Centre for Internet and Society

Will Aadhaar leaks be used as an excuse to shut out scrutiny of welfare schemes?

Anumeha Yadav — 2017-05-20T07:09:51Z

Aadhaar data of all 23 crore beneficiaries of Direct Benefit Transfer schemes could be publicly available, says a report by Centre for Internet and Society.

The blog post by Anumeha Yadav was published on Scroll on May 20, 2017.

In the past three months, there have been several reports about caches of Aadhaar data being publicly displayed on government websites across the country.

Personal information associated with the biometric-based 12-digit unique identification number, which the government wants every Indian resident to have, is mandated to be confidential under the Aadhaar Act, 2016.

But exactly how much Aadhaar data has been compromised by negligent government departments?

On May 2, researchers at the non-profit Centre for Internet and Society released a comprehensive report on the extent of the data breaches. They documented four government portals using Aadhaar for making payments and found that sensitive personal and financial information of nearly 13 crore people was being displayed on them, including details of about 10 crore bank accounts.

Two of the portals, for the Mahatma Gandhi National Rural Employment Guarantee Act and the National Social Assistance Programme, belong to the Union rural development ministry. The others are run by the Andhra Pradesh government for the workers’ insurance scheme Chandranna Bima and for filing Daily Online Payment Reports of MNREGA.

The researchers estimated that Aadhaar data of all 23 crore beneficiaries of the central government’s various Direct Benefit Transfer schemes could be publicly available. This means nearly a fifth of India’s population is potentially exposed to irreversible privacy harm, and financial and identity fraud.

The Unique Identification Authority of India, the agency which manages the Aadhaar database, however, and had earlier denied any breach of confidential data, has now reportedly said that such a data leak could only be the result of a potentially illegal hack attack and asked CIS to provide details of the persons involved in the data theft.

The rural development ministry, on its part, has changed how its MNREGA database is accessed, redacting Aadhaar numbers and bank account details of the beneficiaries. Senior officials of the ministry, however, denied making systemic changes in the wake of the Centre for Internet and Society report.

“The researchers claimed that financial information of over 10 crore individuals was available publicly, on pension and MNREGA portals,” said Nagesh Singh, additional secretary in the ministry, “but bank account details were displayed only on two state department websites of Andhra Pradesh and Telangana as these states are far advanced in transparency practices.”

“For all other states,” Singh added, “financial information and Aadhaar numbers were removed or masked last year. For pension schemes we masked the data in June 2016, and for MNREGA this data was removed in December. Even if any data was showing, it would only be for the particular block the resident is in, not for any other state workers.”

All this was done, he said, “because the UIDAI communicated to us that this information is sensitive and should not be displayed and the Aadhaar regulations prohibit display of Aadhaar numbers”. The Aadhaar (Sharing of Information) Regulations were introduced last September.

Contrary to Singh’s claims, social activists outside Andhra Pradesh and Telangana confirmed they could access bank account details of MNREGA workers until May 3. Only on May 4, two days after the Centre for Internet and Society report was released, did the details stop showing on the Management Information System.

“We could no longer access the electronic muster roll, and it started returning error messages,” said Ashish Ranjan of Jan Jagran Shakti Sangathan, a registered union of unorganised workers in Araria, Bihar. But until early May, he added, the Management Information System allowed anyone in any state to access the personal information of workers, even from other states.

Activists and beneficiaries relied on this system for two things. “Several of the new bank accounts have errors, and accessing this information directly helped get the discrepancies corrected without going to block level officials,” Ranjan explained. “It also helped track where the wages of workers were stuck.”

When activists asked why the data was no longer accessible, Ranjan said, rural development department officials said the Management Information System was changed “on the directions of the Supreme Court and the Union cabinet secretary.”

“This has been the pattern with the MNREGA MIS for long,” Ranjan said, referring to the information system. “Senior officials change access to a feature as they wish without clear processes or explanations.”

James Herenj, an activist with NREGA Watch, a non-profit which monitors the implementation of MNREGA in Jharkhand, had the same experience. “Bank account details were removed from the website last week,” he said, “this is a problem as we can no longer help MNREGA workers get data entry errors corrected.”

The Centre for Internet and Society researchers too contested the rural development ministry’s claim that Aadhaar numbers and bank account details were displayed only on Andhra Pradesh and Telangana government websites. They released a video clip showing them accessing bank account details and Aadhaar numbers of 801 MNREGA workers of Agara panchayat in Bengaluru through an internet search on March 25.

Screenshot of a Chandigarh Union Territory website displaying Aadhaar information.

Consent, please?

The Aadhaar Act, 2016 requires both government and private agencies to take informed consent before using a person’s Aadhaar for authentication, but there is little evidence that consent is sought before Aadhaar is seeded with personal and financial information.

Indeed, when the Supreme Court first permitted the voluntary use of Aadhaar for MNREGA in October 2015, Aadhaar numbers of 2.36 crore workers had already been seeded to their bank accounts, without the consent of over 99% of them.

The rural development ministry’s data shows that until June 2016, only about 4,10,000, or less than 1% of the 10.7 crore MNREGA workers, had agreed to Aadhaar-based payments. The ministry worked around this by organising “consent camps” to retrospectively collect proof of consent.

Poor standards

Writing in The Economic Times, Ram Sewak Sharma, chairperson of the Telecom Regulatory Authority of India and former director general of the Unique Identification Authority of India, argued that the reports about “Aadhaar leaks” on government websites failed to account for provisions of the Right to Information Act, 2005. Section 4 of this law provides for proactive disclosure of government decisions while Section 8 mandates public authorities to publish all information on welfare schemes, including details of beneficiaries.

This has created a situation, Sharma pointed out, where the transparency law may require even Aadhaar numbers of beneficiaries to be made public even though the Aadhaar Act mandates them to be confidential.

Right to Information activists, however, said the authorities were anything but devoted to the transparency law. Crucial information they seek on the efficacy of Aadhaar in welfare schemes is routinely denied.

“The government is willfully manipulating information systems to subvert details of biometric failures,” said Amrita Johri, a member of the National Campaign for People’s Right to Information and an activist with the Right to Food campaign, which has petitioned the Delhi High Court against Aadhaar being mandatory for food rations. “We have come across instances of ration cardholders being turned back because of fingerprints being falsely rejected, or network failure, but on the Delhi government’s website, this is shown as the beneficiaries not having come to the ration shop at all.”

“Similarly, the government claims it has removed bogus ration cards through Aadhaar,” Johri added, “but they do not show any administrative action if such bogus cards were really found through Aadhaar even though Section 4 of the RTI Act requires disclosure of such decisions.”

Jharkhand Directorate of Social Security displayed Aadhaar numbers, bank accounts numbers and transaction details of over 15 lakh pensioners.

Johri is concerned that the “Aadhaar leaks” could become an excuse to deny people “other useful information”. “When we requested officials to display how many biometric transaction were not successful, they told us that in a few days, they will remove the entire MIS as there had received orders from the food ministry to not display demographic data associated with Aadhaar,” she said. “But we pointed out that it was the creation of a single identification number that is the problem. Why should information on all other government schemes be removed?”

The Centre for Internet and Society report points out that while the law now makes Aadhaar numbers confidential, the government has failed to specify data masking standards. Section 6 of the Aadhaar Regulations lays down that no government or private agency should publish Aadhaar numbers unless they are redacted or blacked out “through appropriate means”.

