uid

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win. -Mahatma Gandhi

In matters of conscience, the law of the majority has no place. Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.” -A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.
Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant. Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty” and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” - Edward Snowden

Special

Here is what the Parliament Standing Committee on Finance, which examined the draft N I A Bill said.

1. There is no feasibility study of the project]

2. The project was approved in haste

3. The system has far-reaching consequences for national security

4. The project is directionless with no clarity of purpose

5. It is built on unreliable and untested technology

6. The exercise becomes futile in case the project does not continue beyond the present number of 200 million enrolments

7. There is lack of coordination and difference of views between various departments and ministries of government on the project

Quotes

What was said before the elections:

NPR & UID aiding Aliens – Narendra Modi

"I don't agree to Nandan Nilekeni and his madcap (UID) scheme which he is trying to promote," Senior BJP Leader Yashwant Sinha, Sept 2012

"All we have to show for the hundreds of thousands of crore spent on Aadhar is a Congress ticket for Nilekani" Yashwant Sinha.(27/02/2014)

TV Mohandas Pai, former chief financial officer and head of human resources, tweeted: "selling his soul for power; made his money in the company wedded to meritocracy." Money Life Article

Nilekani’s reporting structure is unprecedented in history; he reports directly to the Prime Minister, thus bypassing all checks and balances in government - Home Minister Chidambaram

To refer to Aadhaar as an anti corruption tool despite overwhelming evidence to the contrary is mystifying. That it is now officially a Rs.50,000 Crores solution searching for an explanation is also without any doubt. -- Statement by Rajeev Chandrasekhar, MP & Member, Standing Committee on Finance

Finance minister P Chidambaram’s statement, in an exit interview to this newspaper, that Aadhaar needs to be re-thought completely is probably the last nail in its coffin. :-) Financial Express

The Rural Development Ministry headed by Jairam Ramesh created a road Block and refused to make Aadhaar mandatory for making wage payment to people enrolled under the world’s largest social security scheme NRGA unless all residents are covered.


Monday, June 5, 2017

11502 - Aadhaar in the hand of spies Big Data, global surveillance state and the identity project. - FOUNTAIN LINK



Written by fountaininkseries


BY GOVIND KRISHNAN V

Aadhaar, the 12-digit number linked to the fingerprints and iris patterns of most Indians, the key to unlocking government for the citizen, is a security nightmare in a world where big data and a handful of global defence contractors control the technology for biometric solutions. If information warfare is the way of the future—as Brexit and the Trump campaign show it need not be rooted in facts—select companies and the small circle of protagonists behind them have proprietary tools and the world’s best expertise to access, mine and manipulate data belonging to governments and citizens for desired outcomes.

In the post 9/11 world, the west’s military-industrial complex, fed by wars across continents, is stronger than ever. It is funded in part by America’s Central Intelligence Agency (CIA) and the National Security Agency (NSA), the mass surveillance behemoth; billionaires with agendas; and populated by a revolving-door of key American security and intelligence personnel. Cambridge Analytica, Palantir Technologies and the Chertoff Group are among these corporations.

The Unique Identity Authority of India (UIDAI) in 2010-2012—its inception phase—awarded contracts to three US-based biometric service providers (BSP): L-1 Identity Solutions, Morpho-Safran, and Accenture Services Pvt. Ltd. These companies, all with proprietary biometric software, were responsible for profiling 60 crore Indian residents; developing protocols for avoiding de-duplicating of user details and supplying devices to enrolment agencies.

An investigation by Fountain Ink shows that the companies contracted by UIDAI to process the information are connected to both Cambridge Analytica and Palantir Technologies through business dealings and individuals involved in their affairs during the period of the contract. L-1 Identity Solutions, Morpho-Safran and Accenture have scores of business contracts with American, French and British intelligence and defence agencies through direct contracting of services or services provided by parent corporations and sister companies. Several individuals who worked at these companies have held top positions in the CIA, the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and the US military before making the switch.

Following the business links, partnerships and associations, investments and cross-holdings of the individuals and companies involved, situates biometric technology and persons involved in delivering Aadhaar in the midst of a labyrinth of interlocking relationships and conflicts of interest within the intelligence-industry complex. In an ecosystem where intelligence analysis is increasingly outsourced to private firms, these relationships fudge the distinctions between government and corporate, private and public, civilian and military.

