The pilot program introducing Aadhaar-based facial recognition for COVID-19 vaccination has begun in Jharkhand. The new "Good Governance" Rules allow this.
In 2016, the Aadhaar Act brought Aadhaar to India, giving the UIDAI decision-making power over its use. This year, the "Good Governance" Rules came into play, empowering the Centre to allow some entities to engage in Aadhaar authentication (like the facial recognition drive).
Aadhaar has been criticised for years - the 2016 Economic Survey showed severe exclusion due to authentication failure. Jharkhand itself saw a 49% failure rate. The data security and privacy issues surrounding Aadhaar are also widely known.
1. According to the Aadhaar Act, authentication can be used for *certain* subsidies and services. But due to vague wording of the Rules, any govt project can propose it. Thus the Rules expand the scope of the Act, which is unconstitutional (especially since it was a money bill).
2. The SC's Aadhaar Judgement limits the govt's use of authentication and disallows private use. But what if a ‘requesting entity’ (which is not defined) is a public-private partnership? Since the 2019 Amendment permits private parties access to Aadhaar numbers, this is worrying.
3. The Rules are supposed to be voluntary, but the Government pushes Aadhaar to become India's preferred mode of verification/authentication, making it de-facto mandatory. E.g. The Road Transport Ministry has proposed to use Aadhaar for online applications for driver's licenses.
4. The Rules include vague terms like ‘good governance’, ‘social welfare benefits’, ‘spread of knowledge’, ‘satisfied', etc. They lack guidelines to help authorities decide how they will operate, or to what extent. This amounts to excessive delegation which would be illegal.
5. For the Rules to be accepted, these conditions must be met:
a) Legality/existence of a law,
b) Legitimate state aim,
c) Proportionality of objectives and means to achieve them.
The objectives are vague and do not define the State aim so they fail the proportionality test.
We have approached the Chairpersons of the Lok Sabha and Rajya Sabha Committees on Subordinate Legislation petitioning them to take up the Rules for review and test them for constitutionality. We thank Maansi Verma, founder of Maadhyam, and @no2uid for this collaborative work.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
SOS: We at @internetfreedom@no2uid@smcproject@HEaL_Institute@IndJMedEthics are laying down clear facts about how and why vaccine discrimination is going to rise in India. If the government fulfils our demands, access to life-saving resources will increase. Please RT.
1. Some worrying facts:
a. State/private bodies have to get vaccines from manufacturers. The price is set/declared in advance.
b. There is no strict price regulation in pvt hospitals.
c. 18-45 y/os must be handled by States, and they have no option but to register on COWIN.
Why is this a problem? If you leave the pricing of vaccines to the free market, leave vaccination to States who are low on resources, and mandate online registration at a time when a large number of Indians CANNOT access it, people will be left out of the vaccination process.
THREAD: National Health Authority chief Dr. R.S. Sharma said that Facial Recognition will be used with Aadhaar to authenticate identities of people seeking vaccines. But this inaccurate tech can lead to potentially life threatening exclusion from access to vaccines in India.
1/n
With @no2uid and a team of volunteers, we released a joint statement opposing the initiative. It has been endorsed by 16 orgs+505 individuals. We've sent it with a covering letter to Dr. Ram Sewak Sharma and the National Health Authority. Read ahead. internetfreedom.in/sign-on-and-su…
2/n
The government is currently using biometric fingerprint/iris scan for identity authentication at vaccination centres. They could soon be replaced with Facial Recognition which it believes will help avoid infections. The pilot program has already been initiated in Jharkhand.
3/n
We have been seeking clarity around the undemocratic and unconstitutional IT Rules, 2021. As per our analysis they threaten social media interactions, online news portals and OTT streaming platforms. Fundamentally altering and vesting excessive government control. 1/n
In our most recent attempt at transparency is to examine how the IT Rules, 2021 came to be drafted we had filed a RTI request with MEITY on the legal advise, contractors and file nothings. As per their response, it was drafted by MEITY with advice from M/s Vidhi Legal. 2/n
Further legal opinion was sought from the Law Ministry. On our queries (such as inspecting the file), we appreciate MEITY extending us an opportunity to inspect them. After the present surge ceases, we will examine all methods & options how IFF staff can safely access copies. 3/n
If you stood up for students by demanding the postponement of CBSE exams, we appeal to you to also take a stand against CBSE's use of Facial Recognition on minors - a serious, co-occurring issue flying under the radar. Thread on what's going on. internetfreedom.in/cbses-response…
1/n
On October 22, 2020, we found that CBSE is using Facial Recognition to provide class 10 and 12 students access to their academic documents. A live image of them will be matched with the photo on their CBSE admit card, which is stored in a database. 2/n indianexpress.com/article/educat…
Why is this an issue?
a. These are photos of minors and we don't have a data protection law.
b. The tech will lead to exclusion of students due to inaccuracies, becoming a procedural hindrance.
c. Children's appearances change over time. The tech can fail to identify them.
3/n
Since May 2020, @OfficialSauravD has been denied critical information about the widely criticised privacy and security aspects of Aarogya Setu. IFF has been representing Mr. Das in court. Today, we are making known the details of this case. internetfreedom.in/how-we-are-hel…
1/n
@OfficialSauravD has already found via RTIs that Aarogya Setu does not comply with its own data sharing protocols. He sought a copy of its entire file which contained info about the proposal's origins, govt depts involved, correspondence between pvt sector and officials, etc.
2/n
After not responding for 3 months (the time limit for responding to RTI requests is 30 days!), Public Information Officers of the National Informatics Centre, e-Governance Division, and MeitY all claimed that the information was not held by their departments.
3/n
Are you confused about the Personal Data Protection Bill, and don't know where to start? We're on a mission to #StartFromScratch and break down components of the bill for your knowledge.
In part 1 we discussed the need for a data protection bill in today's digital world. We provided historical context and hinted at some of the concerns that have been raised about it. In part 2 below, we discuss the bill's basic elements and provisions. 2/n
Let's begin with the basics - the most important definitions. Given the example that you're a Facebook user, you are called a "data principal". Facebook is the "data fiduciary", and the entity that processes your data for, say, advertising purposes is a "data processor". 3/n