The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 41 to 48.
The Uncertain Future of India's Plan to Biometrically Identify Everyone
http://editors.cis-india.org/internet-governance/news/tech-president-jessica-mckenzie-august-28-2014-the-uncertain-future-of-indias-plan-to-biometrically-identify-everyone
<b>Last Sunday an 11-year-old boy in Andhra Pradesh, a state in southeast India, hung himself from a ceiling fan as his family slept.</b>
<p style="text-align: justify; ">Jessica Mckenzie's <a class="external-link" href="http://techpresident.com/news/wegov/25250/the-uncertain-future-indias-plan-biometrically-identify-everyone">blog post was published in Techpresident</a> on August 28, 2014. Sunil Abraham gave his inputs.</p>
<hr />
<p style="text-align: justify; ">He was allegedly driven to this act after being denied an Aadhaar card—formally known as Unique Identification (UID)—which he was told he needed to attend school. The card is one arm of India's sprawling scheme to collect the biometric data, including fingerprints and iris scans, of its 1.2 billion citizens and residents, and is quickly becoming practically, if not legally, mandatory, for nearly every aspect of life, from getting married to buying cooking gas to opening a bank account. More than <a href="http://indianexpress.com/article/india/india-others/aadhaar-future-at-stake-govt-seeks-meeting-with-states/">630 million residents</a> have already enrolled and received their unique 12-digit identification number.</p>
<p style="text-align: justify; ">Since its <a href="http://singularityhub.com/2010/09/13/india-launches-universal-id-system-with-biometrics/">launch</a> in 2010, people have raised a number of questions and concerns about Aadhaar, citing its effects on privacy rights, potential security flaws, and failures in functionality. India's poor, who were supposed to be the biggest beneficiaries of the program, are actually most at risk of being excluded from UID, and there is no evidence that biometric identification has curtailed corruption. The newly-elected Prime Minister Narendra Modi <a href="http://www.newscientist.com/article/dn25593-indian-election-win-threatens-biggest-biometrics-bank.html">lambasted</a> the UID program as a candidate but in July did an about-face, <a href="http://timesofindia.indiatimes.com/india/Modi-govt-to-give-legal-backing-to-Aadhaar/articleshow/38336812.cms">calling</a> for the enrollment process to be expedited and supporting a UID-linked social assistance program. In all likelihood, the world's largest experiment in biometric identification will continue.</p>
<p style="text-align: justify; ">There are still a number of unanswered questions about the future of the program. Although created in large part as a way of more efficiently and less corruptly dispersing government subsidies, last year the Supreme Court <a href="http://www.dailymail.co.uk/indiahome/indianews/article-2588303/Supreme-Court-demolishes-Aadhaar-card-Judges-rule-card-NOT-mandatory-government-subsidies.html">ruled</a> that the Aadhaar card could not be made mandatory to receive government assistance. The Unique Identification Authority of India (UIDAI) operates in a kind of <a href="http://www.thehindu.com/news/national/karnataka/aadhaar-has-no-legal-standing-technical-experts/article5884009.ece">legal limbo</a>. Modi <a href="http://www.business-standard.com/article/current-affairs/cloud-still-hangs-over-aadhaar-s-future-114081401131_1.html">is said</a> to have instructed his Finance Minister Arun Jaitley to resolve these legal problems.</p>
<p style="text-align: justify; ">Sorting out the legal issues is imperative if UID numbers are <a href="http://profit.ndtv.com/news/industries/article-rbi-for-making-aadhaar-sole-platform-for-financial-inclusion-654514">going to be linked</a> to <a href="http://timesofindia.indiatimes.com/India/Modi-govt-faces-huge-challenge-in-giving-bank-accounts-to-all/articleshow/40990381.cms">Modi's proposed financial inclusion program</a> that aims to bring 75 million additional households into the country's banking system by 2018.</p>
<p style="text-align: justify; ">There is also <a href="http://indianexpress.com/article/india/india-others/uidai-npr-projects-likely-to-be-merged/">the possibility</a> that UID will be merged, absorbed or superseded by the National Population Register (NPR), yet another biometric identification system. The NPR, unlike Aadhaar, is mandatory for all residents. In addition to fingerprints and iris scans, NPR collects information on familial relationships, nationality, occupation and education level. There is a great deal of overlap between the two programs, which has been a source of conflict between government agencies in the past. The home ministry, for example, argues that government subsidies should be disbursed through NPR, not UID.</p>
<p style="text-align: justify; ">There is also <a href="http://www.business-standard.com/article/current-affairs/cloud-still-hangs-over-aadhaar-s-future-114081401131_1.html">speculation</a> that UID could be picked up as part of Digital India, <a href="http://articles.economictimes.indiatimes.com/2014-08-25/news/53205445_1_digital-india-india-today-financial-services">Modi's ambitious plan</a> to modernize India by building national broadband infrastructure, ensuring universal mobile service access, creating e-government services, and <a href="http://www.business-standard.com/article/current-affairs/cloud-still-hangs-over-aadhaar-s-future-114081401131_1.html">establishing</a> a “cradle-to-grave digital identity for every citizen of the country—unique, lifelong, online and authenticable [<i>sic</i>].”</p>
<p style="text-align: justify; ">In spite of UID's tenuous position and uncertain future, it has become “essential” in nearly every facet of life. The Delhi government is rolling out <a href="http://timesofindia.indiatimes.com/city/delhi/Marriage-registrations-to-go-online-from-next-month/articleshow/40319783.cms">a suite of e-government services</a>, starting with marriage registration, that will require a UID. Fishermen in Gujarat <a href="http://timesofindia.indiatimes.com/city/ahmedabad/Biometric-cards-must-for-fishermen-this-season/articleshow/39901977.cms">have been told</a> they cannot go out to sea without biometric identification.</p>
<p style="text-align: justify; ">Then there is Kora Balakrishna, the 11-year-old who committed suicide after being denied an Aadhaar card because he has webbed fingers. His school headmaster had instructed him to get one as a prerequisite for study and, per one news outlet, <a href="http://www.thehindu.com/news/cities/Visakhapatnam/fear-of-being-denied-midday-meal-drove-him-to-suicide/article6354316.ece">a mid-day meal</a>. An investigation into the incident <a href="http://www.newindianexpress.com/states/andhra_pradesh/Tribal-Kid-Denied-Admission-into-Welfare-Hostel-Ends-Life/2014/08/26/article2398922.ece">has been ordered</a>. Pravin Kumar, a local administrative official, said webbed fingers are not a legitimate reason for rejection from the program.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/tech-president-jessica-mckenzie-august-28-2014-the-uncertain-future-of-indias-plan-to-biometrically-identify-everyone'>http://editors.cis-india.org/internet-governance/news/tech-president-jessica-mckenzie-august-28-2014-the-uncertain-future-of-indias-plan-to-biometrically-identify-everyone</a>