This includes dealings and relationships with companies that work with NSA, and at least one involved in online monitoring of data for the US Secret Service as part of the PRISM programme exposed by whistleblower and former NSA contractor Edward Snowden. UIDAI, as far as is known, did not do a background check on these companies or their business, professional and personal associations. Or as shown by the contracts given to these companies and accessed through RTI, insist on technological safeguards against the possibility of illegal data theft, destruction or manipulation by foreign State actors through back doors or malware.

Fountain Ink has reviewed the contract between the BSPs and UIDAI and found that they had access to unencrypted biometric data as part of their job, contrary to UIDAI’s public stand that the data is always encrypted and inaccessible. A set of written questions sent to UIDAI and its top officials didn’t receive any response.

After Edward Snowden’s revelations that NSA is collecting data from Google, Facebook and Yahoo, Bloomberg News reported that thousands of technology, finance and manufacturing companies shared  sensitive data with US national security agencies in exchange for favours. The Bloomberg report said that the arrangement was so sensitive that it was brokered in direct meetings between company CEOs and the heads of intelligence services and implemented by a handful of people. 

The NSA has been known to spy on other nations.
Investigative journalist and the author of the 2008 book Spies for Hire: The secret world of intelligence outsourcing, Tim Shorrock said he has so far not found any evidence of intelligence agencies leveraging their revolving door connections with private players for information. “However, given the connections to US intelligence of these former high-ranking US officials, I would say it is very risky for India to be turning over such a vast database to private companies, particularly from a foreign power. Many of these former officials keep their security clearances after they leave government and often have access to highly classified intelligence information that ordinary executives do not have. When Indian and US national security interests diverge, as they often do, these revolving door figures could make decisions about their biometric contracts that could be detrimental to India and favourable to the US. India would be better off depending on its own technology and technology companies,” he said.
***
On May 7, The Guardian published a story that connected the dots in a hazy picture which started emerging gradually in the months after the shock of Brexit and Trump. Drawing upon months of investigations by British, German and American journalists, the story revealed how a reclusive American billionaire used a network of influential friends and associates in tech firms, political parties and far-right news outlets to drive electoral results in favour of two desired outcomes—a British vote for exiting the European Union, and a victory for Donald Trump in the US election. The story pointed to a level of coordination between the players involved, the Trump campaign, the Leave EU campaign, Nigel Farage, the head of UKIP, and Robert Mercer, hedge fund billionaire and computer scientist.

At the heart of the revolution in the global order that this motley group of anti-establishment allies brought about is a data analysis company that Mercer funded. Cambridge Analytica, which worked for Trump’s election campaign and the Leave EU campaign, married data gathering and artificial intelligence with psy-ops—psychological propaganda techniques developed by the US military to change enemy behaviour. In this case, the targets were US and UK citizens.

What gave Cambridge Analytica the power to profile entire populations? Facebook. Every time any of us like a picture or video that a friend shared, show support for a cause by liking that clever meme, or disliking a snarky comment by a troll, we leave digital footprints that say something about our personalities. In 2014, Cambridge Analytica built an algorithm based on research it contracted a Cambridge scientist to conduct. Aleksandr Kogan paid Facebook users to take a personality test that allowed him to mine not only their data, but also of everyone on their friends’ network. Using this, Kogan built what the company calls “psychometric” profiles of users. Cambridge Analytica then combined this data with voter data they bought from other commercial sources: email addresses, phone numbers, home addresses. This purportedly allowed the Trump campaign (and in UK, the Brexit campaign) to target ads at individuals based on their psychological traits and to find key emotional triggers. People high on a neuroticism scale, for example, could be targeted with messages about immigrants taking away jobs.