But this is too vague, the report points out. “In some instances, the first four digits are masked while in others the middle digits are masked,” Srinivas Kodali, one of the authors of the report, explained, “which means someone with access to different databases can use tools for aggregation to reconstruct information hidden or masked in a particular database.”

Kodali said that for information other than Aadhaar numbers, each ministry and department is required to classify the data that is sensitive, restricted or open, which they have failed to do. “The National Data Sharing and Accessibility Policy, 2012 requires securing information of sensitive and restricted data but it does not recommend the ways to do it,” he said. “The standards around information disclosure and control do not exist, and the Ministry of Statistics expert committee on this was unable to suggest one last month.”

“Even for MNREGA data,” Kodali continued, “the Ministry of Rural Development’s chief data officer should have classified the financial information as restricted or open when the database was first created. But did they do this.”

Nagesh Singh, the additional secretary, however said his ministry “does not have a chief data officer to do this”. “The ministry’s economic advisor is the official responsible for categorising data and advises us on this,” he added.

For more details visit https://cis-india.org/internet-governance/news/scroll-may-20-2017-anumeha-yadav-will-aadhaar-leaks-be-used-as-an-excuse-to-shut-out-scrutiny-of-welfare-schemes

Aadhaar assurances fail to assuage privacy concerns

praskrishna — 2017-05-20T06:23:32Z

While Aadhaar may be secure from external attacks, a failsafe system hasn’t been developed to protect it from Edward Snowden-style leakages and hacks.

The article by Anirban Sen was published by Livemint on May 5, 2017. Pranesh Prakash was quoted.

As calls for a privacy and data protection law grow louder with each passing day amid reports of a central government ministry having made up to 130 million Aadhaar numbers public on its website, widespread concerns continue to emerge over loopholes in the security of the unique identification programme, though the man who created the system continues to defend the security and integrity of the system.

Most worryingly, a consensus is emerging among security and privacy experts, who have argued that while the Aadhaar system may be secure from external attacks, a failsafe system has not been developed to protect it from Edward Snowden-style internal leaks or hacks.

“(What has been suggested by the Unique Identification Authority of India and Nandan Nilekani) is that there will never be a data breach like what we saw in the US with the National Security Agency, Central Intelligence Agency, or Office of Personnel and Management breaches (data of federal government personnel, including more than 5.6 fingerprints, was leaked), or in Mexico or Turkey, or even in India when the department of defence was breached for cyber-espionage for multiple years without detection,” said Pranesh Prakash, policy director at the Centre for Internet and Society.

“While the system may be secure from external attacks, there is no failsafe system to make it invulnerable to Snowden-style breaches,” he added.

In an interview, former UIDAI chairman and Infosys Ltd co-founder Nandan Nilekani continued to defend the security of the system and said steps are being taken everyday to enhance the failsafe processes surrounding the system.

“I think the Aadhaar system is extremely well-designed. It’s not an online system that is exposed to the Internet. When enrolment happens, the packet is encrypted at source and sent, so that there can’t be a man-in-the-middle attack. And when the authentication happens, that is also encrypted—not compared to the original data, but to a digital minutiae. The point is that the system is very, very secure. So, if the objection is to centralization, then you should not have clouds. Clouds are also centralized,” said Nilekani. He added that Aadhaar was also safe from internal breaches, an assumption that is being challenged by security experts all across.

“Within seven years of its launch, the Aadhaar system has made a remarkable leap in terms of its security and privacy and it will keep improving things. Technology does not come through immaculate conception, where one morning some perfect technology is born. It has to evolve. It’s called learning by doing,” added Nilekani. He added that improving the security of the system is an ongoing process and conceded that a data protection and privacy law needs to be in place to supplement the current Aadhaar law.

“I know the government has sent a notice to everyone. If somebody has done it; they ought not to have done it—there’s a law for that,” said Nilekani when asked about recent instances of Aadhaar numbers being made public by government departments.

“We should have a data protection and privacy law which is an umbrella law, which looks at all these phenomena and certainly Aadhaar should be part of that. That’s perfectly fine—but people are behaving as if Aadhaar is the only reason why we should have a privacy law,” added Nilekani.

The last few weeks and months have witnessed a steady stream of negative news surrounding Aadhaar and three main cases are currently being fought in the Supreme Court, including one challenging the government’s decision to make the 12-digit ID mandatory for filing income tax returns as well as for obtaining and retaining a PAN Card.

Meanwhile, as Mint reported in April, questions are being raised on the Aadhaar biometric authentication failure rate in the rural job guarantee scheme in areas such as Telangana.

The report of Aadhaar numbers being listed on the government ministry website has caused widespread uproar, although a lawyer pointed out that it is not due to a breach in the Aadhaar system.

“It’s a misnomer to say this a leak because this was voluntarily, very actively put up there. A leak is when some information being kept securely gets breached somehow and comes out. Now, why is this information up on government websites? This is the problem of our government’s perception of transparency...The fact that the Aadhaar numbers are on the government website is not a flaw of the Aadhaar system, but it is a flaw of the understanding of what needs to be done to demonstrate transparency,” said Rahul Matthan, partner at Trilegal.

In a column in Mint, Matthan had also pointed out that while Aadhaar has been a transformative project, there remains enough scope of misusing the database.

“There is a legitimate fear that this identity technology will open us all up to discrimination, prejudice and the risk of identity theft,” Matthan wrote. “Aadhaar has given us the tools to harness data in large volumes. If used wisely, this technology can transform the nation. If not, it can cause us untold harm. We need to be prepared for the impending flood of data—we need to build dams, sluice gates and canals in its path so that we can guide its flow to our benefit.”

Even as both sides debate the issue of Aadhaar’s security, calls are getting louder to revamp the unique identification database.

“The point is that the UIDAI knows the device ID of the machine with which the biometric transaction took place along with the time and date, which means that by just using basic data analytics, any one with access to the transaction logs from the UIDAI (which have to be kept for a period of 5 years and 6 months) can have a complete view of a person’s Aadhaar-based interactions that are increasing day by day.”

“Further, the UIDAI has built up a biometric profile of the entire country. This means that courts can order UIDAI to provide law enforcement agencies the biometrics for an entire state (as the Bombay high court did) to check if they match against the fingerprints recovered from a crime scene. This too is surveillance, since it collects biometrics of all residents in advance rather than just that of criminal suspects,” said Prakash of CIS.

“The UIDAI could have chosen to derive unique 16 digit numbers from your Aadhaar number and provide a different one to each requesting entity. That would have prevented much of these fears. But the UIDAI did not opt for that more privacy-friendly design,” he added.

For more details visit https://cis-india.org/internet-governance/news/livemint-may-5-2017-anirban-sen-aadhaar-assurances-fail-to-assuage-privacy-concerns

Policies to Sustain India's Market

Shyam Ponappa — 2017-05-20T03:06:30Z

The question is whether policies can be better framed to harness the market potential. Why is so much investment flowing into India's securities markets?

The article published in the Business Standard on May 3, 2017 was also mirrored on Organizing India Blogspot on May 4, 2017.

Probably because of (a) India’s market size and (b) growth, despite all its inconsistencies and difficulties. Are higher price-earnings multiples desirable? Yes if they are sustained, because more capital is available for equivalent productivity; otherwise, no. The question is whether policies can be better framed to harness the market potential.

India’s large market with its headroom for prosperity seems propelled partly by its own momentum, and its stocks partly by liquidity. The net investment in mutual funds in 2016-17 of Rs 3.43 lakh crore was reportedly double the previous year, the highest in the last decade. Domestic investment in pure equity funds in the last two years exceeded foreign portfolio investment (FPI), because of lower FPI and higher domestic investment. Retail investors grew in the last three years from 28.6 million to 39.3 million. Other positive factors were a government with a strong mandate and falling oil prices.