</p>
No publisherpraskrishnaBiometricsUIDInternet Governance2014-09-08T05:31:28ZNews ItemNo party's got a clear stand, Aadhaar's fate hangs in balance
http://editors.cis-india.org/news/governance-now-april-13-2014-pratap-vikram-singh-no-party-has-got-clear-stand-aadhaar-fate-hangs-in-balance
<b>A non-UPA government for sure will review the multi-crore UID programme, but none of the parties have yet talked about scrapping it.</b>
<p style="text-align: justify; ">The article by Pratap Vikram Singh was <a class="external-link" href="http://www.governancenow.com/news/regular-story/no-partys-got-clear-stand-aadhaars-fate-hangs-balance">published in GovernanceNow.com</a> on April 13, 2014. Sunil Abraham is quoted.</p>
<hr />
<p style="text-align: justify; ">Since inception, Aadhaar’s foundation has been shaky. The Unique Identification Authority of India (UIDAI) has been functioning on an executive fiat, without parliamentary ratification. When the government first came up with a bill on the UID programme, it was rejected by the parliamentary standing committee, which questioned the purpose of the programme.</p>
<p style="text-align: justify; ">Aadhaar’s acceptability as proof of residence and its issuance to the illegal immigrants too has courted controversy. The opposition and the ministry of home affairs have repeatedly flagged the issue. Recently, the supreme court (SC) instructed the government to withdraw all orders mandating Aadhaar number for service delivery. In September last year too the apex court had ruled that no one should be denied a service for want of Aadhaar.</p>
<p style="text-align: justify; ">While the Congress hasn’t changed its position on Aadhaar and wishes to continue with Aadhaar-linked benefits transfer, the BJP hasn’t mentioned it even once in its 52-page manifesto. On April 8, Narendra Modi, BJP’s prime ministerial candidate, in an election rally near Bangalore was quoted as saying, “I asked several questions on the Aadhaar project. I asked them questions relating to illegal migrants and national security. They (the government) did not have any answer.”</p>
<p style="text-align: justify; ">Rajendra Pratap Gupta, member of BJP’s core committee on manifesto, told Governance Now: “If we come to power we will review this in totality. There is scepticism around the whole project and even the SC has ruled against mandating it.” He called Aadhaar one of the ‘biggest scams’ of the UPA. “We have found people owning multiple Aadhaar cards. It (Aadhaar) is not a very secure system,” he added.</p>
<p style="text-align: justify; ">On the other hand, Aam Aadmi Party doesn’t oppose the idea of Aadhaar, though it is critical of its linkage to delivering food and other subsidies. Atishi Marlena, the party’s manifesto committee chief, said, “In principle, we don’t oppose the Aadhaar programme. If it’s about providing an identification proof to the poor who don’t have other documents, we certainly welcome it. But Aadhaar’s linkage with benefits-transfer needs to be questioned. Who gets what and who doesn’t should be determined by gram sabhas and mohalla sabhas. It should be done via people participation.”</p>
<p style="text-align: justify; ">The CPI(M), in its manifesto, called for halting the project unless it gets parliamentary approval. It also underlined the need for a privacy and data protection law prior to the rollout of the UID programme. “The moment Aadhaar is linked with service delivery, the scope for exclusion widens. You need to have universal coverage of Aadhaar and banking before you roll out the benefits transfer programme,” CPI(M) Rajya Sabha member Tapan Sen said.</p>
<p style="text-align: justify; ">In its manifesto, the party has talked about ‘constituting an independent high-level expert panel for an appraisal of the technology of biometrics used in the project’.</p>
<p style="text-align: justify; ">Sunil Abraham of the Centre for Internet and Society said, “The centralised online authentication automatically raises issues of privacy infringement. The authentication, in a decentralised fashion, with help of smart cards, is less intrusive, as the logs are stored in a local fashion and not centralised as in the case of Aadhaar. It will be a welcome move if the next government selects resident ID (smart) card, issued by the home ministry, as proof for identification and service delivery.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/governance-now-april-13-2014-pratap-vikram-singh-no-party-has-got-clear-stand-aadhaar-fate-hangs-in-balance'>http://editors.cis-india.org/news/governance-now-april-13-2014-pratap-vikram-singh-no-party-has-got-clear-stand-aadhaar-fate-hangs-in-balance</a>
</p>
No publisherpraskrishnaUIDInternet GovernancePrivacy2014-05-05T06:01:08ZNews ItemUIDAI Practices and the Information Technology Act, Section 43A and Subsequent Rules
http://editors.cis-india.org/internet-governance/blog/uid-practices-and-it-act-sec-43-a-and-subsequent-rules
<b>UIDAI practices and section 43A of the IT Act are analyzed in this post.</b>
<p style="text-align: justify; ">In the 52<sup>nd</sup> Report on Cyber Crime, Cyber Security, and the Right to Privacy – in evidence provided, the Department of Electronics and Information Technology stated <i>“...Section 43A and the rules published under that Section cover the entire privacy in case of digital data. These are being followed by UIDAI also and other organisations...”</i> (pg.46) <a href="#fn1" name="fr1">[1]</a></p>
<p style="text-align: justify; ">This blog post explains the requirements found under Section 43A of the Information Technology Act 2000 and the subsequent Information Technology “ Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011<a href="#fn2" name="fr2">[2]</a> and analyses publicly available documents from the UIDAI website<a href="#fn3" name="fr3">[3]</a> as well as the UIDAI enrolment form<a href="#fn4" name="fr4">[4]</a> to demonstrate the ways in which:</p>
<ul>
<li style="text-align: justify; ">UIDAI practices <b>are </b>in line with section 43A and the Rules, </li>
<li style="text-align: justify; ">UIDAI practices <b>are not</b> in line with section 43A and the Rules, </li>
<li style="text-align: justify; ">UIDAI practices <b>are partially</b> in with section 43A and the Rules </li>
<li style="text-align: justify; "><b>Where more information</b> is needed to draw a conclusion. </li>
</ul>
<h3>Applicability and Scope</h3>