Cambridge Analytica claims that it has psychological profiles of 220 million US citizens based on 5,000 separate data sets. While experts debate the extent to which Brexit and American presidential votes were decided by the data company’s psy-ops, what is undeniable is the potential for such technology in two elections determined by wafer-thin swing votes: Trump won the electoral college by 80,000 votes in three states and two per cent of UK voters decided the EU referendum .
Cambridge Analytica and a partner are now being investigated by British regulatory authorities for breaking campaign finance rules and possibly breaching data privacy laws. Two other alarming threads emerged from newspaper investigations that brought together politics, big data and the world of government intelligence. Mercer and friends’ campaign for a plutocratic takeover of the western liberal order was not limited to Cambridge Analytica and millions of dollars of campaign funds to conservative candidates and thinktanks. Mercer is part-owner of Breitbart News, the extreme right-wing white racist website run by Steven Bannon, the White House chief strategist. Bannon was on the board of Cambridge Anlaytica and, according to reports from The Observer and The Guardian, was vice-president of the company before he joined the Trump administration. Breitbart News has been consistently accused of publishing fake news and conspiracy theories to create an alt-right bubble; a self-contained ecosystem of news propaganda consumed by supporters of Donald Trump. It  appears Breitbart tailored its news and search keywords based on analysis from Cambridge Analytica.

The technology used by Cambridge Analytica as well as the company itself emerged from the military-industry complex. The young company is a subsidiary of Strategic Communications Laboratory (SCL), a British psy-ops company Guardian called “effectively part of the British (and now American military) establishment ).”

The second thread, one unearthed by the Guardian story, is even more alarming. Information from former employees and emails showed that Cambridge Analytica was in talks with the US data monitoring company Palantir Technologies, and had discussed the possibility of collaboration.

Palantir is a dark word today in circles concerned about mass surveillance by government. Started with the money from the CIA’s venture capital fund,  Palantir developed state-of-the-art data-mining technology that can combine thousands of differing databases on hundreds of millions of individuals gathered by intelligence agencies and mix it with real-time information to spot patterns about individuals, organisations and events. The company works for and has access to data with NSA, CIA, FBI, GCHQ, the US military, as well as dozens of other intelligence, defence, and law enforcement agencies in contracts amounting to more than $1.2 billion since 2009.



Its biggest investor is co-founder Peter Thiel, who also founded PayPal, is on the board of Facebook, and has been the most vocal Trump supporter in Silicon Valley and a big contributor to his campaign. He is known to have had great influence in Trump’s transition team in its relationship with Silicon Valley, and is expected to be a major influence in the administration’s policy towards the IT industry. The Guardian report states “we are in the midst of a massive land grab for power by billionaires via our data. Data which is being silently amassed, harvested and stored. Whoever owns this data owns the future.”
***
Before Cambridge Analytica started working for Donald Trump’s presidential campaign, it was involved with the campaign of Senator Ted Cruz for the Republican nomination. Cruz was then Mercer’s man for president: he was one of the biggest fundraisers for Cruz and his daughter Rebekah had a significant role in running it. When Mercer, who is an investor in Accenture via Renaissance Technologies,  brought Cambridge Analytica to the Cruz campaign, its chairman was a Texan, Chad Sweet. A former Goldman Sacchs executive, he had started his career in the CIA’s National Clandestine Service. After his private sector stint he returned to government in 2005 as a special adviser to then secretary of Homeland Security Michael Chertoff, rising to chief of staff. Roughly comparable to the Indian Home Ministry, the DHS oversees domestic security agencies from the coast guard to the US Secret Service. In 2009, when Chertoff left government, Chad Sweet co-founded the Chertoff Group with him. Chertoff is also one of the authors of the Patriot Act which opened a whole new world of surveillance post 9/11.

In 2009, Safran, the part government-owned French defence conglomerate, acquired Morpho, a US company that offers biometric solutions.

In August/September 2010, UIDAI signed contracts with Morpho and L-1 Identity Solutions, a competitor. The contract with L-1 was signed on August 24. On September 20, Safran announced in Paris that it would acquire L-1 Identity and merge it with its subsidiary MorphoTrust. In effect, UIDAI gave two different contracts to the same company. Chad Sweet on behalf of Chertoff acted as strategic adviser for Safran in effecting the deal and was directly involved in the acquisition.

