Centre for Internet and Society

March 2016 Bulletin

praskrishna — 2016-04-13T08:05:42Z

CIS Newsletter for the month of March 2016 is here.

The Centre for Internet & Society (CIS) is happy to share its March 2016 newsletter. Previous issues of the newsletters can be accessed at http://cis-india.org/about/newsletters.

Highlights
CIS published and circulated two press releases on March 11 and 15, 2016, as the Lok Sabha passed the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016: 'The Law cannot Fix what Technology has Broken!' and 'The New Bill Makes Aadhaar Compulsory!' CIS submitted an initial list of recommendations to the Members of Parliaments to highlight the aspects of the Bill that require immediate attention. The recommendations were prepared by Amber Sinha, Sumandro Chattapadhyay, Sunil Abraham, and Vanya Rakesh. In an article titled Flaws in the UIDAI Process published in the Economic and Political Weekly, Hans Varghese Mathews. He stated that the Government of India is engaged upon biometrically identifying the entire population of India. An experiment performed at an early stage of the programme has allowed us to estimate the chance of a false positive: and from that to estimate the proportion of duplicands. For the current population of 1.2 billion the expected proportion of duplicands is 1/121, a ratio which is far too high. Vipul Kharbanda wrote an analysis of Aadhaar Act in the context of Justice A.P. Shah Committee Principles. The analysis has thrown light on the substantial aspects of the Act in relation to privacy concerns which have been raised by a number of experts. Pooja Saxena and Amber Sinha produced two infographics that 1) evaluate the Aadhaar Bill 2016 against the National Privacy Principles, and 2) highlight the vulnerabilities in the UIDAI implementation process not addressed by the Aadhaar Bill, 2016. CIS has initiated the CIS Papers series with a fascinating exploration of humanitarian use of big data and its discontents by Sean McDonald, FrontlineSMS, in the context of utilisation of Call Detail Records for public health response during the Ebola crisis in Liberia. With the objective to sensitize and impart the skillset in handling NVDA – the Screen Reader and the usage of BookShare Online Library for the print disabled to the Special Educators, Karna Vidya Technology Centre in collaboration with Computer and Internet Society conducted a one-day workshop on February 27, 2016. 48 special educators participated and benefited from the workshop. An article titled 8 Challenges In Growing Indian-Language Wikipedias by Subhashish Panigrahi was first published in Huffington Post on March 19, 2016. This was cross-posted in Medianama titled as Multiple key factors preventing Indic Wikipedia growth on March 21, 2016. CIS has published a report on the 30th Session of WIPO-SCCR giving an analysis of the Broadcast Treaty Negotiations and the Negotiations on International Instrument for Exceptions and Limitations for Libraries and Archives. Anubha Sinha wrote an essay titled Fueling the Affordable Smartphone Revolution in India as part of the The Good Life in Asia's Digital 21st Century essay collection. She stated that smartphones have emerged as the exemplar of mankind's quest for shrinking technologies. They embody the realization of a simple premise – that computing devices would do more and cost less. This realization has been responsible for modern society's profound transformations in communication, governance, and knowledge distribution. Rohini Lakshané wrote an analysis of the patent landscape in a research paper titled Patents and Mobile Devices in India: An Empirical Survey. The paper has indicated that although India has the second-largest wireless subscriber base in the world, with more than 150 mobile device vendors, it has, until recently, remained relatively unaffected by the global smartphone wars. The Department of Science and Technology, Government of India, has constituted a National Expert Committee for developing a draft National Geospatial Policy (NGP) to provide appropriate guidelines for collection, analysis, use, and distribution of geospatial information across India, and to assure data availability, accessibility and quality. A pre-drafting consultation meeting for the NGP was organised in Delhi on February 3, 2016. Anubha Sinha attended the meeting. The glue that allows infrastructures to link and operate efficiently is standards as they make technologies interoperable and efficient tells Vanya Rakesh in a blog entry titled Adoption of Standards in Smart Cities - Way Forward for India. P.P. Sneha wrote a blog post which studies the digital creative industries in India while examining some initial questions. She stated that the term ‘creative industries’ has been around for a while now, but with the advent of the digital, and with interest from different sectors, especially with a focus on policy and economic development, it would be essential to critically examine the discourse around the term, and see where it may be changing to open up new possibilities, particularly for the arts, humanities and design. CIS strongly condemns the acts of sexual harassment that took place against one of its representatives Padmini Baruah during ICANN 55 in Marrakech. It is completely unacceptable that an event the scale of an ICANN meeting does not have in place a formal redressal system, a neutral point of contact or even a policy for complainants who have been put through the ordeal of sexual harassment. ICANN cannot claim to be inclusive or diverse if it does not formally recognise a specific procedure or recourse under such instances.

--------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

►NVDA and eSpeak

The workshops were conducted earlier but published recently on our website:

Report on eSpeak with NVDA Screen Reader and Assistive Technology for Visually Challenged (Organized by National Association for the Blind, New Delhi, Centre for Differently Abled Persons, Bharathidasan University, Tiruchirappalli, and CIS; January 21, 2016; Tiruchirappalli).
Report on NVDA with E-Speak and BookShare Online Library (Organized by Karna Vidya Technology Centre, Computer and Internet Society, and CIS; February 27, 2016; Chennai).

-----------------------------------
Access to Knowledge
-----------------------------------
As part of the Access to Knowledge programme we are doing two projects. The first one (Pervasive Technologies) under a grant from the International Development Research Centre (IDRC) is for research on the complex interplay between pervasive technologies and intellectual property to support intellectual property norms that encourage the proliferation and development of such technologies as a social good. The second one (Wikipedia) under a grant from the Wikimedia Foundation is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Pervasive Technologies

Article

Fueling the Affordable Smartphone Revolution in India (Anubha Sinha; The Good Life in Asia's 21st Century Essay Collection; March 16, 2016).

Blog Entries

Report of the 30th Session of the WIPO SCCR by the Centre for Internet & Society (edited by Nehaa Chaudhari with assistance from Nisha S.K., Aarushi Bansal, Amulya P., and Saahil Dama; March 16, 2016).
Dataset: Patent Landscape of Mobile Device Technologies in India (Rohini Lakshané; March 31, 2016).

Patents and Mobile Devices in India: An Empirical Survey (Rohini Lakshané; March 31, 2016)

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Articles

Eight Challenges That Indian-Language Wikipedias Need to Overcome (Subhashish Panigrahi; The Wire; March 17, 2016). A version of the article was also mirrored by Opensource.com on March 28, 2016.
8 Challenges In Growing Indian-Language Wikipedias (Subhashish Panigrahi; Huffington Post; March 19, 2016). This was cross-posted in Medianama titled as Multiple key factors preventing Indic Wikipedia growth on March 21, 2016.
8 Challenges for Improving Indian Language Wikipedias (Subhashish Panigrahi; Opensource.com; March 28, 2016). The article was originally published in the Wire on March 17, 2016 and later mirrored on Opensource.com on March 28, 2016.

Participation in Event

BHASHA-Indian Languages Digital Festival (Organized by news media YourStory; March 11, 2016; New Delhi). Subhashish Panigrahi gave a talk in the panel “The challenges of making regional language content available on the Web and on mobiles.
8th IBA International Conference (Organized by Indus Business Academy; March 24 - 26, 2016; Bangalore). Dr. U.B. Pavanaja gave a talk on Democratizing of Knowledge Access- Case of Regional Language Wikipedia.

-----------------------------------
Openness
-----------------------------------

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Submission

Consultation on 'National Geospatial Policy' - Notes and Submission (Anubha Sinha; March 29, 2016)

-----------------------------------
Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and International Development Research Centre (IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on studying the restrictions placed on freedom of expression online by the Indian government.

►Big Data

Article

Too Clever By Half: Strengthening India’s Smart Cities Plan with Human Rights Protection (Vanya Rakesh; The Wire; March 22, 2016).

Blog Entry

Adoption of Standards in Smart Cities - Way Forward for India (Vanya Rakesh; March 19, 2016).

►Freedom of Expression

Statements

Sexual Harassment at ICANN (Padmini Baruah; March 18, 2016).
CIS' Statement on Sexual Harassment at ICANN55 (Vidushi Marda; March 21, 2016).

►Privacy

Submission

List of Recommendations on the Aadhaar Bill, 2016 - Letter Submitted to the Members of Parliament (Amber Sinha, Sumandro Chattapadhyay, Sunil Abraham, and Vanya Rakesh; March 16, 2016).

Articles

Flaws in the UIDAI Process (Hans Varghese Mathews; Economic & Political Weekly, Journal, Vol. 51, Issue No. 9, February 27, 2016).
Aadhaar: Still Too Many Problems (Pranesh Prakash; Livemint; March 7, 2016).
Aadhaar Bill fails to incorporate suggestions by the Standing Committee (Amber Sinha; The Wire; March 10, 2016).
Are we Losing the Right to Privacy and Freedom of Speech on Indian Internet? (Amber Sinha; March 10, 2016).
Privacy Concerns Overshadow Monetary Benefits of Aadhaar Scheme (Pranesh Prakash and Amber Sinha; Hindustan Times; March 12, 2016).
Will Aadhaar Act Address India’s Dire Need For a Privacy Law? (Nehaa Chaudhari; Quint; March 31, 2016).

Blog Entries

A comparison of the 2016 Aadhaar Bill, and the 2010 NIDAI Bill (Vanya Rakesh; March 9, 2016).
Aadhaar Bill 2016 & NIAI Bill 2010 - Comparing the Texts (Sumandro Chattapadhyay; March 9, 2016).
The New Aadhaar Bill in Plain English (Amber Sinha, Vanya Rakesh and Vipul Kharbanda; March 11, 2016).
An Urgent Need for the Right to Privacy (Sumandro Chattapadhyay; March 16, 2016).
The Law cannot Fix what Technology has Broken! (Japreet Grewal and Sunil Abraham; March 16, 2016).
The New Bill Makes Aadhaar Compulsory! (Amber Sinha; March 16, 2016).
Analysis of Aadhaar Act in the Context of A.P. Shah Committee Principles (Vipul Kharbanda; March 17, 2016).
Vulnerabilities in the UIDAI Implementation Not Addressed by the Aadhaar Bill, 2016 (Pooja Saxena and Vipul Kharbanda; March 21, 2016).

Participation in Events

GNI-Industry Dialogue Learning Session: Human Rights Impact Assessments and Due Diligence in the ICT sector (Organized by Global Network Initiative; March 11, 2016; Washington D.C.). Elonnai Hickok attended the event.
RightsCon Silicon Valley 2016 (Organized by RightsCon; Mission Bay Conference Center in San Francisco, California; March 30 - April 1, 2016).

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Op-ed

Connectivity: Let's Apply What We Know (Shyam Ponappa; Business Standard; March 2, 2016).

Submission

TRAI Consultation on Differential Pricing for Data Services - Post-Open House Discussion Submission (Sumandro Chattapadhyay; March 30, 2016).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by contemporary concerns to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It is interested in producing local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Blog Entry

Studying Digital Creative Industries in India: Initial Questions (P.P. Sneha; March 17, 2016).