Now, reasonable earnings from some large companies and rising global markets augur well, although earnings must improve broadly and a number of caveats remain. These relate to non-performing assets/loans (NPAs/NPLs), structural problems in sectors such as iron and steel, construction, power, telecom, transport, agriculture, continuing deficiencies in infrastructure and institutions, and in productivity. There are social pressures from divisive electioneering, a disturbing rise of exclusionary tendencies echoed globally, and government overreach. There are also self-induced crises because of inappropriate policies, as in telecom, unviable situations created by populism, or by judicial orders, as seen in telecom, coal and power. There could also be failure to improve productivity (by a third to 9 per cent, as during the growth years), or adverse external developments.

The room for improvement is epitomised by low per capita productivity. According to Bloomberg, the International Labour Organization’s output per worker for India in 2017 is 20 times lower than for Germany. Yet, expectations run high for India in reports from sources such as Euromonitor, the International Monetary Fund, London’s Centre for Economic and Business Research (CEBR), and PricewaterhouseCoopers (PwC). Euromonitor predicts India’s consumer market will be the third largest by 2030, ahead of Japan and Germany. Growth will be for products such as smartphones, automobiles, and durables such as TV sets, refrigerators and air conditioners. For instance, India is the third largest market for smartphones after China and the US. In automobiles, India is the fifth largest market with over 3.3 million cars sold in 2016 and continues to attract global manufacturers.

However, Euromonitor cautions against rising inequality with the Gini index rising from 39.9 per cent in 2011 to 41.6 per cent in 2016 and estimated at 43.4 per cent by 2030. The CEBR estimates that by 2028, India’s gross domestic product will be the third largest after China and the US. PwC forecasts that in 2050, India will be the second largest economy (in purchasing power parity) after China, the US being third and Indonesia fourth, with a caveat: “Emerging economies need to enhance their institutions and their infrastructure significantly if they are to realise their long-term growth potential.”

Can our policies better contribute to realising this market potential? Consider the options. One approach is open exploitation, unmindful of whether the ownership and distribution of profits is domestic or foreign. Prices are determined solely by supply and demand, without government regulation or any other authority. Another extreme is that the government decides everything, which has been seen to fail. A third option is a mix, with open-market principles in areas that can sustain them, such as in consumer goods, tempered with appropriate regulation, e.g., against harmful substances. Ideally, policies should be for the long-term common good with sustainable levels of equitable access. Regulation is essential where network economics apply with few players, as in electricity and communications. Our mix is not ideal because realpolitik and populism overwhelm the need for deep understanding followed by the objective and convergent deliberation needed to frame beneficial policies (through sound institutions, also lacking).

Our policies are often indifferent to where ownership lies, and sometimes, this is a problem. For example, heavy industries or electronics majors abroad often have government backing. Indian enterprises start with a disadvantage, because of restricted access to capital, and at higher cost. Another aspect is when the ownership of major local corporates with privileged access to markets changes to being majority foreign-owned, because the profits are sent abroad. Yet another is that we do not have ecosystems for manufacturing start-ups through commercialisation and scaling up, in terms of financing, production and procurement. Attention seems confined to early-stage start-ups or to small-and-medium enterprises, with no ecosystem to see them through to establishing scale, comparable, for instance, to the building up of Huawei through consistent procurement.

Our greatest deficiency, however, remains lack of good infrastructure. Correcting this requires a long view, capital, slow payback and long lead times for results, usually beyond election cycles. Easily sidelined for populist measures for immediate gains, this area needs concerted, bipartisan, societal convergence. A case in point is telecom and broadband, where spectrum auctions loom again, even as operators struggle with low revenues and high debt from previous auctions. Another is the recent Supreme Court ruling against compensatory tariffs for two ultra-mega power projects at Mundra, of 4,000 Megawatt (Mw) (Tata) and 4,620 Mw (Adani), based on whether a “change in law” applies only to Indian laws. If the tariffs were upheld, five buyer states would get a lower than average price paid, substantially below the current market price. If these projects become unviable, they will add to the deadweight of NPAs. The banks they owe will also suffer, and there will be the opportunity cost of benefits foregone from the lower-priced electricity.

There may be a case for prioritising infrastructure, beginning with defining our objectives and then framing policies to achieve them. For power projects, it’s reasonably priced electricity; for telecom, it’s reasonably priced services. Until these are made possible through appropriate policies, there’s little likelihood of realising our full potential.

For more details visit https://cis-india.org/telecom/blog/business-standard-may-3-2017-shyam-ponappa-policies-to-sustain-indias-market

Human Rights vs National Security

praskrishna — 2017-05-20T02:48:20Z

For more details visit https://cis-india.org/internet-governance/files/human-rights-versus-national-security.pdf

IT Accessibility for People with Disabilities Policy and Guidelines

praskrishna — 2017-05-19T15:25:49Z

For more details visit https://cis-india.org/accessibility/files/policy-and-guidelines.pdf

Expert Comments on CDAC document

praskrishna — 2017-05-19T15:17:58Z

For more details visit https://cis-india.org/accessibility/files/expert-comments-on-cdac-document.pdf

Taking Cognisance of the Deeply Flawed System That Is Aadhaar

praskrishna — 2017-05-19T14:52:58Z

Aadhaar and its many connotations have grown to be among the most burning issues on the Indian fore today, that every citizen aware of their rights should be taking note of.

The article by Shreyashi Roy was published in the Wire on May 10, 2017.

With the leak of 130 million Aadhaar numbers recently coming to light, several activists, lawyers and ordinary citizens are up in arms about what is increasingly being viewed as a government surveillance system. Keeping this in mind, on Tuesday, May 9, Software Freedom Law Centre India (SFLC) hosted an event that brought together a panel to clearly articulate the dangers of Aadhaar and to discuss whether the biometric identification system is capable of being reformed.

SFLC is a donor-supported legal services organisation that calls itself a protector of civil liberties in the digital age.

Titled ‘Revisiting Aadhaar: Law, Tech and Beyond’, the discussion, with several eminent personalities who have in-depth knowledge of Aadhaar and its working, threw light on the various problems that have cropped up with regard to India’s unique identification system. The discussion was moderated by Saikat Datta, policy director at Centre for Internet and Society, which published the report that studied the third-party leaks of Aadhaar numbers and other personal data.

The leaks

The discussion took off from the point of the leaks, with Srinivas Kodali, a panelist and one of the authors of the report, explaining his methodology for the study that proved that the Aadhaar database lacked the security required when dealing with private information of people. He highlighted the fact that during the course of his research, he had noticed several leaks from government websites and notified the Unique Identification Authority of India (UIDAI) about the same. Yet, at every step, UIDAI continued to deny and reject the possibility of this happening. Kodali says, however, that he had noticed that the websites that were unknowingly leaking data were, in fact, fixing the leaks after being notified without acknowledging that the leak had happened in the first place. Kodali reiterated at the discussion, as in his report, that a simple tweaking of URL query parameters of the National Social Assistance Programme website could unmask and display private information. Unfortunately, UIDAI cannot be brought to task for unknowingly leaking information because there is no such provision.

He also addressed the question of the conflict of interest that existed in the entire system of building Aadhaar, which was created by developers who later left the UIDAI and built their own private companies, monetising the mine of private information that they were sitting on. Kodali blames UIDAI for this even being allowed, since the developers, though clearly lacking ethics, were in fact, merely volunteers.