The Chertoff Group has other connections to Morpho, L-1 Identity and the biometric industry in the US. L-1 was incorporated into MorphTrust USA, which consists of various divisions of Morpho’s security consultancy. In November 2010, exactly a week after UIDAI signed the contracts, Jay M Cohen, principal at the Chertoff Group joined as chairman of the board of Morpho Detection. Cohen, a retired US Navy rear admiral and head of naval research served under Chertoff in DHS as undersecretary of the science and technology division. In May 2010, then owner and founder of L-1 Robert La Penta invested in the acquisition of Clear, a bankrupt company that developed biometric identification cards for US air travellers. Chertoff, fresh out of heading DHS, which controls the TSA, joined the board along with La Penta. Press reports from the period portray Chertoff as central to the new company’s business efforts. As head of DHS, Chertoff had pushed for biometric identification as a secure form of identification.

L-1 Identity was not only a biometric solutions provider and security firm, but also had an intelligences services arm that had several contracts with US agencies. L-1 sold its intelligence arms to BAE, the British aerospace defence contractor in February 2010. It is not known that the Chertoff group played any part in this acquisition but Michael Chertoff joined BAE USA’s board of directors in May. In 2012, he was made chairman of the board of directors.

The proximity of companies tasked by UIDAI with processing the biometric data of Indians to Cambridge Analytica and the heart of an emerging data empire is troubling enough. But the significance of the Chertoff Group and the intricate web of intelligence, military and government contacts involved becomes clear only when we look at how the world of intelligence gathering was transformed post 9/11.
***
That intelligence failure led to rethinking within government on how American intelligence agencies functioned. Unlike in the Cold War where human intelligence was the main source, SIGINT or Signal Intelligence became the primary tool of the “war on terror”, while analysis based on data-mining supplanted human analysis. The Iraq war created a massive demand for intelligence support and the CIA, NSA and GCHQ massively expanded the hiring of private analysts. The DHS was created to deal with domestic security. A bureaucratic behemoth, it pulled in 22 agencies from other departments.

In his book on the cyber-intelligence complex, investigative journalist Tim Shorrock calculated that 70 per cent of the US intelligence budget was being spent on private contractors. A study by the Office of the Director of National Intelligence gave the more conservative figure of 50 per cent. According to internal government figures accessed by Shorrock, in the two years after 9/11, the worth of intelligence contracts jumped from $22 billion to $43.5 billion. It also led to unprecedented access for private employees to state level intelligence.
Shorrock writes, “The National Terrorism Council (is) the electronic hub of the US intelligence community and the heart of the national intelligence State established by George W. Bush in the aftermath of September 11… Its analysts have at their disposal more than 30 separate government networks, each carrying more than 80 unique sources of data. As they go about their task they draw upon human intelligence from the Central intelligence Agency, communication intercepts from the National Security Agency and domestic reports from the Department of Homeland Security (and) the FBI. More than 50 per cent of the people working there are private sector contract employees.”
Shorrock has been a vocal critic of what he calls the cyber-intelligence elite. Along with a section of US and British journalists who cover national security, he believes that the post-9/11 technological capabilities deployed by the US and UK governments has created a surveillance state where citizens as well as foreign nationals risk constant monitoring. In this world, information is quite literally power. The revolving-door policy followed by western governments allows a handful of this elite to simultaneously inhabit government, corporate and intelligence communities, using their knowledge to push the agenda of whoever is employing them at the moment. Or who will employ them in future, when the door revolves again.
***
After becoming head of the DHS, Chertoff increased the involvement of private contractors. After starting the Chertoff Group, he continues to be on a number of important bodies that advise the US government on cyber-security and intelligence. He has been accused of advocating policies that benefit his own investments or the investments of clients that the Chertoff group advises. In a story published in The Nation, Shorrock wrote “The Chertoff Group doesn’t disclose its clients. But one of its most important functions for both the state and its contractor allies is as a broker of mergers and acquisitions. These aren’t just ‘deals’; they also represent significant reorganisations within the intelligence community…Using its team of NSA, CIA, and DHS veterans (who have deep classified knowledge of their agencies’ contracting histories and future needs), the Chertoff Group has brokered dozens of deals through its subsidiary, Chertoff Capital.”

Shorrock writes that within months of the Obama administration taking power, Chertoff and Chad Sweet had recreated the national security team that advised President George Bush and Vice-President Dick Cheney. Instrumental in this was the hiring of Michael Hayden, who first served as NSA director and then CIA director under Bush. Hayden put together a team that Shorrock called a “Shadow NSA”.