<p>Section 43A of the Information Technology Act 2008 and subsequent Rules apply only to Body Corporate and to digital information.</p>
<p>Body Corporate under the Information Technology Act 2008 is defined as:</p>
<p style="text-align: justify; "><i> “Any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities” </i></p>
<p style="text-align: justify; "><b>UIDAI Practices - not in line</b>: The UIDAI is not a body corporate. The UIDAI is an attached office under the aegis of the Planning Commission that was set up by an executive order.<a href="#fn5" name="fr5">[5]</a></p>
<p style="text-align: justify; ">The UIDAI collects, processes, stores, and shares both digital and non-digital information. As section 43A and subsequent Rules apply only to digital information, there is not sufficient protection provided over all the information collected, processed, stored, and used by the UIDAI.</p>
<h3 style="text-align: justify; ">Privacy Policy on Website</h3>
<p>Rule 4 requires body corporate to provide a privacy policy on their website. The privacy policy must include:</p>
<ul>
<li>Clear and easily accessible statements of its practices and policies</li>
<li>Type of personal or sensitive personal data or information collected</li>
<li>Purpose of collection and usage of such information </li>
<li>Disclosure of information including sensitive personal information </li>
<li>Reasonable security practices and procedures as provided under rule 8</li>
</ul>
<p><b>UIDAI Practices - Partially in Line</b></p>
<ul>
<li style="text-align: justify; ">Though the UIDAI has placed a privacy policy<a href="#fn6" name="fr6">[6]</a> on their website, the privacy policy only addresses the use of website and does not comprehensively provide clear and accessible statements about all of the UIDAI’s practices and policies.</li>
<li style="text-align: justify; ">The UIDAI privacy policy does not state the specific types of personal or sensitive data that could be collected, but instead states <i>“As a general rule, this website does not collect Personal Information about you when you visit the site. You can generally visit the site without revealing Personal Information, unless you choose to provide such information.”</i><br /><br />Features on the UIDAI website that require individuals to provide personal information and sensitive personal information include: Booking an appointment, checking aadhaar status, enrolling for e-aadhaar, enrolling for aadhaar, updating aadhaar data. Types of information required for these services include: mobile number, name, address, gender, date of birth, and enrolment ID.<a href="#fn7" name="fr7">[7]</a><br /><br />The privacy policy goes on to state: <i> “If you are asked for any other Personal Information you will be informed how it will be used if you choose to give it. If at any time you believe the principles referred to in this privacy statement have not been followed, or have any other comments on these principles, please notify the webmaster through the Contact Us page. Note: The use of the term "Personal Information" in this privacy statement refers to any information from which your identity is apparent or can be reasonably ascertained.”</i></li>
<li style="text-align: justify; ">The UIDAI privacy policy does explain the purpose for collection of information on the website and the use of collected information.</li>
<li style="text-align: justify; ">The UIDAI privacy policy does not address the possibility of disclosure of information collected by the UIDAI from the use of its website, except in the case of when an individual provides his/her email at which point the privacy policy states<i> “Your e-mail address will not be used for any other purpose, and will not be disclosed without your consent.”</i></li>
<li style="text-align: justify; ">The UIDAI privacy policy does not provide information about the security practices adopted by the UIDAI. </li>
</ul>
<h3 style="text-align: justify; ">Consent<i> </i></h3>
<p>Rule 5 requires that prior to the collection of sensitive personal data, the body corporate must obtain consent, either in writing or through fax regarding the purpose of usage before collection of such information.</p>
<p style="text-align: justify; "><b>UIDAI Practices - in Line</b><br />The UIDAI collects written consent from individuals through the enrolment form for the issuance of an Aadhaar number.</p>
<h3 style="text-align: justify; ">Collection Limitation</h3>
<p>Rule 5 (2) requires that body corporate only collect sensitive personal data if it is connected to a lawful purpose and if it is considered necessary for that purpose.</p>
<p style="text-align: justify; "><b>UIDAI Practices - in Line</b><br />The Aadhaar enrolment form requires only the necessary sensitive personal data for the issuance of an Aadhaar number. Individuals are given the option to provide banking and financial information.</p>
<h3 style="text-align: justify; ">Notice During Direct Collection</h3>
<p style="text-align: justify; ">Rule 5(3) requires that while collecting information directly from an individual the body corporate must provide the following information:</p>
<ul>
<li>The fact that the information is being collected</li>
<li>The purpose for which the information is being collected</li>
<li>The intended recipients of the information </li>
<li>The name and address of the agency that is collecting the information</li>
<li>The name and address of the agency that will retain the information</li>
</ul>
<p><b>UIDAI Practices - Partially in Line<br /></b>The Aadhaar enrolment form does not provide the following information:<b> </b></p>
<ul>
<li>The intended recipients of the information</li>
<li>The name and address of the agency collecting the information </li>
<li>The name and address of the agency that will retain the information </li>
</ul>
<h3>Retention Limitation</h3>
<p style="text-align: justify; ">Rule 5(4) requires that body corporate must retain sensitive personal data only for as long as it takes to fulfil the stated purpose or otherwise required under law.</p>
<p style="text-align: justify; "><b>UIDAI Practices - Unclear</b><br />It is unclear from publicly available information what the UIDAI retention practices are.</p>
<h3 style="text-align: justify; ">Use Limitation</h3>
<p>Rule 5(5) requires that information must be used for the purpose that it was collected for.</p>
<p><b>UIDAI Practices - Unclear<br /></b>It is unclear from publicly available information if the UIDAI is using collected information only for the purpose for which it was collected for. <b> </b></p>
<h3>Right to Access and Correct<b> </b></h3>
<p>Rule 5(6) requires body corporate to provide individuals with the ability to review the information they have provided and access and correct personal or sensitive personal information.</p>
