| GOVIND KRISHNAN V. Bangalore | 25Th Dec |
The biometric and demographic data collected for Aadhar may be extremely vulnerable to access by foreign intelligence services, defence services and multinationals interested in the commercial use of the data.
A woman looks at an Iris scanner during data collection for UIDAI, in a village near Bangalore. AFP
The three private entities contracted by the Unique Identification Authority of India (UIDAI) for biometric solutions for Aadhar, have strong ties with the US and the French intelligence or defence establishments. The machines that collect fingerprints and iris scans are being supplied by L1 Identity Solutions, a US security and identity company, which is a major contractor for the US intelligence and defence department. George Tenet, ex-chief of the Central Intelligence Agency (CIA), Loius Freeh, former head of the Federal Bureau of Investigation (FBI) and Admiral Loy, who was the acting director of US Homeland Security are among current or former members of L1's board of directors.
The de-duplication of Aadhar data is being done by Morpho-Satyam, a consortium formed between Mahindra Satyam and Morpho, which is a subsidiary of Safran, a French identity and defence supplier. The French government owns 30% stake in Safran and has four representatives in its board of directors. In July, Safran acquired L1 Identity Solutions and partly merged it with Morpho.
The three private entities contracted by the UIDAI for biometric solutions for Aadhar, have strong ties with the US and the French intelligence or defence establishments. |
The UIDAI gave contracts for processing and verifying biometric data to Morpho-Satyam, L1 Identity Solutions and software company Accenture on 30 July 2010 without a tender process. On 20 September 2010, Morpho signed a merger agreement with the American Identity Company. In effect, the UIDAI has given two contracts to the same company. An email sent to UIDAI officials, including chairperson Nandan Nilekani, enquiring whether UIDAI was aware of the upcoming merger between Morpho and L1 Identity Solutions, did not fetch a reply.
A striking instance of conflict of interest is the contract given to Syscom Corporation in Noida to enrol people for Aadhar. Syscom, which was empanelled to collect Aadhar data in all states and union territories, is an Indian subsidiary of Safran. If biometric data collected by Syscom is de-duplicated by Morpho-Satyam, you have a situation where the agency collecting the data and the one verifying it to check possible duplication by the enrolment agency, are both owned by Safran. The biometric technology used belongs to L1 Identity Solutions, again owned by Safran.
Sachin Datta of Syscom, however, says there is no safety issue or conflict of interest. "Morpho and Syscom are two separate entities. The data we send to the UIDAI is encrypted and more than one company is involved in the de-duplication," he said.
Robert La Penta, the head and founder of L1 Identity Solutions, has been dogged by controversy. Before he founded L1, Penta worked for Loral Space and Communications, which he left as vice-president in 1996, two months after the crash of a Chinese rocket which used Loral's technology. After investigation, the US State Department accused Loral of passing sensitive material to the Chinese illegally and the company paid a fine of US $20 million in 2002 to settle the charges without admitting guilt.
"If you have given the job of data gathering, verification and storage to private entities with links to foreign intelligence agencies, it makes it childishly simple for these agencies to create fake identities of Indian citizens. What prevents any of these companies from enrolling people under multiple identities and clearing their biometric data when it is sent to them for de-duplication?
Even more dangerous, if you are giving such private entities access to the database, foreign intelligence agencies could access information about every Indian citizen," said Colonel Mathew Thomas, a former army officer, who is familiar with intelligence operations.
UIDAI has made conflicting statements about whether these companies would have access only to biometric data for de-duplication or whether they will be provided with access to demographic data as well. The demographic data collected by various registrars include highly personal information like bank account numbers, e-mail Ids, mobile numbers etc.
Mails sent to UIDAI officials, Safran and Mahindra Satyam asking for clarification about the data given to these companies and about the existence of technological safeguards or auditory mechanisms to prevent data theft and manipulation, were not answered.
A written reply from Accenture said that the company has been given only biometric data, but indicated that the UIDAI may not have insisted on any technological safeguards: "The Accenture Team does not have access to full data; we don't ever have an opportunity to touch a full record comprising of demographic and biometric data. Accenture is bound by the confidentiality obligations in the contract executed with UIDAI. Regarding the technological safeguards, please reach out to UIDAI directly."
Though Accenture is not known to be involved in any violation of government contracts in India, the company has been accused by the US government of taking kickbacks from other software companies for handing out US defence contracts.
Accenture paid US $63.7 million to settle a lawsuit in an Arkansas court regarding the alleged kickbacks, but has denied any wrongdoing. Accenture originated as the business and technology consulting division of Arthur Anderson, before it split from Anderson in 2000.
Arthur Anderson, one of the largest accounting firms in the US, surrendered its public accounting licence after it was implicated for its loose accounting in the Enron scandal, one of the biggest corporate frauds in American history.
"Accenture has never engaged in the practice of public accounting, we were not involved in the Enron matter and from our establishment in 1989 until our incorporation in 2001, Accenture was a separate legal entity from Arthur Andersen and operated independently from that company," Accenture said in its written response.
On 16 November 2010, Nandan Nilekani was given the ID Limelight award by the ID World International Congress in Milan. Safran was one of the primary sponsors of the event. Some anti-UID activists point out that Morpho-Satyam was given the contact by UIDAI barely three months back. In 2008, the same award was given to Tariq Malik, deputy chairperson of National Database and Registration Authority (NADRA), Pakistan's version of the UID project. The biometric solutions for NADRA are also being provided by L1 Identity Solutions.
"There is no doubt that it was highly unethical on the part of Nilekani to accept the award, " said Venkatesh Bubberjung, a Bangalore-based lawyer fighting a case to have the Aadhar project scrapped.