Charles Allen, an almost legendary CIA officer, Paul Shneider, who worked under Hayden at NSA and later was deputy to Chertoff at the DHS, and Sir John Scarlett, chief of MI6 under Tony Blair. When The Independent reported on the revolving door in the intelligence community it talked of how within six months of leaving MI6 Scarlett joined in advisory positions to PricewaterhouseCoopers (PwC), Morgan Stanely and Chertoff.  On the Chertoff group, the report said that “The group’s roster of former US intelligence officials has earned it the nickname of America’s “shadow” homeland security agency.”

Going through Chertoff’s website shows that these are not exaggerated claims. Among its executives and senior advisers are at least 13 former top or senior CIA officials, seven NSA officials and 13 DHS officials. Other important power-brokers are former officials from the department of defence and department of justice.
***
L-1 Identity was one of the major suppliers of fingerprint and iris scan machines to Aadhaar enrolment agencies. Together with Accenture and a consortium formed by Morpho and Satyam they also acted as biometric solution providers. The three organisations (L-1 Identity, Accenture and Morpho-Satyam) processed the data of 60 crore people the various enrolment agencies provided UIDAI. By the terms of the contract, each organisation was allotted 20 crore, unless the UIDAI felt dissatisfied with the quality of the data they supplied. In that case, enrolments would be redistributed to other providers. L-1, Morpho-Satyam and Accenture not only provided biometric proprietary software to authenticate enrolments and queries, they designed, configured and maintained these systems for UIDAI. The contract period was for two years, from 2010 to 2012, after which these companies continue to maintain and give service support.

From the contracts it appears that apart from enrolments, the bulk of the Aadhaar project, including processing, system building and de-duplication was carried out by the three biometric vendors. All the data was stored in UIDAI’s data centre in Bengaluru and the Central Identities Data Repository of India (CDRI) in New Delhi. While these sites are owned by UIDAI, the contracts signed with the biometric vendors indicate that the work carried out by these companies as well as the systems involved in it, ran as independent and self-contained units with only minimum supervision by UIDAI. In that sense, it was no different from an IT contract, even though the information accessed and processed was biometric records of Indian residents.

The technology used, consisting of proprietary biometric templates and algorithms have been developed by these companies. L-1, Morpho-Satyam and Accenture also carried out the process of weeding out duplicate applications from the initial 60 crore enrolments. This involved the complex task of comparing the biometric data of 60 crore individuals against each other. De-duplication makes it necessary that these companies had access to the biometric data of all individuals enrolled.

UIDAI spokespersons have often made claims to the effect that private companies that handle Aadhaar data do not have access to unencrypted biometric data. A “Facts About Aadhaar,” section on the UIDAI website says:  “During de-duplication, UIDAI software application (running within UIDAI managed data centres within India) simply “uses” the biometric software (procured from market) to de-duplicate. Interestingly, even within the UIDAI data centres, demographic data and biometric data are partitioned into different databases to ensure no single database has both sets of information. That means, even within the UIDAI data centres, the Biometric de-duplication subsystem does not get resident demographic details and the data it sees is fully anonymised.”

But contracts signed by UIDAI with the BSPs indicate this may not be true.  For enrolment and de-duplication processes, the algorithms work on unencrypted biometric data. The personnel of the companies involved have access to the photographs, demographic information and biometric information that people submit for getting Aadhaar. They are also able to tag all these sets of information together.

For example, the biometric solution provider is entrusted with ensuring the quality of biometric data received by UIDAI. Section 9.8.2 of Annexure E of the contracts UIDAI signed with L-1 Identity and Accenture says: “Data quality of capture would be received with the image. Image would be received in the raw form.” Later, in the same section it says: “The solutions being offered by the BSP (Biometric Service Provider) should have adequate safeguards, and validations to ensure that all data relating to an applicant, together with the photograph, biometrics (sic) get tagged together and that there is no mix-up of the particulars relating to one applicant with those of the others.”

Section 4.1 says “Face photograph is provided if the vendor desires to use it for de-duplication. While certain demographical information is also provided, UIDAI provides no assurance of its accuracy. Demographic information shall not be used for filtering during the de-duplication process, but this capability shall be preserved for potential implementation in the later phases of the programme.” The data is stored by the vendors’ team in encrypted form in the data centres and the key is shared with the UIDAI.