The system

One of the glaring issues with the technology behind Aadhaar is that the software is not open source. Anivar Aravind, a panelist, called it “defected by design” and “bound to fail” because not only is the technology completely untested but there are very obvious leaks that are taking place. Moreover, UIDAI does not allow any third-party audits or any other persons to look at the technology. Datta pointed to the fact that this is unheard of in other nations, where software is routinely subjected to penetration testing and hacking experts are called upon to check how secure a database is.

Anupam Saraph, another panelist and future designer, illuminated the creation of the Aadhaar database, pointing out that this is a system less about identification and more about verification. All of the verification, moreover, has been done by private parties, making the database itself suspect and leaving everyone’s private information loose at the time of enrolment. In addition, Aadhaar was meant for all residents and not just citizens. But now there is a mix of both, creating confusion in many aspects. Saraph also brought up how one rogue agency with access to all this information could pose an actual national security threat, unlike all the requests for information on breaches that the government keeps pointing fingers at. Referring to Nandan Nilekani’s statement about Aadhaar not being like AIDS, Saraph pointed out that it was exactly like it because much like the body, which cannot distinguish between an invasion and itself, the Aadhaar system is not being able to distinguish between aliens and citizens and has begun denying the latter benefits.

The Supreme Court has declared time and again that Aadhaar cannot be made mandatory, but the government continues to – in complete disregard of the apex court’s judgment – insist on Aadhaar for a multitude of schemes. More and more schemes are being made unavailable without the existence of an Aadhaar number as the government continues to function in a complete lack of cognisance of the fact that the poor are losing out on something as basic as their food because of a number. Prasanna S., an advocate and a panelist, called it a “voluntary but mandatory” system that is becoming an evidence collection mechanism. Moreover, everything is connected through this one number, making many options like financial fraud, selective treatment of citizens and other horrors possible. The collection of all this information is not dangerous, screams the government. Maybe not in the hands of this one. But what of the next? What of rogues?

The legal aspect

One of the panelists was Shyam Divan, a senior advocate of the Supreme Court, who has represented petitioners fighting against Aadhaar. Divan spoke about how along with a group of advocates he has been trying to get the apex court to rule on the issue but has been met with long queues before a ruling can be procured. He addressed the right to privacy aspect of the system and the recent declaration that the citizen does not have the absolute right to the body. He emphasised that the government cannot own the body and that for a free and democratic society, a limited government, instead of an all-knowing and all-seeing government, is essential. Unfortunately for India, there is no express right to privacy in the constitution, but that does not mean that rights can be taken away in exchange for a fingerprint. It is the government’s duty to respect privacy. For him, Aadhaar has become an instrument of oppression and exclusion, a point that Prasanna also agreed with, calling it a “systematic attack on consent”.

There is complete agreement that there has been a railroading of consent in this entire matter if Aadhaar being passed forcibly through the Lok Sabha as a money bill is anything to go by. If parliament’s consent can be disregarded in that fashion, what is an ordinary citizen to do in the face of this complete imbalance of power in the state’s hand?

Usha Ramanathan, a legal researcher and a long-time critic of Aadhaar, spoke about how India has turned into a state where there are more restrictions than fundamental rights, rather than the other way around. She related how there was no clarity at the beginning of Aadhaar of how it would be a card or a number and was never a government project in the first place. This is a private sector ambition that the government has jumped on board with, without considering that the private sector does not concern itself with civil liberties. As other panelists also pointed out, the private sector cannot and will not protect public interest. This is the job of the government, especially in an age of digitisation. But Aadhaar compromises the ability of the state to stand up for its citizens.

With June 30 approaching fast, many of those who have so far abstained from enrolling in the system are considering giving up their rebellion and going like sheep to get themselves registered in the database. In the words of Divan, they will have to “volunteer compulsorily for an Aadhaar”. The government is probably counting on this. Turning to the Supreme Court has been of no help, although a verdict can be hoped for in a couple of weeks. But what can we do if they rule for the government?

Some of the panelists are on board with the idea of a civil disobedience movement, a kind of a rebellion against Aadhaar. Some suggested thinking of out-of-the-box ways to register one’s protest and dissent against what is clearly becoming the architecture of a surveillance state. Saraph was particularly vehement about the need to completely destroy the Aadhaar database – “shred it”.

What all the panelists emphasised repeatedly was that there can be no improvements to a system that is so deeply flawed and that has had so many “teething problems” that are making millions suffer. The main takeaway from the discussion was that Aadhaar must see a speedy demise because it cannot be saved and cannot persist in its current state.

For more details visit https://cis-india.org/internet-governance/news/the-wire-may-10-2017-shreyashi-roy-taking-cognisance-of-the-deeply-flawed-system-that-is-aadhaar

Aadhaar security: Here's how your private information can be protected

praskrishna — 2017-05-19T10:05:25Z

Lock Aadhaar, and notify UIDAI if you get a one-time-password for a transaction you did not initiate

The article by Sanjay Kumar Singh was published in the Business Standard on May 11, 2017. Udbhav Tiwari was quoted.

The linking of Aadhaar — the 12-digit unique identification number for Indian residents — across various benefits is going through a roller-coaster ride. On one hand, the government, keen to make it mandatory, is linking it with filing of income-tax returns and benefits. But, on the other, many are uncomfortable with it because of privacy issues and leakages that have been reported recently. The Supreme Court, on Tuesday, referred another fresh plea challenging the Aadhaar Act and its mandatory use in government schemes to a larger Constitution bench.

There has been several reports that say that Aadhaar numbers and other personal data are being leaked. Bengaluru-based Centre for Internet and Society (CIS) has published a report (titled Information security practices of Aadhaar, or lack thereof) where it lists four government departments that have posted Aadhaar numbers and other personal information of people. According to the report, an estimated 130-135 million Aadhaar numbers and 100 million bank account numbers were posted on the four portals that the CIS researchers checked. Normally such data should be kept on the government’s intranet, where only authorised people can access it. However, a few government departments have uploaded this data on their websites. In many cases, the data was in excel format, making it all the more easy for people to download and misuse it. The worst part: If your data is stolen, you cannot file even a First Information Report with the police. Only the nodal body, the Unique Identification Authority of India (UIDAI), can file a police complaint.

Your data can be misused: Experts say that leakage of Aadhaar numbers and other personal information into the public domain violates peoples’ privacy. “Your name, phone number, address, bank account number and Aadhaar number are personal information. Only you have the right to decide whether to release such information to others. Such data shouldn’t be complied in excel sheets in large numbers and be freely accessible on the internet to everyone," says Udbhav Tiwari, policy officer at the Centre for Internet and Society, Bengaluru.

Tele-marketers and advertisers will have access to the personal information of all those people. More serious problems such as identity theft can occur. Says Smitha Krishna Prasad, project manager, Centre for Communication Governance at National Law University, Delhi: “The more sensitive information a person has about you, the easier it becomes to impersonate you when that person is speaking to, say, a bank." The impersonator could open a bank account or even take a loan in your name.

Suppose a hacker gets your email ID. “He will use the ‘password reset or forgot password’ feature to change your password and get access to your account. This feature poses questions based on personal info about you. Any such data collected about you comes useful here. Such hackers mine a lot of data about potential victims from all possible sources," says Shomiron Das Gupta of NetMonastery, a threat management provider. In the email, he could find info about your bank account, credit card account, etc, and cause financial losses to you.

