdicts Chief Justice JS ...






Morung Express
However, the CNA informed that as per reports, the famine struck villagers were stopped by Assam Rifles personnel and asked to produce Aadhaar ...






Press Trust of India
The machines are handheld devices which will allow Aadhaar authentication at the moment of distribution, ensuring that beneficiaries receive their ...






indiablooms
Kolkata, Aug 20 (IBNS): Kotak Mahindra Bank (Kotak) on Sunday announced that Kotak 811 can now be opened across multiple digital platforms, ...






Times of India
Will the nine-judge bench decide on Aadhaar? ... The right to privacy impacts many more issues than just Aadhaar and will allow claims in the context ...






onmanorama
If the names of the Drawing and Disbursing Officers (DDO) given in the Aadhaar card and in the SPARK are not the same, they wouldn't be able to ...






The New Indian Express
This becomes particularly important as petitions challenging Aadhaar say biometric data like iris scans and fingerprints violate a citizens' privacy.






MediaNama.com
The public discourse on Aadhaar has largely focused on concerns about the privacy issues associated with the collection of personal information, and ...






Khabar India
Haryana government today said it has decided to prepare an Aadhaar-based database of all the residents of the state which would enable in ...






Times of India
... till August 23, prepared the fake Aadhaar cards and currency notes for distribution in several districts, including Hingoli, in the last couple of months.






Hindustan Times
The decision in the privacy case will have a bearing on Aadhaar, the 12-digit biometric unique identity number, which the government is pushing for to ...