<p style="text-align: justify; "><b>UIDAI Practices - Partially in Line<br /></b>Though the UIDAI provides individuals with the ability to access and correct personal information, as stated on the enrolment form, correction is free only if changed within 96 hours of enrolment. Additionally, as stated on the enrolment form, if an individual chooses to allow for the UIDAI to facilitate the opening of a bank account and link present bank accounts to the UID number, this information, after being provided, cannot be corrected. The UIDAI website has a portal for updating information, but only name, address, gender, data of birth, and mobile number can be updated through this method.<b> </b><a href="#fn9" name="fr9">[9]</a></p>
<h3 style="text-align: justify; ">Right to ‘Opt Out’ and Withdraw Consent</h3>
<p style="text-align: justify; ">Rule 5(7) requires that body corporate must provide individuals with the option of 'opting out' of providing data or information sought. Individuals also have the right to withdraw consent at any point of time. Body corporate has the right to withdraw services if consent is withdrawn.</p>
<p style="text-align: justify; "><b>UIDAI Practices - Partially in Line<br /></b>The UID enrolment form provides individuals with one ‘optional’ field - the option of having the UIDAI open a bank account and link it to the individuals UID number or having the UIDAI link present bank accounts to individuals UID number. No other option to ‘opt out’ or withdraw consent is present on the enrolment form or the UIDAI privacy policy, terms of use, or website.</p>
<h3 style="text-align: justify; ">Security of Information</h3>
<p style="text-align: justify; ">Rule 8 requires that body corporate must secure information in accordance with the ISO 27001 standard. These practices must be audited on an annual basis or when the body corporate undertakes a significant up gradation of its process and computer resource.</p>
<p style="text-align: justify; "><b>UIDAI Practices - Unclear<br /></b>The security practices adopted by the UIDAI are not mentioned in the website privacy policy, on the website, or on the enrolment form, thus it is unclear from publicly available information if the UID is compliant with ISO 27001 standards. Though the UIDAI has been functioning since 2010, and it is unclear from publicly available information if annual audits of the UIDAI security practices have been undertaken.<b> </b></p>
<h3 style="text-align: justify; ">Disclosure with Consent<b> </b></h3>
<p style="text-align: justify; ">Rule 6 requires that body corporate must have consent before disclosing sensitive personal data to any third person or party, except in the case with Government agencies for the purpose of verification of identity, prevention, detection, investigation, including cyber incidents and prosecution and punishment of offenses, on receipt of a written request. <b> </b></p>
<p style="text-align: justify; "><b>UIDAI Practices - Partially in Line</b><br />In the enrolment form, consent for disclosure is stated as<i> ‘‘I have no objection to the UIDAI sharing information provided by me to the UIDAI with agencies engaged in delivery of welfare services.” </i>This is a blanket statement and allows for all future possibilities of sharing and disclosure of information provided with any organization that the UIDAI deems as ‘engaged in the delivery of welfare services’.</p>
<p style="text-align: justify; ">The UIDAI privacy policy only addresses the disclosure of an individual’s email address with consent. Though not directly addressing disclosure, the UIDAI privacy policy also states <i>“</i><i> </i><i>We will not identify users or their browsing activities, except when a law enforcement agency may exercise a warrant to inspect the service provider's logs.”</i></p>
<h3 style="text-align: justify; ">Prohibition on Publishing and Further Disclosure</h3>
<p style="text-align: justify; ">Rule 6(3) and 6(4) prohibit the body corporate from publishing sensitive personal data or information. Similarly, organizations receiving sensitive personal data are not allowed to disclose it further.</p>
<p style="text-align: justify; "><b>UIDAI Practices - in Line</b><br />The UDAI does not publish sensitive personal data. It is unclear what practices and standards registrars and enrolment agencies are functioning under.</p>
<h3 style="text-align: justify; ">Requirements for Transfer of Sensitive Personal Data</h3>
<p style="text-align: justify; ">Rule 7 requires that body corporate may transfer sensitive personal data into another jurisdiction only if the country ensures the same level of protection.</p>
<p style="text-align: justify; "><b>UIDAI Practices - Unclear<br /></b>It is unclear from publicly available information if information collected by the UIDAI is transferred outside of India. <b></b></p>
<h3 style="text-align: justify; ">Establishment of Grievance Officer<b></b></h3>
<p style="text-align: justify; ">Rule 5(9) requires that body corporate must establish a grievance officer and the details must be posted on the body corporates website and grievances must be addressed within a month of receipt. <b></b></p>
<p style="text-align: justify; "><b>UIDAI Practices - in Line<br /></b>The website of the UIDAI provides details of a grievance officer that individuals can contact.<a href="#fn10" name="fr10">[10]</a> It is unclear from publicly available information if grievances are addressed within a month.</p>
<hr />
<p>[<a href="#fr1" name="fn1">1</a>]. <a class="external-link" href="http://164.100.47.134/lsscommittee/Information%20Technology/15_Information_Technology_52.pdf">http://164.100.47.134/lsscommittee/Information%20Technology/15_Information_Technology_52.pdf</a></p>
<p>[<a href="#fr2" name="fn2">2</a>]. <a class="external-link" href="http://dispur.nic.in/itact/it-procedures-sensitive-personal-data-rules-2011.pdf">http://dispur.nic.in/itact/it-procedures-sensitive-personal-data-rules-2011.pdf</a></p>
<p>[<a href="#fr3" name="fn3">3</a>]. <a class="external-link" href="http://uidai.gov.in/">http://uidai.gov.in/</a></p>
<p>[<a href="#fr4" name="fn4">4</a>]. <a class="external-link" href="http://www.jharkhand.gov.in/marpdf/Aadhar-enrolmentform.pdf">http://www.jharkhand.gov.in/marpdf/Aadhar-enrolmentform.pdf</a></p>
<p>[<a href="#fr5" name="fn5">5</a>]. <a class="external-link" href="http://uidai.gov.in/organization-details.html">http://uidai.gov.in/organization-details.html</a></p>
<p>[<a href="#fr6" name="fn6">6</a>]. <a class="external-link" href="http://uidai.gov.in/privacy-policy.html">http://uidai.gov.in/privacy-policy.html</a></p>
<p>[<a href="#fr7" name="fn7">7</a>]. <a class="external-link" href="http://resident.uidai.net.in/home">http://resident.uidai.net.in/home</a></p>
<p>[<a href="#fr8" name="fn8">8</a>]. <a class="external-link" href="http://www.jharkhand.gov.in/marpdf/Aadhar-enrolmentform.pdf">http://www.jharkhand.gov.in/marpdf/Aadhar-enrolmentform.pdf</a></p>
