The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 11 to 25.
Aadhaar: Govt will not compromise on national security
http://editors.cis-india.org/internet-governance/news/livemint-march-9-2016-shreeja-sen-aadhaar-govt-will-not-compromise-on-national-security
<b>The government is confident that the Aadhaar Bill will be passed.</b>
<p style="text-align: justify; ">The article by Shreeja Sen was <a class="external-link" href="http://www.livemint.com/Politics/dt7ODlffwvbWvKH93jfR3K/Aadhaar-Govt-will-not-compromise-on-national-security.html">published by Livemint</a> on March 9, 2016. Pranesh Prakash gave inputs.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">In what could raise concerns of privacy activists questioning India’s unique identification project Aadhaar, the government on Tuesday said national security will not be compromised at all.</p>
<p style="text-align: justify; ">“We will not compromise on national security; certainly we will not compromise. The Supreme Court has already highlighted certain areas for consideration. We are going ahead taking into consideration all the suggestions of the Supreme Court,” law minister D.V. Sadananda Gowda said at a press conference, when asked how the Aadhaar bill tabled in Parliament last week will balance the protection of core biometrics and national security concerns.</p>
<p style="text-align: justify; ">Under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016, there are measures to protect core biometric information like fingerprints and iris scans of the unique identification number holders.</p>
<p style="text-align: justify; ">However, Section 33 says for the purposes of national security, officials at the joint secretary level and above can access this information. The section has caused some worry to experts. In this <b><a href="http://www.livemint.com/Opinion/VSqpBps7Y5YrUhvS5mGgSO/Aadhaar-still-too-many-problems.html" target="_blank"><span style="text-decoration: underline;">analysis</span></a> </b> , policy director of the Centre for Internet and Society Pranesh Prakash says that the national security clause is worrisome. Adding to their concerns, the bill does not define what national security means.</p>
<p style="text-align: justify; ">The government is, however, confident that the bill will be passed. “Certainly it will be passed. The benefits that go from the exchequer to the beneficiaries will be taken care of by this bill,” Gowda said.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/livemint-march-9-2016-shreeja-sen-aadhaar-govt-will-not-compromise-on-national-security'>http://editors.cis-india.org/internet-governance/news/livemint-march-9-2016-shreeja-sen-aadhaar-govt-will-not-compromise-on-national-security</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2016-03-22T15:51:13ZNews ItemIndia Still Trying To Turn Optional Aadhaar Identification Number Into A Mandatory National Identity System
http://editors.cis-india.org/internet-governance/news/tech-dirt-march-22-2016-india-still-trying-to-turn-optional-aadhaar-identification-number-into-mandatory-national-identity-system
<b>from the sliding-down-the-slippery-slope-to-disaster dept</b>
<p style="text-align: justify; ">The blog post was published by <a class="external-link" href="https://www.techdirt.com/articles/20160314/10271433902/india-still-trying-to-turn-optional-aadhaar-identification-number-into-mandatory-national-identity-system.shtml"><span style="text-decoration: underline;">Tech Dirt</span></a> on March 22, 2016. CIS research on Aadhaar was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Last year, we wrote about India's attempt to turn the use of its <a href="https://www.techdirt.com/articles/20150704/06313831544/aadhaar-soon-india-everyone-will-be-number.shtml"><span style="text-decoration: underline;">Aadhaar</span></a> system, which assigns a unique 12-digit number to all Indian citizens, into a <a href="https://www.techdirt.com/articles/20150819/07244632004/indias-attorney-general-privacy-not-fundamental-right.shtml"><span style="text-decoration: underline;">requirement</span></a> for accessing government schemes. An article in the Hindustan Times shows that the Indian government is still <a href="http://www.hindustantimes.com/india/privacy-concerns-overshadow-monetary-benefits-of-aadhaar-scheme/story-E3o0HRwc6XOdlgjqgmmyAM.html"><span style="text-decoration: underline;">pushing to turn Aadhaar into a mandatory national identity system</span></a>. A Bill has just been passed by both houses of the country's parliament, which seeks to give statutory backing to the scheme -- in the teeth of opposition from India's Supreme Court: <i> </i></p>
<blockquote style="text-align: justify; "><i>There have been orders passed by the Supreme Court that prohibit the government from making Aadhaar mandatory for availing government services whereas this Bill seeks to do precisely that, contrary to the government's argument that Aadhaar is voluntary.</i></blockquote>
<p style="text-align: justify; ">The article notes that in some respects, the new Bill brings improvements over a previous version: <i> </i></p>
<blockquote style="text-align: justify; "><i>It places stringent restrictions on when and how the UID [Unique Identification] Authority (UIDAI) can share the data, noting that biometric information -- fingerprint and iris scans -- will not be shared with anyone. It seeks prior consent for sharing data with third party. These are very welcome provisions.</i></blockquote>
<p style="text-align: justify; "><i> </i> But it also contains some huge loopholes: <i> </i></p>
<blockquote style="text-align: justify; "><i>The government will get sweeping power to access the data collected, ostensibly for "efficient, transparent, and targeted delivery of subsidies, benefits and services" as it pleases "in the interests of national security", thus confirming the suspicions that the UID database is a surveillance programme masquerading as a project to aid service delivery.</i></blockquote>
<p style="text-align: justify; ">The fact that an optional national numbering system now seems to be morphing into a way to monitor what people are doing will hardly come as a surprise to Techdirt readers, but this continued slide down the slippery slope is still troubling, as are other aspects of the new legislation. For example, it was introduced as a "Money Bill," which is normally reserved for matters related to taxation, not privacy. That suggests a desire to push it through without real scrutiny. What makes this attempt to give the Aadhaar number a much larger role in Indian society even more dangerous is the possibility that it won't work: <i> </i></p>
<blockquote><i>A recent paper in the Economic and Political Weekly by Hans Mathews, a mathematician with the [Centre for Internet and Society], shows the programme would fail to uniquely identify individuals in a country of 1.2 billion.</i></blockquote>
<p><i> </i> A mandatory national identity system that can't even uniquely identify people: sounds like a recipe for disaster.</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/tech-dirt-march-22-2016-india-still-trying-to-turn-optional-aadhaar-identification-number-into-mandatory-national-identity-system'>http://editors.cis-india.org/internet-governance/news/tech-dirt-march-22-2016-india-still-trying-to-turn-optional-aadhaar-identification-number-into-mandatory-national-identity-system</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2016-03-24T06:34:21ZNews ItemSurveillance Enabling Identity Systems in Africa: Tracing the Fingerprints of Aadhaar
http://editors.cis-india.org/internet-governance/blog/surveillance-enabling-identity-systems-in-africa-tracing-the-fingerprints-of-aadhaar
<b>Biometric identity systems are being introduced around the world with a focus on promoting human development and social and economic inclusion, rather than previous goals of security. As a result, these systems being encouraged in developing countries, particularly in Africa and Asia, sometimes with disastrous consequences.</b>
<p style="text-align: justify; ">In this report, we identify the different external actors that influencing this “developmental” agenda. These range from philanthropic organisations, private companies, and technology vendors, to state and international institutions. Most notable among these is the World Bank, whose influence we investigated in the form of case studies of Nigeria and Kenya. We also explored the role played by the “success” of the Aadhaar programme in India on these new ID systems. A key characteristic of the growing “digital identity for development” trend is the consolidation of different databases that record beneficiary data for government programmes into one unified platform, accessed by a unique biometric ID. This “Aadhaar model” has emerged as a default model to be adopted in developing countries, with little concern for the risks it introduces. Read and download the full report <a href="http://editors.cis-india.org/internet-governance/surveillance-enabling-identity-systems-in-africa" class="internal-link">here</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/surveillance-enabling-identity-systems-in-africa-tracing-the-fingerprints-of-aadhaar'>http://editors.cis-india.org/internet-governance/blog/surveillance-enabling-identity-systems-in-africa-tracing-the-fingerprints-of-aadhaar</a>
</p>
No publisherShruti Trikanad and Vrinda BhandariSurveillanceAadhaarInternet GovernancePrivacy2022-08-09T08:17:32ZBlog EntryA judicial overreach into matters of regulation
http://editors.cis-india.org/internet-governance/blog/the-hindu-august-27-2019-a-judicial-overreach-into-matters-of-regulation
<b>A PIL on Aadhaar sheds light on some problematic trends</b>
<p style="text-align: justify; ">The article by Gurshabad Grover was <a class="external-link" href="https://www.thehindu.com/opinion/op-ed/a-judicial-overreach-into-matters-of-regulation/article29262148.ece">published in the Hindu</a> on August 27, 2019.</p>
<hr />
<p style="text-align: justify; ">The Madras High Court has been hearing a PIL petition since 2018 that initially asked the court to declare the linking of Aadhaar with a government identity proof as mandatory for registering email and social media accounts. The petitioners, victims of online bullying, went to the court because they found that law enforcement agencies were inefficient at investigating cybercrimes, especially when it came to gathering information about pseudonymous accounts on major online platforms. This case brings out some of the most odious trends in policymaking in India.</p>
<p style="text-align: justify; ">The first issue is how the courts, as Anuj Bhuwania has argued in the book <em>Courting the People</em>, have continually expanded the scope of issues considered in PILs. In this case, it is absolutely clear that the court is not pondering about any question of law. In what could be considered as abrogation of the separation of powers provision in the Constitution, the Madras High Court started to deliberate on a policy question with a wide-ranging impact: Should Aadhaar be linked with social media accounts?</p>
<p style="text-align: justify; ">After ruling out this possibility, it went on to consider a question that is even further out of its purview: Should platforms like WhatsApp that provide encrypted services allow forms of “traceability” to enable finding the originator of content? In essence, the court is now trying to regulate one particular platform on a very specific technical question, ignoring legal frameworks entirely. It is worrying that the judiciary is finding itself increasingly at ease with deliberations on policy and regulatory measures, and its recent actions remind us that the powers of the court also deserve critical questioning.</p>
<h2 style="text-align: justify; ">Government’s support</h2>
<p style="text-align: justify; ">Second, not only are governments failing to assert their own powers of regulation in response to the courts’ actions, they are on the contrary encouraging such PILs. The Attorney General, K.K. Venugopal, who is representing the State of Tamil Nadu in the case, could have argued for the case’s dismissal by referring to the fact that the Ministry of Electronics and Information Technology has already published draft regulations that aim to introduce “traceability” and to increase obligations on social media platforms. Instead, he has largely urged the court to pass regulatory orders.</p>
<p style="text-align: justify; ">Third, ‘Aadhaar linking’ is becoming increasingly a refrain whenever any matter even loosely related to identification or investigation of crime is brought up. While the Madras High Court has ruled out such linking for social media platforms, other High Courts are still hearing petitions to formulate such rules. The processes that law enforcement agencies use to get information from platforms based in foreign jurisdictions rely on international agreements. Linking Aadhaar with social media accounts will have no bearing on these processes. Hence, the proposed ‘solution’ misses the problem entirely, and comes with its own threats of infringing privacy.</p>
<h2 style="text-align: justify; ">Problems of investigation</h2>
<p style="text-align: justify; ">That said, investigating cybercrime is a serious problem for law enforcement agencies. However, the proceedings before the court indicate that the cause of the issues have not been correctly identified. While legal provisions that allow agencies to seek information from online platforms already exist in the Code of Criminal Procedure and the Information Technology Act, getting this information from platforms based in foreign jurisdictions can be a long and cumbersome process. For instance, the hurdles posed by the mutual legal assistance treaty between India and the U.S. effectively mean that it might take months to receive a response to information requests sent to U.S.-based platforms, if a response is received at all.</p>
<p style="text-align: justify; ">To make cybercrime investigation easier, the Indian government has various options. India should push for fairer executive agreements possible under instruments like the United States’ CLOUD Act, for which we need to first bring our surveillance laws in line with international human rights standards through reforms such as judicial oversight. India could use the threat of data localisation as a leverage to negotiate bilateral agreements with other countries to ensure that agencies have recourse to quicker procedures. As a first step, however, Indian courts must wash their hands of such questions. For its part, the Centre must engage in consultative policymaking around these important issues, rather than support ad-hoc regulation through court orders in PILs.</p>
