The Open letter made public on December 25, 2023 may be read here:

To
Shri Rajiv Gauba
Cabinet Secretary
Govt of India

Dear Shri Gauba,

I refer to the news report which revealed that the Aadhar data relating to 815 million citizens had been leaked, with the data put on sale in the dark web. This implies that the Aadhar data of 57% of the population of India is on sale. One is not sure whether the data relating to the rest of the population are also leaked! 

This is far too serious a matter for it to be treated lightly and it calls for nothing less than an independent judicial enquiry, for the following reasons:

1. It is the government that has been obstinately insisting on Aadhar card linkage for every conceivable part of the citizen’s life, including bank accounts, medical insurance, Covid testing/ vaccination, voter’s identity, passports and whatnot, without putting in place a commensurate fool-proof security system to pre-empt hacking and leakage of the personal information of the citizens.
2. I had earlier written to the Election Commission of India (ECI) that in many States, the number of Aadhar cards exceeded the population and a sharp spike in the number of Aadhar cards had been observed in some sensitive States, giving room for the proliferation of fake Aadhar cards. My letter dated 29-4-2023 (https://countercurrents.org/2023/04/proliferation-of-fake-aadhaar-cards-a-threat-to-integrity-of-2024-elections/) refers. Already, in several States, there have been instances of single households having hundreds of voter identity cards, about which the Commission is fully aware. Are some political parties involved in manipulating the electoral rolls to their advantage by misusing the above-cited Aadhar data? This can play havoc with the integrity of elections during general elections of 2024.
3. Had the government conducted the 2021 Census on time, there would have been a basis for cross-checking the State-wise Aadhar card numbers as a macro verification instrument. It is the Centre, citing the COVID epidemic, that insisted on deferring the 2021 Census, conveniently forgetting that even when the Spanish Flu paralysed India around 1918-19, the then government with little resources, preferred to conduct the 1921 Census, given its importance as an important statistical necessity. Should not the government own responsibility for deferring the Census count and depriving the country of an authentic population count?
4. By resorting to unduly excessive use of Article 282 of the Constitution to escalate the multiplicity of Centrally Sponsored schemes (CSSs) to a mind-boggling number of 314 involving Rs 4.76 lakh crores of public money, largely transferred directly to the beneficiaries’ bank accounts linked to their Aadhar Cards, the large-scale existence of fake Aadhar cards would have led to large numbers of fake Jandhan bank accounts, resulting in public funds going to wrong beneficiaries. I have brought this to the notice of the Finance Ministry without eliciting any response (https://countercurrents.org/2023/07/length-of-the-last-mile-how-well-the-welfare-schemes-fare-in-the-last-mile/). Who are the beneficiaries of the mis-directed public funds?
5. The sale of Aadhar data through the dark web, as reported, has enabled hackers to obtain mobile numbers linked to those Aadhar cards and misuse them in myriad ways, including hacking bank accounts, harassing people through such fake mobile numbers and so on. For no fault of theirs, the citizens find themselves subject to investigation by the police and other agencies. I have brought instances of this kind to the attention of TRAI, RBI, and UAIDA without much response. 

Since individual regulatory authorities seem to be treating this matter somewhat casually, leaving unwary citizens in the lurch and since the consequences of the Aadhar breach can create all-round chaos and lawlessness, the Centre is under an obligation to institute an independent enquiry by members of the higher judiciary so that the citizens may repose trust in its credibility.

Kindly treat this as urgent as the 2024 elections are not far away and large-scale hacking of bank accounts etc. is already taking place, which the government cannot afford to ignore.

Regards,

Yours sincerely,

E A S Sarma
Former Secretary to the Government of India
Visakhapatnam

Related:

MHA authorises Registrar General to authenticate Aadhar for birth and death registration

Centralising record of deaths and births: Centre’s play at a future NRC?

Census is not a priority for the Union government

Identifying fake Aadhaar, a plot to bring in CAA-NRC?

The post Widespread leak of citizens’ Aadhar data- urgent call for an independent judicial enquiry to protect citizens from harassment appeared first on SabrangIndia.

On May 27, the Unique Identification Authority of India (UIDAI) issued a press release warning “the general public not to share photocopy of one’s Aadhaar with any organizations because it can be misused. Alternatively, a masked Aadhaar which displays only the last 4 digits of your Aadhaar number can be used for the purpose.”