<p>[<a href="#fr9" name="fn9">9</a>]. <a class="external-link" href="https://ssup.uidai.gov.in/web/guest/ssup-home">https://ssup.uidai.gov.in/web/guest/ssup-home</a></p>
<p>[<a href="#fr10" name="fn10">10</a>]. <a class="external-link" href="http://uidai.gov.in/contactus.html">http://uidai.gov.in/contactus.html</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/uid-practices-and-it-act-sec-43-a-and-subsequent-rules'>http://editors.cis-india.org/internet-governance/blog/uid-practices-and-it-act-sec-43-a-and-subsequent-rules</a>
</p>
No publisherelonnaiUIDInternet GovernancePrivacy2014-03-06T07:00:21ZBlog EntryDespite apex court order, IOC proceeds with Aadhaar-linked DBT
http://editors.cis-india.org/news/hindu-january-6-2014-deepa-kurup-despite-apex-court-order-ioc-proceeds-with-aadhar-linked-dbt
<b>Once DBT starts, there is no other method to avail of subsidy: IOC official.</b>
<p style="text-align: justify; ">The article by Deepa Kurup was <a class="external-link" href="http://www.thehindu.com/news/cities/bangalore/despite-apex-court-order-ioc-proceeds-with-aadhaar-seeding/article5542193.ece">published in the Hindu</a> on January 6, 2014. Sunil Abraham is quoted.</p>
<hr />
<p style="text-align: justify; ">Despite an interim order by the Supreme Court disallowing the government from making the Aadhaar number mandatory for accessing State subsidies and benefits, Indian Oil Corporation (IOC) Ltd. continues to inform consumers that they will not get their LPG subsidy if they do not seed their Aadhaar-linked bank accounts to the IOC database.</p>
<p style="text-align: justify; ">SMSes and publicity material released by IOC in the past week indicate that the company is going ahead with the Union government’s deadlines for the Direct Benefit Transfer scheme for LPG. While the deadline for Udupi and Dharwad districts has been extended till January-end, the “grace period” for Bangalore Urban will expire on March 1.</p>
<p style="text-align: justify; ">Over the past week, LPG consumers have been receiving frequent SMSes requesting them to submit their Aadhaar number to their LPG distributor and their bank, with “no further delay”. Though the SMS does not state whether or not this is mandatory, frequent messages have been instilling a sense of urgency and panic among consumers. Further, several consumers told <i>The Hindu</i> that, upon enquiry, distributors had been telling them that they would have to forego their subsidy amount (for nine cylinders a year) if they failed to register their details with the IOC database. Once the DBT scheme is enforced, the IOC will migrate customers entirely to the new system — that is, consumers will have to pay the market price, and the subsidy amount will be credited to their bank accounts.</p>
<p style="text-align: justify; ">‘<b>No other method’</b></p>
<p style="text-align: justify; ">Senior IOC officials said that while the oil manufacturing company was desisting from making statements on whether or not this was mandatory, in effect those whose details would not be seeded to the database would not be able to avail of the benefit. “Basically, once the DBT scheme starts there is no other method to receive or avail of the subsidy. As of now, there is no alternative method,” said R.K. Arora, executive director, Karnataka State office. He pointed out that in rural areas several other subsidies were already linked to Aadhaar, and the DBT scheme was at 100 per cent in Tumkur and Mysore districts.</p>
<p style="text-align: justify; ">As of January 1, an IOC official said, only 30 per cent of LPG consumers in the Bangalore Circle had ‘seeded’ their accounts to the IOC database, while in Udupi and Dharwad it was roughly around 50 per cent.</p>
<p style="text-align: justify; ">“We are not claiming it’s mandatory, and currently all companies have submitted an affidavit seeking the order be reconsidered. Meanwhile, we have just asked people to submit the details to the distributor as soon as they can,” the official said. He added that IOC was likely to keep extending the deadline to “be on the safe side”.</p>
<p style="text-align: justify; ">Meanwhile, there is confusion among consumers on the issue. Krishnan Pillai, a resident of R.T. Nagar here, said Aadhaar numbers were being delayed, and there was huge anxiety among people. “Last week, I saw an advertisement that implied that I will lose subsidy if I don’t submit my number. Is the Supreme Court verdict not applicable?” he said. Sumitra Gupta, a charted accountant from Majestic, said distributors were telling them to “ignore news report on the Supreme Court verdict”.</p>
<p style="text-align: justify; ">“This is arm twisting,” she said.</p>
<p style="text-align: justify; ">‘<b>So-called voluntary’</b></p>
<p style="text-align: justify; ">Sunil Abraham of the Centre for Internet and Society, a Bangalore-based NGO that has been part of the anti-Aadhaar campaign, said IOC was “pushing the boundary”. “From the very beginning, people have been objecting to the so-called voluntary nature of the scheme. It’s unfortunate that the will of the Supreme Court in its interim order on such as a critical component of our citizenship is also being ignored,” he said.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/hindu-january-6-2014-deepa-kurup-despite-apex-court-order-ioc-proceeds-with-aadhar-linked-dbt'>http://editors.cis-india.org/news/hindu-january-6-2014-deepa-kurup-despite-apex-court-order-ioc-proceeds-with-aadhar-linked-dbt</a>
</p>
No publisherpraskrishnaUIDInternet GovernancePrivacy2014-01-31T06:50:33ZNews ItemBiometrics or Bust? Implications of the UID for Participation and Inclusion
http://editors.cis-india.org/events/biometrics-or-bust-implications-of-uid-for-participation-and-inclusion
<b>Malavika Jayaram will give a talk on biometrics and the implications of UID for participation and inclusion at the office of the Centre for Internet and Society in Bangalore on January 10, 2014 at 6.00 p.m.</b>
<h2>Abstract</h2>
<p style="text-align: justify; ">Privacy is often portrayed as a luxury, as the intellectual preoccupation of nerdy privileged liberals, and an issue of salience only to the elite. This ignores the reality of the most marginalized sections of a society being disproportionately impacted by privacy intrusive technologies. The collusion of public and private agendas towards implementing large welfare projects is generally seen as progressive and neutral, yet the consequences of even well-intentioned efforts that trade privacy for convenience, welfare, security or a host of other compelling goals is troubling. The use of biometric technologies further complicates matters: the assumption that bodies can be rendered into infallible verifiers, as repositories of unchanging truth, is not without its catalogue of failures. This talk will examine the notion of biometric representations as a kind of capital, the possibility that failures are endemic to their functioning, and the implications of systemic errors on equality, participation and democracy.</p>