<p style="text-align: justify; "><span>(</span><em>Disclosure: The CIS is a recipient of research grants from Facebook.</em><span>)</span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-hindu-august-27-2019-a-judicial-overreach-into-matters-of-regulation'>http://editors.cis-india.org/internet-governance/blog/the-hindu-august-27-2019-a-judicial-overreach-into-matters-of-regulation</a>
</p>
No publishergurshabadAadhaarInternet GovernancePrivacy2019-08-28T01:28:52ZBlog EntryNew regulations in place; Aadhaar Card records to be preserved for 7 yrs by Centre
http://editors.cis-india.org/internet-governance/news/financial-express-october-17-2016-new-regulations-in-place-aadhaar-card-records-to-be-preserved-for-7-yrs-by-centre
<b>UIDAI chief executive office ABP Pandey said that the concerns regarding Aadhar card-related benefits were "exaggerated" and that the agency will keep the records in case any disputes arise in the future.</b>
<p style="text-align: justify; ">The article was published in the <a href="http://www.financialexpress.com/economy/new-regulations-in-place-aadhaar-card-records-to-be-preserved-for-7-yrs-by-centre/420633/">Financial Express</a> on October 17, 2016. Sunil Abraham was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">As per new regulations, the government will now keep a record for seven years of all services and benefits that are availed using Aadhaar number. Fearing that the database might be used for surveillance, the Unique Identification Authority of India (UIDAI) will preserve the records.</p>
<p style="text-align: justify; ">UIDAI chief executive office ABP Pandey said that the concerns regarding Aadhar card-related benefits were “exaggerated” and that the agency will keep the records in case any disputes arise in the future.</p>
<p style="text-align: justify; ">Pandey added that the information will be available online for two years and shall be shifted to the offline archives for the next five years. In that case, users will be able to check the records only for two years. However, the rules won’t apply for security agencies and that they will need a district judge’s permission to access the data.</p>
<p style="text-align: justify; ">According to <i>HT</i>, the rules allow designated joint secretary-level officers at the Centre to order access to information on the grounds of national security.</p>
<p style="text-align: justify; ">Talking about this Sunil Abraham, director of the Bengaluru-based think tank, Centre for Internet and Society said that once Aadhar becomes mandatory, it can be misused to conduct a 360-degree surveillance on any person.</p>
<p style="text-align: justify; ">Every time a person fingerprints and quotes the Aadhaar number, the agency concerned sends the data to UIDAI to crosscheck the particulars.<br /> The UIDAI authenticates about five million Aadhaar numbers, which are quoted to avail <a href="http://www.financialexpress.com/tag/lpg-subsidy/">LPG subsidy</a>, cheap ration and even passport, a day against a capacity to verify 100 million requests daily, reports <i>HT.</i></p>
<p style="text-align: justify; ">Meanwhile, The Unique Identification Authority of India (UIDAI) has launched a drive to enrol any leftover population for Aadhaar in 22 states and UTs that have “statistically” hit 100 per cent coverage for adults.</p>
<p style="text-align: justify; ">The ‘Challenge drive’ starts from October 15 for a month, a UIDAI statement said, adding that as of today, over 106.69 crore Aadhaar numbers have been generated across the country.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/financial-express-october-17-2016-new-regulations-in-place-aadhaar-card-records-to-be-preserved-for-7-yrs-by-centre'>http://editors.cis-india.org/internet-governance/news/financial-express-october-17-2016-new-regulations-in-place-aadhaar-card-records-to-be-preserved-for-7-yrs-by-centre</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2016-10-17T14:46:31ZNews ItemGet an Aadhaar card if you don't have one
http://editors.cis-india.org/internet-governance/news/business-standard-march-27-2017-priya-nair-and-sanjay-kumar-singh-get-an-aadhaar-card-if-you-dont-have-one
<b>The Aadhaar number has been made compulsory for filing tax return. With both the government and private parties insisting on it for various activities despite the Supreme Court's assertion that is not mandatory, you need to get one at the earliest.</b>
<p style="text-align: justify; ">The article by Priya Nair and Sanjay Kumar Singh was published in the <a class="external-link" href="http://www.business-standard.com/article/economy-policy/from-i-t-returns-to-phone-connections-aadhaar-gets-more-teeth-117032600717_1.html">Business Standard</a> on March 27, 2017. Udbhav Tiwari was quoted.</p>
<hr />
<p style="text-align: justify; ">Until now the need for an Aadhaar card arose if someone wanted to avail of the LPG subsidy, or if senior citizens wanted to enjoy a concession on train tickets. This 12-digit number, which is a proof of identity, is largely used by the government to distribute cash benefits and other subsidies under its welfare schemes. Since submitting the Aadhaar card at the time of opening a bank account, investing in a mutual fund, etc is optional (you can submit another proof of identity), many people have still not bothered to get one. That ambivalent attitude will now have to change. <br /><br />This year onwards all those filing income tax returns will have to furnish their Aadhaar number. There is a field in the income tax return form for Aadhaar number. Don’t forget to fill it this year. If you do not have an Aadhaar number, you will have to submit the enrolment number of your application for Aadhaar. "In case of failure to intimate the Aadhaar number, the PAN allotted to the person shall be deemed invalid and the other provisions of the Income Tax Act shall apply, as if the person has not applied for allotment of PAN," says Amarpal Chadha, tax partner, people advisory services, EY India.<br /><br />Experts say that this step has been taken to deal with the problem of duplicate permanent account numbers (PAN) and to control black money. Says Kuldip Kumar, partner and leader-personal tax at PwC India: “Many people have more than one PAN, even though there is a penalty under the Income Tax Act for doing so. The government is linking PAN to Aadhaar to deal with this problem. This step will also help control black money. Whether you invest in stocks, shares, or do any other high-value transaction, over a period of time the tax department will be able to see all this information at the click of a button." Other experts also agree that this step will create an audit trail for various transactions. “Linking of Aadhaar and PAN will throw up any discrepancies in reported transactions and provide a ready database to the revenue authorities for necessary action,” says Vikas Vasal, partner, Grant Thornton India.<br /><br /><b>Interim problems</b><br />This measure is expected to create a slew of problems for people. Many individuals may still not have an Aadhaar card. They should apply for one post-haste. Everyone needs to check if their Aadhaar and PAN details match. If there are discrepancies between the two, get either your Aadhaar or PAN details updated so that you do not face problems at the time of filing returns. Details on how to update the Aadhaar and PAN are available on the web sites of UID and the IT department respectively (see box). <br /><br />Non-Resident Indians (NRI) and foreign nationals may also need to obtain an Aadhaar number now. Many NRIs have an income (before claiming any deduction) that exceeds the basic exemption limit of Rs 2.5 lakh, and hence file a tax return in India. Foreign nationals who have spent time in India and earned an income also need to file a tax return. Indian residents who have been sent by their companies to work abroad will also have to scramble for the card. "March is about to end and tax returns will have to be filed by the end of July. Persons who have to file a tax return but are abroad will face a challenge getting the Aadhaar card made in time since you have to be physically present in India for this purpose,’’ says Kumar. The government may possibly grant some leeway to such people. <br /><br />Even though the Supreme Court has said that Aadhaar is not mandatory, there are several instances where the authorities are insisting on it. Those applying for domicile proof and those who want to get their property registered are being asked to provide this number. Some telecom providers also insist on it before giving a connection. Schools are asking for it from students. You need it to appear for competitive exams like IIT JEE. Online providers of financial products insist on Aadhaar since it makes KYC easier. With the government moving strongly towards making Aadhaar compulsory, one can't escape complying with this regulation. <br /><br /><b>Risks of an Aadhaar-centric system</b><br />There are several risks associated with Aadhaar, whose basic purpose is authentication and authorisation. The first problem arises from the fact that it is easily accessible to miscreants. Aadhaar numbers of thousands of people have been uploaded on the Internet. "Since the Aadhaar number has to be given at so many places, it can be misused to pull information about people from the centralised database. In the case of credit and debit cards, we are told not to shares these numbers publicly as the number is the first thing required for carrying out a transaction. That is not the case with Aadhaar. UID's position is that you should treat your Aadhaar number carefully. But the fact is that the Aadhaar number is not used carefully either by consumers or businesses. It is a fairly public number. With Aadhaar too much power is being vested in a number that is quite public,’’ says Udbhav Tiwari, policy officer, Centre for Internet and Society, Bengaluru.</p>
<p style="text-align: justify; ">Second, Aadhaar has a centralised database, and all centralised databases are vulnerable to hacking. Third, biometrics are not a very secure form of authentication. "Fingerprints are easy to forge. The UID says that the device (used to check the fingerprint) should not remember the biometrics but should only transfer it to UID which will verify the information. But miscreants could use a device that captures your biometrics," says Tiwari. <br /><br />Other documents used for identification like PAN and passport are not easy to duplicate because of their security features. PAN, for instance, has a hologram. The power of the passport lies not in the passport number but in the document. Without the passport one cannot travel internationally. But in case of Aadhaar one can go on the Internet and print a new Aadhaar card. “If somebody has managed to capture my fingerprint and has my Aadhaar number, he can use it wherever Aadhaar is required,’’ says Tiwari.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/business-standard-march-27-2017-priya-nair-and-sanjay-kumar-singh-get-an-aadhaar-card-if-you-dont-have-one'>http://editors.cis-india.org/internet-governance/news/business-standard-march-27-2017-priya-nair-and-sanjay-kumar-singh-get-an-aadhaar-card-if-you-dont-have-one</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-04-04T15:39:05ZNews ItemIndia’s National ID Program May Be Turning The Country Into A Surveillance State
http://editors.cis-india.org/internet-governance/news/buzzfeednews-pranav-dixit-april-4-2017-indias-national-id-program-may-be-turning-the-country-into-a-surveillance-state
<b> For seven years, India’s government has been scanning the irises and fingerprints of its citizens into a massive database. The once voluntary program was intended to fix the country’s corrupt welfare schemes, but critics worry about its Orwellian overtones. </b>
<p style="text-align: justify; ">The blog post by Pranav Dixit was <a class="external-link" href="https://www.buzzfeed.com/pranavdixit/one-id-to-rule-them-all-controversy-plagues-indias-aadhaar?utm_term=.ksRqWv6w#.vdnR3bQx">published by BuzzFeedNews</a> on April 4, 2017. Sunil Abraham was quoted.</p>
<hr style="text-align: justify; " />
<p><i>An abridged version of the blog post containing Sunil Abraham's quotes are reproduced below</i>:</p>
<h3 style="text-align: justify; ">“You can’t change your fingerprints”</h3>
<p style="text-align: justify; "><b>Sunil Abraham, the</b> CIS director, calls himself a “technological critic” of the Aadhaar platform. For years, he’s been warning of the security risks associated with a centralized repository of the demographic and biometric details of a billion or so people.</p>
<p style="text-align: justify; ">“Aadhaar is a sitting duck,” Abraham told BuzzFeed News. That’s not an unreasonable assessment considering that India’s track record for protecting people’s private data is <a href="https://www.buzzfeed.com/pranavdixit/the-medical-reports-of-43000-people-including-hiv-patients-w">far from stellar</a>. Earlier this year, for example, a security researcher discovered a website that was leaking the Aadhaar demographic data of more than 500,000 minors. The website was subsequently shut down, but the incident raised questions about Aadhaar’s security protocols — particularly those around data shared with third parties.</p>
<p style="text-align: justify; ">Abraham’s concerns are not without global precedent. In 2012, Ecuadorian police jailed blogger Paul Moreno for breaking <a href="https://www.wired.com/2012/12/security-post-lands-ecuadorian-blogger-in-jail/">into the country’s online national identity database</a> and registering himself as Ecuadorian President Rafael Correa. In April 2016, <a href="https://www.wired.com/2016/04/hack-brief-turkey-breach-spills-info-half-citizens/">hackers posted</a> a database containing names, national IDs, addresses, and birth dates of more than 50 million Turkish citizens, including Turkish President Recep Tayyip Erdogan; later that month, Mexico’s entire voter database — over 87 million national IDs, addresses, and more — <a href="http://www.in.techspot.com/news/security/mexicos-voter-database-containing-the-records-of-over-80-million-citizens-leaked-online/articleshow/51979787.cms"> was leaked</a> onto Amazon’s cloud servers by as-yet-untraced sources; and in the Philippines, more than 55 million voters had their private information — including fingerprints — <a href="http://www.wired.co.uk/article/philippines-data-breach-fingerprint-data">released on the Dark Web</a>.</p>
<div class="buzz_superlist_item_left_small longform_pullquote buzz-superlist-item buzz_superlist_item" id="superlist_4501688_10817551" style="text-align: justify; ">
<blockquote class="solid white_pullquote">