The main precautions apart from the legal that UIDAI has taken to ensure the safety of data are: a log that would serve as an audit trail every time anyone accesses the data of an Aadhaar enrollee. No one from the biometric service provider’s team is allowed to carry storage devices and hardware out of the data centre unless they obtain written permission. The teams’ access to internet except for Aadhaar authentication is restricted. For the 20 crore enrolments each biometric operator processed at the data centres, UIDAI supplied the computer hardware and equipment, except for the first one crore enrolments, where vendors were contractually obliged to instal their own hardware free of cost, with UIDAI providing only storage space and internet connection. The contract does not specify any measures from UIDAI to check or investigate the hardware, except the list of minimum specifications they should conform to.

The task of protecting systems from external attacks or hacking attempts and of overall security lies with L-1 Identity, Morpho-Satyam and Accenture. UIDAI and its former chairperson Nandan Nilekani have repeatedly assured the public that data stored by UIDAI is absolutely safe from hacking attempts. Cyber-security experts have questioned how such categorical surety can be provided against the possibility of data-breaches.
L-1 Identity on the other hand has admitted that data breach is always a possibility. In 2010, after signing the contract with UIDAI, L-1 Identity in its financial filing before the US Securities and Exchange Commission said “Many of the systems included in L-1 solutions manage private personal information and protect information involved in sensitive government functions. The protective security measures used in these systems may not prevent security breaches, and failure to prevent security breaches may disrupt business, damage reputation, and expose L-1 to litigation and liability. A party that is able to circumvent protective security measures used in these systems could misappropriate sensitive or proprietary information or cause interruptions or otherwise damage L-1 products, services and reputation, and the property and privacy of customers. If unintended parties obtain sensitive data and information, or create bugs or viruses or otherwise sabotage the functionality of systems, L-1 may receive negative publicity, incur liability to customers or lose the confidence of customers, any of which may cause the termination or modification of contracts. Further, insurance coverage may be insufficient to cover losses and liabilities that may result from such events.  L-1 may be required to expend significant capital and other resources to protect the Company against the threat of security breaches or to alleviate problems caused by the occurrence of any such breaches. In addition, protective or remedial measures may not be available at a reasonable price or at all, or may not be entirely effective.”

At the time L-1 signed the contract with UIDAI it had on its board an assortment of former US government and military officials. One of the directors was Admiral James M. Loy, former undersecretary at DHS. From 2005 to 2008, the most high-profile director of L-1 Identity was George Tenet, director of the CIA from 1997 to 2004,  the second longest term any director had at America’s premier spy agency. When he left the CIA he  joined the board of four major defence and security companies: L1 Identity, and the British multinational defence firm called QinetiQ among others. The online newsmagazine Salon reported in 2007 that Tenet received at least $2.3 million up to that point from these companies in compensation and stock options.
L-1 Identity acquired contracts for providing facial recognition software used by the US to identify terrorists and insurgents in Afghanistan and Iraq. It also received contracts from the CIA. In 2008, Tenet left these companies to become managing director of Allan & Co (A&C), a secretive New York boutique investment bank.
***
In 2009, QinetiQ acquired Cyveillance, a cyber-security company. The Cyveillance website lists Tech Mahindra and PricewaterhouseCoopers (PwC) as its partners in India. Cyveillance says it offers threat intelligence solutions and related services to its partners. Tech Mahindra is the parent company of Satyam, part of the Morpho-Satyam consortium, one of Aadhaar’s biometric service providers. PwC has been employed by UIDAI to carry out security audits of its servers and of other partners in the Aadhaar programme. Cyveillance is one of the companies known to be working on behalf of the US Secret Service to monitor online data. According to documents submitted by the US Secret Service in court, Cyveillance trawls the internet for data that includes personal data of individuals. The data collected by Cyveillance is fed into PRISM, the NSA online spying programme that Edward Snowden uncloaked.
To a set of questions on Tech Mahindra’s links with Cyveillance, a spokesperson for the company said on email: “We don’t work with Cyveillance.”

