 Hello and welcome to NewsClick. The Adhar case is rarely out of the news these days. We've seen a regular stream of stories in the media on citizens being denied various rights, also various instances of identity and data theft. Now, the UID has also recently come in for bad publicity over its handling of the Tribune case where the Tribune exposed the sale of UID data. Now, meanwhile, the Adhar case is coming up for hearing again in the Supreme Court on the 17th of this month. Now, to discuss the case and understand some of the more recent stories surrounding Adhar, we're joined by Usha Ramanathan, who's a legal researcher and someone who's actually been associated with the campaign for seven or eight years, if not more already. Now, first I actually wanted to find out about what exactly is the status of the case in the Supreme Court since Adhar seems to be being made mandatory for more and more things every day despite the supposed order of the Supreme Court saying it shouldn't be made mandatory. Is there likely to be a quick resolution to this matter given that many seem to be worried that the government is going to rely on a fatal comply argument saying they've invested so much, there are so many millions and billions of people in the database already. When the case, when the project came in right in the beginning in 2009 and we started studying it, we knew the project could go in one of two ways. Either it, it's an excellent technology and it works very well as technology and the scheme and the project and all of it is fine for the, at least for the project proponents and that could be a problem for us because it could still have surveillance built into it, it could still, you know, and there would be problems of that kind or the project itself could be fundamentally in its conception defective and in its, in the kind of things that it brought into the project, there could be problems of such a deep nature that it cannot work. Either case we were worried about it. What we are seeing over the years, however, is that it's not, I mean, there are so many, this is, you know, this is a project that was started with untested technology. They just decided on biometrics without knowing whether it will work or not. Today when you have people dying, you have denial on the other side. I think it's, the project has shown itself as being irresponsible enough to treat too many things as collateral damage and that is not good, I mean, it's not good coming from anywhere but when it comes from a state and it affects its own citizens, I think that speaks of a different order of problems. So what we find over this period of time is a project that is bad in conception. In its, bad in terms of the kind of technologies that it used, that is amazing. If you read the history of biometrics and what they knew, I should actually say what they didn't know about biometrics over this period of time. If I tell you that in 2015, as late as that, in 2010, September, they started collecting their biometrics from everybody. In 2015, August, after the privacy referral, referral, referral in 2015, there was on their website, they said that and in that privacy referral, there was also one line from the judges which said that if a court requires, then you must give biometrics to them. Now, if you have to give biometrics to the court, then it means you must be clear, not to the court, on the court's orders, then it must be technology that is dependable. It's interesting that so far, the biometric database has never been audited by anybody. And the moment that came in in 2015, we noticed that on their website, there was this thing called UBCC research. What is that? UIDAI, Biometric Center of Competence. And they were going to do research on it to see if they could make it work for a national ID. And why? Because the nature and diversity of India's working population makes biometrics a challenge. This is five years after they've started collecting it and three years, two and a half years after they had started making it compulsory for the poor to put their biometrics to collect their rations. Now, we know by now that biometrics is failing miserably all around. The economic survey of the government itself says that about 49% is failing for instance in Jharkhand. And 6% in the best state which is Andhra. So there are various ways in which it becomes 6%. It's an interesting study to see. But it's a project that is having to be salvaged by the project authorities. And that's the reason for the denial. That's the reason for band-aid at every stage when things go wrong. And all this is going to be presumably to be argued before the call. So is the Supreme Court actually looking into these sort of architectural issues with the Adharki? So because it might be easy for them to say some of these are policy matters which are left to be exacted. So I think there are some things that are very clear in this project. The first thing is that this is not a problem of implementation. This is a problem of conception. This is a problem of deliberately experimenting on a whole people and those experiments failing. So this is really not a problem of implementation. Secondly, this is a problem of rule of law. Deliberately there was no law that was made in the beginning when finally after they had started collecting all the data when you said put the law in place. They introduced a law in the Rajya Sabha. The Standing Committee rejected it within a year and then they just ignored it till 2016 when Push came to Shav and they passed this as a money bill. And through this phase, the Supreme Court has been saying you can't make it mandatory, you