Serious risks can also arise if someone manages to breach the biometric authentication or one-time password (OTP) required for using the Aadhaar system. “It is possible to copy an individual’s fingerprints, and replicate them using very commonly available resins. It is also possible for hackers to capture the data being communicated between a telephone tower and a mobile phone, especially if it is poorly encrypted. This will allow the hacker to see the OTP. Admittedly, this does require expertise and a targeted effort vis-a-vis an individual," says Tiwari. Now that the Aadhaar numbers of so many people have been divulged, someone could utilise their identities to steal their government-granted benefits, or obtain a SIM card, which could then be misused. Raman Jit Singh Chima, policy director, Access Now, says at many places where the Aadhaar number is required today, no biometric authentication is done. So just the number can be used to impersonate you.

Lock your biometrics: If your Aadhaar number and other personal information have been leaked, here are a few steps you can take to safeguard yourself. One, be wary of any calls you receive asking for additional details, which may not have been leaked already. Be equally wary if you receive a call wherein someone rattles off your personal data and asks you to verify it. The caller could pretend to be calling from your bank. It is best not to reveal or confirm any information over the phone at all. Two, you have the option to lock your biometric data online. Even if someone manages to steal your fingerprint, he will not be able to use it if you have locked your biometric data (see table). Also, if you get an OTP on your phone for an Aadhaar utilisation that you did not initiate, notify the UIDAI, and thus ensure that no transaction is carried out using your Aadhaar account.

Need for a privacy law: To prevent data leaks in the future, the government needs to sensitise state government officials who work with Aadhaar data about the need to protect the its privacy. More importantly, India needs a comprehensive data protection law. At present, there is limited provision in the Information Technology Act of 2008 under which you can file a civil case against a corporate that has leaked your personal information. “The person affected by data leakage has to show that he has suffered wrongful loss, or somebody else has enjoyed a wrongful gain, and then claim compensation," says Prasad.

After the Radia tapes incident, the government had said it would pass a comprehensive privacy law. “This law would lead to the creation of a data protection authority with enforcement powers, which would be able to penalise both companies and government bodies violating privacy principles. Despite the process beginning in 2012-13, and multiple drafts being leaked into the public domain, there has not been much progress on this count," says Chima. He adds that when the privacy law becomes a reality, any part of the Aadhaar Act that is contrary to it should also be amended.

How to lock your biometric data online

Go to the UIDAI web site: https://uidai.gov.inGo to Aadhaar services, then Lock/Unlock Biometrics Enter Aadhaar number Enter security code that appears below the Aadhaar numberYou will receive an OTP on your registered mobile number. Enter it Click ‘Verify’Click box against ‘Enable biometric lock’Click on Submit buttonSame procedure can be repeated to disable biometric lock.

For more details visit https://cis-india.org/internet-governance/news/business-standard-sanjay-kumar-singh-aadhaar-security-here-is-how-your-private-information-can-be-protected

Information Security Practices of Aadhaar (or lack thereof)

aditya — 2017-05-17T06:20:14Z

A documentation of public availability of Aadhaar numbers with sensitive personal financial information (updated)

For more details visit https://cis-india.org/internet-governance/information-security-practices-of-aadhaar-or-lack-thereof

Clarification on Information Security Practices of the Aadhaar Report

aditya — 2017-05-17T06:19:39Z

For more details visit https://cis-india.org/internet-governance/clarification-on-information-security-practices-of-the-aadhaar-report

Clarification on the Information Security Practices of Aadhaar Report

praskrishna — 2017-05-16T16:41:58Z

For more details visit https://cis-india.org/internet-governance/files/clarification-on-the-information-security-practices-of-aadhaar-report

Updated Aadhaar Report

praskrishna — 2017-05-16T16:37:30Z

For more details visit https://cis-india.org/internet-governance/files/updated-aadhaar-report.pdf

Tech Anthropology Today: Collaborate, Rather than Fetishize from Afar

Geert Lovink and Ramesh Srinivasan — 2017-05-16T14:51:09Z

"That is why the 'offline' if you will is so critical to understanding the 'online'—because they do not exist in isolation and what we have constructed is an illusory binary between the two." In this interview, Geert Lovink discusses with Ramesh Srinivasan: “how can we embrace the realities of communities too-often relegated to the margins?”

Cross-posted from nettime.org.

“How can we embrace the realities of communities too-often relegated to the margins?”

In Whose Global Village? (NYUPress, 2017) UCLA scholar Ramesh Srinivasan travels the globe in order to find out much techno-autonomy there’s still left. Now that more than half of the world has moved to urban centres, the rural population is literary a minority and is kindly asked to adjust accordingly. This makes Srinivasan’s work even more urgent when he asks “what the internet, mobile phone or social media platforms may look like when considered from the perspectives of diverse cultures.”

The communities Ramesh Srinivasan visits are on the defensive, in a process of fragmentation. “There is a disconnection not just from one another,” he writes, “but also from the common threads of their history and culture. The tribes and villages experience “placelessness, fragmentation of identity, and dissolution of social bonds.” Throughout the study, which took place between 2004-2013, Srinivasan reports from the rising gap between the proposed technologies (such as videos, websites, databases) and the ‘techno-solutionism’ (as described by Morozov) that he wants to prevent. Ramesh is so honest to present this dilemma as an inner struggle of today’s anthropologist with a technology background. Computers and smart phones are an integral part of the everyday life—no matter where we go—and can no longer be presented as liberating tools. This put the ‘ICT for development’ researcher is an awkward position. Post-colonial theories have widely been read and their influence (from Fanon, Said to Spivak) is having an inevitable impact. This in turn leads to a new attitude that I would describe as ‘radical modesty’ (if not ‘vital pessimism’).

While studying the impact of the Tribal Peace system that he and others installed to connect the different Navajo tribes in San Diego County, Srinivasan realises that he has to work with rather than ignore the networks that exist. “It was neither the technology nor institutions that connected the people I had met. Instead, the very few threads of kinship I noted were related to revered individuals, regarded by most with collective respect and as a source of inspiration.” It is with and through the elders that he starts to draw up information architectures (or ‘ontologies’), listing topics, themes, and values across the native reservations. How can ‘lateral networks’ be supported in a a process of what James Carey calls ‘ritual communication’?

Needless to say this approach takes us light years away from Facebook and other social media. This is only in part a question of translating interfaces to local indigenous languages. The proposed systems require the design of its own visual metaphors, reminding us of 1990s multi-media navigation screens, meant to represent digital storytelling. This is dealt with in closed, or semi-open networks, paying respect to the different experiences of time and space. These ideas are put to the test in the last part of the book that describes the encounter with the Zuni tribe (Arizona/New Mexico), where Ramesh Srinivasan worked together with Robin Boast. It is amongst the Zuni peoples that the researchers encounter the distrust against anthropologists. “Our Zuni friends voiced feelings of misrepresentation and anger at their objectification. They explained that social scientists would visit their community, exoticize their traditions and customs, and extract what they could to benefit their own agendas rather than those of the community.”

The gained detachment aims to put the researcher “at the service of our friends and partners.” Important is no longer the one-way transfer of knowledge but the art of listening. Towards the end of his study Ramesh asks: “What would it mean to step away from top-down understandings of the internet and instead ‘splinter’ the way we think about technologies and the communities they may support?” As an activist in Egypt explained: “We do not need another NGO or a new dialogue.com to solve our problems—we just need you to listen, support our voices, an pay attention to what we we do.” Whose Global Village? adequately describes the moral and methodological crisis in the ‘ICT for Development’ field. The wide condemnation of Facebook’s neo-colonial internet.org balloon campaign to bring access (to Facebook) to hundreds of millions of rural poor in India clearly marks a paradigm shift. Access is no longer a benevolent project. It’s clear that ICT for Development as such does not contribute to a redistribution of wealth and makes global inequality only worse. So much for internet charity.

Ramesh admits: “Trained as a designer and engineer, I recognize my innate tendency to valorize my power to come up with a set of solutions for any challenge at hand. Yet every project I have described illustrates the valuable insights gained when I put aside my own agenda and bias as much as possible to open myself to experiences that could not have been predicted from afar.” This modesty sounds like a new starting point. But is it also resulting into new concepts and narratives? This might be too much to ask of a single publication (in fact, the first book publication of this author). The ‘tactical distance’, created out of respect for the communities-in-defence, results into rather sparse information about the places we visit. There are no interview fragments included in the book, and the few local leaders that we encounter do not speak to the reader in a direct manner. The chosen way to report creates a vague cloud of secrecy around the research itself. What happens when we listen but do not acknowledge the Other? Were more detailed research results published elsewhere or only accessible for donors (a common practice in NGO land)? What happens when we listen but do not acknowledge the Other? Is it too risky to give them a voice? Might their opinions and desires be too ordinary, too radical, or simply not what we want to hear? What if they do not fit our Western expectations? The Others are humans, after all, and, like us, tend not to live up to expectations. These, and more, are some of the questions we encounter once we give up on the development rhetoric.

Geert Lovink: You’ve been in a lucky, privileged position to travel so often and witness events and encounter communities in diverse places such as Cairo during the 2011 uprising, with the Zapatistas Chiapas, doing research in the land of your ancestors, South India and on reservations in the South-West of the United States. The offline encounter in-real-life seems to be constitutional for your theory. In the past scholars travelled through the library and many these days do not leave their screens while processing their ‘big data’. Digital ethnography, on the other hand, seems to require direct exchanges with the Other. This assumption pops in all chapters. Is travelling the new luxury? Or should we say that it is rather dedicated time? Once you arrive elsewhere there is suddenly another time regime.

Ramesh Srinivasan: Indeed, I think all of us as researchers and teachers are nothing if not 'lucky' or 'privileged'. And you're certainly on point to recognize that the root of my scholarship and activism locates technologies within an assemblage of other factors - peoples, places, infrastructures, and environments. Yet it is essential that I do not collaborate with (rather than ‘study of’) any community unless I am invited to do so and where our efforts are focused on initiatives that live and are owned by that group itself.

That is why the 'offline' if you will is so critical to understanding the 'online'—because they do not exist in isolation and what we have constructed is an illusory binary between the two. If we want to be of service and understand the complex relationships between technologies, politics, and cultures—as I attempt to do via the multiple case studies discussed in the book, we need to put our bodies and hearts in places rather than our distant gaze. It's critical for me to not step foot anywhere where I am not invited first, and to critically think about my role and power as I enter different environments. Indeed, the book is full of ethnographies of attempting to listen more than make, and how I eschew the 'study of' any community and instead write about what we create and work on together. My goal is to collaborate rather than study, rather than fetishize from afar.

GL: Whose Global Village? has an unusual time span of 10-14 years. First research goes back to 2003-2004. Some case study closed in 2005 while most literature dates from 2012-2013. In between, the 2008 global financial crisis occurred, the smart phone was launched and apps became mainstream. How did you deal with these constant changes? Are you proposing a ‘longue durée’ in media studies and internet criticism’? What are the benefits of this approach? How do you see ‘grassroots storytelling’ dealing with the relentless changes of platforms, interfaces and protocols? Do remote communities have a different approach to the latest fashion and the famous ‘fear of missing out’?

RS: There are some dynamics that don't change no matter what app, gadget or platform has captured the popular imagination. That is—the realities of power over how technologies are designed, owned, and politically or economically appropriated. The book starts with the simple but surprisingly ignored sociotechnical truism - People and societies shape and are shaped by technologies. Yet such a small percentage of Internet users have any power over the design process let alone any sovereignty over what occurs with their data and identities as they are refracted onto digital networks. Those issues are timeless and all the more urgent today. I focus on the political and cultural flashpoints where by users and communities can reign in their blind trust of new digital platforms and instead take power over these in relation to their local concerns and agendas.

GL: As a media activist you have a background in engineering. However, at UCLA you work inside library science (called ‘information studies’). However, you seem to relate most to the role of anthropologist, in that you deeply desire not make past mistakes in encounters with ‘the Other’. In this context you work with Mary Louise Pratt’s theory of the contact zones and apply this to the design of ‘multiple ontologies’. I never hear IT engineers talking about contact zones. How do you want to carry your insights into the tech world? After all, you live in California. Who else is going to do this? What could be a good strategy? How do you look at the Bay Area and the global geek class they still dominate in terms of its global imaginary?

RS: I see myself as a scholar who can contribute to fields that tend to remain mostly distinct in the academy—design, engineering, cultural studies, media studies are but a few. If I was ever an IT ‘geek’ that was decades ago!

To engage in the charge of the book, of locating our understandings of digital networks and systems in relation to diverse cultures and users worldwide, all of these fields are useful to invoke and bring into dialogue with one another. I'm fortunate to be in a department that supports this interdisciplinarity and indeed as you stated, coming from California and trained in engineering here, I believe it is all the more important to question the black boxes not just of Silicon Valley hardware and software platform design but to push these incredibly powerful technologies to open up to an engaged, conversational social contract with diverse publics.

GL: Over the past 10-15 years we’ve seen the closing down of the possibility space of the Web and the rise of the ‘easy to use’ template culture of social media. The technologies that you’ve proposed and built seem to move away from the consumer culture. In South India you’re spread video cameras, elsewhere you’ve developed a dedicated Tribal Peace system interface (as part of a stand-alone website) while for the Zuni communities you’ve utilized the FileMaker Pro Advanced database software. Not Facebook, Twitter, Instagram or YouTube (and no wikis either). Can you elaborate on this?

RS: It's important to not assume that naively putting content online is somehow empowering. Indeed, that which we ‘share’ (eg; sharing economy) asymmetrically builds power and value for the platform holder and all those that can monetize it. As a result, we increasingly know that corporate proprietary platforms such as Facebook or Google are hardly designed to directly support a user's sovereignty or agency. The interest, across each of the book's chapters, is to instead think about how the communities with which I collaborate can have their interests served via technologies either that we design together or appropriate/subvert in various ways. Far too often we see examples where such 'participation' actually does little to shape any cultural or political cause from the grassroots. So we think agnostically and critically about the systems, networks and infrastructures we use in relation to our collaborations.

GL: Can you tell us what you’ve been doing over the past few years? Did you continue to work in the same direction? The book indicates that your collaboration with Robin Boast and the work with the Zuni Native American Reservation seems to continue.

RS: My interests lie in that important space between understanding how technologies may aid and support grassroots political movements and diverse user communities. The Zuni collaboration, described in chapter 4, is interested in that cause in relation to the political and cultural sovereignty of a tribe that was not just historically colonized but still faces the objectification and misrepresentation of new forms of coloniality online.

The cases in the book look at both political movements as well as diverse cultures and communities. Currently, I am collaborating with activists and indigenous Zapotec and Mixtec communities in the Oaxaca Mexico region, one of the most biodiverse and culturally/linguistically diverse parts of our world. In this work, I am writing about the Rhizomatica project (invoking Deleuze/Guarttari's rhizome) where these communities are designing their own collectively-owned cell phone networks in cloud forests all around the region. This has massive political and economic effects. What we see here is a rhizome in the making, a set of networks, systems, and infrastructures shaped and produced from the grassroots, by communities and for communities, and not for the major corporations of our world that tend to on the surface exploit and monitor the activities of these people. More on this amazing project, including some videos at www.rhizomatica.org . I believe that as we start to think about this new effort, that Lisa Parks and I describe as 'network sovereignty', we can start to embark on a path I describe in detail in chapter 5 of the book, of getting back the social contract and communitarian potential of technology to serve democratic agendas located in people's politics and cultures.

I am hopeful we can start that conversation now. I attempt to continue it via my soon to be released second book, After the Internet (with Adam Fish, Polity, end 2017) which looks at examples ranging from Iceland’s Pirate Party, hacktivism, the Silk Road, the Arab Spring, and other activist movements that re-imagine new technologies in relation to grassroots power and voice.

Reference

Ramesh Srinivasan, Whose Global Village? Rethinking How Technology Shapes Our World, New York University Press, New York, 2017.

Profiles

Ramesh Srinivasan is Associate Professor of Information Studies with a courtesy appointment in Design|Media Arts. Srinivasan, who holds M.S and Doctoral degrees, from the MIT Media Laboratory and Harvard's Design School respectively, has focused his research globally on the development of information systems within the context of culturally-differentiated communities. He is interested in how an information system can function as a cultural artifact, as a repository of knowledge that is commensurable with the ontologies of a community. As a complement, he is also interested in how an information system can engage and re-question the notion of diaspora and how ethnicity and culture function across distance. This research allows one to uncover mechanisms by which indigenously-articulated forms of development can begin to occur, as relating to his current work in pastoral and tribal communities in Southern India. His research therefore involves engaging communities to serve as the designers, authors, and librarians/archivists of their own information systems. His research has spanned such bounds as Native Americans, Somali refugees, Indian villages, Aboriginal Australia, and Maori New Zealand.

Geert Lovink is a media theorist, internet critic and author of Dark Fiber (2002), Zero Comments (2007), Networks Without a Cause (2012) and Social Media Abyss (2016). Since 2004 he is researcher in the Faculty of Digital Media and Creative Industries at the Amsterdam University of Applied Sciences (HvA) where he is the founder of the Institute of Network Cultures. His centre recently organized conferences, publications and research networks such as Video Vortex (the politics and aesthetics of online video), Unlike Us (alternatives in social media), Critical Point of View (Wikipedia), Society of the Query (the culture of search), MoneyLab (internet-based revenue models in the arts) and a project on the future of art criticism. From 2004-2013 he was also associate prof. at Mediastudies (new media), University of Amsterdam. Since 2009 he is professor at the European Graduate School (Saas-Fee/Malta) where he supervises PhD students.

For more details visit https://cis-india.org/raw/tech-anthropology-today-collaborate-rather-than-fetishize-from-afar

India is building a biometric database for 1.3 billion people — and enrollment is mandatory

praskrishna — 2017-05-12T16:22:35Z

Inside the buzzing enrollment agency, young professionals wearing slim-fitting jeans and lanyards around their necks tapped away at keyboards and fiddled with fingerprint scanning devices as they helped build the biggest and most ambitious biometric database ever conceived.

The article by Shashank Bengali was published in the Los Angeles Times on May 12, 2017.

Into the office stepped Vimal Gawde, an impoverished 75-year-old widow dressed in a floral print sari. She had come to secure her ticket to India’s digital future — to enroll in the identity program, called Aadhaar, or “foundation,” that aims to record the fingerprints and irises of all 1.3 billion Indian residents.

Nearly 9 out of 10 Indians have registered, each assigned a unique 12-digit number that serves as a digital identity that can be verified with the scan of a thumb or an eye. But Gawde came to the enrollment office less out of excitement than desperation: If she didn’t get a number, she worried that she wouldn’t be able to eat.

Designed as a showcase of India’s technological prowess — offering identity proof to the poor and reducing waste in welfare programs — Aadhaar’s grand promises have been muddied by controversy as the government makes enrollment mandatory for a growing number of essential services.

Indians now need an Aadhaar number to pay taxes, collect pensions and obtain certain welfare benefits. The rapid expansion of a program that was originally described as voluntary has sparked criticism that India is vacuuming up citizens’ personal information with few privacy safeguards and creating hardship for the very people the initiative was supposed to help.

Like many Indians living in poverty, Gawde uses a ration card to purchase her monthly allotment of subsidized rice and cooking gas. But the shopkeeper told her that starting next month, he would sell to her only if she produced an Aadhaar number.

She had visited the enrollment agency three times but had yet to be approved, for reasons she did not understand. (Enrollment agents would not comment on individual cases.)

Reaching into her canvas bag, Gawde pulled out the familiar panoply of documents — ration card, voter card, electricity bill, income tax ID — that Indians use to navigate a dizzying bureaucracy. Aadhaar, she was told, would supplant all these papers.

But she had to get the number first.

“I’m nervous,” Gawde said outside the enrollment office on a sweltering morning. “I first applied three years ago and submitted all my documents, but didn’t follow up. Now that it’s becoming compulsory, I’m doing everything I can to get it.”

Indian Prime Minister Narendra Modi, who had criticized Aadhaar as a “political gimmick” before he took office, has embraced the futuristic idea of an all-in-one digital identity. His party pushed through a law last year that paved the way for a dramatic expansion of Aadhaar, allowing government entities and private businesses wide latitude to access the database, which collects not just people’s names and birth dates but also phone numbers, email addresses and other information.

Soon, as more private companies use the database, it could become difficult to open a bank account, get a new cellphone number or buy plane or train tickets without being enrolled.

Supporters say the program, which has cost about $1 billion to implement, will save multiples of that by curbing tax evasion and ensuring that welfare subsidies are not stolen by middlemen.

“Aadhaar was always meant to be an instrument of inclusion,” Nandan Nilekani, a tech billionaire and the program’s first chairman, said in an interview. “I’m really happy that the current government is completely endorsing Aadhaar and using it for a wide variety of services that will transform governance.”

Nilekani calls Aadhaar “hugely empowering” for the poor, but not long ago even he argued that enrollment should remain optional so that no Indians were prevented from accessing essential services. India’s Supreme Court agreed, ruling in 2015 that the government could not require Aadhaar for any benefit to which a person was otherwise entitled, as long as they could prove their identity by some other means.

Yet the court has stayed silent as Aadhaar creeps into every facet of Indian life, even for children.

A 12-year-old girl named Saiba is a case in point. After the girl’s grandmother passed away in their family’s ancestral village in northern India, Saiba’s mother moved her and her four siblings to a crowded neighborhood on the rough fringes of New Delhi, near a car parts market thick with the smell of grease.

When Saiba’s mother, Rani, went to the local school in April to register her for the sixth grade, administrators turned her down, saying every student must have an Aadhaar number.

But to get a number, a child usually needs a birth certificate — and like one-quarter of children born in this country, Saiba and her siblings did not have them because their village did not routinely register births.

Sitting with her mother in the cramped offices of the local advocacy group Pardarshita, above a noisy street lined with vegetable sellers, the girl puffed her round cheeks in an expression of helplessness.

“I don’t know anything about this,” said Saiba, who, like many Indians, has only one name. “I just want to go to school.”

Rakesh Thakur, a board member of Pardarshita, is trying to obtain Aadhaar numbers for dozens of children barred from Delhi schools. He called the policy “a clear violation” by the municipal government of both the Supreme Court order and India’s Right to Education Act, which guarantees every child younger than 14 free schooling.

A Twitter account called “Rethink Aadhaar” logs new instances almost daily of Indians who have suffered because scanners couldn’t read their fingerprints or because of errors in the database.

In Jawhar, a forested zone about 60 miles north of Mumbai, administrators have told local tribal communities that they will soon use Aadhaar to distribute welfare rations and school lunches. But the area lies outside cellphone range, leading residents to wonder how scanners will connect to the Internet to verify their identities.

“The idea of Aadhaar and the technology may be good, but do we have the infrastructure to make it mandatory?” said Vivek Pandit, a former lawmaker who runs a nonprofit group in the area. “The law is city-centric, and it would only lead to the social exclusion of rural India.”

This month lawyers opposing Aadhaar argued before the Supreme Court that the government could not force Indians to share their biometric data. Atty. Gen. Mukul Rohatgi countered that Indians had no constitutional right to privacy and could not claim an “absolute right” over their bodies.

Without privacy protections, activists worry that as Aadhaar numbers are linked to more and more services, intelligence agencies could use the database to more easily track Indians’ calls, travels and purchases.

“It’s become very clear that this is not a project about the poor,” said Usha Ramanathan, a lawyer and anti-Aadhaar activist. “The government’s ambitions have gotten greater over time.”

This month, the Center for Internet and Society, a New Delhi think tank, reported that federal and state agencies had published up to 135 million Aadhaar numbers — some including sensitive information such as a person’s caste and religion, or details of pension payments — on unsecured websites accessible through just a few clicks.

It’s become very clear that this is not a project about the poor. — Usha Ramanathan, a lawyer and anti-Aadhaar activist

Pranesh Prakash, the center’s policy director, said that when Indian authorities can’t even keep Aadhaar numbers private, as the law requires, it suggests the entire database is vulnerable — particularly after sensitive information involving 22 million Americans was exposed when federal databases were hacked in 2015.

“When these kinds of leaks are happening, it’s rather foolhardy to maintain a database of 1.2 billion people’s biometrics, because once this gets breached, it becomes completely unusable,” Prakash said.

“If your PIN number or password leaks, you can change it. You can’t change your fingerprints.”

Praveen Chakravarty, a former investment banker who worked with Nilekani to launch Aadhaar, believes the lack of safeguards undermines the project’s ideals of efficiency and empowerment. He said many Indians were right to worry that Modi’s government, which has cracked down on political activists and nonprofit groups it opposes, could use Aadhaar to snoop on citizens.

“Maybe Aadhaar didn’t need to be this big,” Chakravarty said, adding that the government could simply have worked to fix inefficiencies in individual welfare programs.

“People could ask, ‘Did we need this at all?’” he said. “It’s a good question.”

For Gawde, the widow, Aadhaar remained an idea of the future. She left the enrollment agency that day empty-handed, told by a young employee that her number had not been assigned. But she retained hope that the new ID would make life easier.

“We are just poor people,” she said. “We have to trust what the government tells us.”

For more details visit https://cis-india.org/internet-governance/news/los-angeles-times-shashank-bengali-may-12-2017-india-is-building-a-biometric-database-for-1.3-billion-people-and-enrollment-is-mandatory

SoI’s Open Series Maps Fails to Implement Public Sharing of Govt Data

sumandro — 2017-05-04T12:19:01Z

Although it has made the topographic maps or the Open Series Maps available to general public, Survey of India’s (SoI) Nakshe portal will have to go through a variety of litmus test, as the initiative fails to implement the mandates of public sharing of government data using open standards and open license as put forward by the NMP 2005 and NDSAP 2012, says Sumandro Chattapadhyay, Research Director, The Centre for Internet and Society. This interview was published by Geospatial World on May 02, 2017.

Cross-posted from Geospatial World.

What are your views on the Nakshe Portal initiative from Survey of India?

It is a most welcome initiative by the Survey of India to realize the mandate of the National Map Policy (NMP) 2005 to publicly distribute “Open Series Maps of scales larger than 1:1 million”. The Survey of India has also drawn from and implemented the mandate of the National Data Sharing and Accessibility Policy (NDSAP) 2012 to make available the shareable and non-sensitive Open Series Maps documents without any necessary fees to access and use them.

The initiative, however, fails to achieve the goal of of public sharing of government data using open standards and open license as put forward by the NMP 2005 and NDSAP 2012. This substantively raises the barrier to access the Open Series Maps data and reduces its possibilities of reuse, especially for commercial innovation, in a very serious way. This undermining of the open data agenda is not only a concern for the Nakshe portal in particular, but also sets a dangerous precedent for future open government data initiatives in India.

What is your view on the data provided and its usability?

The Nakshe portal has created several barriers to access and use of the Open Series Maps data, all of which are in violation of the NMP 2005 and NDSAP 2012:

NDSAP 2012 mandates that shareable and non-sensitive government data (such as Open Series Maps) are made public through the data.gov.in portal created under the guidance of the NDSAP 2012. Survey of India may of course decide to publish the Open Series Maps data on the Nakshe portal along with on the data.gov.in portal. Publishing of the data only through the Nakshe portal not only violates the mandate of NDSAP 2012, they make such data much less discoverable.
NDSAP 2012 allows for “registered access” to open government data. That is, it allows for data to be shared only with users who have registered with the data publishing portal. Making registration only possible via Aadhaar number, however, significantly limits the number of users who can access this data. For example, non-Indian researchers form an important potential sub-section of users of Open Series Maps but they will not be able to access the data. The website neither has a privacy policy that clarifies how these submitted Aadhaar numbers will be stored, protected, and shared (if at all) by the Survey of India.
NMP 2005 instructs Survey of India to “allow a user to add value to the maps obtained (either in analogue or digital formats) and prepare his own value-added maps”. The Government Open Data License has been recently notified under NDSAP 2012 to guide permitted uses of open government data in India.

The very restricted approach to permitted end-uses of Open Series Maps by the Survey of India neither follow the NMP instruction, nor adopt the Government Open Data License. Data available from Nakshe portal cannot be exported (which is technically an absurd demand due to globally distributed nature of servers), commercialized, or altered. This creates a most serious barrier to using the Open Series Maps data available via the Nakshe portal.
The Nakshe portal has published geospatial data in PDF format. This is a clear violation of open data practices globally and the NDSAP Implementation Guidelines more specifically, which states that open geospatial data standards, like GML and KML, should be used).

Does this fall in line with the larger government aim of having open and accessible data? If not why?

In a nutshell, the Open Series Maps data being published on the Nakshe portal is neither open (as it does not use open standards to share the data and does not share the data under an open licenses) nor universally accessible (due to the requirement for registration via Aadhaar number).

What improvements do you suggest in the approach of SoI about the portal?

I have listed four major conflicts that the Nakshe portal has with the directives and guidelines offered by the NMP 2005 and NDSAP 2012. I sincerely hope that the Survey of India and the Department of Science and Technology will address them soon, as they significantly limit the ability of users to access and use the Open Series Maps data.

These changes will make the Open Series Maps data open, and ensure that the data can be accessed and innovated with by various stakeholders.

For more details visit https://cis-india.org/openness/survey-of-india-open-series-maps-fails-to-implement-public-sharing-of-govt-data