A spokesperson for PwC said:“PWC India has no association with the body (Cyveillance) you mention. Since your query is about Aadhaar, please contact the UIDAI.”
***
In 2005, Peter Thiel teamed up with his former roommate and geek extraordinaire Alexander Karp to start a data analysis company. They called it Palantir, after the magical seeing stones in the Lord of the Rings trilogy, which allows the user to see across vast distances of space and time and track people. Karp was an unusual choice to head a technological company, having done his doctorate under Jurgen Habermas, one of the 20th century’s  great sociologists and philosophers. But the success of Palantir was the story of how a Silicon Valley start-up conquered the upper echelons of the military-industrial complex, where a group of geeky engineers who believed they could help catch terrorists with superior technology broke into the domain of big time defence players like Booz Allen Hamilton who worked with intelligence agencies, corporates and politicians and spent millions of dollars on lobbying. It was a bottom-up insurgency, where the product they had to sell was so game changing that in a few years Palantir become the hottest property in the intelligence community; an indispensable analytical tool that left intelligence agencies gushing, and privacy activists  alarmed  at the combination of Big Brother and Big Data.

But all this was still in the future. In 2005, Palantir could not interest any big investor in their product. What saved the company was $2 million in funding from InQTel, a strategic venture capital firm owned by the CIA. As CIA director in 1999, Tenet co-founded InQTel, with the idea that the CIA would invest in research by commercial companies that would be useful for the agency’s work, a recognition that innovation in technology has moved from the government sector to Silicon Valley and its start-ups. Tenet has been a trustee of InQTel since he left the CIA.

As Palantir starts to take off in the world of intelligence analysis, A&C, the bank for which Tenet worked, became an investor. Tenet became advisor to the data surveillance company. Alexander Karp is reported to be personal friends with both Tenet and the owner of Allen & Co.

Palantir started out as a company run by idealists who wanted to help the government catch the bad guys. Karp in particular was big on protecting data privacy. But as it became more and more embedded within the state intelligence apparatus, the potential for misuse of its  technology started to become obvious. In early 2011, leaked emails showed that a Palantir engineer had agreed to a plan by another security firm—HB Gary—to attack and bring down the WikiLeaks site. The mission was to help Palantir’s clients, Bank of America and the Chamber of Commerce. WikiLeaks announced that it would be releasing documents about the Bank of America. The plan also sought to target journalist Glen Greenwald who had revealed Edward Snowden’s information about the NSA’s massive secret surveillance programme. The CEO of HB Gary Aaron Barr resigned in disgrace. The attempt to target Greenwald destroyed Palantir’s claims about protecting citizens’ privacy from Big Brother, showing how easily surveillance technology can be used to target dissidents and those questioning the State.

In March this year, a group of protestors gathered outside Peter Thiel’s mansion against Palantir building software for the Trump administration that can mine massive amounts of data to identify illegal immigrants whom the administration wants to deport. One of the signs said “Don’t build software for Mordor.” The reference is to the castle of Sauron, the dark lord of Tolkien’s fantasy world. Commentators who have watched Palantir’s relationship to America’s national security state, have often remarked about the irony of Thiel and Karp’s adoption of the magical artifact “Palantir” as  their company’s name. The Palantir is a perfect metaphor for the double edged relationship Silicon Valley has with the national security state. For in Tolkein’s world, the Palantir is ultimately controlled by Sauron, and those who gaze into it in the hope of gaining information, get corrupted and captured by the power of Sauron’s all-seeing eye.

Fountain Ink sent a detailed questionnaire to UIDAI chairman J. Satyanarayana, CEO A. B. Pandey and deputy director-general Y. L. P. Rao, asking whether the UIDAI knew about the relationship of L-1 Identity and Morpho with American and British intelligence agencies and the US-European military-industrial complex. The questionnaire also asked about access to biometric and demographic data of Indian citizens the biometric vendors had. The UIDAI was also asked about any security measures in place to check for malware or backdoor access by state actors in the software and hardware used by the biometric companies to implement Aadhaar. There was no acknowledgement of the mails from UIDAI.

Update, June 3, 2017: Responses from Tech Mahindra and PricewaterhouseCoppers added.

Correction: The print version of the story identified Chad Sweet as Ted Cruz’s campaign manager. He is, in fact, the campaign chairman. 
The cover story of the June 2017 edition of Fountain Ink.