Explaining the rationale behind the warning, the UIDAI said, “Only those organizations that have obtained a User License from the UIDAI can use Aadhaar for establishing the identity of a person. Unlicensed private entities like hotels or film halls are not permitted to collect or keep copies of Aadhaar card. It is an offence under the Aadhaar Act 2016. If a private entity demands to see your Aadhaar card, or seeks a photocopy of your Aadhaar card, please verify that they have valid User License from the UIDAI.” It said that the masked Aadhaar could be downloaded from the official website, and even went on to warn users against downloading Aadhaar using a public computer.

This advisory was however withdrawn on May 29, and in a new press release, the Ministry of Electronics and IT explained that the original advisory was issued “in the context of an attempt to misuse a photoshopped Aadhaar card.” It said, “However, in view of the possibility of the misinterpretation of the Press Release, the same stands withdrawn with immediate effect,” adding, “UIDAI issued Aadhaar card holders are only advised to exercise normal prudence in using and sharing their UIDAI Aadhaar numbers.”

As if to reiterate that all was well of the data and privacy protection front, it further said, “Aadhaar Identity Authentication ecosystem has provided adequate features for protecting and safeguarding the identity and privacy of the Aadhaar holder.”

But what does this flip-flop mean? Far from allaying fears, it has sparked fresh concerns about unauthorized people having access to Aadhaar data. Activists and civil society members took to Twitter to call out the government on this absurd about-turn:

And now government and @UIDAI adds to confusion and dishonesty by withdrawing the press release. Better to let people be robbed than deprive tech industry of convenient ‘onboarding’ of customers! Sure there was mega pressure! https://t.co/GpCaC1y427

— Sucheta Dalal (@suchetadalal) May 29, 2022

Schrödinger’s #Aadhaar https://t.co/j7vJgyjKM1

— Rethink Aadhaar (@no2uid) May 30, 2022

Just so I’m clear, UIDAI, when you “withdraw” your own press release that said photocopies of Aadhaar cards can be misused, are you now implying and guaranteeing that they *cannot* be misused?

Otherwise, what is it you are “withdrawing”? pic.twitter.com/Ok8NmimU5L

— Rohin Dharmakumar (@r0h1n) May 29, 2022

We have come a L-O-N-G way from RS Sharma sharing his Aadhaar number on Twitter and belligerently fighting with people online daring them ’cause harm’… to UIDAI cautioning people to not share it even with organizations because it can be *misused*. pic.twitter.com/OqHVxEw2LB

— Karthik ?? (@beastoftraal) May 29, 2022

Aadhaar: From inclusion to surveillance?

The Aadhar card, with its Unique Identification Number, at its inception was an identity document meant to be a means for inclusion. The Act itself is called The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. But as SabrangIndia has reported previously, in many cases, the programme has led to exclusion of people who need the Public Distribution System (PDS) the most. Starvation deaths were reported from Jharkhand (17) and West Bengal (7) since September 2017, as per a survey report released by the Right to Food campaign in December 2018. In many cases, the deceased had been denied foodgrains at subsidised rates as their ration cards were not linked to Aadhaar. One elderly woman’s old age pension was held up as her bank account was not linked to Aadhaar.

Now, some if not all of these concerns were addressed by the Supreme Court judgment in the Aadhaar case, especially with respect to PDS and welfare schemes, concerns about data privacy and surveillance remain. Privacy activists and human rights groups have been raising concerns about Aadhaar’s misuse ever since the programme was introduced in India.

The biggest concerns relate to how Aadhaar is either already linked or proposed to be linked to other databases. At present one’s PAN is linked to Aadhaar, and there is a proposal to link it to Voter ID as well, in a purported bid to weed out fake voters. But this linkage also poses a great risk to voter profiling, surveillance and even possible voter suppression.

Recently, over 500 entities such as civil rights groups including Association for Democratic Reforms (ADR), Peoples’ Union of Civil Liberties (PUCL), Adivasi Women’s Network, Chetna Andolan, etc.; as well as groups working to defend digital freedoms and rights, such as Rethink Aadhaar, Article 21 Trust, the Internet Freedom Foundation (IFF), and the Free Software Movement of India, as well as activists, journalist and educators including CJP secretary Teesta Setalvad signed a statement calling the move to link Aadhaar with Voter ID “ill-thought, ill logical and unnecessary”.