<h2 style="text-align: justify; ">Malavika Jayaram</h2>
<p style="text-align: justify; ">Malavika is a Fellow at the Berkman Center for Internet and Society at Harvard University, focusing on privacy, identity and free expression. She is also a Fellow at the Centre for Internet and Society, Bangalore, and the author of the India chapter for the Data Protection & Privacy volume in the Getting the Deal Done series. Malavika is one of 10 Indian lawyers in The International Who's Who of Internet e-Commerce & Data Protection Lawyers directory. In August 2013, she was voted one of India’s leading lawyers and one of only 8 women to be featured in the “40 under 45” survey conducted by Law Business Research, London. In a different life, she spent 8 years in London, practicing law with global firm Allen & Overy in the Communications, Media & Technology group, and as VP and Technology Counsel at Citigroup. During 2012-2013, she was a Visiting Scholar at the Annenberg School for Communication, University of Pennsylvania. She is working on completing her PhD at the National Law School.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/events/biometrics-or-bust-implications-of-uid-for-participation-and-inclusion'>http://editors.cis-india.org/events/biometrics-or-bust-implications-of-uid-for-participation-and-inclusion</a>
</p>
No publisherpraskrishnaUIDEventInternet GovernancePrivacy2014-01-06T08:56:51ZEventMongoDB startup hired by Aadhaar got funds from CIA VC arm
http://editors.cis-india.org/news/economic-times-december-30-2013-lison-joseph-mongo-db-startup-hired-by-aadhar-got-funds-from-cia-vc-arm
<b>Two weeks ago, Max Schireson, chief executive of MongoDB, a New York-based technology startup, was in New Delhi to sew up a very important contract for his company — with the Unique Identification Authority of India (UIDAI).</b>
<p>The article by Lison Joseph was <a class="external-link" href="http://articles.economictimes.indiatimes.com/2013-12-03/news/44710564_1_uidai-chairman-nandan-nilekani-uid-data-in-q-tel">published in the Economic Times</a> on December 3, 2013. Sunil Abraham is quoted.</p>
<hr />
<p style="text-align: justify; ">The contract is yet to be announced but what could raise eyebrows is the fact that <a href="http://economictimes.indiatimes.com/topic/MongoDB">MongoDB</a> is part-funded by the US' <a href="http://economictimes.indiatimes.com/topic/Central%20Intelligence%20Agency">Central Intelligence Agency</a>.</p>
<p style="text-align: justify; ">The company is expected to help in capturing and analysing data related to the ambitious plan to issue a unique identity number — Aadhaar — to over a billion citizens.</p>
<p style="text-align: justify; ">MongoDB, which makes software that helps manage large databases, especially unstructured data, has raised $231 million (Rs1,400 crore) since being founded in 2007. Some of its funding is from In-Q-Tel, the not-for-profit venture capital arm of CIA.</p>
<p style="text-align: justify; ">While MongoDB lists In-Q-Tel as one of its investors on its website, the company has not disclosed the quantum of funding received from it. The fund's stated mission is to identify, adapt and deliver innovative technology solutions to support the missions of CIA and the broader US intelligence community.</p>
<p style="text-align: justify; ">Besides CIA, In-Q-Tel works with National Geospatial-Intelligence Agency, Defense Intelligence Agency and Department of Homeland Security Science and Technology Directorate.</p>
<table class="plain" style="text-align: justify; ">
<tbody>
<tr>
<th><img src="http://editors.cis-india.org/home-images/copy_of_crunchingdata.png" alt="crunching data" class="image-inline" title="crunching data" /></th>
</tr>
</tbody>
</table>
<p style="text-align: justify; ">"Once an investment is made, IQT (the fund) works with the company and the intelligence community partner agency to complete a work program and facilitate solution delivery," the fund's website said. The quote describes IQT's relationship with any company in which it invests in and is not specific to MongoDB.</p>
<p style="text-align: justify; ">Neither <a href="http://economictimes.indiatimes.com/topic/UIDAI">UIDAI</a> nor MongoDB responded to queries from ET on whether the CIA link was considered before entering into a partnership. UIDAI Chairman <a href="http://economictimes.indiatimes.com/topic/Nandan%20Nilekani">Nandan Nilekani</a> did not respond to emails, messages and phone calls.</p>
<p style="text-align: justify; ">A senior UIDAI official confirmed the agency has entered into an agreement with MongoDB and that the company's database software is already being used for analysing the pace at which registration of new beneficiaries is taking place.</p>
<p style="text-align: justify; ">It is not clear if MongoDB's vendor relationship would be with UID directly or with one of the system integrators that UID works with. Schireson, the CEO, was also one of the national co-chairs for Technology for Obama, an interest group that campaigned for the reelection of President <a href="http://economictimes.indiatimes.com/topic/Barack%20Obama">Barack Obama</a> after his first term.</p>
<p style="text-align: justify; ">There is no evidence in the public domain that the firm is controlled or significantly influenced by the CIA in any manner.</p>
<p style="text-align: justify; ">But the revelations of <a href="http://economictimes.indiatimes.com/topic/Edward%20Snowden">Edward Snowden</a>, a former NSA contractor-turned-whistleblower that US intelligence agencies routinely intercepted communication in Europe and Asia, including in India has raised concerns. Experts said the UID's centralised design could pose a risk, where even a single mistake can make the whole system disproportionately vulnerable.</p>
<p style="text-align: justify; ">"The risk exposure because of CIA involvement (could be that) if MongoDB is a data controller, then secret courts and secret court orders could be used to get access to the UID data," said Sunil Abraham, executive director at the Centre for Internet and Society.</p>
<p style="text-align: justify; ">He added that even if UIDAI is only using the source code without getting into a commercial relationship with MongoDB, they should audit the source code to check if CIA has introduced any back doors. "This is because Snowden has told us that the army of mathematicians working for the US government has compromised some standards even though they were developed in an open, participatory and transparent fashion." MongoDB, whose name is a play on the word humongous, competes with Oracle, IBM and Microsoft. It has around 320 employees and some 600 customers. At its latest round of $150 million in fund-raising in October, the company was valued at about $1.2 billion, according to Bloomberg. Other investors include Intel Capital, Salesforce-.com, Red Hat and Sequoia.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/economic-times-december-30-2013-lison-joseph-mongo-db-startup-hired-by-aadhar-got-funds-from-cia-vc-arm'>http://editors.cis-india.org/news/economic-times-december-30-2013-lison-joseph-mongo-db-startup-hired-by-aadhar-got-funds-from-cia-vc-arm</a>