<p>“When this database is hacked — and it will be — it will be because someone breaches the computer security that protects the computers actually using the data.”</p>
</blockquote>
</div>
<p style="text-align: justify; ">“What is the price that we pay as a nation if our database of over a billion people — complete with all 10 fingerprints and iris scans — leaks?” Abraham asked. The consequences, he said, will be permanent. Unlike a password, which you can reset at any time, your biometrics, if compromised, are the ultimate privacy breach. “You can’t change your fingerprints.”</p>
<p style="text-align: justify; ">The UIDAI <a href="https://uidai.gov.in/images/aadhaar_question_and_answers.pdf">claims</a> that the Aadhaar database is protected using the “highest available public key cryptography encryption (PKI-2048 and AES-256)” and would take “billions of years” to crack.</p>
<p style="text-align: justify; ">“Encryption like this doesn’t typically get broken, it gets circumvented,” security researcher Troy Hunt told BuzzFeed News. “For example, the web application that sits in front of it is compromised and data is retrieved after decryption.” Or alternatively, he said, the encryption key itself is compromised. “Naturally, governments will offer all sorts of assurances on these things, but the simple, immutable fact is that once large volumes are centralized like this, there is a heightened risk of security incidents and of the data consequently being lost or exposed,” he added.</p>
<p style="text-align: justify; ">Cryptographer and cybersecurity expert Bruce Schneier echoed Hunt’s assessment. “When this database is hacked — and it will be — it will be because someone breaches the computer security that protects the computers actually using the data,” he said. “They will go around the encryption.”</p>
<p style="text-align: justify; ">Nilekani — who did not respond to BuzzFeed News’ requests for comment — recently dismissed concerns around the project’s privacy implications as “hand-waving.” In an <a href="http://cio.economictimes.indiatimes.com/news/corporate-news/show-me-even-one-example-of-data-theft-aadhaar-is-very-very-secure-nandan-nilekani/57982816">interview</a> with the <i>Economic Times</i>, he repeatedly stressed how secure Aadhaar’s “advanced encryption technology” was. “I can categorically say that it’s the most secure system in India and among the most secure systems in the world,” he said.</p>
<p style="text-align: justify; ">Abraham is unconvinced by such assurances. He believes Aadhaar fundamentally changes the equation between a citizen and a state. “There’s a big difference between you identifying yourself to the government, and the government identifying who you are,” he said.</p>
<p>Aadhaar’s opponents say the program’s implementation has left India’s poorest people with no choice but to use it. “If you link people’s food subsidies, wages, bank accounts, and other crucial things to Aadhaar, you hit them where it hurts the most,” Ramanathan argued. “You leave them with no choice but to sign up.”</p>
<p style="text-align: justify; ">“Can you imagine if the United States passed a law that said that every person who wished to get food stamps would need their fingerprints registered in a government-owned database?” a journalist turned Aadhaar activist who did not wished to be named told BuzzFeed News. “Imagine what a scandal that would be.”</p>
<p style="text-align: justify; ">For Nilekani, such criticism is just overstatement and drama. “I think this so-called anti-Aadhaar lobby is really just a small bunch of liberal elites who are in some echo chamber,” he said during a recent <a href="https://www.facebook.com/etnow/videos/1471268036248071/">interview</a> with Indian business news channel <i>ET Now</i>. “The reality is that a billion people are using Aadhaar. A lot of the accusations are just delusional. Aadhaar is not a system for surveillance. [The critics] live in a bubble and are not connected to reality.”</p>
<p style="text-align: justify; ">Abraham laughed off Nilekani’s comments. “The Unique Identification Authority of India will become the monopoly provider of identification and authentication services in India,” he said. “That sounds like a centrally planned communist state to me. I don’t know which left liberal elites he’s talking about.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/buzzfeednews-pranav-dixit-april-4-2017-indias-national-id-program-may-be-turning-the-country-into-a-surveillance-state'>http://editors.cis-india.org/internet-governance/news/buzzfeednews-pranav-dixit-april-4-2017-indias-national-id-program-may-be-turning-the-country-into-a-surveillance-state</a>
</p>
No publisherpraskrishnaBiometricsAadhaarInternet GovernancePrivacy2017-04-07T12:49:30ZNews ItemPrivacy in the Age of Big Data
http://editors.cis-india.org/internet-governance/blog/asian-age-amber-sinha-april-10-2017-privacy-in-the-age-of-big-data
<b>Personal data is freely accessible, shared and even sold, and those to whom this information belongs have little control over its flow.</b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="http://www.asianage.com/india/all-india/100417/privacy-in-the-age-of-big-data.html">Asian Age</a> on April 10, 2017.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">In 2011 it was estimated that the quantity of data produced globally surpassed 1.8 zettabyte. By 2013, it had increased to 4 zettabytes. This is a result of digital services which involve constant data trails left behind by human activity. This expansion in the volume, velocity, and variety of data available, together with the development of innovative forms of statistical analytics on the data collected, is generally referred to as “Big Data”. Despite significant (though largely unrealised) promises about Big Data, which range from improved decision-making, increased efficiency and productivity to greater personalisation of services, concerns remain about the impact of such datafication of all human activity on an individual’s privacy. Privacy has evolved into a sweeping concept, including within its scope matters pertaining to control over one’s body, physical space in one’s home, protection from surveillance, and from search and seizure, protection of one’s reputation as well as one’s thoughts. This generalised and vague conception of privacy not only comes with great judicial discretion, it also thwarts a fair understanding of the subject. Robert Post called privacy a concept so complex and “entangled in competing and contradictory dimensions, so engorged with various and distinct meanings”, that he sometimes “despairs whether it can be usefully addressed at all”.</p>
<p style="text-align: justify; ">This also leaves the idea of privacy vulnerable to considerable suspicion and ridicule. However, while there is a lack of clarity over the exact contours of what constitutes privacy, there is general agreement over its fundamental importance to our ability to lead whole lives. In order to understand the impact of datafied societies on privacy, it is important to first delve into the manner in which we exercise our privacy. The ideas of privacy and data management that are prevalent can be traced to the Fair Information Practice Principles (FIPP). These principles are the forerunners of most privacy regimes internationally, such as the OECD Privacy Guidelines, APEC Framework, or the nine National Privacy Principles articulated by the Justice A.P. Shah Committee Report. All of these frameworks have rights to notice, consent and correction, and how the data may be used, as their fundamental principles. It makes the data subject to the decision-making agent about where and when her/his personal data may be used, by whom, and in what way. The individual needs to be notified and his consent obtained before his personal data is used. If the scope of usage extends beyond what he has agreed to, his consent will be required for the increased scope.</p>
<p style="text-align: justify; ">In theory, this system sounds fair. Privacy is a value tied to the personal liberty and dignity of an individual. It is only appropriate that the individual should be the one holding the reins and taking the large decisions about the use of his personal data. This makes the individual empowered and allows him to weigh his own interests in exercising his consent. The allure of this paradigm is that in one elegant stroke, it seeks to ensure that consent is informed and free and also to implement an acceptable trade-off between privacy and competing concerns. This approach worked well when the number of data collectors were less and the uses of data was narrower and more defined. Today’s infinitely complex and labyrinthine data ecosystem is beyond the comprehension of most ordinary users. Despite a growing willingness to share information online, most people have no understanding of what happens to their data.</p>
<p style="text-align: justify; ">The quantity of data being generated is expanding at an exponential rate. From smartphones and televisions, trains and airplanes, sensor-equipped buildings and even the infrastructures of our cities, data now streams constantly from almost every sector and function of daily life, “creating countless new digital puddles, lakes, tributaries and oceans of information”. The inadequacy of the regulatory approaches and the absence of a comprehensive data protection regulation is exacerbated by the emergence of data-driven business models in the private sector and the adoption of data-driven governance approach by the government. The Aadhaar project, with over a billion registrants, is intended to act as a platform for a number of digital services, all of which produce enormous troves of data. The original press release by the Central Government reporting the approval by the Cabinet of Ministers of the Digital India programme, speaks of “cradle to grave” digital identity as one of its vision areas.</p>
<p style="text-align: justify; ">While the very idea of the government wanting to track its citizens’ lives from cradle to grave is creepy enough in itself, let us examine for a minute what this form of datafied surveillance will entail. A host of schemes under Digital India shall collect and store information through the life cycle of an individual. The result, as we can see, is building databases on individuals, which when combined, will provide a 360 degree view into the lives of individuals. Alongside the emergence of India Stack, a set of APIs built on top of the Aadhaar, conceptualised by iSPIRT, a consortium of select IT companies from India, to be deployed and managed by several agencies, including the National Payments Corporation of India, promises to provide a platform over which different private players can build their applications.</p>
<p style="text-align: justify; ">The sum of these interconnected parts will lead to a complete loss of anonymity, greater surveillance and impact free speech and individual choice. The move towards a cashless economy — with sharp nudges from the government — could lead to lack of financial agencies in case of technological failures as has been the case in experiments with digital payments in Africa. Lack of regulation in emerging data driven sectors such as Fintech can enable predatory practices where right to remotely deny financial services can be granted to private sector companies. An architecture such as IndiaStack enables datafication of financial transactions in a way that enables linked and structured data that allows continued use of the transaction data collected. It is important to recognise that at the stage of giving consent, there are too many unknowns for us to make informed decisions about the future uses of our personal data. Despite blanket approvals allowing any kind of use granted contractually through terms of use and privacy policies, there should be legal obligations overriding this consent for certain kinds of uses that may require renewed consent.</p>
<p style="text-align: justify; "><b>Biometrics-based identification in UK: </b>In 2005, researchers from London School of Economics and Political Science came out with a detailed report on the UK Identity Cards Bill (‘UK Bill’) — the proposed legislation for a national identification system based on biometrics. The project also envisaged a centralised database (like India) that would store personal information along with the entire transaction history of every individual. The report pointed strongly against the centralising storage of information and suggested other alternatives such as a system based on smartcards (where biometrics are stored on the card itself) or offline biometric-reader terminals.</p>
<p style="text-align: justify; ">As per the report, the alternatives would also have been cheaper as neither required real-time online connectivity. In India, online authentication is a far greater challenge. According to Network Readiness Index, 2016, India ranks 91, whereas UK is placed eight. Poor Internet connectivity can raise a lot of problems in the future including paralysis of transactions. The UK identification project was subsequently discarded as a result of the privacy and cost considerations raised in this report.</p>
<h3 style="text-align: justify; ">Aadhaar: Privacy concerns</h3>
<ol style="text-align: justify; ">
<li>Once the data is collected through National Information Utilities, it will be privatised and controlled by private utilities.</li>
<li>Once an individual’s data is entered in the system, it cannot be deleted. That individual will have no control over it.</li>
<li>Aadhaar Data (Demographic details along with photographs) are shared/transferred with the private entities including telecom companies as per the Aadhaar (Targeted delivery of Financial and other subsidies, benefits and services) Act, 2016 with the consent of Aadhaar number holder to fulfil their e-KYC requirements. The data is shared in encrypted form through secured channel.</li>
<li>Aadhaar Enabled Payment System (AEPS) on which 119 banks are live.</li>
<li>More than 33.87 crore transactions have taken place through AEPS, which was only 46 lakhs in May 2014.</li>
<li>As on 30-9-2016, 78 government schemes were linked to Aadhaar.</li>
<li>The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, provides that no core-biometric information (fingerprints, iris scan) shall be shared with anyone for any reason whatsoever (Sec 29) and that the biometric information shall not be used for any purpose other than generation of Aadhaar and authentication.</li>
<li>Access to the data repository of UIDAI, called the Central Identities Data Repository(CIDR), is provided to third parties or private companies.</li>
</ol>