-----------------------------------
News & Media Coverage
-----------------------------------

CIS gave inputs to the following media coverage:

The Crypto Wars Are Global (Joseph Cox; Motherboard; March 4, 2016).
Govt narrative on Aadhaar has not changed in the last six years: Sunil Abraham (Shreeja Sen; Livemint; March 8, 2016).
Aadhaar: Govt will not compromise on national security (Shreeja Sen; Livemint; March 9, 2016).
Hard to broad ban! (Taru Bhatia; Governance Now; March 9, 2016).
Seven reasons why Parliament should debate the Aadhaar bill (and not pass it in a rush) (Anumeha Yadav; March 11, 2016).
Aadhaar is actually surveillance tech: Sunil Abraham (Sahil Makkar; Business Standard; March 12, 2016).
Will Only Legal Backing For Aadhaar Suffice? (Indian Express; March 14, 2016).
India's billion-member biometric database raises privacy fears (Sanjeev Miglani and Manoj Kumar; March 16, 2016).
A scheme in India to help the poor raises privacy concerns (John Ribeiro; IDG News Service and CSO; March 16, 2016).
Pratap Vikram Singh - Why Aadhaar is Baseless? (Governance Now; March 17, 2016).
Forget privacy, Aadhaar Bill gives too much power to the executive (Aloke Tikku; Sunil Abraham; March 17, 2016).
In India, Biometric Data Storage Sparks Demands for Privacy Laws (Anjana Pasricha; Voice of America; March 18, 2016).
Dead and Clicking (Jayanthi Madhukar and Sowmya Rajaram; Bangalore Mirror; March 20, 2016).
India Still Trying To Turn Optional Aadhaar Identification Number Into A Mandatory National Identity System (TechDirt; March 22, 2016).
Debate: Five Aadhaar Myths that Don’t Stand Up to Scrutiny (Reetika Khera; March 23, 2016).
How the government gains when private companies use Aadhaar (M. Rajshekhar and Anumeha Yadav; March 24, 2016).
Making Aadhaar Mandatory: Gamechanger For Governance? (NDTV; March 24, 2016).
ICANN Sexual Harassment Case Highlights Lack of Procedure at Global Internet Body (Wire; March 24, 2016).
Securing the internet’s future (Hindu Businessline; March 25, 2016).
On Google Maps, JNU top result in search for 'anti-national' (Kim Arora; The Times of India; March 25, 2016).
Woman Alleges Harassment at Major International Conference (Kavita Patil; Bangalore Mirror; March 30, 2016).

-----------------------------------
About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/march-2016-bulletin

Will Aadhaar Act Address India’s Dire Need For a Privacy Law?

nehaa — 2016-04-05T16:01:06Z

The article was published by Quint on March 31, 2016.

The passage of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (will hereby be referred to as “the Act”) has led to flak for the government from privacy advocates, academia and civil society, to name a few.

To my mind, the opposition deserves its fair share of criticism (lacking so far), for its absolute failure to engage with and act as a check on the government in the passage of the Act, and the events leading up to it.

The government’s introduction of the Act as a ‘money bill’ under Article 110 of the Constitution of India (“this/the Article”) is a mockery of the constitutional process. It renders redundant, the role of the Rajya Sabha as a check on the functioning of the Lower House.

Article 110 limits a ‘money bill’ only to six specific instances: covering tax, the government’s financial obligations and, receipts and payments to and from the Consolidated Fund of India, and, connected matters.

The Act lies well outside the confines of the Article; the government’s action may attract the attention of the courts.

Political One-Upmanship


Finance Minister Arun Jaitley (left) listens to Reserve Bank of India (RBI) Governor Raghuram Rajan. (Photo: Reuters)

In the past, the Supreme Court (“the Court”) has stepped into the domain of the Parliament or the Executive when there was a complete and utter disregard for India’s constitutional scheme. In recent constitutional history, this is perhaps most noticeable in the anti-defection cases, (beginning with Kihoto Hollohan in 1992); and, in the SR Bommai case in 1994, on the imposition of the President’s rule in states.

In hindsight, although India has benefited from the Court’s action in the Bommai and Hollohan cases, it is unlikely that the passage of the Aadhaar Act as a ‘money bill’, reprehensible as it is, meets the threshold required for the Court’s intervention in Parliamentary procedure.

Besides, the manner of its passage, the Act warrants

Censure for its process
Its (in)compatibility with fundamental rights
The failure to incorporate the suggestions of the Yashwant Sinha-led Standing Committee to UPA’s NIDAI Bill
The possibility of surveillance that it presents
The lack of measures to protect personal information
Its inadequate privacy safeguards
The questions around the realisation of its stated purpose.

Instead, a part of the Aadhaar debate has involved political one-upmanship between the Congress and the BJP, pitting the former’s NIDAI Bill against the latter’s Aadhaar Act.

While an academic comparison between the two is welcome, its use as a tool for political supremacy would be laughable, were it not deeply problematic, given the many serious concerns highlighted above.

Better Than UPA Bill?


The Act may have more privacy safeguards than the earlier UPA Bill. (Photo: iStockphoto)

And while the Act may have more privacy safeguards than the earlier UPA Bill, critics have argued that they not up to the international standard, and instead, that they are plagued by opacity.

Additionally, despite claims that the Act is a significant improvement over the UPA Bill, it fails to address concerns, including around the centralised storage of information, that were raised by civil society members and others.

Perhaps most problematically, however, the Act takes away an individual’s control of her own information. Subsidies, government benefits and services are linked to the mandatory possession of an Aadhar number (Section 7 of the Act), effectively negating the ‘freedom’ of voluntary enrollment (Section 3 of the Act). This directly contradicts the recommendations of the Justice AP Shah Committee, before whom the Unique Identification Authority of India had earlier stated that enrollment in Aadhaar was voluntary.

To make matters worse, the individual does not have the authority to correct, modify or alter her information; this lies, instead, with the UIDAI alone (Section 31 of the Act). And the sharing of such personal information does not require a court order in all cases.


Kanhaiya Kumar speaking in JNU on 3 March 2016. (Photo: PTI)

It may be authorised by Executive authorities under the vague, ill-understood concept of ‘national security’, (Section 33(2) of the Act) which the Act does not define. We would do well to learn the dangers of leaving ‘national security’ open to interpretation, in the aftermath of the recent events at JNU.

These recent events around Aadhaar have only underscored the dire urgency for comprehensive privacy legislation in India and, the need to overhaul our data protection laws to meet our constitutional commitments along with international standards.

Meanwhile, constitutional challenges to the Aadhaar scheme are currently pending in the Supreme Court. The Court’s verdict may well decide the future of the Aadhaar Act, with the stage already set for a constitutional challenge to the legislation. The BJP’s victory in this case may be short-lived.

For more details visit https://cis-india.org/internet-governance/blog/the-quint-march-31-2016-nehaa-chaudhari-will-aadhaar-act-address-indias-dire-need-for-a-privacy-law

Securing the internet’s future

praskrishna — 2016-03-28T02:24:35Z

Mike Godwin, who proposed the eponymous law about online discussion threads, speaks about net neutrality, differential pricing and why no government is likely to oppose stricter surveillance measures.

The article by Bhavya Dore was published in Hindu Businessline on March 25, 2016.

For gravity, there’s Newton’s law, for internet discussion threads, there’s Godwin’s law. Twenty-five years ago, a law student trawling through cyberspace noticed a recurring pattern: at some point in an online discussion, someone would invariably invoke Hitler or the Nazis. The observation led to an act of ‘mimetic engineering’ — rifling through discussion boards, pointing this out, and promptly naming the law after him.

Godwin’s law states: As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one — that is, the likelier this becomes.

Mike Godwin, 59, a portly, white-haired gent in Harry Potter glasses is best known for this aphoristic piece of wisdom. “The purpose,” he says, “was to make the people who engaged in frivolous comparisons of atrocities seem like they weren’t thinking.”

It is generally understood that when one of the arguers is falling back on the Nazis as rhetorical shorthand, that person is starting to lose the argument.

“It certainly means one of the arguers has gone to a higher or lower level,” he said.

Godwin was in India in February as part of a series of talks organised through the Centre for Internet and Society on net neutrality.

In early February, at the Mumbai University’s civics and politics department, he was on a panel with three others at a discussion that occasionally took an agitated tone.

“[The debate] hasn’t become heated in every country to the same degree,” he said. “In India it has.” The public discussion has been polarised, with activists vehemently opposing, among other things, ‘Free Basics’ — a Facebook offering. On February 8, the telecom regulator ruled against differential pricing, debarring telecom operators from offering slices of the internet at different prices.

Godwin doesn’t see net neutrality and differential pricing as mutually exclusive. “I think some forms [of differential pricing] are potentially good and some forms are potentially bad,” he said. “And the regulator has to look closely and make a determination about the harms or benefits.”

Godwin has worked with the Wikimedia Foundation, which offered Wikipedia Zero for free in some countries through specific providers, as a gateway to Wikipedia. But he isn’t trying to convince you one way or the other.

“[There is] an idea that there was something valuable about carriers [service providers] being neutral,” he said. “And I still think that that’s true… But the thing that changed was this: with Wikipedia, I realised it doesn’t matter if you have neutrality if nobody can afford it. Neutrality hasn’t served the people who can’t afford to pay to have the wires built up to their provinces.”

This then boils down to the fundamental question: how do we create a world that gets people connected? “It may involve cross-subsidies of various sorts, and all of these things historically have invited some degree of government regulation,” said Godwin. “The question is less ‘do you regulate or not regulate’, the question is ‘do you do it right’.”

But does Free Basics mean anything to a developing country which needs real basics first: water, sanitation, shelter? Godwin doesn’t buy into the premise that the internet is a luxury that comes after all these things.

“I think that [idea] is wrong,” he said. “Because when people can share information or resources about where the water is or what good health practices are or how to properly cultivate a crop, they help everyone else. And the impulse to help and share what they know is strong.”

Godwin’s first law has now been well entrenched in popular culture. But wait, he has a second one. This one goes: Surveillance is the crack cocaine of governments.

“Almost all governments want to engage in surveillance,” he said. “Some governments have disagreements with other governments over their surveillance but rarely will we see them categorically refuse to surveil.”

And yet, he says, our outrage over this is driven by an “antiquated notion of privacy” that the content of our emails or conversations should be free from prying eyes. “In the rest of the century and future centuries people will look back at this idea and laugh: that people thought that content was the important thing,” he said. Someone reading your mail isn’t the only possible violation, but whether they are accessing the whole ecosystem of your communication. “The metadata can give away the whole store,” he said. “The metadata can be more revealing. Who are you talking to, at what time of day, for how long, how big is the message? These are all things that can matter.”

That’s not the only thing that’s changed. The internet has, since its early days, become a more charged, more violent place, where poison, bile and abuse fly thick and fast.

“The level of hatefulness directed towards women online is particularly bad,” he continued, “It is a huge cross-cultural problem.”

The other enduring problem is how do you balance free speech rights while curtailing hate speech? “If there were an easy answer I’d tell you what it is,” said Godwin.

Still, banning or blocking sites, as the Indian government has been in the past eager to do, is hardly a solution. “I won’t say there is never an argument for it,” said Godwin, pausing a beat, “I will say that I have never heard one that was any good.”

For more details visit https://cis-india.org/internet-governance/news/the-hindu-business-line-march-25-2016-bhavya-dore-securing-internets-future

Seven reasons why Parliament should debate the Aadhaar bill (and not pass it in a rush)

praskrishna — 2016-03-24T02:25:24Z

Critics say the Aadhaar Bill does not address concerns over privacy, even as government is rushing the Bill without adequate parliamentary scrutiny.

The blog post by Anumeha Yadav was published in Scroll.in on March 11, 2016. Pranesh Prakash was quoted.

Since it was launched by the United Progressive Alliance government in 2009, the Unique Identification project called Aadhaar has functioned without a legal framework. The project, which aims to assign a biometric-based number to every Indian resident, has been run under an executive order, which means Parliament has no oversight over it.

An Aadhaar Bill was introduced in 2010 but it was rejected by a parliamentary committee over legislative, security, and privacy concerns.

For long, critics have expressed concerns over collecting and centralising citizens' biometric data ‒ such as fingerprints and retina scans ‒ on a mass scale in the absence of a privacy law. The Supreme Court in several orders in 2014 and 2015 affirmed that the government cannot require people to register for an Aadhaar number and no one can be deprived of a government service for not having an Aadhaar number. The Supreme Court is now set to form a constitution bench to examine the contours of the right to privacy flowing from the government's arguments in the Aadhaar case.

Before the bench begins its work, however, the Modi government has introduced a new Bill on Aadhaar, which could override the court's orders.

The Aadhaar (Target Delivery of Financial and Other Subsidies, Benefits and Services) Bill was introduced on March 3 in Lok Sabha. Finance minister Arun Jaitley said the new Bill addresses concerns over privacy and the security and confidentiality of information.

But a close examination of the Bill shows several questions remain.

1. Does the Bill make it mandatory for you to get an Aadhaar number?
Yes, you may have to compulsorily enrol under Aadhaar, despite the privacy concerns explained in the sections below.

Four-time member of the Lok Sabha, Bhartruhari Mahtab of the Biju Janata Dal, was on the parliamentary committee on finance that examined the previous Aadhaar Bill introduced in 2010. He said the new Aadhaar Bill does not specify that it will not be made mandatory.

“There is duplicity over this issue,” said Mahtab. “Nandan Nilekani [the former chairperson of the Unique Identification Authority of India] repeatedly told us in the parliamentary committee that Aadhaar is not mandatory. The Supreme Court also said, 'You cannot make it mandatory.'”

But if a service agent asks for Aadhaar mandatorily, then as a beneficiary, citizens have no option but to get an Aadhaar number, Mahtab explained. “The government, or a private company, cannot force me to get an Aadhaar number," he said. "The government should bring a law that clearly says Aadhaar is not mandatory.”

A committee of experts on privacy, chaired by Justice AP Shah, had recommended in 2012 that the Bill should specify that individuals have the choice to opt-in or out-of providing their Aadhaar number, and a service should not be denied to individuals who do not provide their number. The Unique Identification Authority of India had then stated to the committee that the enrolment in Aadhaar is voluntary.

But the new Aadhaar Bill does not incorporate a categorical clause on opt-in and opt-out. Instead, it broadens the scope of Aadhaar. Jaitley said the Bill will allow the government to ask a citizen to produce an Aadhaar number to avail of any government subsidy. But section 7 of the Bill is phrased more broadly, and refers to not just subsidies but any “subsidy, benefit or service” for which expense is incurred on the Consolidated Fund of India, or the government treasury.

7. The Central Government or, as the case may be, the State Government may, for the purpose of establishing identity of an individual as a condition for receipt of a subsidy, benefit or service for which the expenditure is incurred from, or the receipt therefrom forms part of, the Consolidated Fund of India, require that such individual undergo authentication, or furnish proof of possession of Aadhaar number or in the case of an individual to whom no Aadhaar number has been assigned, such individual makes an application for enrolment: Provided that if an Aadhaar number is not assigned to an individual, the individual shall be offered alternate and viable means of identification for delivery of the subsidy, benefit or service.

As noted above, the proviso in section 7 is premised on the phrase: “if an Aadhaar number is not assigned”. This, along with language preceding in the section, indicates that a citizen may be compulsorily required to apply for enrolment.

Section 8 permits a “requesting entity” to utilise identity information for authentication with the Central Identities Data Repository. A “requesting entity” is defined under Section 2(u), and will include private entities.

2. Does the Bill allow Aadhaar authorities to share your personal data?
Yes, in the "interest of national security", a term that remains undefined.

Both legal experts and members of Parliament have flagged the provisions in the Bill on the circumstances in which users' data, including core biometrics information, can be shared.

The debate centres over the interception provisions in section 33.

In a piece in The Indian Express, Nandan Nilekani, the former chairperson of the issuing authority, stated that the Aadhaar Bill provides that no core biometric information can be shared, a principle without exception. “...Clause 29(1) is not overridden by Clause 33(2),” he noted.

However, a closer reading of the Bill shows this is not the case. Clause 33(2), in fact, does provide an exception to clause 29(1)(b):

33(2) Nothing contained in sub-section (2) or sub-section (5) of section 28 and clause (b) of sub-section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government

where, Section 29(1)(b) states:

29. (1) No core biometric information, collected or created under this Act, shall be — (b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.

Pranesh Prakash, a lawyer and policy director of the Centre for Internet and Society said: “This implies that the core biometric information, collected or created under the Aadhaar Act, may be used for purposes other than the generation of Aadhaar numbers and authentication 'in the interest of national security.'"

Legal experts point out that the phrase “national security” is undefined in the present bill, as well as the General Clauses Act, and thus the circumstances in which an individual's information may be disclosed remains open to interpretation.

Section 33(1) permits the disclosure of an individual's demographic information (but not biometrics) following an order by a district judge. It says that no such order shall be made without giving an opportunity of hearing to the UIDAI , but not to the person whose data is being disclosed.

3. Does the Bill protect you from interception and surveillance?
No, the Bill does not provide for transparency concerning covert surveillance.

Section 33(2), which permits disclosure of demographic and biometric pursuant to directions of the joint secretary in interest of national security, says such disclosures will be for three months initially, and a fresh renewal can be granted for another three months, without a limitation on the number of such renewals.

This can lead to a user being under continuous surveillance, and without any notification to the user even after the surveillance ceases, violating one of necessary and proportionate principles on communications surveillance related to user notification and right to effective remedy. In some countries, this principle has been incorporated in law. For example, in Canada, the law limits the time of wiretapping surveillance, and imposes an obligation to notify the person under surveillance within 90 days of the end of the surveillance, extendable to a maximum of three years at a time.

“The interception provisions are severely problematic," said Apar Gupta, a technology lawyer. "They are not open to independent scrutiny and even derogate from the already deficient practices which relate to phone tapping (Rule 419-A of the Telegraph Rules) and interception of data (Interception Rules, 2011).”

Legal scholar Usha Ramanathan pointed out that the Bill lacks provisions on giving notice to a person in case of breach of information, in case of third party use of data, or change in purpose of use of data – which were among provisions recommended by the Justice Shah Committee on Privacy in 2012.

4. Does the Bill allow you to seek redress in case of breach of information?
Yes, but the provisions are weak.

Government officials overseeing the project said that the 2016 Bill is an improvement over the 2010 Bill as it safeguards the information of those enrolled as per sections of the Information Technology Act, 2000.

But technology law experts say the adjudicatory system for disclosure of sensitive personal data under the IT Act has structural flaws and is not functional.

“Initial complaints against the disclosure of sensitive personal data go to an adjudicating officer who is usually the IT Secretary of the state government and may not be trained in law,” said Gupta, the technology lawyer. “There is no court infrastructure and no permanent seat for such cases. The appellate body, the Cyber Appellate Tribunal, has not been made operational in the last three years. Hence, the civil remedies offered [in the Aadhaar Bill] are at best illusionary and unenforceable.”

5. Does the Bill give you the right to alter your information?
No, it leaves you to the mercy of the Unique Identification Authority of India.

Imagine a situation where a user simply wants to change their first or last name, or say, not use their caste name. Under Section 31 of the Bill, individuals can only request the UID authority, which may do so “if it is satisfied”. There is no penalty on the authority if it fails to respond. The Bill does not provide for a user to even be able to approach a court to ask for their information relating to Aadhaar to be corrected.

International norms for data protection give individuals the right to correct and alter information, if their demographic data changes. They provide for individuals to have a copy of their information, and to approach courts for an order to rectify, block, erase inaccurate information.

In an interview to Mint, Sunil Abraham, director of the Centre for Internet and Society, compared the rights of Aadhaar users to the rights we now take for granted as internet users. “Authentication factors [biometrics in the case of Aadhaar], commonly known as passwords, should always be revocable,” noted Abraham. “That means if the password is compromised, you should be able to change the password or at least say that this password is no longer valid.” In its current form, the Aadhaar Bill gives users no such rights.

6. Is the current Bill an improvement over the previous one?
Not really.

The Aadhaar Bill 2016 provides that the renewals of requests for disclosure of data will be reviewed by an oversight committee consisting of the cabinet secretary and the secretaries in the department of legal affairs and the department of electronics and information technology.

This is a watered down version of the provisions in the previous Unique Identification Authority of India 2010 Bill, said Chinmayi Arun, executive director, Centre for Communication Governance at the National Law University Delhi.

“The previous version or the 2010 Bill provided for a three-member review committee, consisting of the nominees of the prime minister, the leader of the opposition, and a third nominee of a union cabinet minister, with the restriction that these nominees could not be a member of parliament or a member of a political party,” Arun said. “This would be a more independent committee than the one proposed now, wherein there will be executive oversight for executive orders."

Regarding penalties, the previous 2010 Bill made copying, deleting, stealing, or altering information in the Central Identities Data Repository, punishable with a jail term of upto three years and a fine not less than Rs 1 crore.

Section 38 of the new Aadhaar Bill now makes the same offence punishable with a jail term of upto three years and reduces the upper limit of the fine to “not less than ten lakh rupees”.

7. Finally, does the Aadhaar Bill have enough parliamentary scrutiny?
The government has introduced the legislation on Aadhaar in the form of a Money Bill, which means the power of the Rajya Sabha to review and amend the Bill is curtailed ‒ if the Speaker Sumitra Mahajan certifies that this is a Money Bill.

The parliamentary committee on finance under Bharatiya Janata Party MP Yashwant Sinha had rejected the previous Bill in December 2011 citing legislative, security, and privacy concerns. Despite this, two successive Prime Ministers – Manmohan Singh and Narendra Modi – have pushed ahead with Aadhaar project.

A common refrain has been that the unique biometric identity will resolve the problem of the poor in India to prove identity and overcome "one of the biggest barriers preventing the poor from accessing benefits and subsidies." But last April, the UIDAI in response to an RTI application revealed that of 83.5 crore Aadhaar numbers issued till then, 99.97% were issued to people who already had at least two existing identification documents, only 0.21 million (0.03%) used the "introducer system" that provides an exception to those lacking identity proof.

More recently, there has been no public consultation by the government over the latest Bill.

For more details visit https://cis-india.org/internet-governance/news/scroll.in-anumeha-yadav-march-24-2016-seven-reasons-why-parliament-should-debate-the-aadhaar-bill-and-not-pass-it-in-a-rush

Debate: Five Aadhaar Myths that Don’t Stand Up to Scrutiny

praskrishna — 2016-04-01T15:48:17Z

We need to reboot the Aadhaar debate by asking why we want to create a centralised biometric database of Indian residents in the first place.

The article by Reetika Khera was published in the Wire on March 23, 2016.

A recent article, ‘Identification simplified, myths busted’, by Piyush Peshwani and Bhuwan Joshi (hereafter, Peshwani & Joshi) makes some questionable claims about the UID project. Peshwani & Joshi’s strategy appears to be to ignore those questions to which they do not have an answer (e.g., that Aadhaar is mostly redundant as far as NREGA, PDS, etc., are concerned). For others, they cherry-pick ‘facts’ without acknowledging the debates surrounding those facts. Here is a selection.

#1: To get Aadhaar, you need a Proof of ID (PoID) and Proof of address (PoA)

Peshwani & Joshi: “For many, Aadhaar is perhaps the first document of their existence – a robust proof of their identity and address that can be verified online. No more closed doors for them!”

Peshwani & Joshi: “The Demographic Data Standards and Verification Procedures committee prescribes a list of valid 18 proof of identity and 33 valid proof of address documents for getting an Aadhaar.”

Fact: In fact, 99.97% of those who have Aadhaar, used PoID and PoA to get it. For those who have neither, there is an “introducer system”, but according to a reply to an RTI request, only 0.03% of those who have the Aadhaar number used this route.

As far as closed doors are concerned, Aadhaar does not guarantee any benefits: work through NREGA, widow or old-age pensions or PDS rations. There are separate eligibility conditions for those programmes which continue to apply.

#2 On costs

Peshwani & Joshi: “Does it justify the cost? Yes, absolutely, according to the World Bank, which said the initiative is estimated to be saving the Indian government about $1 billion annually by thwarting corruption, even as it underlined that digital technologies promote inclusion, efficiency and innovation.”

Fact: Savings due to the use of Aadhaar have been disputed. The government has claimed it has saved Rs. 14,672 crore on LPG subsidies due to Aadhaar while they are likely lower – by a factor of 100 (see Business Standard or Wall Street Journal).

Peshwani & Joshi: “Even before the World Bank’s endorsement of Aadhaar, the Delhi-based National Institute of Public Finance and Policy (NIPFP) conducted a detailed cost-analysis study on Aadhaar in 2012… the study found that the Aadhaar project would yield an internal rate of return in real terms of 52.85% to the government.”

Fact: The NIPFP cost-benefit was based on unrealistic assumptions – e.g., estimates of leakages that Aadhaar could plug were available for only two out of seven schemes; for the rest, they assumed leakage rates which are termed ‘conservative’, but are actually not.

In their response, the NIPFP team admitted that “a full-fledged cost benefit analysis of Aadhaar is difficult” because “many gains from Aadhaar are difficult to quantify because they are intangible” and, “even if in specific schemes there may be tangible benefits, the information available on those schemes does not permit a precise quantification of those benefits.”

They went on to say that “The study has steered away from relying exclusively on analyses of isolated and small sample sets”. What evidence did the NIPFP study rely on? “For ASHAs, Janani Suraksha Yojana and scholarships, no analysis, large or small has been used. For the Indira Awaas Yojana, the three analyses relied on exclusively are a Times of India news report, a press release based on a discussion in Parliament and a “Scheme Brief” by the Institute for Financial Management and Research (IFMR). Interestingly, the corruption estimate in the IFMR brief cross-refers to the Times of India article (apart from a CAG report)!” (Khera, 2013)

#3 De-duplication

Peshwani & Joshi: “Aadhaar means no fake, ghost or duplicate beneficiaries. Double-dipping will become more and more difficult with Aadhaar, a number that is well de-duplicated with the use of biometrics.”

Fact: De-duplication is one possible contribution of Aadhaar – but that needs biometrics, not a centralised biometric database. Local biometrics (used extensively in Andhra Pradesh before UID) mean that biometric data is stored by the concerned government department or on the local e-POS machine’s memory chip. It has the advantage that connectivity is not required (you are authenticated by the machine), errors and corrections can be correctly locally, making it more practical. The distinction between a local and centralised database is important (see #5 below).

Further, no one has a reliable estimate of the duplication problem. Two government estimates of duplicates exist: the Dhande committee for LPG (2%) and in NREGA job cards from the Government of Andhra Pradesh (also 2%).

#4 Exclusion

Peshwani & Joshi: “As far as exclusion in delivery of other services due to biometric authentication accuracy is concerned, it is important to go beyond scratching the surface.”

Fact: When the PDS was integrated with Aadhaar: “The Andhra Pradesh Food and Civil Supplies Corporation found that…nearly one-fifth ration card holders did not buy their ration.” Further, “When the government delved deeper in the issue, it was found that out of the 790 cases interviewed for the study, 400 reported exclusion. Out of the excluded cases, 290 were due to fingerprint mismatch and 93 were because of Aadhaar card mismatch. The remaining 17 cases were due to failure of E-PoS.” More here.

Moreover, Peshwani & Joshi pick one definition of ‘exclusion’ (due to biometric failure) when in fact, exclusion has a broader meaning. For instance, “In Chitradurga (Karnataka), Rs.100-150 million in wages from 2014-15 were held up for a year. When payments were being processed, their job cards could not be traced in NREGAsoft. Upon enquiry, the district administration learnt field staff had deleted them to achieve ‘100% Aadhaar-seeding’.”

#5 Profiling and privacy violations

Peshwani & Joshi: “A prominent criticism of Aadhaar is that it ‘profiles’ people.” …“Most of us have one or more identity/address documents, such as a passport, ration card, PAN card, driving licence, vehicle registration documents or a voter ID card. The government departments managing these already have our data. Aadhaar is no different. We give our data to banks, to insurance companies and to telecom companies for accounts, policies and mobile connections.”

Fact: That’s like saying BJP can be more corrupt because the Congress was corrupt. Instead we need to engage more seriously with the work of Sunil Abraham, Amber Sinha and others at the Centre of Internet and Society. There are crucial differences between Aadhaar and Social Security Number in the US, see this. Malavika Jayaram listed the UID project among a slew of “big brother” projects facilitating mass surveillance in India.

Conclusion

The debate on UID tends to begin with the premise that Aadhaar is necessary for ‘good governance’. Those claims of the UIDAI have long been demolished. In a nutshell, Aadhaar cannot help identify the poor, its possession does not guarantee inclusion into government social welfare (go to #1). It cannot reduce PDS or NREGA corruption as claimed in their early documents. Thankfully, PDS–NREGA corruption has been on the decline without Aadhaar – more needs to be done. (More details? Try this and this.)

Bihar shows how much corruption in the PDS can be reduced without Aadhaar. Credit: Reetika Khera

Aadhaar is not required for portability of benefits or for cash transfers. Cash transfers need bank accounts. To get a bank account, you need a proof of ID and a proof of address (go to #1). Aadhaar can help de-duplicate, but so can local biometrics (go to #3). We need to “reboot” the Aadhaar debate, starting on the right terms – why exactly do we need to create a centralised biometric database of Indian residents?

For more details visit https://cis-india.org/internet-governance/news/the-wire-march-23-2016-reetika-khera-debate-five-aadhaar-myths-that-dont-stand-up-to-scrutiny

In India, Biometric Data Storage Sparks Demands for Privacy Laws

praskrishna — 2016-03-23T02:27:05Z

In India, calls for strict privacy laws are growing after this week's passage of a measure that allows federal agencies access to biometric data of the nation's citizens, the world's largest such repository.

The article by Anjana Pasricha was published in Voice of America on March 18, 2016. Pranesh Prakash gave inputs.

The government says the use of biometrics will help cut rampant graft in the distribution of subsidies, but activists and opposition lawmakers warn it could usher in an era of increased state surveillance.

Raghubir Gaur, who works as an electrician in the capital, New Delhi, says he has never collected subsidized rations such as wheat and rice, because “somebody else has been taking the rations I should have gotten.” Now, with a national proof of identity, or "Aadhaar" card in his hands, Gaur says he is confident he will be able to access his designated subsidies.

The Aadhaar card is being used to give welfare benefits to the poor, who often cannot provide any proof identity, allowing corrupt officials to siphon entitlements.

The government says it has saved nearly $2 billion by preventing misuse of the subsidies in the last fiscal year alone.

Critics fear ‘police state’

Civil activists and research groups, however, have dubbed the Aadhaar program “surveillance technology” that constitutes a serious breach of privacy. They point to identity-verification systems in other countries, where cards or identification numbers are used for verification without creating a gigantic central database that documents every last transaction.

Indeed, the Aadhaar database also stores fingerprints and iris scans of every account holder, labeling each with a 12-digit identification number.

Concerns that this could lead to a massive invasion of privacy have been heightened because the new law allows the data to be used “in the interest of national security.”

“From verifying yourself to the ticket conductor on a train to someone who is delivering something at your house, all the way to opening a new bank account, all these transactions get logged against the centralized data base," says Pranesh Prakash of the Center for Internet and Society in Bangalore. "So this invades your life completely and thoroughly.”

Some lawyers and privacy advocates say this has made it even more important to support a strong privacy law to ensure the huge government database isn't misused.

Finance Minister Arun Jaitley has defended the biometrics legislation, saying the data will be accessed only in rare cases that require authorization by a senior official.

“You mark my words, you are midwifing a police state,” said lawmaker Asaduddin Owaisi, just one parliamentarian opposed passage of the legislation and found no comfort in Jaitley's assurances.

Fraud concerns

Despite objections, the bill was passed by legislators who argued that such a move is critical to ensuring subsidies reach intended beneficiaries in a country where millions are poor and illiterate.

Attempts to draft a right to privacy bill to protect individuals against misuse of data by government or private agencies date back to 2010, but have made little headway. The latest push started in 2014.

Citing a cyberattack targeting the U.S. government, in which a hacker gained access to the information of millions of people, research groups have also flagged security concerns around India’s ambitious Aadhaar program.

“If this database gets leaked, the entire identification system collapses because people will be able to authenticate themselves as anyone else. So identity fraud is a great concern,” said Prakash of the Center for Internet and Society.

Nearly one billion biometric identity cards have been issued in India in the last six years.

For more details visit https://cis-india.org/internet-governance/news/voice-of-america-anjana-pasricha-march-18-2016-in-india-biometric-data-storage-sparks-demands-for-privacy-laws

Too Clever By Half: Strengthening India’s Smart Cities Plan with Human Rights Protection

vanya — 2016-03-22T13:49:32Z

The data involved in planning for urbanized and networked cities are currently flawed and politically-inflected. Therefore, we must ensure that basic human rights are not violated in the race to make cities “smart”.

The article was published in the Wire on March 21, 2016

As Indian cities reposition themselves to play a significant role in development due to urban transformation, the government has envisioned building 100 smart cities across the country. Due to the lack of a precise definition as to what exactly constitutes a smart city, the mutual consensus that has evolved is that modern technology will be harnessed, which will lead to smart outcomes.

Here, Big Data and analytics will play a predominant role by the way of cloud, mobile technology and other social technologies that gather data for the purpose of ascertaining and accordingly addressing concerns of people.

Role of Big Data

Leveraging city data and using geographical information systems (GIS) to collect valuable information about stakeholders are some techniques that are commonly used in smart cities to execute emergency systems, creating dynamic parking areas, naming streets, and develop monitoring. Other sources which would harness such data would be from fire alarms, in disaster management situations and energy saving mechanisms, which would sense, communicate, analyze and combine information across platforms to generate data to facilitate decision making and manage services.

According to the Department of Electronics and Information Technology, the government’s plan to develop smart cities in the country could lead to a massive expansion of an IoT (Internet of Things) ecosystem within the country. The revised draft IoT policy aims at developing IoT products in this domain by using Big Data for government decision-making processes. For example, in India a key opportunity that has been identified is with regard to traffic management and congestion. Here, collecting data during peak hours, processing information in real time and using GPS history from mobile phones can give insight into the routes taken and modes of transportation preferred by commuters to deal with traffic woes. The Bengaluru Transport Information System (BTIS) was an early adopter of big data technology which resorted to aggregating data streams from multiple sources to enable planning of travel routes by avoiding traffic congestions, car-pooling, etc.

Challenges

The idea of a data-driven urban city has drawn criticism as the initiative tends to homogenize Indian culture and change the fabric of cities by treating them alike in terms of their political economy, culture, and governance.

Despite basing the idea of a smart city on the assumption that technology-based solutions and techniques would be a viable solution for city problems in India, it is pertinent to note that the collection of personal real-time data may blur the line between personal data with the large data collected from multiple sources, leaving questions around privacy considerations, use and reuse of such data, especially by companies and businesses involved in providing services in legally and morally grey areas.

Privacy concerns cloud the dependence on big data for functioning of smart cities as it may lead to erosion of privacy in different forms, for example if it is used to carry out surveillance, identification and disclosures without consent, discriminatory inferences, etc.

Apart from right to privacy, a number of rights of an individual like the right to access and security rights would be at risk as it may enable practices of algorithmic social sorting (whether people get a loan, a tenancy, a job, etc.), and anticipatory governance using predictive profiling (wherein data precedes how a person is policed and governed). Dataveillance raises concerns around access and use of data due to increase in digital footprints (data they themselves leave behind) and data shadows (information about them generated by others). Also, the challenges and the realities of getting access to correct and standardized data, and proper communication seem to be a hurdle which still needs to be overcome.

The huge, yet untapped, amount of data available in India requires proper categorization and this makes a robust and reliable data management system prerequisite for realization of the country’s smart city vision. Cooperation between agencies in Indian cities and a holistic technology-based approach like ICT and GT (geospatial technologies) to resolve issues pertaining to wide use of technology is the need of the hour. The skills to manage, analyze and develop insights for effective policy decisions are still being developed, particularly in the public sector. Recognizing this, Nasscom in India has announced setting up a Centre of Excellence (CoE) to create quality workforce.

Though it is apparent that data will play a considerable role in smart city mission, the peril is lack of planning in terms of policies to govern the big data mechanics and use of data. This calls for development of suitable standards and policies to guide technology providers & administrators to manage and interpret data in a secured environment.

Legal hurdles

The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 deals with accountability regarding data security and protection as it applies to ‘body corporates’ and digital data. It defines a ‘body corporate’ as “any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities” under the IT Act. Therefore, it can be ascertained that government bodies or individuals collecting and using Big Data for the smart cities in India would be excluded from the scope of these Rules. This highlights the lack of a suitable regulatory framework to take into account potential privacy challenges, which currently seem to be underestimated by our planners and administrators.

Regarding access to open data, though the National Data Sharing and Accessibility Policy 2012 recognizes sensitive data, the term has not been clearly defined under it. However, the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 clearly define sensitive personal data or information. Therefore, the open data framework must refer to or adopt a clear definition drawing from section 43A Rules to bring clarity in this regard.

Way forward

As India moves toward a digital transformation, highlighted by flagship programmes like Smart Cities Mission, Digital India and the UID project, data regulation and recognition of use of data will change the nature of the relationship between the state and the individual. However, this seems to have been overlooked. Policies that regulate the digital environment of the country will intertwine with urban policies due to the smart cities mission. Use of ICTs in the form of IoT and Big Data entails access to open data, bringing another policy area in its ambit which needs consideration. Identification/development of open standards for IoT particularly for interoperability between cross sector data must be looked at.

To address privacy concerns due to the use of big data techniques, nuanced data legislation is required. For a conducive big data and technologically equipped environment, the governments must increase efforts to create awareness about the risks involved and provide assurance about the responsible use of data.

Additionally, a lack of skilled and educated manpower to deal with such data effectively must also be duly considered.

The concept note produced by the government reflects how it visualizes smart cities to be a product of marrying the physical form of cities and its infrastructure to a wider discourse on the use of technology and big data in city governance. This makes the role of big data quite indispensable, making it synonymous with the very notion of a smart city. However, the important issue is to understand that data analytics is only a part of the idea. What is additionally required is effective governance mechanism and political will. Collaboration and co-operation is the glue that will make this idea work. It is important to merge urban development policies with principles of democracy. The data involved in planning for urbanized and networked cities are currently flawed and politically-inflected. Therefore, collective efforts must go into minimizing pernicious effects of the same to ensure the basic human rights are not violated in the race to make cities “smart”.

Vanya Rakesh is Programme Officer, The Centre for Internet & Society (CIS), Bangalore. Elonnai Hickok, Policy Director of CIS, also provided inputs for this story.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-march-21-2016-vanya-rakesh-too-clever-by-half-strengthening-indias-smart-cities-plan-with-human-rights-protection

India Still Trying To Turn Optional Aadhaar Identification Number Into A Mandatory National Identity System

praskrishna — 2016-03-24T06:34:21Z

from the sliding-down-the-slippery-slope-to-disaster dept

The blog post was published by Tech Dirt on March 22, 2016. CIS research on Aadhaar was quoted.

Last year, we wrote about India's attempt to turn the use of its Aadhaar system, which assigns a unique 12-digit number to all Indian citizens, into a requirement for accessing government schemes. An article in the Hindustan Times shows that the Indian government is still pushing to turn Aadhaar into a mandatory national identity system. A Bill has just been passed by both houses of the country's parliament, which seeks to give statutory backing to the scheme -- in the teeth of opposition from India's Supreme Court:

There have been orders passed by the Supreme Court that prohibit the government from making Aadhaar mandatory for availing government services whereas this Bill seeks to do precisely that, contrary to the government's argument that Aadhaar is voluntary.

The article notes that in some respects, the new Bill brings improvements over a previous version:

It places stringent restrictions on when and how the UID [Unique Identification] Authority (UIDAI) can share the data, noting that biometric information -- fingerprint and iris scans -- will not be shared with anyone. It seeks prior consent for sharing data with third party. These are very welcome provisions.

But it also contains some huge loopholes:

The government will get sweeping power to access the data collected, ostensibly for "efficient, transparent, and targeted delivery of subsidies, benefits and services" as it pleases "in the interests of national security", thus confirming the suspicions that the UID database is a surveillance programme masquerading as a project to aid service delivery.

The fact that an optional national numbering system now seems to be morphing into a way to monitor what people are doing will hardly come as a surprise to Techdirt readers, but this continued slide down the slippery slope is still troubling, as are other aspects of the new legislation. For example, it was introduced as a "Money Bill," which is normally reserved for matters related to taxation, not privacy. That suggests a desire to push it through without real scrutiny. What makes this attempt to give the Aadhaar number a much larger role in Indian society even more dangerous is the possibility that it won't work:

A recent paper in the Economic and Political Weekly by Hans Mathews, a mathematician with the [Centre for Internet and Society], shows the programme would fail to uniquely identify individuals in a country of 1.2 billion.

A mandatory national identity system that can't even uniquely identify people: sounds like a recipe for disaster.

For more details visit https://cis-india.org/internet-governance/news/tech-dirt-march-22-2016-india-still-trying-to-turn-optional-aadhaar-identification-number-into-mandatory-national-identity-system

February 2016 Bulletin

praskrishna — 2016-03-20T05:13:30Z

The Centre for Internet & Society is happy to share its February 2016 newsletter. Previous issues of the newsletters can be accessed at http://cis-india.org/about/newsletters.

Highlights
The Researchers at Work programme organised the Internet Researchers' Conference 2016 (IRC16) on February 26-28. It was hosted by the Centre for Political Studies at the Jawaharlal Nehru University, and was generously supported by the CSCS Digital Innovation Fund. Subhashish Panigrahi won the Yuva Prerana Samman award. The award was conferred during the 2nd International Conclave of Odia Language (organized by Intellects, a Delhi-based progressive forum of intellectuals) at the India International Centre in New Delhi on February 20, 2016. Odisha News covered the event. Subhashish Panigrahi wrote an article for the Hoot on whether Wikipedia could revive dying Indian languages. Panigrahi stated that by encouraging content and involvement languages could be kept relevant. The article was republished by Pratham Books. Kannada Wikipedia just celebrated its 13th anniversary. As part of the WikipediansSpeak series Subhashish Panigrahi caught up with Vasanth to learn about his contributions to the Kannada Wikipedia. In the discussion Vasanth shared his long time involvement in the Wikimedia movement, and spoke about what drove him every day to edit Wikipedia and helping other fellow Wikimedians. Sunil Abraham's article on Facebook's Free Basics was published by First Post. He stated that there is more to come from TRAI in terms of net neutrality regulations especially for throttling and blocking. Nehaa Chaudhari wrote an article for the Socio Legal Review (National Law School of India University). The article seeks to examine legal and policy lever and the role of regulator in the development of an enabling environment for access to sub-hundred dollar mobile devices. In a recently published paper, Jahnavi Phalkey and Sumandro Chattapadhyay explore public initiatives in technological solutions for educating the poor and the disadvantaged in independent India. The United Nations Educational, Scientific and Cultural Organisation (UNESCO) had published a book in 2014 that examines free speech, expression and media development. The chapter contains a Foreword by Irina Bokova, Director General, UNESCO. Pranesh Prakash contributed to the Independence: Introduction - Global Media Chapter. The book was edited by Courtney C. Radsch. India should apply electronic toll collection systems to roads, and adapt road network concepts in organizing and managing communications networks wrote Shyam Ponappa in an Op-Ed published by the Business Standard.

►NVDA and eSpeak

Report

February 2016 (Suman Dogra; February 28, 2016).

►Pervasive Technologies

Article

Standard Essential Patents on Low-Cost Mobile Phones in India: A Case to Strengthen Competition Regulation? (Nehaa Chaudhari; Socio Legal Review, National Law School of India University; February 25, 2016).

Participation in Event

2016 Works-in-Progress Intellectual Property ("WIPIP") Colloquium (Organized by School of Law, University of Washington; Washington D.C.; February 19 - 20, 2016). Prof. Jorge Contreras presented a paper co-authored by Rohini Lakshané on the patent landscape conducted for the Pervasive Technologies project.

► Copyright and Patent

MHRD IPR Chair Series: Information Received from University of Madras (Karan Tripathi; February 19, 2016).
MHRD IPR Chair Series: Information Received from Cochin University of Science and Technology (Karan Tripathi; February 21, 2016).
MHRD IPR Chair Series: Information Received from IIT, Bombay (Karan Tripathi; February 22, 2016).
MHRD IPR Chair Series: Information Received from IIT, Delhi (Karan Tripathi; February 22, 2016).
The new Guidelines for Computer Related Inventions are a big win for FOSS in India! (Anubha Sinha; February 23, 2016).

Event Organized

IP Meetup #01: Prof. Biswajit Dhar on 'Intellectual Property issues: The Way Forward post Nairobi WTO Ministerial' (CIS, New Delhi; February 7, 2016). Prof. Dhar gave a talk.

►Wikipedia

Articles

Can Wikipedia revive dying Indian languages? (Subhashish Panigrahi; The Hoot; February 19, 2016 and mirrored by Pratham Books; February 22, 2016).
Community Digest—Estonians working on a new feedback system for Wikipedia articles (Subhashish Panigrahi; Wikimedia Blog; February 27, 2016).
Looking ahead to the future of the Kannada Wikipedia: Vasanth S.N. (Subhashish Panigrahi; Wikimedia Blog; February 29, 2016).
ଓଡ଼ିଆ ଭାଷା ପାଇଁ ଏକ ଅନୁଶୀଳନ (Subhashish Panigrahi; Suryaprava; February 22, 2016).
ଓଡ଼ିଆ ଭାଷା ପାଇଁ ଏକ ଅନୁଶୀଳନ (Subhashish Panigrahi; Samaja; February 21, 2016).
ମାତୃଭାଷା ଦିବସ: ଆଜିର ସମସ୍ୟା ଓ ଆହ୍ୱାନ (Subhashish Panigrahi; Sambad; February 21, 2016).

Submission

Cultural institution AKA GLAM for more OER (Subhashish Panigrahi; February 27, 2016). Subhashish's submission under the theme of "Innovative approaches to opening up cultural heritage collections for education" has been selected for the OER16 conference to be held in Edinburg, Scotland from 19 to 20 April 2016.

Media Coverage

Youth is responsible for protecting Telugu (Eenadu; January 14, 2016).
Why aren’t Indians using Wikipedia to hold the government to account? (Madhav Gadgil; Scroll.in; February 6, 2016).
Now trending: Regional Indian language social media networks (Kanika Sharma; Hindustan Times; February 14, 2016).
International Mother Language Day (Eenadu; February 21, 2016).
ಪ್ರಶಾಂತವನ (Prashasti Prashantavanam; February 21, 2016).

Award

The Intellects, a Delhi-based progressive forum of intellectuals, held the 2nd International Conclave of Odia Language at the India International Centre in New Delhi on February 20, 2016. Subhashish Panigrahi participated in the event and won the Yuva Prerana Samman award. Odisha News covered the event.

Event Organized

Digitisation sprint at Andhra Loyola College Vijayawada to bring more books on Telugu Wikisource (Andhra Loyola College, Off Eluru Road, Behind Vinayak Theater, Vijayawada, Andhra Pradesh; February 12 to 14, 2016).

-----------------------------------
Openness
-----------------------------------

Articles

Monitoring Sustainable Development Goals in India: Availability and Openness of Data (Part I) (Kiran AB, Openness Blog, February 22, 2016)

Submission

Open Data Hackathons are Great, but Address Privacy and License Concerns (Nisha Thompson, Cross-posted from DataMeet, February 05, 2016)

Participation in Event

National Koha Conclave (Organized by Informatics Publishing; Fortune Park JP Celestial; Bangalore; February 17, 2016). Sunil Abraham delivered the inaugural address on the occasion.

-----------------------------------
Internet Governance
-----------------------------------

►Big Data

Database on Big Data and Smart Cities International Standards (Vanya Rakesh; February 11, 2016).
Sean McDonald - Ebola: A Big Data Disaster (Sumandro Chattapadhyay; February 29, 2016).

►Freedom of Expression

Articles

‘A Good Day for the Internet Everywhere': India Bans Differential Data Pricing (Subhashish Panigrahi; Global Voices; February 9, 2016).
Net Neutrality Advocates Rejoice As TRAI Bans Differential Pricing (Subhashish Panigrahi; Odisha TV; February 9, 2016).
Facebook's Fall from Grace: Arab Spring to Indian Winter (Sunil Abraham; First Post; February 11, 2016).
Internet Freedom (Sunil Abraham and Vidushi Marda; Asian Age; February 14, 2016).
There is No Such Thing as Free Basics (Subhashish Panigrahi; February 14, 2016).
World Trends in Freedom of Expression and Media Development (Pranesh Prakash; United Nations Educational, Scientific and Cultural Organisation; February 17, 2016). Pranesh Prakash contributed to Independence: Introduction - Global Media Chapter.

Event Organized

Public Debate on 'Differential Pricing': Series 1 (Co-organized by CIS, ICRIER and the Department of Civics and Politics, University of Mumbai; CIS, Bangalore; February 1, 2016).
Public Debate on 'Differential Pricing': Series 2 (Co-organized by CIS, ICRIER and the Department of Civics and Politics, University of Mumbai; Pherozeshah Mehta Bhavan, Vidyanagari, Kalina, Mumbai; February 3, 2016).
Public Debate on 'Differential Pricing': Series 3 (Co-organized by CIS, ICRIER and the Department of Civics and Politics, University of Mumbai; India Habitat Centre, Lodhi Road near Air Force Bal Bharti School, New Delhi; February 5, 2016).

Participation in Event

UNICEF & Nasscom Foundation Workshop on Child Online Protection (Organized by United Nations Children's International Education Fund; Hotel Claridges; New Delhi; February 8, 2016). Jyoti Panday attended the event.

►Privacy

Submission

Comments by the Centre for Internet and Society on the Report of the Committee on Medium Term Path on Financial Inclusion (Vipul Kharbanda; February 27, 2016).

Blog Entry

A Case for Greater Privacy Paternalism? (Amber Sinha; February 14, 2016).

Bottled-Up National Assets (Shyam Ponappa; Business Standard and Organizing India BlogSpot; February 3, 2016).

Article

The Aakash Tablet and Technological Imaginaries of Mass Education in Contemporary India (Jahnavi Phalkey and Sumandro Chattapadhyay; February 14, 2016).

Video

RAW Lectures #02: Anil Menon on 'Speculative Fiction and Freedom' - Video (CIS, Bangalore; January 13, 2016). The video was uploaded on February 9, 2016.

Events Organized

Internet Researchers' Conference 2016 (Jawaharlal Nehru University, Delhi; February 26 - 28, 2016).

-----------------------------------
News & Media Coverage
-----------------------------------

CIS gave inputs to the following media coverage:

India bans Facebook’s ‘free’ Internet for the poor (Annie Gowen; Washington Post; February 8, 2016).
Zuckerberg's Plan Spurned as India Backs Full Net Neutrality (Adi Narayan and Bhuma Srivastava; Bloomberg; February 8, 2016).
A Megacorp’s Basic Instinct (Arindam Mukherjee; Outlook; February 8, 2016).
Facebook’s Free Basics hits snag in India (James Crabtree with additional reporting by Tim Bradshaw; Financial Times; February 8, 2016).
Trai upholds Net Neutrality in setback to Facebook’s Free Basics (Moulishree Srivastava and Shauvik Ghosh; Livemint; February 9, 2016).
India Sets Strict New Net Neutrality Rules (Anjana Pasricha; Voice of America; February 9, 2016).
Net neutrality advocates hail Trai verdict (Alnoor Peermohamed; Business Standard; February 9, 2016).
Netizen Report: The EU Wrestles With Facebook Over Privacy (Global Voices; February 11, 2016).
Linking Facebook use to free top-up data (Deccan Chronicle; February 14, 2016).
India's ‘Facebook ruling’ is another nail in the coffin of the MNO model (The Register; February 15, 2016).
Violence call key to 'sedition' (The Telegraph; February 18, 2016).
Why the Internet is Making India Furious (Sanjana Sathian; Ozy; February 19, 2016).
Why India snubbed Facebook's free Internet offer (Daniel Van Boom; Cnet; February 26, 2016).

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/february-2016-bulletin

Pratap Vikram Singh - Why Aadhaar is Baseless?

praskrishna — 2016-04-02T05:31:30Z

This article by Pratap Vikram Singh, Governance Now, discusses the problems emerging out of the UIDAI project due to its lack of mechanisms for informed and granular consent, and for seeking recourse in the case of denial of service. The article quotes Sumandro Chattapadhyay and mentions Hans Varghese Mathew's work on the biometric basis of UIDAI. It was written before the Aadhaar bill was passed in Lok Sabha.

Cross-posted from Governance Now.

It was no less than a roller-coaster ride for Aadhaar, a programme formulated by the UPA government to assign a 12-digit unique number to every Indian resident. From the time it came into being in 2009, Aadhaar drew a volley of criticism, thanks to the misgivings and apprehensions that various critics and civil society organisations had. It was criticised for lack of a clear purpose, degree of effectiveness and absence of a privacy law and was virtually thrown into the bin by a parliamentary panel headed by BJP’s Yashwant Sinha in December 2011.

When the finance minister Arun Jaitley, in his budget speech, announced that the government would introduce the Aadhaar bill during the budget session, expectations were already set high. The bill, giving statutory backing to the unique identification authority of India (UIDAI), the implementing authority, was passed by the Lok Sabha on March 11. While the privacy and voluntary versus mandatory provisions are under the consideration of the supreme court, the bill makes way for linking Aadhaar with all government subsidies, benefits and services. The law on Aadhaar, former UIIDAI chairman Nandan Nilekani wrote in the Indian Express, will help the government in going paperless, presence-less and cashless. The legislation, however, fails to deliver on several counts.

However, prior to evaluating the bill (yet to be passed by the Rajya Sabha at the time of this writing though it is a money bill), let us take a look at its major aspects. For those, who always wondered whether Aadhaar is mandatory or voluntary, the bill 2016 makes it mandatory to avail subsidy, benefit or a service from the government.

The bill has provisions related to information security and confidentiality (section 28) which not only extend to employees of the UIDAI but also consultants and external agencies working with the authority.

The proposed law restricts information sharing. It bars UIDAI from sharing core biometric information – the bill defines it as fingerprints and iris scan – with “anyone for any reason whatsoever” or “used for any purpose other than generation of Aadhaar numbers and authentication under this Act”. The section 32 of the bill entitles Aadhaar number holders to access her or his authentication record. It also bars the authority from collecting, keeping or maintaining information about the purpose of authentication.

Odd Drives the Bill

While the intent is clear and is aimed at streamlining welfare schemes to ensure it reaches the bottom of the pyramid, cutting through the long chain of pilferage and subversion, the bill, however, has several shortcomings. To begin with, the government should not have taken the money bill route to pass the legislation – tactfully avoiding any conclusive discussion and debate in the Rajya Sabha, where it is in minority.

The bill assumes that the technology and the biometric system used by the UIDAI are flawless and it doesn’t provide any recourse in case of denial of a service. “If your fingerprint is not matching and you lose out on service, then what is the alternative mechanism you have,” asks Sumandro Chattapadhyay, research director, centre for internet and society (CIS). The bill doesn’t provide for recourse. “What if the scanning machine fails? What if the identifiers of two people match?”

Based on experiments conducted in the initial days of the Aadhaar programme, Hans Verghese Mathews, another CIS researcher, did a study on the probability of matching of identifiers of two persons. “For the current population of 1.2 billion the expected proportion of duplicands (users whose identifiers match) is 1/121, a ratio which is far too high,” Mathews wrote in the Economic and Political Weekly in February.

“It is like putting the technology in a black box – which can’t be reviewed,” says Chattapadhyay. The bill doesn’t talk about setting up an independent body to review the logs and keep an eye on wrong and duplicate matches.

Who Defines National Security?

According to public policy experts, it is an attempt to seek “minimal legitimacy” from parliament and further adds to the unbridled power of the executive.

Although the bill restricts information sharing in section 29, sections 33 and 48 provide exemption in cases of national security and public emergency, respectively. The legislation, nevertheless, doesn’t elaborate on what constitutes national security and public emergency, leaving it to the executives. The section 33 reads: “Nothing contained in… shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security….”

Similarly, section 48 states that if, at any time, the central government is of the opinion that a public emergency exists, “the central government may, by notification, supersede the Authority for such period, not exceeding six months, as may be specified in the notification and appoint a person or persons as the president may direct to exercise powers and discharge functions under this Act”.

Says Jayati Ghosh, professor, centre for economic studies and planning, Jawaharlal Nehru University, “National security is a very opaque term. Who decides what national security is? Today, the whole JNU is being projected as a threat to national security.” Swagato Sarkar, associate professor and executive director, Jindal school of government and public policy, OP Jindal Global University, says, “The bill has provisions for oversight on the use of Aadhaar, but then it suspends those provisions in case of emergency in the later sections, giving the state the power to use biometric information for whatever it deems fit.”

Sarkar adds, “It seems the bill is simply an instrument for seeking minimum legitimacy from parliament. The bill tries to address the concern of privacy minimally and it hardly serves any purpose.” He believes that there is a need to define the broader contours of democratic control of the state and reassess the changing state-citizen relationship, instead of rejecting the whole idea on the basis of surveillance and privacy. In other words, there is a need for strong parliamentary oversight, and that the Aadhaar related matters shouldn’t be completely delegated to the executive.

In its recommendations on formulating Privacy Act, the justice AP Shah committee in 2012 provided for establishing the office of privacy commissioner at the regional and central levels, defining the role of self-regulating organisations and co-regulation, and creating a system of complaints and redressal for aggrieved individuals. Since the country still doesn’t have any legislation on privacy, people are left on their own in case of an infringement or violation of privacy. Moreover, section 47 states, “No court shall take cognizance of any offence punishable under this Act, save on a complaint made by the Authority or any officer or person authorised by it.”

In its report, the parliamentary committee headed by Yashwant Sinha notes that “enactment of national data protection law… is a prerequisite for any law that deals with large scale collection of information from individuals and its linkages across separate databases”. The committee notes that in absence of data protection legislation, it would be difficult to deal with issues of access, misuse of personal information, surveillance, profiling, linking and matching of databases and securing confidentiality of information.

Subsidy-Aadhaar Linkage

The Sinha committee also takes a cautious view of the role of Aadhaar in curbing leakages in subsidy distribution, as beneficiary identification is done by states. It notes, “Even if the Aadhaar number links entitlements to targeted beneficiaries, it may not even ensure that beneficiaries have been correctly identified. Thus, the present problem of proper identification would persist.”

According to Ghosh, the biggest danger in using Aadhaar for social welfare programmes is that the fingerprints of the rural working class is not always in good shape and hence Aadhaar will not be the best way of identification. “If I am misidentified, I can go to so many places for recourse. But what if a labourer in a remote Jharkhand village is misidentified? Where and whether he would go?” the economist asks. Besides, the bill doesn’t limit the use of Aadhaar and defines areas where it can be used. Section 57 says that the law will not prevent the use of Aadhaar number for establishing the identity of an individual for any purpose, “whether by the state or anybody corporate or person, pursuant to any law, for the time being in force or any contract to this effect.”

According to a PRS Legislative review, since the bill also allows private persons to use Aadhaar as a proof of identity for any purpose, the provision will open a floodgate and enable private entities such as airlines, telecom, insurance and real estate companies to mandate Aadhaar as a proof of identity for availing their services.

Since the bill doesn’t restrict its application, people will not have a choice to identify themselves other than using Aadhaar when corporate organisations make it mandatory, says Chattapadhyay of the CIS. Adds Sarkar, “The bill should clearly mention sectors or services where Aadhaar will be potentially used (or made mandatory). Every time a new sector or service is added to the list, it is done after parliamentary approval.”

So far, 98 crore people have been assigned Aadhaar number. So far the project has costed Rs 8,000 crore.

For more details visit https://cis-india.org/internet-governance/news/gov-now-pratap-vikram-singh-17032016-why-aadhaar-is-baseless

Privacy Concerns Overshadow Monetary Benefits of Aadhaar Scheme

Pranesh Prakash and Amber Sinha — 2016-03-17T16:12:26Z

Since its inception in 2009, the Aadhaar system has been shrouded in controversy over issues of privacy, security and viability. It has been implemented without a legislative mandate and has resulted in a PIL in the Supreme Court, which referred it to a Constitution bench. On Friday, it kicked up more dust when the Lok Sabha passed a Bill to give statutory backing to the unique identity number scheme.

The article was published in the Hindustan Times on March 12, 2016.

There was an earlier attempt to give legislative backing to this project by the UPA government, but a parliamentary standing committee, led by BJP leader Yashwant Sinha, had rejected the bill in 2011 on multiple grounds. In an about-turn, the BJP-led NDA government decided to continue with Aadhaar despite most of those grounds still remaining.

Separately, there have been orders passed by the Supreme Court that prohibit the government from making Aadhaar mandatory for availing government services whereas this Bill seeks to do precisely that, contrary to the government’s argument that Aadhaar is voluntary.

In some respects, the new Aadhaar Bill is a significant improvement over the previous version. It places stringent restrictions on when and how the UID Authority (UIDAI) can share the data, noting that biometric information — fingerprint and iris scans — will not be shared with anyone. It seeks prior consent for sharing data with third party. These are very welcome provisions.

But a second reading reveals the loopholes.

The government will get sweeping power to access the data collected, ostensibly for “efficient, transparent, and targeted delivery of subsidies, benefits and services” as it pleases “in the interests of national security”, thus confirming the suspicions that the UID database is a surveillance programme masquerading as a project to aid service delivery.

The safeguards related to accessing the identification information can be overridden by a district judge. Even the core biometric information may be disclosed in the interest of national security on directions of a joint secretary-level officer. Such loopholes nullify the privacy-protecting provisions.

Amongst the privacy concerns raised by the Aadhaar system are the powers it provides private third parties to use one’s UID number. This concern, which wouldn’t exist without a national ID squarely relates to Aadhaar and needs a more comprehensive data protection law to fix it. The supposed data protection under the Information Technology Act is laughable and inadequate.

The Bill was introduced as a Money Bill, normally reserved for matters related to taxation, borrowing and the Consolidated Fund of India (CFI), and it would be fair to question whether this was done to circumvent the Rajya Sabha.

None of the above arguments even get to the question of implementation.

Aadhaar hasn’t been working. When looking into reasons why 22% of PDS cardholders in Andhra Pradesh didn’t collect their rations it was found that there was fingerprint authentication failure in 290 of the 790 cardholders, and in 93 instances there was an ID mismatch. A recent paper in the Economic and Political Weekly by Hans Mathews, a mathematician with the CIS, shows the programme would fail to uniquely identify individuals in a country of 1.2 billion.

The debate shouldn’t be only about the Aadhaar Bill being passed off as a Money Bill and about the robustness of its privacy provisions, but about whether the Aadhaar project can actually meet its stated goals.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-amber-sinha-pranesh-prakash-march-12-2016-privacy-concerns-overshadow-monetary-benefits-of-aadhaar-scheme

India's billion-member biometric database raises privacy fears

praskrishna — 2016-03-17T15:25:45Z

India's parliament is set to pass legislation that gives federal agencies access to the world's biggest biometric database in the interests of national security, raising fears the privacy of a billion people could be compromised.

The article by Sanjeev Miglani and Manoj Kumar was published by Reuters on March 16, 2016. Sunil Abraham was quoted.

The move comes as the ruling Bharatiya Janata Party (BJP) cracks down on student protests and pushes a Hindu nationalist agenda in state elections, steps that some say erode India's traditions of tolerance and free speech.

It could also usher in surveillance far more intrusive than the U.S. telephone and Internet spying revealed by former National Security Agency (NSA) contractor Edward Snowden in 2013, some privacy advocates said.

The Aadhaar database scheme, started seven years ago, was set up to streamline payment of benefits and cut down on massive wastage and fraud, and already nearly a billion people have registered their finger prints and iris signatures.

Now the BJP, which inherited the scheme, wants to pass new provisions including those on national security, using a loophole to bypass the opposition in parliament.

"It has been showcased as a tool exclusively meant for disbursement of subsidies and we do not realize that it can also be used for mass surveillance," said Tathagata Satpathy, a lawmaker from the eastern state of Odisha.

"Can the government ... assure us that this Aadhaar card and the data that will be collected under it – biometric, biological, iris scan, finger print, everything put together – will not be misused as has been done by the NSA in the U.S.?"

Finance Minister Arun Jaitley has defended the legislation in parliament, saying Aadhaar saved the government an estimated 150 billion rupees ($2.2 billion) in the 2014-15 financial year alone.

A finance ministry spokesman added that the government had taken steps to ensure citizens' privacy would be respected and the authority to access data was exercised only in rare cases.

According to another government official, the new law is in fact more limited in scope than the decades-old Indian Telegraph Act, which permits national security agencies and tax authorities to intercept telephone conversations of individuals in the interest of public safety.

"POLICE STATE"

Those assurances have not satisfied political opponents and people from religious minorities, including India's sizeable Muslim community, who say the database could be used as a tool to silence them.

"We are midwifing a police state," said Asaduddin Owaisi, an opposition MP.

Raman Jit Singh Chima, global policy director at Access, an international digital rights organization, said the proposed Indian law lacked the transparency and oversight safeguards found in Europe or the United States, which last year reformed its bulk telephone surveillance program.

He pointed to the U.S. Foreign Intelligence Surveillance Court, which must approve many surveillance requests made by intelligence agencies, and European data protection authorities as oversight mechanisms not present in the Indian proposal.

The Indian government brought the Aadhaar legislation to the upper house of parliament on Wednesday in a bid to secure passage before lawmakers go into recess.

To get around its lack of a majority there, the BJP is presenting it as a financial bill, which the upper chamber cannot reject. It can return it to the lower house, where the ruling party has a majority.

In its assessment of the measure, New Delhi-based PRS Legislative Research said law enforcement agencies could use someone's Aadhaar number as a link across various datasets such as telephone and air travel records.

That would allow them to recognize patterns of behavior and detect potential illegal activities.

But it could also lead to harassment of individuals who are identified incorrectly as potential security threats, PRS said.

Sunil Abraham, executive director of the Bengaluru-based Centre for Internet and Society, said Aadhaar created a central repository of biometrics for almost every citizen of the world's most populous democracy that could be compromised.

"Maintaining a central database is akin to getting the keys of every house in Delhi and storing them at a central police station," he said.

"It is very easy to capture iris data of any individual with the use of next generation cameras. Imagine a situation where the police is secretly capturing the iris data of protesters and then identifying them through their biometric records.

For more details visit https://cis-india.org/internet-governance/news/reuters-march-16-2016-sanjeev-miglani-and-manoj-kumar-indias-billion-member-biometric-database-raises-privacy-fears

Aadhaar is actually surveillance tech: Sunil Abraham

praskrishna — 2016-03-16T17:07:39Z

On March 12, the Lok Sabha passed the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016, paving the way for giving legal status to Aadhaar, a 12-digit unique identification number generated after collecting biometric and other details of an Indian resident.

Sahil Makkar on behalf of Business Standard interviewed Sunil Abraham. The article was published on March 12, 2016.

The government intends to use Aadhaar to roll out more subsidy schemes and allay privacy concerns. However, activists are not convinced. Sunil Abraham, executive director of Bengaluru based-research organisation The Centre for Internet & Society, tells Sahil Makkar that the concept of Aadhaar is principally flawed and it doesn't substantially help in plugging leakages in government schemes. Edited excerpts:

What is your position on Aadhaar and the UIDAI Bill?

What technology has broken cannot be fixed by the law. Aadhaar is a broken technology; it is surveillance technology disguised as developmental intervention that identifies people without their consent and authenticates transactions on their behalf. The architecture is a disaster from the security perspective and there is no recourse in law for citizens whose rights have been infringed. The other objection should be to the subtitle of the Bill that mentions "services": it is unclear whether Aadhaar is to be provided to the residents or the citizens. A bulk of the government services is meant for citizens.

What are the repercussions of this "broken technology"?

Consent happens without conscious cooperation during the authentication process of getting access to a subsidy or a service. Also, the person providing the service is holding a biometric reader and he may say the device is not working and hence, refuse the subsidy. Yet the database will reflect that the subsidy has been availed of because authentication has already been completed. So you have to accept what the person is saying because only that person and the UIDAI have access to the information. Aadhaar makes the citizen transparent to the state but makes the state completely opaque and unaccountable to its citizens.

Will the beneficiary not receive a message about the transaction?

That will only happen when the banks are involved. At the subsidised ration shop the beneficiary will get nothing. The world over security professionals don't trust biometric-based authentication, relying rather on other revocable authentication factors. It is irrevocable if the biometric details are compromised. Instead, writable smart cards could be used to record details of government officers on the cards of beneficiaries and make both the state and the resident transparent to each other.

Hasn't the National Population Register under the Ministry of Home Affairs been advocating the use of smart cards?

In this case biometrics should be used only to link the individual to the smart card. Biometric information should be stored on smart cards and under no circumstances should there be a central repository of biometrics at one place. Maintaining a central database is akin to getting the keys of every house in Delhi and storing them at a central police station. The chances of getting a central database compromised depend on the nature of information stored in it. For the sake of security one can't create a honey pot to be attacked by many. The internet is secure because it doesn't have a central database. The other difference is that faking biometrics is much easier than faking smart cards.

So your principle opposition is to the setting up of a central repository of biometrics?

I am also opposed to the use of biometrics for identification and authentication; this is nothing but surveillance. It is very easy to capture iris data of any individual with the use of next generation cameras. Imagine a situation when the police is secretly capturing the iris data of protesters and then identifying them through their biometric records.

But if the security agencies are able to identify those who create law and order problems, what is the hitch?

It is exactly the same argument that Apple is giving while refusing back-door entry to intelligence and investigating agencies. Once you build surveillance capacity for good governance, it may be misused by a repressive government, a rogue corporation or by criminals. Fear of this type of surveillance will deter people from holding any protest.

Doesn't the Aadhaar or the UIDAI conform to safety and security provisions in the IT Act?

The standards in our IT Act are woefully inadequate in comparison to European regulators and courts. If it adhered to the highest standards, the European privacy commissioner and data protection authorities would have given India adequacy status. The second problem is that the current IT Act doesn't apply to the government. If the government holds your data, it is under no obligation to protect your rights.

You have been part of the Justice A P Shah Committee on privacy. How important is it to have a separate privacy law in the present context?

It is not only important for the purpose of safeguarding human rights, but also to protect the competitiveness of our BPO, ITeS and KPO sectors. We need a data protection law that is compliant with European Data Protection Regulation.

How will such a law help a common man whose data have been compromised?

It will provide clarity to an individual about where he or she stands with regard to privacy. It is strange that the government took diametrically opposite stands in two cases related to privacy in the Supreme Court. When some activists demanded that the UIDAI be scrapped, the government argued before the court that there was no Constitutional right to privacy. When the police asked for the biometric records from the UIDAI, the same government argued there was a right to privacy and that it couldn't divulge the details to the police. The government is not speaking in the same voice; even courts are not speaking in the same voice, because there have been conflicting judgements. So the proposed law will provide clarity on privacy and people will be able to seek compensation under it.

At the same time it cannot be denied that Aadhaar can plug leakages and save hundreds and thousands of rupees for the exchequer....

Aadhaar is only answering two questions: Is this particular biometric unique (enrolment) and does it match the template in the database? If you bring a Bangladeshi into the system, it will answer both the questions in the affirmative. The Aadhaar only eliminates the possibility of one person receiving the benefits twice. At the same time it is very easy to put a ghost beneficiary back into the system. If Aadhaar has to work, we need a publicly visible auditable trail of subsidy moving from Delhi to the villages. That will eliminate corruption in the supply chain.

Isn't it difficult for a large number of ghost beneficiaries to get into the system?

There is no way to check whether a genuine or a ghost beneficiary has been removed from the list. It is not a foolproof system because no one is vouching for anybody. In the current system it is difficult to find out who created this ghost beneficiary. Nobody loses a job for creating a ghost; in fact, here everyone has an incentive.

If there are problems with the UIDAI system, why is the government upbeat about it?

As techno-utopians our government wants technology to answer everything and solve all our problems. If anything goes wrong, it can easily be blamed on technology.

For more details visit https://cis-india.org/internet-governance/news/business-standard-sahil-makkar-march-12-2016-aadhaar-is-actually-surveillance-tech-sunil-abraham

Govt narrative on Aadhaar has not changed in the last six years: Sunil Abraham

praskrishna — 2016-03-16T16:37:19Z

The bill is basically the same as the UPA version, with some cosmetic changes, and some tokenism towards the right to privacy, says Abraham.

Shreeja Sen interviewed Sunil Abraham. The article was published in Livemint on March 8, 2016.

The government’s bid to push financial inclusiveness and access to government services has received a fresh boost, with finance minister Arun Jaitley introducing a proposed law to give legislative backing to Aadhaar, being implemented by the Unique Identification Authority of India (UIDAI).

This project, which uses a person’s biometric data like fingerprints and iris scans to authenticate identity of people receiving subsidies and other state benefits, will move India towards a cashless economy and help digital initiatives such as biometric attendance, Pradhan Mantri Jan Dhan Yojana, digital certificates, pension payments and the proposed introduction of payments banks.

Sunil Abraham, 42

Abraham is executive director of Centre for Internet and Society, a Bengaluru-based think tank focusing on accessibility, access to knowledge, telecom and Internet governance. He has written extensively on the UID scheme, and the intersection of privacy and security. He founded Mahiti—an enterprise that aims to reduce the cost and complexity of information and communications technology for the voluntary sector by using free software.

The Aadhaar project has faced its share of roadblocks with cases challenging it pending before the Supreme Court. A constitution bench of the court will decide whether the right to privacy is a fundamental right and if Aadhaar violates it.

Sunil Abraham, the executive director of Centre for Internet and Society, a Bengaluru-based policy research institute, is a critic of Aadhaar for several reasons. He explained his concerns in an interview. Edited excerpts:

Have any of the concerns regarding the Aadhaar project since its inception in 2009 been addressed?

Whatever we complained about six or seven years ago, whatever complaints were made by the civil society...all of those complaints remain in the exact same situation.

Nothing has changed.

What kind of concerns?

The first thing to remember is that privacy and security are just two sides of the same coin. You cannot have one without the other.

Our first concern with the project is centralization. Whenever you build an information system, and you create a central point of failure, then it will fail because the possibility of failure exists. The Internet has no central point of failure. That is why it is so difficult for you to bring the Internet down. Complaint number 2 is the opaque technology.

UIDAI keeps saying that “we have built a technology using a free software and open standard stack”. The first is a de-duplication software and the second one is the authentication software—those are the most important pieces of software.

This software is proprietary and nobody knows how they work and nobody can independently audit them.

The third complaint is the use of an irrevocable and non-consensual authentication factor. In the UID scheme, the biometrics serve two purposes: it can be used to identify a citizen and it can be used to authenticate a transaction. Authentication factors, commonly known as passwords, should always be revocable. That means if the password is compromised, you should be able to change the password or at least say that this password is no longer valid. The use of biometrics eliminates those two important requirements.

Further, in most other authentication, the process of authentication ensures that you are consenting. For example, PIN (personal identity number) authentications. But suppose I am authenticating you through your irises, then as long as your eyes are open, the machine will think you’re authenticating. There’s no way of saying I don’t want to authenticate. Or if you’re sleeping, somebody can hold your fingers over a biometric reader and open your iPhone. So that’s complaint number three.

The fourth complaint from the privacy perspective is: there is a very important database that they don’t talk about. I call it the transactions database. Suppose there is somebody who is using the UIDAI service to authenticate a transaction, then UIDAI should keep a record of that successful or unsuccessful transaction authentication. That means you have been registered into the database.

You go to a fair price shop to purchase subsidized grain and at that fair price shop or ration shop, you use your finger on the biometric reader, and then the UIDAI system says “yes you are indeed who you say you are”.

So, at that point, later the shop should not be able to say X never came here, or X came twice. So, in order for them to not say all those things, a record should be made on the UID database, that on this day, from this geographical location, this particular biometric reader sent us X’s biometric template and asked if the template matched against X’s UID number...the transaction database can be used for profiling. They never talk about it.

They never tell us what that database holds and how long they’re keeping all those records. None of that is clear.

Does Aadhaar bill help assuage your doubts about the project?

The government narrative has not changed in the last six years; the bill is basically the same as the UPA (United Progressive Alliance) version, with some cosmetic changes, and some tokenism towards the right to privacy. The proof that the technology is fallible is in the bill.

If the technology was infallible, as the UIDAI would like us to believe, then the bill would not criminalize the following: (1) impersonation at the time of enrolment; (2) unauthorized access to the Central Identities Data Repository.

Imagine that the bill admits that every Indian’s biometric can be stolen from one single centralized database. Now why don’t we have a similar offence for stealing all private keys from the Internet—we don’t because that is technical impossibility thanks to decentralization.

Therefore we don’t need a law to make (it) illegal. We’ve suggested changes to both the technology and the law. We’ve written seven open letters to the UIDAI, and we’ve never gotten any response. Very few of our concerns have been addressed. We’ve seen dogs getting UID, various other things getting UID, so there’s a lot of evidence that the system does not work. From Kerala we have stories of one person getting several UIDs, so we have no idea about technological feasibility of the project.

One of our distinguished fellows, Hans Varghese Mathews, has published an academic paper in the latest EPW (Economic and Political Weekly), by extrapolating UIDAI field trial data to national scale. He predicts that by the time the number crosses 1 billion, every time UIDAI tries to register someone new, they will match with about 850 people already in the database positively. So, the unique identification capability of the UIDAI will not scale above the billion. The consequence of the technology failing is not trivial. If someone replaces your biometrics in the central database, then the onus is on you to prove that you are a resident of India.

Previously, human beings determined the answer to this question, and they had to find proof that you were not a resident. Now, a fallible technology will be asked to answer this important question.

Isn’t the basic function of the Aadhaar project to ensure that benefits reach the person they are meant for, and it’s easier for people to get an identity proof for those who have no other ID, like migrant workers?

Two responses: is it good anti- corruption technology? Unfortunately not, because it is intended at retail fraud. The person under surveillance is very poor. But the person responsible for corruption is not poor. So, I believe you should be surveilling those responsible for corruption.

What I had said is UID should be first given to every single bureaucrat and every single politician in the country. From Delhi till the Panchayat office, till the ration shop in the village, that supply chain must be monitored and documented using cryptography, so that nobody can deny anything. We need non-repudiatable audit trail from New Delhi to the village because according to all analyses, that is where the theft is happening—in the supply chain. The villager who is taking false benefits, that is called retail fraud.

The bulk of the fraud is actually wholesale fraud. Please tackle wholesale fraud using non-repudiatable public audit trail from New Delhi to the village first, before you start surveilling the poor.

The second point is that people find it easy to get the UID. That is fine, but there is a problem; that it’s not uniquely identifying anybody. So, people will keep registering and the UID system will keep giving them more and more UIDs because there are no human checks and balances. Because you’ve gone with a pure technological solution, it’s very easy to fool (the system).

So, the ease of registration has not served the purpose.

For more details visit https://cis-india.org/internet-governance/news/livemint-march-8-2016-shreeja-sen-govt-narrative-on-aadhaar-has-not-changed-in-last-six-years-sunil-abraham

Press Release, March 11, 2016: The Law cannot Fix what Technology has Broken!

Japreet Grewal and Sunil Abraham — 2016-03-16T10:10:40Z

We published and circulated the following press release on March 11, 2016, as the Lok Sabha passed the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016. This Bill was proposed by finance minister, Mr. Arun Jaitley to give legislative backing to Aadhaar, being implemented by the Unique Identification Authority of India (UIDAI).

The Lok Sabha passed the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 today. This Bill was proposed by finance minister, Mr. Arun Jaitley to give legislative backing to Aadhaar, being implemented by the Unique Identification Authority of India (UIDAI).

The Bill was introduced as a money bill and there was no public consultation to evaluate the provisions therein even though there are very serious ramifications for the Right to Privacy and the Right to Association and Assembly. The Bill has made it compulsory for an individual to enrol under Aadhaar in order to receive any subsidy, benefit or service from the Government. Biometric information that is required for the purpose of enrolment has been deemed "sensitive personal information" and restrictions have been imposed on use, disclosure and sharing of such information for purposes other than authentication, disclosure made pursuant to a court order or in the interest of national security. Here, the Bill has acknowledged the standards of protection of sensitive personal information established under Section 43A of the Information Technology Act, 2000. The Bill has also laid down several penal provisions for acts that include impersonation at the time of enrolment, unauthorised access to the Central Identities Data Repository, unauthorised use by requesting entity, noncompliance with intimation requirements, etc.

Key Issues

1. Identification without Consent

Before the Aadhaar project it was not possible for the Indian government to identify citizens without their consent. But once the government has created a national centralized biometric database it will be possible for the government to identify any citizen without their consent. Hi-resolution photography and videography make it trivial for governments and also any other actor to harvest biometrics remotely. In other words, the technology makes consent irrelevant. A German ministers fingerprints were captured by hackers as she spoke using hand gesture at at conference. In a similar manner the government can now identify us both as individuals and also as groups without requiring our cooperation. This has direct implications for the right to privacy as we will be under constant government surveillance in the future as CCTV camera resolutions improve and there will be chilling effects on the right to free speech and the freedom of association. The only way to fix this is to change the technology configuration and architecture of the project. The law cannot be used as band-aid on really badly designed technology.

2. Fallible Technology

The technology used for collection and authentication as been said to be fallible. It is understood that the technology has been feasible for a population of 200 million. The Biometrics Standards Committee of UIDAI has acknowledged the lack of data on how a biometric authentication technology will scale up where the population is about 1.2 billion. Further, a report by 4G Identity Solutions estimates that while in any population, approximately 5% of the people have unreadable fingerprints, in India it could lead to a failure to enroll up to 15% of the population.

We know that the Aadhaar number has been issued to dogs, trees (with the Aadhaar letter containing the photo of a tree). There have been slip-ups in the Aadhaar card enrolment process, some cards have ended up with pictures of an empty chair, a tree or a dog instead of the actual applicants. An RTI application has revealed that the Unique Identification Authority of India (UIDAI) has identified more than 25,000 duplicate Aadhaar numbers in the country till August 2015.

At the stage of authentication, the accuracy of biometric identification depends on the chance of a false positiveâ€” the probability that the identifiers of two persons will match. For the current population of 1.2 billion the expected proportion of duplicates is 1/121, a ratio which is far too high. In a recent paper in EPW by Hans Mathews, a mathematician with CIS, shows that as per UIDAI's own statistics on failure rates, the programme would badly fail to uniquely identify individuals in India. [1]

Endnote

[1] See: http://cis-india.org/internet-governance/blog/epw-27-february-2016-hans-varghese-mathews-flaws-in-uidai-process

For more details visit https://cis-india.org/internet-governance/blog/press-release-aadhaar-11032016-the-law-cannot-fix-what-technology-has-broken