The statement says that the signatories “are deeply concerned that this will almost certainly lead to mass disenfranchisement, could increase voter fraud, given the mass discrepancies in the Aadhaar database, and could violate people’s right to privacy by enabling voter profiling through the linkage of data sets.” It further elaborates, “India currently has no data protection law, and the current personal data protection bill has wide exceptions for the government. Any attempts to link Aadhaar to the voter IDs, would lead to demographic information which has been linked to Aadhaar, being linked to the voter database. This creates the possibilities for disenfranchisement based on identity, of increased surveillance, and targeted advertisements and commercial exploitation of private sensitive data.”  

A key reason cited is the violation of privacy and secrecy of vote. If the revelations of the Cambridge Analytica scandal where Facebook data of millions of users was used to allegedly rig the US elections in favour of Donald Trump by micro-targeting voters with false news is anything to go by, imagine the ramifications if it was demographic data of millions of Indians sourced from the Aadhaar database…

SC judgment on Aadhaar

In September 2018, the Supreme Court upheld Aadhaar’s constitutional validity. The Aadhaar case that was heard for a record 38 days by a bench comprising Chief Justice Dipak Misra, Justice DY Chandrachud, Justice AK Sikri, Justice AM Khanwikar and Justice A Bhushan delivered the verdict months after reserving judgment in May. There were three separate judgments from Justice Sikri, Justice Bhushan and Justice Chandrachud. CJI and Justice Khanwilkar did not pronounce a separate judgment but concurred with Justice Sikri. Justice Bhushan’s judgment was also in line with that of Justice Sikri. But Justice Chandrachud wrote a dissenting judgment.

However, in a partial victory for privacy activists, controversial sections such as those dealing with the national security exception and private players demanding Aadhaar data, were struck down. Section 33(2) of the Aadhaar Act that dealt with the National Security exception was struck down. This section permitted disclosure of information, including identity and authentication information, made in the interest of national security. Justice Sikri has also read down Section 33 (1) that enables disclosure of Aadhaar information on order of a District Judge. Now the owner of the information should be given opportunity of hearing before issuing such orders.

Additionally, Section 57 of the Aadhaar Act, that permitted private entities to use Aadhaar information to authenticate the identity of a person, was also held unconstitutional. Therefore, no private company can either demand Aadhaar information or make it mandatory for providing services. Aadhaar would not be required for opening a bank account or for getting a mobile phone connection.

Section 47 that allowed only the UIDAI to file criminal complaints in case of data breach has also been struck down. It has been held that exclusion of individuals from filing complaints was arbitrary.

Justice Chandrachud’s dissenting judgment

Justice DY Chandrachud wrote the lone dissenting judgment saying Aadhaar is liable to be declared as unconstitutional. “Violation of fundamental rights under the Aadhaar scheme fails on the touchstone of tests of proportionality,” he said. “Constitutional guarantees cannot be compromised by vicissitudes of technology,” he noted in a strongly worded dissenting judgment.

Justice Chandrachud also expressed his apprehensions about the misuse of data for profiling saying, “Biometrically enhanced identity information, combined with demographic data such as address, age and gender, among other data, when used in increasingly large, automated systems creates profound changes in societies, particularly in regard to data protection, privacy, and security. Biometrics are at the very heart of identification systems. There are numerous instances in history where the persecution of groups of civilians on the basis of race, ethnicity and religion was facilitated through the use of identification systems. There is hence an alarming need to ensure that the on-going development of identification systems be carefully monitored, while taking into account lessons learnt from history.”

It is this part that sends a shiver down the spine, given how Aadhaar data can possibly be used for voter profiling, targeting and even subsequent gerrymandering if Aadhaar is linked with Voter ID.

Related:

Aadhaar linking to Voter ID: Empowering voters or enabling surveillance?

SC upholds Aadhaar’s Constitutional Validity, but partially addresses Privacy Concerns

Understanding the Aadhaar Case

The post What does the UIDAI’s flip-flop on Aadhaar mean? appeared first on SabrangIndia.

 
Video Courtesy: Dhruv Rathee

The post Reality of Aadhaar Card by Dhruv Rathee appeared first on SabrangIndia.