<p style="text-align: justify; "><b>Central Monitoring System</b> (CMS) is already live in Delhi, New Delhi and Mumbai. Union minister Ravi Shankar Prasad revealed this in one of his replies in the Lok Sabha last year. CMS has been set up to automate the process of Lawful Interception & Monitoring of telecommunications.</p>
<p style="text-align: justify; "><b>Central Monitoring System</b> (CMS) is already live in Delhi, New Delhi and Mumbai. Union minister Ravi Shankar Prasad revealed this in one of his replies in the Lok Sabha last year. CMS has been set up to automate the process of Lawful Interception & Monitoring of telecommunications.</p>
<p style="text-align: justify; "><b>Lawful Intercept </b>and Monitoring (LIM) systems are used by the Indian Government to intercept records of voice, SMSes, GPRS data, details of a subscriber’s application and recharge history and call detail record (CDR) and monitor Internet traffic, emails, web-browsing, Skype and any other Internet activity of Indian users.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/asian-age-amber-sinha-april-10-2017-privacy-in-the-age-of-big-data'>http://editors.cis-india.org/internet-governance/blog/asian-age-amber-sinha-april-10-2017-privacy-in-the-age-of-big-data</a>
</p>
No publisheramberInternet GovernanceAadhaarBig DataPrivacy2017-04-11T14:43:59ZBlog EntryOpposition questions govt move to make Aadhaar must
http://editors.cis-india.org/internet-governance/news/livemint-april-12-2017-komal-gupta-opposition-questions-govt-move-to-make-aadhaar-must
<b>Congress leader Jairam Ramesh claimed that the Aadhaar system was becoming an instrument of social exclusion rather than one of identity. </b>
<p style="text-align: justify; ">The article by Komal Gupta was <a class="external-link" href="http://www.livemint.com/Politics/nwqpFParHM0Ym8F4Dwt3yL/Rajya-Sabha-debates-Aadhaar-Opposition-points-to-flaws.html">published in Livemint</a> on April 11, 2017. Pranesh Prakash was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The Rajya Sabha on Monday witnessed a lively debate on Aadhaar, with the opposition questioning the government’s move to make the 12-digit unique identification number mandatory for a host of welfare benefits.<br /><br />Congress leader Jairam Ramesh claimed that the Aadhaar system was becoming an instrument of social exclusion rather than one of identity.<br /><br />“My major concern is implementation, how Aadhaar is being used to exclude people to avail benefits of the schemes which have been designed for them…If you need to apply to avail benefits, it’s as good as mandatory,” said Ramesh.</p>
<p style="text-align: justify; ">The former cabinet minister argued that over 25% of the population will stand excluded.<br /><br />“The Rs50,000 crore savings due to Aadhaar linkage as given by the government is highly questionable,” he said, adding that according to Comptroller and Auditor General (CAG) reports, 92% of the savings on domestic gas subsidies is not on account of Aadhaar implementation or direct benefit transfer. “Instead, it is because of the fall in international oil prices,” Ramesh argued.<br /><br />Trinamool Congress member Derek O’Brien said that for manual labourers, biometric identification does not always match and that can deprive them of welfare.<br /><br />He gave the example of Andhra Pradesh, where almost half the 85,000 ration card holders in 2014 were unable to get subsidized foodgrains due to faulty point of sale machines and biometrics not matching.</p>
<p style="text-align: justify; ">K.T.S Tulsi, member of Parliament and senior Supreme Court advocate, said, “Not in my whole career have I come across a greater mutilation of a statutory provision than what has taken place in the case of Aadhaar.” He said Section 29 of the Aadhaar Act doesn’t permit data stored with the Unique Identification Authority of India (UIDAI) to be shared with anyone but a provision was later made for voluntary agreement to allow the sharing of data.<br /><br />IT and law minister Ravi Shankar Prasad said, “No religion, income, medical history, ethnicity or education is asked in Aadhaar. Even email ID and phone number is optional.”<br /><br />“The right of privacy of individuals must be respected. The privacy of the data cannot be breached by us except in the case of national security,” Prasad added.<br /><br />He claimed that the government has been blacklisting operators that share data from the Aadhaar system. It has blacklisted 34,000 operators, and has taken action against 1,000 of them.</p>
<p style="text-align: justify; ">Prasad also said that UIDAI will be accountable to the Parliament.<br /><br />Expressing concern on mandating the use of Aadhaar for different services, Pranesh Prakash, Policy director of the Centre for Internet and Society, said, “As an enabler, people would want to have Aadhaar. But when it is made mandatory, it becomes more of a disenabler instead of an enabler.”<br /><br />“With the move towards a digital economy, setting up of a data protection authority as recommended by the Shah committee is important along with mass surveillance and greater accountability from the government,” he added.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/livemint-april-12-2017-komal-gupta-opposition-questions-govt-move-to-make-aadhaar-must'>http://editors.cis-india.org/internet-governance/news/livemint-april-12-2017-komal-gupta-opposition-questions-govt-move-to-make-aadhaar-must</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-04-12T14:19:20ZNews ItemAadhaar: A widening net
http://editors.cis-india.org/internet-governance/news/livemint-april-21-2017-komal-gupta-apurva-vishwanath-suranjana-roy-aadhaar-a-widening-net
<b>As India makes Aadhaar compulsory for a range of services, concerns about potential data breaches remain more than six years after the govt started building the world’s largest biometric identification system.</b>
<p>The article by Komal Gupta, Apurva Vishwanath and Suranjana Roy was <a class="external-link" href="http://www.livemint.com/Politics/eTxrtAxzFq738LzFdx7yXK/Aadhaar-A-widening-net.html">published in Livemint</a> on April 21, 2017. Pranesh Prakash was quoted.</p>
<hr />
<p style="text-align: center; "><img alt="The Aadhaar project, under which a 12-digit identification number is to be allotted to every Indian resident, was originally supposed to be a way of plugging leakages in the delivery of state benefits such as subsidized grains to the poor. Photo: Priyanka Parashar/Mint" class="img-responsive" height="378" src="http://www.livemint.com/rf/Image-621x414/LiveMint/Period2/2017/04/21/Photos/Processed/asia-cover.JPG" title="The Aadhaar project, under which a 12-digit identification number is to be allotted to every Indian resident, was originally supposed to be a way of plugging leakages in the delivery of state benefits such as subsidized grains to the poor. Photo: Priyanka Parashar/Mint" width="582" /></p>
<p>On 29 March, a storm broke out on social media after private data that former Indian cricket captain M.S. Dhoni had furnished to get enrolled in India’s unique identity system, known as Aadhaar, were leaked online.</p>
<p style="text-align: justify; ">The popular cricketer’s wife, Sakshi, flagged the matter on Twitter, tagging information technology (IT) minister Ravi Shankar Prasad. “Is there any privacy left? Information of Aadhaar card, including application, is made public property,” Sakshi fumed on the microblogging site.</p>
<p>The minister replied: “Sharing personal information is illegal. Serious action will be taken against this.”</p>
<p style="text-align: justify; ">It turned out to be the fault of an overenthusiastic common services centre in Dhoni’s home town of Ranchi licensed to enrol people in Aadhaar. The centre was promptly blacklisted. “We have ordered further inquiry on the matter and action will be taken against all those involved in the leak,” said Ajay Bhushan Pandey, chief executive officer of the Unique Identification Authority of India (UIDAI), which administers Aadhaar.</p>
<p style="text-align: justify; ">The matter blew over soon enough, but it served to illustrate the lingering concerns about potential data breaches and privacy violations surrounding Aadhaar, which has become the world’s largest biometric identification database with 1.13 billion people enrolled in it in the past six years.</p>
<p style="text-align: justify; ">The project, under which a 12-digit identification number is to be allotted to every Indian resident, was originally supposed to be a way of plugging leakages in the delivery of state benefits such as subsidized grains to the poor.</p>
<p style="text-align: justify; ">It has now become mandatory for everything ranging from opening a bank account and getting a driver’s licence or a mobile phone connection to filing of income tax returns. Even government school students entitled to a free mid-day meal need an Aadhaar number.</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/AadhaarMint.jpg" alt="Aadhaar " class="image-inline" title="Aadhaar " /></p>
<p style="text-align: justify; ">The use of Aadhaar has only expanded with the government going on an overdrive to promote cashless transactions and payment systems linked to the biometric ID system after banning old, high-value bank notes in November in a crackdown on unaccounted wealth hidden away from the taxman.</p>
<p style="text-align: justify; ">For instance, the Aadhaar-Enabled Payment System (AEPS) empowers a bank customer to use Aadhaar as her identity to access her Aadhaar-enabled bank account and perform basic banking transactions like cash deposit or withdrawal through a bank agent or business correspondent.<br /><br />The customer can carry out transactions by scanning her fingerprint at any micro ATM or biometric point-of-sale (POS) terminal, and entering the Aadhaar number linked to the bank account. A merchant-led model of AEPS, called Aadhaar Pay, has also been launched.<br /><br />Last week, Prime Minister Narendra Modi launched the BHIM-Aadhaar platform—a merchant interface linking the unique identification number to the Bharat Interface for Money (BHIM) mobile application. This will enable merchants to receive payments through fingerprint scans of customers.<br /><br />“Any citizen without access to smartphones, Internet, debit or credit cards will be able to transact digitally through the BHIM-Aadhaar platform,” a government statement said.<br /><br />Aadhaar’s growing importance in the economy has only served to deepen concerns about potential data breaches. And there are other concerns as well.<br /><br />For instance, the Aadhaar biometric authentication failure rate in the rural job guarantee scheme, which assures 100 days of work a year to one member of every rural household, is as high as 36% in the southern state of Telangana, according to data released by the state government.<br /><br />“Aadhaar is supposed to be an enabler and it will happen only when it is made voluntary. Biometric authentications might fail due to poor data connectivity and transactions might not happen even though the Aadhaar number of the person is there; so, what’s the benefit,” asked Pranesh Prakash, policy director of the Centre for Internet and Society, a Bengaluru-based think tank.<br /><br />Aadhaar was the brainchild of the previous United Progressive Alliance (UPA) government, which lost power in the 2014 general election to the National Democratic Alliance (NDA). The first 10 Aadhaar numbers were handed over to residents of a small village called Tembhli in Maharashtra on 29 September 2010 in the presence of then prime minister Manmohan Singh, Congress party president Sonia Gandhi and Aadhaar’s chief architect Nandan Nilekani, a co-founder of software services giant Infosys Ltd.</p>
<p style="text-align: justify; ">After coming to power, the NDA systematically went about making Aadhaar the pivot of government welfare programmes. In March last year, Parliament passed the Aadhaar Bill to make the use of Aadhaar mandatory for availing of government subsidies despite resistance from opposition parties.<br /><br />Last month, finance minister Arun Jaitley said the 12-digit number would eventually become a single, monolithic proof of identity for every Indian, replacing every other identity card.<br /><br />To be sure, Aadhaar has helped the government better target beneficiaries of its welfare programmes, cutting out middlemen and corruption. For instance, the government claims to have saved about Rs50,000 crore in cooking gas subsidies by linking the Aadhaar number with bank accounts in which the subsidy is directly transferred.<br /><br />Yet, Aadhaar has its critics, who have challenged the project on grounds including potential compromise of national security, violation of the right to privacy and exclusion of people from welfare programmes. The Supreme Court has cautioned the government that no citizen can be denied access to welfare programmes for lack of an Aadhaar number.<br /><br />Before cricketer Dhoni’s data breach made the headlines, in February, UIDAI filed a complaint against Axis Bank Ltd, business correspondent Suvidhaa Infoserve and e-sign provider eMudhra, alleging they had attempted unauthorized authentication and impersonation by illegally storing Aadhaar biometrics. The breach was noticed after one individual performed 397 biometric transactions between 14 July 2016 and 19 February 2017. All three entities have been temporarily barred from offering Aadhaar-related services until UIDAI makes a final decision.</p>