</p>
No publisherpraskrishnaUIDInternet Governance2013-12-13T11:53:32ZNews ItemCyberscholars Working Group at MIT
http://editors.cis-india.org/news/cyberscholars-working-group-mit
<b>Malavika Jayaram is giving a talk on Biometrics or Bust - India’s Identity Crisis at this event organised by Berkman Center for Internet & Society on December 12 at 6.00 p.m.</b>
<hr />
<p style="text-align: justify; ">Read the original <a class="external-link" href="https://cyber.law.harvard.edu/events/cyberscholars/12/mit">published by Harvard University here</a>.</p>
<hr />
<p style="text-align: justify; ">The Cyberscholar Working Group is a forum for fellows and affiliates of MIT, Yale Law School Information Society Project, Columbia University, and the Berkman Center for Internet & Society at Harvard University to discuss their ongoing research. Each session is focused on the peer review and discussion of current projects submitted by a presenter. Meeting alternatively at Harvard, MIT, Yale, the working group aims to expand the shared knowledge of young scholars by bringing together these preeminent centers of thought on issues confronting the information age. Discussion sessions are designed to facilitate advancements in the individual research of presenters and in turn encourage exposure among the participants to the multi-disciplinary features of the issues addressed by their own work.</p>
<p style="text-align: justify; ">This month's presentations include:<br /> <b>(1) "Lines of Control: Networks of Imperialism and Independence in India (1840-1947)"</b><br />Abstract: This paper examines the history of communications networks in India and the relationship between communications and second-order networks. It draws attention to the wave of colonial network development that took place in India between 1840 and 1948. During these years, Britain constructed a series shipping, rail and telegraph networks to achieve a set of military and commercial goals. This paper studies how first- and second-order networks developed, and the intended and unintended effects of these networks on Indiaʼs economics, politics, and identity. The paper draws on economic and social studies of colonial communications networks in India, original reports by British officials and the Colonial Office, and the literature focusing on the role of technology in British imperialism. It shows how Indiaʼs colonial communication networks, built to augment and extend British control over the subcontinent, became conduits for Indian resistance and nationalism.<br />Keywords: shipping, telegraph, railroads, imperialism, nationalism, network theory, India</p>
<p style="text-align: justify; "><b>Colin Agur </b>is a PhD candidate at Columbia University and Visiting Fellow at Yale Law School's Information Society Project. His research examines India's telecommunications, focusing on mobile network formation and second-order effects of network growth. He spent the 2012-13 academic year in Delhi and Chennai, conducting document analysis, interviews with industry figures and participant observation related to mobile phone usage. He has published articles about Indian media and culture in Harvard's Nieman Lab, the Journal of Asian and African Studies and Journalism (forthcoming), and about telecommunications history in Information and Culture.</p>
<p style="text-align: justify; "><b>(2) Big Data Dramas in the 1960s and 1970s</b><br />Abstract: The recent frenzy in discussing NSA activities and the collecting of Big Data show a widespread critical concern for the current practice of gathering and using personal data. These concerns have their history. In my presentation, I track the beginnings of a growing public awareness and sensitivity towards the societal handling of personal data. I argue that the early computerization phase during the 1960s and 1970s played a crucial role in discussing these issues. Media reports, popular books, scientific publications, and political hearings all of a sudden began – often in quite different ways – to address and question contemporary practices of collecting, sharing, and storing of personal data. Their authors explored and negotiated all kind of societal settings where personal data played a significant role at that time. There have been concerns about these issues with personal data before, but – as I will show in my presentation – not on this broad societal level and to this extent as in the late 1960s and early 1970s. I argue that during that time, the usage of personal data became a highly controversial matter not only of public, but also of private interest.My inquiry examines how the term “data“ and in particular the collection of personal data became loaded with cultural and emotional significance in scientific and media discussions in the 1960s and 1970s in the United States and in Germany. Furthermore, it explores how the early computerization affected our societal handling of data long before the personal computer entered our private lives.</p>
<p style="text-align: justify; "><b>Julia Fleischhack</b> is a visiting postdoctoral research fellow in the program in Science, Technology, and Society at the Massachusetts Institute of Technology. She holds a PhD in anthropology from Zürich University. Her current research is on data centers from the private sector and funded by the Fritz Thyssen foundation.</p>
<p style="text-align: justify; "><b>(3) Biometrics or Bust - India’s Identity Crisis</b><br />Abstract: India's identity juggernaut - the Unique Identity (UID) project that has registered around 500 million people and is yet to be fully realized - is already the world's largest ever biometrics identity scheme. Grounded in the premise that centralized de-duplication and authentication will uniquely identify people and eliminate fraud, it is hailed as a game changer and a silver bullet that will solve myriad socio-economic problems, yet its conception and architecture raise significant concerns. Its implementation as a techno-utopian project in a legal vacuum, despite the potential for abuse and exclusion, give pause to the much-vaunted claims of transforming welfare delivery and galvanizing financial inclusion. I will provide an overview of the identity project and highlight some of the key implications for privacy and free speech, and more broadly, democracy and openness. I will also unpack some of the narratives being constructed, describe the current public discourse and legal developments, and locate the project within the broader surveillance state and database nation that India is morphing into.</p>