can't. And they've just flouted every law. So the court is going to have to consider things that are way beyond even just the architecture. By now it is also clear that one of the ways in which this is working, there is a thing called the 360 degree view of a person. And between the UID project and what are now called state resident data hubs, which is there in a number of states by now, between these two, UIDA has actually assisted and taught state governments how they can create these state resident data hubs. In 2012, there's a document which says how you do it. So what are these data hubs used for? This is a place where they say KYR, which is what you give to the UID, which is know your resident, plus at the time that they collect because the state governments were the registrars. So when they collect that data for the UIDAI, at the same time they tell them you can also collect anything additional you want, which is called KYR plus. And they retain all that information. The UIDAI gives back the number to them so that they can put it into that and they can keep updating that database. That's going to be the citizen's interaction with the state and the state will have a 360 degree view of our lives. In Haryana, recently you'll find that last year, they had said that every house was going to be visited and biometrically identified. And all information about every member of that household would be put onto the database and the state would have it. So it's a complete inversion of anything that is within the rule of law, within democracy. This is what the state, what the court is going to have to deal with. Now, do you think that there's actually any chance, particularly in light of the Puttaswamy judgment of the Adhar project as a whole being sort of rejected now? Or because from my understanding of the previous hearings, and correct me if I'm wrong, the court is now looking merely at whether databases should be linked, the extent to which they should be done, and so on, as opposed to the entire project in itself. Let's just see this. Why did the government have to go to the court and say that privacy is not a fundamental right of these people in the context of the UID case? They had to say it because the UID project really cannot survive a privacy right. It cannot survive a dignity right. It cannot today survive a life and liberty right. It cannot survive a life. You know the number of people who are struggling, I would have seen recently in Karnataka, 100 people, eight roots and leaves to prove to the administration, to show to the administration that listen, you kicked us out of the PDA system. Where are we supposed to go? And then shame-facedly the administration came in and said, okay, okay, we'll give you your grain. Now place after place, UID is pushing people out of the system. And they're not responding to it at all. So it's not just privacy. It is privacy, it is dignity, and it is life. If no court can ignore these basic elements. Now Nandan Nilikini on the other hand has alleged that there's been an orchestrated campaign to malign Adhar. We've also of course seen the UIDI taking heavy-handed action against the Tribune recently and so on. Why is there this nervousness on the part of UIDI and what is the nature of this orchestrated campaign that he seems to fear? You're sounding a little like the Twitter guys who say, you know, UIDAI is actually spelled UIDI. That's how you sound, I'm wondering whether you too believe that. See this, from the beginning, Mr. Nilikini has had one kind of way of approaching this. His idea has been that if you say no to the UIDI project, and if you say no to being tagged, if you say no to whatever the project does, then it must be because you are corrupt, because you have some vested interest in corruption continuing. So it's become, it's just been a malign the opposition and then you can get on with what you want. I'm afraid there are many of us who stop taking him seriously on these counts. The problem is not what Mr. Nilikini is saying. I mean, if Mr. Nilikini continues to be the spokesperson for the project, I would really want to know how that happens because he left the project a long time ago. But you find that the real problem in this is that, you know, when you look at what this law has produced, the UIDAI is the data controller. But the UIDAI is also the data regulator. The problem of the leak is happening because the UIDAI has absolutely no securities in its systems, they don't have secure systems. This, what the Tribune reporter found has perhaps been happening over a period of time. After that you had the India Today reporter going in and finding that for two rupees and five rupees you can collect data. We know, and I know there are people who are now going to be testifying to this, that biometrics has, you know, every place you go, they collect the biometrics and they keep it. Is there anybody watching to see whether they're keeping the biometrics or not? No. So there is no security for the individual in this at all. So the UIDAI is the primary accused. But because it acts as in the role of an accuser, it never gets accused. So it's not, no, no, no, it's worse. It is in fact saying anybody who speaks anything that I don't like and anyone, for instance, the Tribune reporter did nothing that was illegal. And in technology from all that I've heard, the importance of the person who shows the flaws in the system so that you can correct it, they ought to be rewarded. I mean, I don't mean to be quoting Edward Snowden, but I think he got it bang on when he said that she's the person who should be rewarded. And it's UIDAI that deserves to be punished. And that can never happen if you make a law like this. Now the government has of course consistently said that there are numerous safeguards in place, both legal and technical nature. Recently, now they've come up with this virtual ID system which is supposed to ensure that, you know, your Aadhar number itself can't be stolen. Your thoughts on the nature of the system, how will it work, what is the purpose of it, does it actually help? You know, the timing makes it extremely suspicious about what the purpose of it is. It seems to have come at a time when the credibility of the UIDAI is severely lowered. But you know, it was interesting to hear Mr. Pandey's explanation of what this is. First he says that this is a 16 digit number, you don't have to give your number then to everybody, but if there are some people where you're mandated to give it, then you have to give your UID number there. So there are places where you're going to display your UID number. Then they say that there are, he says there are, you know, large numbers of people in this country who won't be able to operate the system of getting, you know, of generating a 16 digit number. They can continue using the UID number. So it is not, it's optional in the sense that if you are a geek and you know, you know how to keep, you know, playing the system where you can, like he said, every second you can generate a 16 digit number, that's fine. But for most people, they are not going to have this choice. They are not going to know how to exercise this choice. And this also means that they are saying that in those, you know, those agencies for whom it is not mandated by law, they too can ask for it. They too can collect it. They too can keep it in their database. So where is the security in this? I mean, it's a, I don't think any, you know, most people are seeing through this fig leaf that they are, that they produce. What about the legal protections, however, in the act? I mean. And actually, you know, before I say, before you move on, I just want to say this, that if they're telling us that it takes seven years to come up with the first set of protection, possibly of the identity, it speaks very poorly for this project, I must say. You know, these are things that you provide the protection and then you roll it out among the people. You don't roll it out and then say that, you know, okay, this problem is, now I will see what I can do about it. And so this again goes back to the conceptualization problems as well that you were talking about earlier and not just the fact that it's feeding trouble as it were. No, no, in fact, you know what, this is part of what they call the protection of innovation from law. That is, technology is kind of nascent in a sense and we need to be able to innovate. Now they, what they tell us is that those who support this model of, this way of thinking, they say, there are two models in the world today. There's the European model and there's the American model. The European model is focused on rights. The American model is focused on the marketplace. So that's why the American model has managed to produce so much innovation. And to our minds, it has produced a lot of violation of rights which we are unable to contest. It has also produced monopolies, extraordinary monopolies, which are global monopolies. And the European model on the other hand has been focused on rights. They're saying, we don't want that. Allow innovation to happen. For that, what do you need to do? You should not have a law. You should not have regulation. You should not have liability. And you should allow us to experiment as we want. That is what this UID project is. So they will keep experimenting if it fails, if there is collateral damage, it happens and they carry on. Like, it doesn't matter. No, so coming on, coming to this issue of liability and collateral damage as such, have we actually seen any of the legal provisions of the Act being used against any of these instances of data updates that we've seen? Have, what is the UID actually doing? It is using the power that it has to decide who the wrongdoer is. And like I said, it's never themselves. So the wrongdoer is the person who shows up that there is a problem. In fact, at the Global Cybersecurity Conference that happened recently, Mr. A.V. Pandey spoke out in the midst of all the, I wonder what those foreign participants thought, because there was this reporter, if you remember, who had demonstrated that without any document at all, he could register himself in one place in one way and in another place in another way. And Mr. Pandey said, well, he's going to be known under the name that was not his name and he did it. Let him learn to live with that identity. So this kind of power that they've given to themselves is a very dangerous power. And they've demonstrated that they have the power to decide who they want to shoot down and who they want to protect. So for instance, when the leaks, data leaks happened, who did they punish and who were they kind and sweet with? The 210 websites from where all that leak happened, they've all been sent a good kind and sweet letter saying, please don't do this, be careful with it. Whereas the people who pointed out that the leak happened, they are being hounded today. This is what happened, and all this is before you have surveillance coming in fully. So can you imagine what power structures we are creating? No indeed, something to worry about. Well, so this is an interesting time and we will of course be watching to see what happens in the Supreme Court. Thanks so much for joining us, Usha, today. Thank you all for watching.