<p style="text-align: justify; ">Pranesh Prakash of the Centre for Internet and Society said rules on the use of Aadhaar data are inadequate.<br /><br />“UIDAI is allowed to share the information of a person from its database on its website, after taking proper consent of that person. However, there is no law which states what should be done if any other party does that with the same individual. Such rules must be in place,” Prakash said.<br /><br />Four years after the Aadhaar project took off, a retired judge took the government to court. K. Puttaswamy, a former judge of the Karnataka high court, moved the Supreme Court in 2013, arguing that Aadhaar violated his fundamental right to privacy under the constitution. The case opened the gates for legal challenges to Aadhaar. Over the next few years till date, at least a dozen cases had questioned the legality of the project.<br /><br />Ramon Magsaysay award winner Aruna Roy brought a case on behalf of manual workers whose faint finger prints, she said, often go undetected. Currently, only 44 million out of the 101 million beneficiaries of India’s rural job entitlement are paid through Aadhaar.<br /><br />To be sure, India’s Constitution does not contain a black and white reference to a “fundamental right to privacy”, that the government cannot violate. The list of rights says “no person shall be deprived of his life or personal liberty except according to a procedure established by law”—often interpreted by courts as an all-encompassing right including right to live with dignity, right to speedy justice and even a right to clean air.<br /><br />Nilekani, the man behind Aadhaar, has cautioned that privacy is a broader issue involving how people retain their privacy in day-to-day life. “Privacy is an all-encompassing issue because of the rapid rate of digitization the world is seeing. Your smartphone has sensors, GPS and is generating more and more information about everything; voice-activated devices could also be recording your conversations. There’s a profusion of CCTV cameras at malls, restaurants, ATMs recording your movements,” Nilekani said in a recent interview with The Economic Times.<br /><br />But this is where a problem arises. Although there is concurrence on the need for a privacy law, there is a great reluctance on the part of the government to come out with one.<br /><br />“We don’t have a comprehensive privacy law; all our databases are unlinked. The government is trying to link the databases using Aadhaar for all schemes but a separate privacy law must be there for protecting any piece of information, whether or not linked to Aadhaar,” said Rahul Matthan, a partner at law firm Trilegal and a Mint columnist.</p>
<p style="text-align: justify; ">Matthan said first a privacy law must be put in place and then there has to be a discussion on what all it must include.<br /><br />The government on its part pointed out that India’s apex court itself has been indecisive on a right to privacy.<br /><br />“The larger question on privacy needs to be settled by the court. Till then, one cannot comment on secondary concerns,” attorney general Mukul Rohatgi said in an interview.<br /><br />In 2015, the Supreme Court decided that a bench of at least seven judges will rule on the privacy issue, while clarifying that the government cannot make Aadhaar a mandatory proof of identity for its welfare schemes. Twenty months after the judicial order, the larger bench is yet to be formed by the apex court. The passing of the Aadhaar Act in Parliament to provide statutory backing to Aadhaar also indicates a departure from the Indian government’s position of not taking a legislative stand while an issue is under the apex court’s consideration.<br /><br />For example, one of the reasons the Indian government has shown restraint in repealing a colonial law that criminalizes homosexuality is because the apex court is seized of the issue.<br /><br />In the absence of legislation and pending an authoritative ruling by the top court, whether 1.3 billion Indians are entitled to their privacy remains a grey area. Meanwhile, the government is seemingly in the final stretch of its Aadhaar enrolment drive.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/livemint-april-21-2017-komal-gupta-apurva-vishwanath-suranjana-roy-aadhaar-a-widening-net'>http://editors.cis-india.org/internet-governance/news/livemint-april-21-2017-komal-gupta-apurva-vishwanath-suranjana-roy-aadhaar-a-widening-net</a>
</p>
No publisherpraskrishnaBiometricsAadhaarInternet GovernancePrivacy2017-04-22T05:06:23ZNews ItemNow, Aadhaar details displayed in Mizoram too
http://editors.cis-india.org/internet-governance/news/national-herald-sebastian-pt-april-26-2017-now-aadhaar-details-displayed-in-mizoram-too
<b>Contrary to the Centre’s assurances, government websites are revealing digital details of the poor, leaving them vulnerable to financial frauds and identity theft.</b>
<p>The article by Sebastian PT was <a class="external-link" href="https://www.nationalheraldindia.com/news/2017/04/26/aadhaar-details-displayed-in-mizoram-jharkhand-chandigarh-financial-fraud-violating-supreme-court-order">published in the National Herald</a> on April 26, 2017. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">Could there be a method to the madness? Or is it just carelessness? From the Jharkhand Government to the Union Territory of Chandigarh to the Union Ministry of Water and Sanitation to even Mizoram’s Food and Civil Supplies Department, government websites are found to have displayed Aadhaar details of citizens, a crime under the law.</p>
<p style="text-align: justify; ">In Jharkhand, details of 16 lakh beneficiaries – their bank account details, ration card and the 12-digit Aadhaar number – were displayed on the website of the Directorate of Social Security. Similar blunders were witnessed from different corners of the country from Chandigarh to Kerala, where details of 35 lakh people have been breached. This flies in the face of the Government’s repeated claims on data privacy, that Aadhaar details are completely safe.</p>
<p style="text-align: justify; ">The law doesn’t allow this. The displaying of the Aadhaar data, for instance, is in clear violation of Section 29 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. The provision clearly says that “no” Aadhaar number or core biometric information of an Aadhaar number holder shall be “published, displayed or posted publicly”.<br /><br />“There appears to be no regulation worth the name as far as the Aadhaar project is concerned,” says economist Reetika Khera from IIT Delhi.<br /><br />So, will these officials responsible be punished according to the Act? More importantly, what about the damage of leaking such sensitive, apparently confidential data?</p>
<h3 style="text-align: justify; ">Irreparable Damage</h3>
<p style="text-align: justify; ">Several cyber security experts have been warning of the possibility of precisely such leaks and Opposition parties were vociferously pointing this out while the Centre was brazenly violating the Supreme Court’s orders and forcibly extending Aadhaar to almost everything – including it being linked to one’s Permanent Account Number (PAN), used for filing income tax.</p>
<p style="text-align: justify; ">“What has been broken through technology, can’t be fixed with the law,” says Sunil Abraham, Executive Director of Bangalore-based research organisation, the Centre for Internet and Society.</p>
<p style="text-align: justify; ">The data breach just made it easy for players in the black market for ID (identification) documents to be lapped up to create false ID cards, for instance.</p>
<p style="text-align: justify; ">When demonetisation was being implemented, sources say that black money hoarders apparently bought fake IDs which were made from stolen Aadhaar details to get the old notes exchanged – one way for doing this was perhaps by opening new bank accounts or to, say, utilise unused Jan Dhan accounts to deposit the money. Now, one can only imagine what terrorists can do with these details.</p>
<p style="text-align: justify; ">So far, perhaps, the only solace is that the biometric details of the beneficiaries weren’t leaked. But, in the backdrop of the lax attitude of the various government departments, even that too is just waiting to happen, fear experts.</p>
<p style="text-align: justify; ">Abraham warns that Aadhaar was always a risky proposition as it was based on biometrics, which “made it very insecure”. He terms it as a “mass surveillance technology” – that too a poorly-designed technology – which, in fact, “undermines security”. Once biometric data are compromised, it cannot be secured again. Instead of biometrics, he suggests the UIDAI shift to using smart cards.</p>
<p style="text-align: justify; ">The unfettered forcible linking of almost everything – from bank accounts to one’s PAN card – to Aadhaar only makes things worse. “The Centre is ‘seeding’ the various data bases with the Aadhaar number, which is a very bad move. And, involving various private and public agencies in this only makes the entire thing very precarious,” warns Abraham. He points out that, for instance, when the PAN cards are linked with the Aadhaar number, breach made possible.</p>
<p style="text-align: justify; ">Instead, he says, the government should adopt the ‘tokenisation approach’, instead of the ‘seeding approach’. What this means is that, say, if the PAN card is to be linked to Aadhaar, then UIDAI issues a token number and not the original 12-digit Aadhaar number. So, even if a breach happens, the hacker will not be able to get all the Aadhaar details, he says.</p>
<p style="text-align: justify; ">However, the government does not seem to be taking the issue of privacy very seriously. What perhaps is not being understood is that this is not just a privacy issue, but making the masses vulnerable to frauds. Instead of treading cautiously in implementing Aadhaar, the government seems to be in a hurry to extend it to almost every possible silo in an individual’s life.</p>
<p style="text-align: justify; ">“Given the callous attitude of central and state governments, I hope that the Supreme Court will stop the government from a forced linking of Aadhaar, on the one hand, and bank accounts and PAN numbers on the other hand,” says Khera.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/national-herald-sebastian-pt-april-26-2017-now-aadhaar-details-displayed-in-mizoram-too'>http://editors.cis-india.org/internet-governance/news/national-herald-sebastian-pt-april-26-2017-now-aadhaar-details-displayed-in-mizoram-too</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-04-27T16:59:37ZNews ItemIs Your Aadhar Biometrics Safe? Firms Accused Of Storing Biometrics And Using Them Illegally
http://editors.cis-india.org/internet-governance/news/outlook-february-24-2017-is-your-aadhar-biometrics-safe-firms-accused-of-storing-biometrics-and-using-them-illegally
<b>Fears of Aadhar biometric security have been compounded as the government is sprinting towards the next phase of ‘cashless India’ and digitization</b>
<p style="text-align: justify; ">Pranesh Prakash and Sunil Abraham have been quoted in this article <a class="external-link" href="http://www.outlookindia.com/website/story/is-your-aadhar-biometrics-safe-firms-accused-of-storing-biometrics-and-using-the/298048">published by Outlook</a> on February 24, 2017.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The biggest fear regarding misuse of Aadhar biometrics and security loopholes are becoming real.</p>
<p style="text-align: justify; ">Three firms are being probed for attempting unauthorised authentication and impersonation by using stored Aadhaar biometrics, reported <i>The Times of India.</i></p>
<p style="text-align: justify; ">The paper reported that the Unique Identification Authority of India (UIDAI) has lodged a criminal complaint with the cyber cell of Delhi Police, saying it is a clear violation of the law.</p>
<p style="text-align: justify; ">“The firms are Axis Bank, Suvidhaa Infoserve and eMudhra. They have been served a “notice for action“ under Aadhaar regulations”.</p>
<p style="text-align: justify; ">The firms have been accused of storing biometrics and using them illegally.</p>
<p style="text-align: justify; ">The fears of biometric security have been compounded as the government is sprinting towards the next phase of ‘cashless India’ and digitization. They are preparing to launch Aadhaar Pay, an initiative that will supersede the need to use credit cards, debit cards, smartphones and PINs to make payments or transfer money.</p>
<p style="text-align: justify; ">The proposed system of payments will use a person’s biometric data and fingerprints to make payments through Aadhaar-linked bank accounts.</p>
<p style="text-align: justify; "><i>Outlook</i>’s Senior Associate Editor Arindam Mukherjee had in a clairvoyant <a href="http://www.outlookindia.com/magazine/story/no-genie-at-your-fingertips/298449" target="_blank">article</a> for the magazine raised the fears of biometrics being manipulated.</p>
<p style="text-align: justify; ">In the <a href="http://www.outlookindia.com/magazine/story/no-genie-at-your-fingertips/298449" target="_blank">article</a>, critics of Aadhaar and Aadhaar-based services raised the issue of privacy and security of biometric and personal data.</p>
<p style="text-align: justify; ">Pranesh Prakash, policy director with the Centre for Internet and Society (CIS), recently tweeted, “As long as Aadhar-Enabled Payment Services encourages biometric authorisation of transactions, it is bound to be a security nightmare, with widespread fraud.” Would you tell a shopkeeper your debit card’s PIN? No. Then why share your fingerprint? A fingerprint, in this system, becomes a kind of unchangeable Aadhaar Enabled Payment System PIN, he asks.</p>
<p style="text-align: justify; ">Pointing out a possible danger, Usha Ramanathan, an independent law researcher who has been following Aadhaar since its inception, says, “In many payments, biometric data is authenticated and then it remains in the system where there are leakages. Intermediaries then have access to the data, which is thus made insecure.”</p>
<p style="text-align: justify; ">According to the UIDAI, however, once biometric data is provided by the consumer while making Aadhaar-based payments, it gets encrypted and a merchant doesn’t get access to that data. The Aadhaar Act also prohibits any storing of biometric data in local devices.</p>
<p style="text-align: justify; ">And yet, there are many like CIS executive director Sunil Abraham who believe it is a mistake to use biometrics for authentication, especially when payments are concerned.</p>
<p style="text-align: justify; ">“Our concern with Aadhaar Pay is about the biometric component of the project,” says Abraham. “Biometrics is an identification technology. Unfortunately, it is being presented as an authentication technology. It is not a secure authentication technology as biometric data can be stolen easily. It is also irrevocable; once biometric data is stolen, it cannot be re-issued like a smart card.”</p>
<p style="text-align: justify; ">Then there is the problem of availability of fingerprints. In the case of many people from rural areas and the working class, fingerprints get affected due to the manual nature of their work. This makes it difficult for this target group of UIDAI to conduct transactions properly through Aadhaar Pay. “In Rajasthan, 30 per cent of the households are not even able to procure ration using fingerprints,” says Ramanathan.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/outlook-february-24-2017-is-your-aadhar-biometrics-safe-firms-accused-of-storing-biometrics-and-using-them-illegally'>http://editors.cis-india.org/internet-governance/news/outlook-february-24-2017-is-your-aadhar-biometrics-safe-firms-accused-of-storing-biometrics-and-using-them-illegally</a>
</p>
No publisherpraskrishnaBiometricsAadhaarInternet GovernancePrivacy2017-02-27T01:56:28ZNews ItemCan the Judiciary Upturn the Lok Sabha Speaker’s Decision on Aadhaar?
http://editors.cis-india.org/internet-governance/blog/the-wire-amber-sinha-february-21-2017-can-the-judiciary-upturn-the-lok-sabha-speakers-decision-on-aadhaar
<b>When ruling on the petition filed by Jairam Ramesh challenging passing the Aadhaar Act as a money Bill, the court has differing precedents to look at.</b>
<p>The article was <a class="external-link" href="https://thewire.in/110795/aadhaar-money-bill-judiciary/">published in the Wire</a> on February 21, 2017.</p>
<hr />
<p style="text-align: justify; ">In <a href="http://thewire.in/2016/04/24/the-aadhaar-act-is-not-a-money-bill-31297/" target="_blank" title="an earlier article">an earlier article</a>, I had argued that the characterisation of the <a href="https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=0ahUKEwj0xo6U_KDSAhVHLo8KHcygCVEQFggvMAQ&url=https%3A%2F%2Fuidai.gov.in%2Fimages%2Fthe_aadhaar_act_2016.pdf&usg=AFQjCNHDmJKdO8jdfGZJKLKRJQpHdf1Frw&sig2=B_YbWncu6eyZHJ1MFTD0NA" rel="external nofollow" target="_blank" title="Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act">Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act</a>, as a money Bill by Sumitra Mahajan, speaker of the Lok Sabha, was erroneous. Specifically, I had argued that upon perusal of Article 110 (1) of the constitution, the Aadhaar Act does not satisfy the conditions required of a money Bill. For a legislation to be classified as a money Bill, it must comprise of ‘only’ provisions dealing with the following matters: (a) imposition, regulation and abolition of any tax, (b) borrowing or other financial obligations of the government of India, (c) custody, withdrawal from or payment into the Consolidated Fund of India (CFI) or Contingent Fund of India, (d) appropriation of money out of CFI, (e) expenditure charged on the CFI or (f) receipt or custody or audit of money into CFI or public account of India; or (g) any matter incidental to any of the matters specified in sub-clauses (a) to (f).</p>
<p style="text-align: justify; ">Article 110 is modelled on Section 1(2) of the UK’s Parliament Act, 1911, which also defines money Bills as those only dealing with certain enumerated matters. The use of the word ‘only’ was brought up by Ghanshyam Singh Gupta during the constituent assembly debates. He pointed out that the use of the word ‘only’ limits the scope money Bills to only those legislations which did not deal with other matters. His amendment to delete the word ‘only’ was rejected, clearly establishing the intent of the framers of the constitution to keep the ambit of money Bills extremely narrow. G.V. Mavalankar, the first speaker of Lok Sabha, had stated that the word ‘only’ must not be construed so as to give an overly restrictive meaning. For instance, a Bill which deals with taxation could have provisions which deal with the administration of the tax. The finance minister, Arun Jaitley, referred to these words by Mavalankar, justifying the classification of the Aadhaar Act as a money Bill.</p>
<p style="text-align: justify; ">While the Aadhaar Bill does makes references to benefits, subsidies and services funded by the CFI, even a cursory reading of the Bill reveals its main objectives as creating a right to obtain a unique identification number and providing for a statutory apparatus to regulate the entire process. Any reasonable reading of the legislation would be hard pressed to view all provisions in the Aadhaar Act, aside from the one creating a charge on the CFI, as merely administrative provisions incidental to the creation such charge. The mere fact of establishing the Aadhaar number as the identification mechanism for benefits and subsidies funded by the CFI does not give it the character of a money Bill. The Bill merely speaks of facilitating access to unspecified subsidies and benefits rather than their creation and provision being the primary object of the legislation. Erskine May’s seminal textbook, Parliamentary Practice, is instructive in this respect and makes it clear that a legislation which simply makes a charge on the consolidated fund does not becomes a money Bill if otherwise its character is not that of one. Further, the subordinate regulations notified under the Aadhaar Act deal almost entirely with matters to do with enrolment, updation, authentication of the Aadhaar number and related matters such as data security regulations and sharing of information collected, rather than the provision of benefits or subsidies or disbursal of funds otherwise from the CFI.</p>
<p style="text-align: justify; ">However, in the context of the petition filed by former Union minister Jairam Ramesh challenging the passage of the law on Aadhaar as a money Bill, the more important question is whether the judiciary has a right to question the speaker’s decision in such a matter. If not, any other questions about whether the legislation is a money Bill will remain merely academic in nature.</p>
<h3 style="text-align: justify; ">Irregularity vs illegality</h3>
<p style="text-align: justify; ">Article 110 (3) clearly states that with regard to the question whether a legislation is a money Bill or not, the decision of the speaker is final and binding. The question is whether such a clause completely excludes any judicial review. Further, Article 122 prohibits the courts from questioning the validity of any proceedings in parliament on the ground of any alleged irregularity of procedure.</p>
<p style="text-align: justify; ">During the arguments in the court, the attorney general questioned the locus standi of Ramesh. The petition has been made under Article 32 of the constitution and the government argued that no fundamental rights of Ramesh were violated. However, the court has asked Ramesh to make his submission and adjourned the hearing to July. The petition by Ramesh would hinge largely on the powers of the judiciary to question the decision of the speaker of the Lok Sabha.</p>
<p style="text-align: justify; ">The powers of privilege that parliamentarians enjoy are integral to the principle of separation of powers. The rationale behind parliamentary privilege is to prevent interference in the lawmakers’ powers to perform essential functions. The ability to speak and vote inside the legislature without the fear of punishment is certainly essential to the role of a lawmaker. However, the extent of this protection lies at the centre of this discussion. During the constituent assembly debates, H.V. Kamath and others had argued for a schedule to exhaustively codify the existing privileges. However, B.R. Ambedkar pointed to the difficulty of doing so and parliamentary privilege on the lines of the British parliamentary practice was retained in the constitution. In the last few decades, a judicial position has emerged that courts could exercise a limited degree of scrutiny over privileges, as they are primarily responsible for interpreting the constitution.</p>
<p style="text-align: justify; ">In the matter of <a href="https://indiankanoon.org/doc/1757390/" rel="external nofollow" target="_blank" title="Raja Ram Pal vs The Hon’ble Speaker, Lok Sabha"><i>Raja Ram Pal vs The Hon’ble Speaker, Lok Sabh</i>a</a>, it had been clarified that proceedings of the legislature were immune from questioning by courts in the case of procedural irregularity but not in the case of illegality. In this case, the Supreme Court while dealing with Article 122 stated that it does not oust review by the judiciary in cases of “gross illegality, irrationality, violation of constitutional mandate, mala fides, non-compliance with rules of natural justice and perversity.”</p>
<p style="text-align: justify; ">In 1968, the speaker of the Punjab legislative assembly adjourned the proceedings for a period of two months following rowdy behaviour. Subsequently, an ordinance preventing such a suspension was promulgated and the legislature was summoned by the governor to consider some expedient financial matters. The speaker disagreed with the decision and after some confusion, the deputy speaker passed a few Bills as money Bills. While looking into the question of what was protected from judicial review, the <a href="https://indiankanoon.org/doc/36589/" rel="external nofollow" target="_blank" title="court stated">court stated</a> that the protection did not extend to breaches of mandatory provisions of the constitution, only to directory provisions. By that logic, if Article 110 (1) is seen as a mandatory provision, a breach of its provisions could lead to an interpretation that the Supreme Court may well question an erroneous decision by the speaker of the Lok Sabha to certify a legislation as a money Bill. The use of the word “shall” in Article 110 (1), the nature and design of the provision, its overriding impact on the other constitutional provisions granting the Rajya Sabha powers are ample evidence of its mandatory nature. Based on the above, Anup Surendranath has <a href="http://ccgdelhi.org/doc/%28CCG-NLU%29%20Aadhaar%20Money%20Bill.pdf" rel="external nofollow" target="_blank" title="argued">argued</a> that the passage of the Aadhaar Act as a money Bill when it does not satisfy the constitutional conditions for it does amount to a gross illegality.</p>
<p style="text-align: justify; ">The judicial precedent in <i><a href="https://indiankanoon.org/doc/60568976/" rel="external nofollow" target="_blank" title="Mohd. Saeed Siddiqui vs State of Uttar Pradesh">Mohd. Saeed Siddiqui vs State of Uttar Pradesh</a></i> where the matter of the court’s power to question the decision of a speaker was considered, though, leans in the other direction. In 2012, the <a href="https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwiRtov_iKHSAhVLuo8KHYhsClcQFggbMAA&url=http%3A%2F%2Fwww.lawsofindia.org%2Fdownloadfile.php%3Flawid%3D7834%26file%3Duttar_pradesh%2F1981%2F1981UP7.pdf%26pageurl%3D%252Fsingle%252Falpha%252F7.html&usg=AFQjCNGRW8-NChXALunaUbjZRrlM4IvCkA&sig2=rg6YCMf7qRqNw08NnctuhQ" rel="external nofollow" target="_blank" title="Uttar Pradesh Lokayukta and Up-Lokayuktas (Amendment) Act">Uttar Pradesh Lokayukta and Up-Lokayuktas (Amendment) Act</a>, 2012 was passed as money Bill by the Uttar Pradesh state legislature. Subsequently, a writ petition was filed challenging its constitutional validity. A three-judge bench of the Supreme Court looked into the application of Article 212. It is the provision corresponding to Article 122, dealing with the power of the courts to inquire into the proceedings of the state legislature. The court held that Article 212 makes “it clear that the finality of the decision of the Speaker and the proceedings of the State Legislature being important privilege of the State Legislature, viz., freedom of speech, debate and proceedings are not to be inquired by the Courts.” Importantly, ‘proceedings of the legislature’ were deemed to include within its scope everything done in transacting parliamentary business, including the passage of the Bill. While the court did acknowledge the limitations of parliamentary privilege as established in the <i>Raja Ram Pal</i> case, it did not adequately take into account the reasoning in it.</p>
<p style="text-align: justify; ">The Aadhaar Act is a legislation which makes it mandatory of all residents to enrol for a biometric identification system in order to avail certain subsidies, benefits and services. It has huge potential risks for individual privacy and national security and has been the subject of an extremely high profile Public Interest Litigation. Its passage as a money Bill, without any oversight from the Rajya Sabha and an opportunity for substantial debate and discussion, is a fraud on the Constitution. Whether or not the court chooses to see it that way remains to be seen.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-wire-amber-sinha-february-21-2017-can-the-judiciary-upturn-the-lok-sabha-speakers-decision-on-aadhaar'>http://editors.cis-india.org/internet-governance/blog/the-wire-amber-sinha-february-21-2017-can-the-judiciary-upturn-the-lok-sabha-speakers-decision-on-aadhaar</a>
</p>
No publisheramberAadhaarInternet GovernancePrivacy2017-02-27T15:44:56ZBlog EntryNasscom chief saying full data protection isn’t possible should wake us from our digital slumber
http://editors.cis-india.org/internet-governance/news/first-post-march-16-nimish-sawant-nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber
<b>Considering India is rapidly moving towards a digital economy, the hurdles not withstanding, data and identity security are topics which have to be taken very seriously. Since the demonetisation, a large part of the population who would never bother with digital transactions has suddenly come online. But there is no such thing as complete security of personal data, according to Nasscom chief R Chandrashekhar.</b>
<p style="text-align: justify; ">This was published by <a class="external-link" href="http://tech.firstpost.com/news-analysis/nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber-367183.html">First Post</a> on March 16, 2017. Pranesh Prakash was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Attending the World Consumer Rights Day, R Chandrashekhar said that personal data of online consumers cannot be completely secure and stressed on the need to have strict enforcement of consumer protection laws. Speaking to <i>PTI,</i> Chandrashekhar said, “More than 3 million credit card data details were misused recently. Let us face it, these kind of security breaches will take place. There is nothing called fully perfect security in IT.”</p>
<p style="text-align: justify; "><b>It’s high time we call a spade, a spade</b></p>
<p style="text-align: justify; "><b><img alt="Image: PIB" class="wp-image-367245 size-full" height="360" src="http://tech.firstpost.com/wp-content/uploads/2017/03/RChandrasekhar_PIB380.jpg" width="640" /><br /></b>R Chandrashekhar, President Nasscom. Image: PIB</p>
<p style="text-align: justify; ">Coming from the head of Nasscom, this announcement pertaining to security is very important. According to Chandrashekhar one cannot expect complete cyber security, but there are definitely ways in which such attacks and incidents can be minimised. He very rightly said that that protecting the online consumer data, specially looking at how rapidly e-commerce is growing in the country, is of prime importance.</p>
<p style="text-align: justify; ">One cannot help but agree with Chandrashekhar, specially considering the fact India <a href="http://tech.firstpost.com/news-analysis/demonetisation-privacy-laws-need-to-be-in-place-before-giving-the-biggest-push-to-digital-transactions-348478.html"><b>does not have a privacy law ecosystem</b></a> that is present in countries such as the US and the UK, where online consumer protection is taken very seriously. <a href="http://tech.firstpost.com/news-analysis/facebook-asked-to-delete-whatsapp-user-data-in-germany-over-data-protection-law-infringement-337708.html"><b>Germany</b></a> and <a href="https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=0ahUKEwjljYHpzNrSAhUkSI8KHa6oB_MQFgg2MAQ&url=http%3A%2F%2Ftech.firstpost.com%2Fnews-analysis%2Ffrance-fines-google-150000-euros-over-data-privacy-216266.html&usg=AFQjCNE15FPlAi9rR5yCXNzS_hnua81QAw&sig2=GVGgF_cxGNhXo-SJhLo4Gg&bvm=bv.149397726,d.c2I" rel="nofollow"><b>other EU nations</b></a> have always been at the forefront, when it comes to protecting data privacy, and it has ensured that consumer-facing technology companies do not run roughshod when it comes to protecting user data.</p>
<p style="text-align: justify; ">Chandrashekhar stated that there was no need for separate regulations for e-commerce sites, but the priority was ensuring means to enforce consumer laws in the digital world.</p>
<p style="text-align: justify; "><b>Lack of dedicated privacy laws</b></p>
<p style="text-align: justify; ">According to cyberlaw and cybersecurity expert, Pavan Duggal, “Going forward, there is an urgent need for India to take a strong view on privacy in terms of legislative frameworks. Unfortunately, at the time of writing, <a href="http://tech.firstpost.com/news-analysis/privacy-protection-need-for-proactive-cyber-legal-approaches-in-india-357248.html"><b>India does not have a dedicated law on privacy</b></a>.”</p>
<p style="text-align: justify; "><img alt="Image: Foamy Media" class="wp-image-353936 size-full" height="360" src="http://tech.firstpost.com/wp-content/uploads/2016/12/social-media.jpeg" width="640" /><br />Image: Foamy Media</p>
<p style="text-align: justify; ">Social media websites for instance have a lot of user data. But what happens when they suddenly change their privacy policies? For instance, a lot of users signed on to WhatsApp when it was an independent company. But post the Facebook acquisition, there have been a lot of instances where WhatsApp has updated its terms and conditions to suit its parent Facebook.</p>
<p style="text-align: justify; ">That’s not completely illegal one may say. Loss of privacy is a price you pay for free services. But what if, I as a consumer of WhatsApp <a href="http://tech.firstpost.com/news-analysis/german-consumer-rights-group-accuses-whatsapp-of-illegally-sharing-user-data-with-facebook-359979.html"><b>do not want the app to share any of my data with Facebook</b></a>? The only option I am left with is to delete WhatsApp. But then again, I do not know if my data is also deleted from WhatsApp servers or it has already been shared. Social media apps, only let you know what updates are being added. Consent is only required to update the app. You can stall that, up to a point. But there will come a time when you will have to update an app. Then by default you have given approval to all the terms and conditions associated with the app.</p>
<p style="text-align: justify; ">Two students had challenged WhatsApp’s revision to its privacy policy before Delhi High Court. The Court dismissed the petition insisting that users could opt out by <a href="http://www.thehindu.com/news/cities/Delhi/delete-or-share-high-court-tells-whatsapp-users/article9143285.ece" rel="nofollow"><b>deleting their accounts</b></a>.</p>
<p style="text-align: justify; ">When a similar challenge was mounted before the authorities in UK, Facebook had to put a pause on their data sharing – and this was because of its strong data protection policy. Under the UK data protection law, the company has to inform the authority established under the Act of any changes in the use of user data. In the case of WhatsApp, the <a href="http://tech.firstpost.com/news-analysis/why-india-failed-to-prevent-whatsapp-data-sharing-with-facebook-while-uk-succeeded-346115.html"><b>UK authority objected to such sharing.</b></a></p>
<p style="text-align: justify; "><b>Aadhaar – the 12-digit biometric storehouse</b></p>
<p style="text-align: justify; "><a href="http://tech.firstpost.com/wp-content/uploads/2016/03/aadhar_251002219381.jpg"><img alt="aadhaar_251002219381" class="wp-image-303751 size-full aligncenter" height="360" src="http://tech.firstpost.com/wp-content/uploads/2016/03/aadhar_251002219381.jpg" width="640" /></a></p>
<p style="text-align: justify; ">Aadhaar card is being used for many financial and non financial transactions. Also the Aadhaar number associated with an individual also holds a lot of personal and biometric data. So when recently, there was news about a possible Aadhaar data breach when <a href="http://tech.firstpost.com/news-analysis/aadhaar-data-breach-uidai-finds-multiple-transactions-done-with-the-same-fingerprint-364155.html"><b>UIDAI filed a police complaint</b></a> against Axis Bank, business correspondent Suvidhaa Infoserve and e-sign provider eMudhra, it was naturally a shock to many.</p>
<p style="text-align: justify; ">Unlike a password which can be changed, with biometric information there is no scope to do that if it is compromised. Although UIDAI claims that there are <a href="http://tech.firstpost.com/news-analysis/aadhaar-is-being-used-by-few-corporates-for-salary-disbursements-but-the-potential-is-immense-361749.html"><b>multiple levels of security and firewalls</b></a> to ensure there is no breach of Aadhaar information of an individual, one can only hope that it is robust enough to withstand any attack. Collection of biometric data by the government to form a database, for instance, was debated and ultimately not used in the UK.</p>
<p style="text-align: justify; ">Pranesh Prakash, policy director of the Centre for Internet and Society, expressed concern about the pace at which we are progressing when it comes to having a legal and regulatory framework when it comes to the Digital India push. “While the security architecture of Aadhaar Enabled Payment Systems (AEPS) might in itself be good, the idea of providing your fingerprints to merchants for financial transactions is a terrible idea since that is like asking you to give your bank password to a merchant, and the merchant can reuse that password, and you can’t ever change the password,” said Prakash.</p>
<p style="text-align: justify; "><b>Enforcing the correct processes</b></p>
<p style="text-align: justify; ">Last year, a malware affected the systems of Hitachi Payment Services, which provides back end services to ATM machines and Point of Sale nodes across India. As a result of this, around <b><a href="http://tech.firstpost.com/news-analysis/32-lakh-debit-cards-compromised-affected-banks-include-sbi-hdfc-yes-axis-bob-and-icici-342220.html" target="_blank">32 lakh debit cards were compromised</a></b> including those issued by SBI, HDFC, Yes Bank, Axis, BOB and ICICI. Security experts and consultants have pointed out <b><a href="http://tech.firstpost.com/news-analysis/banks-need-to-switch-to-fully-encrypted-security-solutions-to-avoid-security-breaches-343696.html" target="_blank">various holes in the electronic transaction systems</a></b> in place in India. Intel has also warned that <b><a href="http://tech.firstpost.com/news-analysis/demonetisation-security-experts-warn-that-atms-are-easy-targets-for-hackers-351182.html" target="_blank">ATM machines in India</a></b> are vulnerable to malicious attacks. Intel points out that countries in the Asia Pacific region are developing and are particularly vulnerable because of old systems and machines being used.</p>
<p style="text-align: justify; "><a href="http://tech.firstpost.com/wp-content/uploads/2016/12/atm-queue-demonetisation.jpg"><img alt="Image: REUTERS/Amit Dave " class="wp-image-353328" height="360" src="http://tech.firstpost.com/wp-content/uploads/2016/12/atm-queue-demonetisation.jpg" width="640" /></a></p>
<div class="prodtxtinf" style="text-align: justify; ">Image: REUTERS/Amit Dave</div>
<p style="text-align: justify; ">According to Mahesh Patel, president and group CTO, AGS Transact Technologies this was more of a governance issue of the data centre than any technical error. “It is not about the software, but it is about the processes and procedures you put in place to ensure that the system is secure. Everything from physical security to computing security to admin management, etc should be process driven. So somewhere there could have been a weak link there. Cloud has to be secure and encrypted which suffices the use case of payments. This cloud is different from the ones used by e-commerce sites to display all their products,” said Patel.</p>
<p style="text-align: justify; ">We may have the best of software and security measures, but ensuring that they are implemented the right way is equally important. Plugging the loopholes in current regulations is also important.</p>
<p style="text-align: justify; "><b>Existing laws and regulations, not enough</b></p>
<p style="text-align: justify; ">According to Duggal, “The Information Technology Act, 2000 hardly has effective provisions to protect any data and personal privacy in the digital ecosystem. The Indian Government needs to come up with strong privacy law which can protect both personal privacy and data privacy in an effective manner.”</p>
<p style="text-align: justify; ">One may find it really shocking to hear the head of Nasscom saying something to the extent that full data protection for online consumers is not possible, but there is definitely truth to the matter. It will require concerted efforts from not only regulators, governments, digital wallet players and banking industry to come up with these privacy laws, but also you the consumer has to ensure that you are aware of the dangers lurking in the digital world. Educating oneself of the various ways in which your data can be compromised is a good way to protect your online self.</p>
<p style="text-align: justify; ">Because, let’s face it, for all practical purposes if you are online, your <a href="http://tech.firstpost.com/news-analysis/privacy-is-dead-stop-whining-and-get-some-real-work-done-357090.html"><b>privacy is dead</b></a>.</p>
<p style="text-align: justify; "><span class="tags"> </span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/first-post-march-16-nimish-sawant-nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber'>http://editors.cis-india.org/internet-governance/news/first-post-march-16-nimish-sawant-nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber</a>
</p>
No publisherpraskrishnaWhatsAppAadhaarInternet GovernancePrivacy2017-03-17T01:47:25ZNews ItemWhy We Should All Worry About The Mandatory Imposition Of Aadhaar
http://editors.cis-india.org/internet-governance/news/huffington-post-rimin-dutt-ivan-mehta-march-24-2017-why-we-should-all-worry-about-the-mandatory-imposition-of-aadhaar
<b>It appears that with each passing day, the government is linking an increasing number of benefits and government services to the 12-digit biometric-based Aadhaar number for Indians, despite growing concerns around its data privacy and security.</b>
<p style="text-align: justify; ">The article by Rimin Dutt and Ivan Mehta was published by <a class="external-link" href="http://www.huffingtonpost.in/2017/03/24/why-we-should-all-worry-about-the-mandatory-imposition-of-aadhaa_a_22009826/">Huffington Post</a> on March 24, 2017. Sunil Abraham was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Aadhaar, which collects among other information, citizens' iris scans and fingerprints and stores them into a centralised database for a prolonged time with only loose guidelines and no pre-existing laws to ensure the privacy of that data, is now linked to no less than 38 government schemes, including the government's latest directive –- that Aadhaar become mandatory for tax filing and securing PAN numbers -- introduced by Finance Minister Arun Jaitley earlier this week.</p>
<p style="text-align: justify; ">Jaitley openly admitted on Wednesday in the Parliament that the government, in effect, would be forcing people to get Aadhaar in an effort to increase tax compliance.</p>
<p style="text-align: justify; ">Aadhaar's use, by no means, is restricted to government agencies alone. A growing number of private financial institutions are now fulfilling their "Know Your Customer" or e-KYC formalities by making Aadhaar compulsory. The government is also in the <a href="http://economictimes.indiatimes.com/news/economy/policy/aadhaar-based-kyc-likely-across-financial-sector/articleshow/57800209.cms" target="_blank">process</a> of making Aadhaar the basis of all financial transactions.</p>
<p style="text-align: justify; ">While the timing of the government's aggressive push of Aadhaar, in itself, is raising eyebrows among <a href="https://scroll.in/article/832503/what-explains-the-desperation-to-make-aadhaar-mandatory-for-tax-returns-after-july-1-2017" target="_blank">political observers</a>, there are some serious concerns about this unique experiment that deserve stronger scrutiny.</p>
<h3 style="text-align: justify; ">Why disregard the Supreme Court?</h3>
<p style="text-align: justify; ">In making Aadhaar mandatory for filing taxes and securing core taxpayer identity, the government has openly gone against a Supreme Court order from last year that explicitly stated that the Aadhaar Card scheme is "purely voluntary" and cannot be made mandatory until the court has decided on this.</p>
<p style="text-align: justify; ">The government has defended its move, saying it is allowed to do so under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016.</p>
<p style="text-align: justify; ">However, as Gopal Krishna, a member of the Citizens Forum for Civil Liberties, <a target="_blank">writes</a> in Business Today, the passage of the Act by the Parliament "does not automatically imply that any agency can make UID/Aadhaar compulsory disregarding the Supreme Court's orders."</p>
<p style="text-align: justify; ">According to Krishna, in doing so, the government is "clearly stepping beyond" the mandate of the Aadhaar Act, and also acting in contempt of the Parliament, according to him.</p>
<p style="text-align: justify; ">In addition, if tax evasion was the driving factor behind the move, it begs the question — wouldn't forcing people to get Aadhaar actually do the opposite by adding another layer of hassle?</p>
<p style="text-align: justify; ">Indeed, tax experts have noted how this requirement may hinder tax collection. Archit Gupta, Founder & CEO ClearTax.com, a tax service provider <a href="http://www.huffingtonpost.in/2017/03/22/budget-part-ii-here-are-the-highlights-of-the-sweeping-changes_a_21905740/" target="_blank">told </a><i>HuffPost India, "</i>The [Aadhaar] announcement is likely to be a dampener to tax filers, specially first-timers ... FY 2016-17 filing is expected to see a large number of first-time filers due to demonetisation efforts, and this move may make them more guarded."</p>
<h3 style="text-align: justify; ">Why not strengthen PAN?</h3>
<p style="text-align: justify; ">The government already has an extensive mandate for the Permanent Account Number (PAN) cards, which are required to validate several important services or for undertaking transactions such as buying and selling property or jewellery worth over ₹2 lakhs. Last year, the government, in fact, said that the National Pension System (NPS) scheme would accept PAN cards over Aadhaar cards to validate new customers.</p>
<p style="text-align: justify; ">On Wednesday, however, Jaitley said PAN cards have been misused by certain people to evade taxes, and there are reports that Aadhaar may become the ultimate authenticating document. However, the continued and growing use of PAN along with Aadhaar adds an extra layer of formalities for citizens to access government services, which are their constitutionally guaranteed rights.</p>
<h3 style="text-align: justify; ">How safe is Aadhaar anyway?</h3>
<p style="text-align: justify; ">Depending on who you talk to, the safety concerns of Aadhaar come up as a pressing issue, especially in the wake of a recent security incident when the Unique Identification Authority of India initiated police action against entities associated with Axis Bank including Suvidhaa Infoserve and e-sign provider eMudhra, which had allegedly <a href="http://www.livemint.com/Industry/IKgrYL5pg3eTgfaP253XKI/Aadhaar-data-breach-triggers-privacy-concerns.html" target="_blank">engaged </a>in unauthorised authentication and impersonation by illegally storing Aadhaar biometrics.</p>
<p style="text-align: justify; ">Earlier this month, in a separate incident, security researcher Srinivas Kodali warned Indian authorities of a website that was leaking Aadhaar demographic data of over five lakh minors, as well as the existence several parallel databases that had key identification data linked to Aadhaar, <i>Scroll </i><a href="https://scroll.in/article/830589/under-the-right-to-information-law-aadhaar-data-breaches-will-remain-a-state-secret" target="_blank">reported.</a></p>
<p style="text-align: justify; ">In the absence of any privacy laws in India, these security concerns have assumed even greater significance.</p>
<p style="text-align: justify; ">UIDAI, the authority behind Aadhaar, has <a href="https://uidai.gov.in/images/news/Press_Statement_06032017.pdf" target="_blank">maintained </a>the technology behind Aadhaar is robust and that it uses advanced encryption to transmit and store data. It specifically denied that any breach of centralised data took place in the Axis Bank incident, saying the case was an isolated incident.</p>
<p style="text-align: justify; ">However, in a rather ironic twist in the Aadhaar Act, which itself contains no provisions to address privacy concerns, any legal action against any misuse or theft of Aadhaar data can only be initiated by UIDAI, leaving citizens with no legal recourse should a breach occur.</p>
<p style="text-align: justify; ">That represents an obvious conflict of interest as it gives exclusive power to the very authority that is responsible for the security and confidentiality of identity information and authentication records, PRS Legislative Research, has noted.</p>
<p style="text-align: justify; ">In addition, the controversial Aadhaar Act contains several other inherent dangers such as the potential to profile citizens based on the linking of other databases with Aadhaar by studying patterns of behaviour.</p>
<p style="text-align: justify; ">"Techniques such as running computer programmes across datasets for pattern recognition can be used for various purposes such as detecting potential illegal activities...However, these can also lead to harassment of innocent individuals who get identified incorrectly as potential threats," noted PRS Legislative.</p>
<p style="text-align: justify; ">There are currently no safeguards to prevent inappropriate profiling, instances of which could increase as more and more private organisations link their data to Aadhaar, and potentially exploit data for<a href="https://scroll.in/article/824874/what-happens-to-privacy-when-companies-have-your-aadhaar-number" target="_blank"> commercial purposes</a> without the consent of citizens.</p>
<p style="text-align: justify; ">The US, in comparison, has laws in place that require agencies that collects data to submit an annual report to US Congress on all such data mining activities.</p>
<h3 style="text-align: justify; ">Other unresolved concerns</h3>
<p style="text-align: justify; ">There are several other concerns related to the widespread use of Aadhaar card and the power it is afforded under the Aadhar act. The act allows UIDAI to collect biometric information beyond iris and fingerprint scans, for example, to include other bio-data such as DNA, noted PRS.</p>
<p style="text-align: justify; ">The act also allows private agencies to use Aadhaar, which contradicts an earlier stated objective of the scheme that sought to restrict the use of Aadhaar for only government expenditures.</p>
<p style="text-align: justify; ">"It allows private persons to use Aadhaar as a proof of identity for any purpose. This provision will enable private entities such as, airline, telecom, insurance, real estate etc. companies, to require Aadhaar as a proof of identity for availing their services," PRS has noted.</p>
<p style="text-align: justify; ">There's also the worrying prospect of Aadhaar being used as a surveillance tool by the government, instead of an e-governance technology, Sunil Abraham, executive director of research organisation, Centre for Internet and Society, <a href="http://www.thehindubusinessline.com/specials/india-file/aadhaar-the-12digit-conundrum/article9582271.ece" target="_blank">told </a>the <i>The Hindu Business Line, </i>adding<i> </i>biometrics only make citizens transparent to the state and not the state transparent to citizens.</p>
<p style="text-align: justify; ">"We warned the government six years ago, but they ignored us," said Abraham.</p>
<p style="text-align: justify; ">Krishna has a more dire <a href="http://www.businesstoday.in/current/economy-politics/will-aadhaar-cause-death-of-civil-rights/story/248331.html" target="_blank">warning:</a> "The JAM Trinity -- Jan Dhan Yojana, Aadhaar and mobile numbers -- may well be a fish bait to trap unsuspecting citizens into the world's biggest transnational biometric database to turn them into subjects under surveillance forever in the name of a set of welfare and anti-poverty policies.</p>
<h3 style="text-align: justify; ">What has been done to address the security concerns?</h3>
<p style="text-align: justify; ">It is unclear what the government or UIDAI may have done in the wake of the security incident to upgrade its systems. According to an expert <i>HuffPost Post India </i>talked to, many third party apps that are using Aadhar data may not be screened or audited for security, which is a huge worry.</p>
<p style="text-align: justify; ">Kodali told HuffPost India that Aadhaar has potential design issues when it comes to information security.</p>
<p style="text-align: justify; ">"By design it allows anyone store information of the Aadhaar holder through [application programming interface]. This is creating many parallel databases with Aadhaar as a key," he said.</p>
<p style="text-align: justify; ">He notes that security is an afterthought for many institutions and companies.</p>
<p style="text-align: justify; ">"UIDAI and the architects of Aadhaar do not accept that data can be a liability instead of an asset," he said. "The mandatory nature of Aadhaar without the right infrastructure and skilled workforce is not just a cyber security issue, but a national security issue."</p>
<h3 style="text-align: justify; ">When will India get privacy laws?</h3>
<p style="text-align: justify; ">No one quite knows. But there's a growing call for a need for strict privacy laws, given the move towards digital financial transactions and growing e-commerce use. Most advanced economies including the US, the UK, France, Australia and New Zealand have <a href="http://www.pcquest.com/no-your-aadhaar-data-is-not-secure/" target="_blank">enacted privacy laws.</a></p>
<p style="text-align: justify; ">However, in India, the right to privacy still doesn't exist despite it being recognised by even the UN charter of human rights. Article 12 of the Universal Declaration of Human Rights states, "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."</p>
<p style="text-align: justify; ">The potential for cyber criminals to misuse citizen data isn't lost on even prominent IT industry experts.</p>
<p style="text-align: justify; ">Recently, the chief of IT industry body Nasscom R Chandrashekhar <a href="http://tech.firstpost.com/news-analysis/nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber-367183.html" target="_blank">told</a> <i>PTI </i>that personal data of online consumers can never be fully secure, emphasising the need for strict consumer protection laws. "More than 3 million credit card data details were misused recently. Let us face it, these kind of security breaches will take place. There is nothing called fully perfect security in IT," he said.</p>
<p style="text-align: justify; ">To be sure, Aadhaar has been lauded by several prominent experts and economists, and it is, undoubtedly, an ambitious project to potentially aid financial inclusion for a large population that has historically been outside of a formal financial services net. India also has one of the lowest tax compliance rates, making tax collection a priority for the government.</p>
<p style="text-align: justify; ">Recently, Paul Romer, World Bank's chief economist <a href="https://qz.com/933907/paul-romer-on-aadhaar-world-banks-top-economist-says-indias-controversial-id-program-should-be-a-model-for-other-nations/" target="_blank">told </a><i>Bloomberg, "</i>The system in India is the most sophisticated that I've seen ... It's the basis for all kinds of connections that involve things like financial transactions. It could be good for the world if this became widely adopted."</p>
<p style="text-align: justify; ">But given the sensitivity of citizen biometrics data and potential for misuse, the government ought to be held accountable for its proper use and ensure enough safeguards are put in place before its imposition on each citizen.</p>
<p style="text-align: justify; "><i><b> </b></i></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/huffington-post-rimin-dutt-ivan-mehta-march-24-2017-why-we-should-all-worry-about-the-mandatory-imposition-of-aadhaar'>http://editors.cis-india.org/internet-governance/news/huffington-post-rimin-dutt-ivan-mehta-march-24-2017-why-we-should-all-worry-about-the-mandatory-imposition-of-aadhaar</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-03-27T15:02:10ZNews Item