<p style="text-align: justify; "><b>Malavika Jayaram</b> is a Fellow at the Berkman Center for Internet and Society at Harvard, focusing on privacy, identity and free expression. A Fellow at the Centre for Internet and Society, Bangalore, she is one of 10 Indian lawyers in The International Who's Who of Internet e-Commerce & Data Protection directory. In August 2013, she was voted one of India's leading lawyers - one of only 8 women to be featured in the "40 under 45" survey conducted by Law Business Research, London.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/cyberscholars-working-group-mit'>http://editors.cis-india.org/news/cyberscholars-working-group-mit</a>
</p>
No publisherpraskrishnaUIDInternet Governance2014-01-09T06:41:31ZNews ItemCard transactions with Aadhaar validation need more time: experts
http://editors.cis-india.org/news/livemint-december-5-2013-kirthi-v-rao-moulishree-srivastava-card-transactions-with-aadhar-validation-need-more-time
<b>Cost and supply implications are seen by experts as the main hurdles in implementing the RBI directive. </b>
<hr />
<p style="text-align: justify; ">The article by Kirti V. Rao and Moulishree Srivastava was <a class="external-link" href="http://www.livemint.com/Politics/f0P6jklKaCVt5rP6RKBHbJ/Card-transactions-with-Aadhaar-validation-need-more-time-ex.html">published in Livemint</a> on December 5, 2013. Sunil Abraham is quoted.</p>
<hr />
<p style="text-align: justify; ">The Reserve Bank of India’s (RBI’s) move to introduce a new card payment infrastructure able to authenticate transactions using Aadhaar unique identity number-linked biometrics may take some time to implement as it has cost and supply implications.</p>
<p style="text-align: justify; ">“All new card present infrastructure has to be enabled for both EMV chip and PIN and Aadhaar (biometric validation) acceptance,” RBI said in a notification on 26 November.</p>
<p style="text-align: justify; ">Europay MasterCard Visa, or EMV, chip and PIN authentication involves card information stored in a chip that is accessible through a PIN or personal identification number, which replaces a cardholder’s signature.</p>
<p style="text-align: justify; ">Currently, all card infrastructure in India such as automated teller machines (ATMs) and point-of-sales (PoS) machines are moving towards full compliance with the global EMV standard that requires reading integrated circuit cards to authenticate credit and debit card transactions.</p>
<p style="text-align: justify; ">Although all transactions through debit cards are now required to be authenticated by PIN, validating financial transactions by using the biometric Aadhaar identity number database is yet to gain traction. Such a service is expected to begin in May.</p>
<p style="text-align: justify; ">Not all experts are in favour of the central bank’s move to use biometrics data to authenticate transactions.</p>
<p style="text-align: justify; ">“This is a terrible idea. Biometrics should never be used as authentication factor since it cannot be revoked when it is compromised,” said Sunil Abraham, executive director of Bangalore-based think-tank Centre for Internet and Society. “Digital signatures and its variations like the EMV chip are the right way to proceed.”</p>
<p style="text-align: justify; ">A banker did not fully agree with Abraham.</p>
<p style="text-align: justify; ">Pulak Sinha, general manager (payment solutions) at State Bank of India, said: “In our experience, there is a need for biometric authentication in certain geographical segments in the country. Our bank has used biometric authentication for financial inclusion initiatives and has found it very useful. Having said that, each bank is the best judge as to which technology is more relevant for their customers.”</p>
<p style="text-align: justify; ">Sinha added, “Also changing new infrastructure to accept all types of technologies has its own challenges as well as financial implications. Again, business cases need to be built and when people get additional services they may have to pay.”</p>
<p style="text-align: justify; ">There are cost implications if the RBI directive is to be implemented, according to Rajiv Kaul, chief executive of CMS Info Systems Pvt. Ltd, which runs two cash management companies and has recently received an order from SBI to deploy 8,000 cash machines across the country.</p>
<p style="text-align: justify; ">“Some of the ATM infrastructure currently installed have some of the capabilities for EMV chip cards, but even as they are hardware-equipped, software will need to be upgraded,” Kaul said. “For biometric compliance, both hardware and software will need to be installed, which will result in extra cost. So, for the short term, from the biometric perspective, the cost will go up.”<br />Some experts hold that the notification provides a chance to assess the as-yet-untested Aadhaar-linked biometrics model where the EMV model may be hard to implement.</p>
<p style="text-align: justify; ">“RBI has been pragmatic in mandating it incrementally as it is giving Aadhaar a runway to evolve in terms of operations, use cases, risk, technology standards, dispute resolution and get these things in order,” Uttam Nayak, group country manager, India and South Asia at Visa Consolidated Support Services (India) Pvt. Ltd, told Mint on 26 November. “Because Aadhaar is tokenless and doesn’t need a card, it has great potential for inclusion.”</p>
<p style="text-align: justify; ">Biometrics-enabled cash and PoS machines will require additional expenditure as they need high-speed Internet connectivity to transmit biometrics data, Rajeev Chandrasekhar, member of the upper house of Parliament, said in a letter to RBI governor Raghuram Rajan.</p>
<p style="text-align: justify; ">“The hardware and software cost of upgrading a single unit with biometrics hardware is not very much but changing the entire ecosystem would have costs,” acknowledged SBI’s Sinha. “When people get additional services they will have to pay.”</p>
<p style="text-align: justify; ">“A high percentage of the population is still unbanked. The opportunity (to reach people through biometric validation and Aadhaar) is too tempting for the acquirers (banks and others using PoS devices) to not take this up,” said Robin Roy, associate director of financial services at consultancy firm PricewaterhouseCoopers Pvt. Ltd.</p>
<p style="text-align: justify; ">Whether there would be enough suppliers of machines to implement the directive is also a concern, some experts said.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/livemint-december-5-2013-kirthi-v-rao-moulishree-srivastava-card-transactions-with-aadhar-validation-need-more-time'>http://editors.cis-india.org/news/livemint-december-5-2013-kirthi-v-rao-moulishree-srivastava-card-transactions-with-aadhar-validation-need-more-time</a>
</p>
No publisherpraskrishnaUIDInternet Governance2013-12-26T06:25:04ZNews Item