By Sudhir Vombatkere
14 September, 2011
Countercurrents.org
Dear Sri Nandan Nilekani,
I have sent you (by e-mail to
Further to my earlier communication, I note with alarm that Google has admitted to handing over user data stored in its European data banks to USA's intelligence agencies, since it is a company registered in USA and is obliged to do so according to the US Patriot Act. You would also be aware that Gordon Frazer, Microsoft UK's managing director, made news headlines recently when he admitted that Microsoft can be compelled to share data with the US government regardless of where it is hosted in the world. Further, the firms can be forced to keep quiet about it in order to avoid exposing active investigations that may alert those targeted by the probes.
As shown in the UIDAI website, contracts for collaboration have been awarded by UIDAI to various firms, and some of them are foreign firms. I write with particular reference to M/s Ernst & Young which has been awarded the contract for setting up the Central ID Data Repository (CIDR) and Selection of Managed Service Provider (MSP). Also, M/s L-1 Identity Solutions and M/s Accenture Services have been awarded contracts when both these firms are connected with the intelligence services in USA. It is my fear that intelligence-trained individuals in these firms will gain access to information in CIDR or the route to access that information. This will facilitate a cyber strike by an unfriendly nation or even a terrorist organization. There is little use arguing that we will have the tightest possible security, because our security is rather poor, considering that PMO's system has been hacked (possibly by the Chinese) and recently Union Finance Minister Pranab Mukherjee's office was bugged.
Creating an all-eggs-in-one-basket CIDR therefore appears risky in a lax security atmosphere. It is puzzling how such security risks have not been taken into account. Some members of the Parliamentary Standing Committee on Finance are only questioning the huge expenditures on the UID Project. The security issues can only be addressed in the national interest by a national body that has experience in the cyber security field.
You would be aware of the matter of the Indian Institute of Science (IISc), Bangalore, signing an agreement to set up a telecom laboratory with Huawei Technologies which has links with the Chinese government and PLA. As reported in the media, this was objected by the Indian intelligence community, which had expressed prior disapproval. That the same Indian intelligence agencies are silent on awarding contracts to US firms that have close links with USA's intelligence agencies for directly handling high security systems of UIDAI is puzzling for any thinking Indian. It would be well to repeat that any or all information that these firms obtain legally or illegally would be available to USA's intelligence agencies by authority of the Patriot Act, and what is more, the firm can be forced by the same law to remain silent on whether or what information has been passed on.
I earnestly request you to immediately respond to these genuine concerns regarding national security and safety.
Yours sincerely,
Sudhir Vombatkere
(Maj Gen S.G.Vombatkere (Retd))
475, 7th Main Road
Vijayanagar 1st Stage
Mysore-570017
E-mail: