In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Tuesday, June 26, 2012

2636 - A Tale of Errors - R.Ramakumar

GOVERNANCE
A tale of errors
R. RAMAKUMAR


Contrary to the claims of the UIDAI, fingerprints are a highly inappropriate tool to uniquely identify individuals. 
K. MURALI KUMAR 


Nandan Nilekani, UIDAI Chairman. In an interview he said the Biometric Standards Committee had “recommended the inclusion of iris to the biometric modalities”, which is not true.

Case 1: “There are nine checks on visa nationals arriving into the U.K. [United Kingdom]. The fingerprint matching check is the most recent. It is the least reliable. It is the least effective in terms of delivering against our requirements….”

So stated Brodie Clark, the former head of the United Kingdom Border Force, to a stunned Home Affairs Committee on November 15, 2011. Clark was giving oral evidence to the committee on why he had authorised the suspension of fingerprint checks during busy hours at U.K. airports. Pressed further, Clark said, “I knew of it, and I approved it because it was a very sensible thing.”

Case 2: “The FBI [Federal Bureau of Investigation] apologises to Mr Mayfield and his family for the hardships that this matter has caused.”

The FBI’s apology came in a public statement, dated May 24, 2004. Brandon Mayfield was an attorney in Oregon and a Muslim convert who was held as a material witness in the Madrid bombing of March 11, 2004. The Spanish police had located a latent fingerprint on a bag that contained explosives and sent it to the FBI. The FBI shortlisted potential matches from its fingerprint database. Two fingerprint experts, one internal and another external, concluded that the latent fingerprint belonged to Mayfield; one expert termed the match as “100% identification”. Mayfield was jailed on the basis of the fingerprint match. Two weeks later, the Spanish police informed the FBI that they had independently matched the latent print with Ouhnane Daoud, an Algerian national living in Spain.

The FBI’s fingerprint gaffe on Mayfield was not the first in the U.S. A few years earlier, Stephen Cowans had to serve a jail sentence of more than six years in Boston on the basis of a false fingerprint match. He was exonerated on the basis of DNA evidence.

For years, the infallibility of fingerprints as a mark of uniqueness has been some sort of a fairy tale. But with increasing cases of fingerprint mismatches leading to human rights violations like prison detentions, the confidence is waning. Indeed, it was such loss of confidence that contributed to the shelving of national identity projects in the U.K. and many other countries.

If the confidence is waning globally, in India there appears to be a deeply intriguing faith in the use of fingerprints in establishing unique identity for a population of 120 crore. The Aadhaar project is a classic example. Biometrics – particularly fingerprints – is a central feature of the Aadhaar project. That a Parliamentary Standing Committee had torn apart the robustness of the fingerprint technology – calling it “untested and unreliable” – is dismissed by the government. While time will indeed prove this faith misplaced, some immediate respect for the sceptical voice appears to be long overdue.

The entry of biometrics into Aadhaar is characteristic of how governments evade laws and misrepresent expert opinion to insert untested ideas into policy. In 2009 itself, the Biometric Standards Committee (BSC) of the Unique Identification Authority of India (UIDAI) was circumspect about using fingerprints in Aadhaar. It had stated that “retaining efficacy while scaling the database size… to a billion has not been adequately analysed”. The BSC also stated that “fingerprint quality, the most important variable for determining de-duplication accuracy, has not been studied in depth in the Indian context”. The reason: a large share of the population is dependent on hard manual labour, leading to worn-out fingerprints. This was an early note of caution, which the UIDAI ignored.

Even the BSC had failed to list out the problems of fingerprints comprehensively. For instance, the BSC was silent on the issue of “template ageing”, that is, an increase in “false rejection rates” as people age and sensor characteristics of fingerprint devices change. According to Kevin Bowyer of the University of Notre Dame, physical ageing of fingers results in decreased suppleness of the skin, more wrinkles, lesser flexibility of joints, and accumulated cuts and scars, all of which change the fingerprint itself. This implies the need to re-enrol a large proportion of people almost annually, making the system vulnerable to fraud.

There was another note of caution on fingerprints, which too was ignored. A report from 4G Identity Solutions, a supplier and consultant for the UIDAI, had mentioned in 2009 itself that about 15 per cent of the Indian population may fail to enrol because of unreadable fingerprints. It specifically noted that “people above 60 years and young children below 12 years may have difficulty enrolling in a fingerprinting system”.

On iris scans, the BSC was even more circumspect. It did not even provide error estimates for iris scans owing to the “absence of empirical Indian data”. It suggested the use of iris scans only “if they [UIDAI] feel it is required”. This stance of the BSC did not dissuade the UIDAI from deciding to scan irises too at enrolment. In fact, in a clear case of fudge, UIDAI Chairman Nandan Nilekani stated in an interview to PlanetBiometrics (July 5, 2010) that the BSC had “ recommended the inclusion of iris to the biometric modalities”. This was wrong; the BSC never made such a recommendation.

T. VIJAYA KUMAR 
An elderly woman being assisted in getting her fingerprinting done by the staff of the Aadhar biometric enrolment centre at Don Bosco School in Guntur, Andhra Pradesh, in February 2011. The elderly constitute a group that will be massively excluded because of the fallibility of the fingerprint technology.

It is becoming increasingly clear that the decision to include biometrics in Aadhaar had no scientific basis and flew in the face of available evidence (see “How Reliable is UID?”, Frontline, November 19, 2011). Recent evidence suggests that the chickens are indeed coming home to roost.

Biometrics appears at two stages in the Aadhaar project. The first stage is “enrolment”, where three sets of biometrics are collected from each resident: a photograph, fingerprints of all 10 fingers and iris scans of both eyes. The fingerprints and iris scans are used to uniquely identify (or “de-duplicate”) each resident and allot a unique Aadhaar number. The second stage is “authentication”; here, a service would be provided to residents only upon confirmation that his/her fingerprint “matches” the fingerprint stored against his/her name in the enrolment database. Iris scans are not used at the stage of authentication.

I shall try to argue here that at both the stages – enrolment and authentication – the quantum of errors associated with biometrics is too large to be ignored.


Errors in enrolment

Let us first take enrolment. Facts emerging from the ground reveal that there have been widespread errors at this stage and that biometrics has been of little help.

First, in Hyderabad, a data entry supervisor by the name of Mohammed Ali – a former employee of the Infrastructure Leasing and Financial Services Limited (IL&FS) – was shown to have enrolled more than 30,000 residents in a short span of three months. According to reports, all the 30,000 applicants had been issued Aadhaar numbers. There were two interesting aspects with respect to biometrics in this scam.

(a) Out of the 30,000 residents enrolled, about 870 people were enrolled as physically disabled (“biometric exceptions” in the UIDAI parlance). Their biometric information was not recorded. It is unclear as to how many of these 870 were actually disabled because most of their addresses were fake. It is also unclear as to how many thousands of such fake enrolments have already taken place across India.

(b) A large proportion of the 30,000 residents enrolled were not enrolled by Ali (because Ali had left IL&FS in between). Instead, these enrolments were done across 17 enrolment centres by other supervisors who used Ali’s login and password. While logging into the system, along with the login and password, supervisors have to submit their fingerprints. Typically, if the supervisor’s fingerprints were not matched as Ali’s, the system should have rejected access. Yet, all the supervisors could gain access to the system using their fingerprints. Clearly, the system was not able to identify the supplied fingerprints as not Ali’s.

Secondly, in what has been the most hilarious Aadhaar number provision to date, one Aadhaar number (4991-1866-5246) was issued in Anantapur district of Andhra Pradesh to a person named Mr Kothimeera (that is, coriander), with his father’s name as Mr Palav (biryani) and address as Gongura Tota, Mamidikaya Vooru (Mango village), Jambuladinne, Anantapur, Andhra Pradesh - 515731. To top it, the date of birth of Mr Kothimeera was recorded as 1887, and the photograph on the card was that of a mobile phone. It is as yet unclear as to what biometric records were supplied with “Mr Kothimeera’s” demographic details and how it passed the test of biometric de-duplication.

Thirdly, the Department of Posts is on record that across India, as on April 20, 6.46 lakh Aadhaar letters posted were returned because the addresses did not exist. In Andhra Pradesh itself, about 50,000 Aadhaar letters were lying undelivered because the addresses were fake. In Karwar, Ankola, Kumta, Honnavar and Bhatkal taluks of Karnataka, about 7,000 Aadhaar letters were lying undelivered because the addresses were fake. While fake addresses have nothing to do with biometrics per se, they provide corroborative evidence to the widespread fraud that takes place at enrolment.

In sum, biometrics has not been able to prevent large-scale errors at the enrolment stage itself. Available evidence itself is persuasive, and it may be logically suspected that unreported errors are of a far larger magnitude.

Errors in authentication


Interestingly, while three sets of biometrics are collected at the time of enrolment, only one set – fingerprints – is used for authentication. As R.S. Sharma, the Mission Director of the UIDAI, confirmed in an interview to Frontline in 2011, “fingerprint is the basic mode of authentication”. According to Nandan Nilekani, iris scans are not used at authentication because “it’s not a mature technology”. For the moment, we shall postpone asking the reasons for tweaking expert opinion and deciding to use an immature technology at the stage of enrolment.


In his Frontline interview, Sharma admitted that the “quality of fingerprints… poses a challenge for later authentication”. He also stated that “for manual labourers, this authentication will be difficult because only one or two of the 10 fingerprints may be good”. It would appear that Sharma was foretelling what the UIDAI’s Proof of Concept (PoC) studies published in 2012 were to reveal. The PoC studies reveal that fingerprint-based authentication of large populations is largely a non-starter, and point towards enormous risks of exclusion.

The PoC studies were internal studies on small populations conducted by the UIDAI to test the robustness of real-time, fingerprint-based authentication. There was no external review. In Phase 1, a small sample of 14,220 residents was studied in Tumkur district of Karnataka. In Phase 2, about 35,000 Aadhaar holders were covered across four States.

First, the results confirm the fear that most people in rural areas have unreadable fingerprints. There was also significant variation of quality across the fingerprints of each individual. However, the UIDAI does not admit this in as many words. Instead, the PoC report says: “Certain fingers were observed to provide better authentication accuracy due to good fingerprint ridges and hence better image quality.” Further, it says that “providing multiple attempts of the same finger was seen to improve resident’s chances of successful authentication”. Finally, “senior residents (60+) had the highest rejection rates”; age-wise rejection rates, however, are not provided.

Let us paraphrase the above three results: (a) only some fingers of residents showed best authentication accuracy; (b) even when fingerprint quality was good, authentication was not always successful at the first try; and (c) residents above the age of 60 years showed poor authentication accuracy.

Secondly, to bypass the pervasive problem of poor fingerprint quality, the PoC study defines a “best finger”. It is the finger that “provides the highest chance of successful authentication”. The idea of a “best finger” is a cop-out from the real problem of poor fingerprint quality. Only 93.6 per cent of the residents possessed at least one best finger. Thus, for 6.4 per cent of the residents authentication was not possible with a single finger. In absolute terms, when extrapolated to the population of 120 crore, a 6.4 per cent share translates to 7.2 crore persons. While the use of more than one finger improves authentication accuracy, the figure of 93.6 per cent provides an insight into the potential extent of exclusion due to fingerprint authentication.

Thirdly, authentication was possible only in the case of 93.5 per cent of residents with a single finger at the first attempt itself (see figure). In other words, in the case of about 6.5 per cent of residents (translating to 7.8 crore residents, when applied to 120 crore) authentication was not possible at the first attempt with a single finger. Even when three attempts were allowed, only 96.5 per cent of residents were able to be authenticated.

In India, even a small share of exclusion from authentication can imply the actual exclusion of crores of individuals. Further, when applied to larger populations, the share of residents without one best finger is likely to rise sharply. At 120 crore people, it is impossible to forecast what this share would explode into.

Contrary to the claims of the UIDAI, fingerprints will be a highly inappropriate tool to uniquely identify individuals. Given multiple errors during enrolment and the potentially high error rates at authentication, the use of fingerprint authentication is likely to foster a regime of misidentification and exclusion. Worse still, exclusion will be most acute among poor manual labourers. The poor record of fingerprint readers in U.K. airports and frequent fingerprint mismatches in the U.S. were also a result of fallibilities in the fingerprint technology.

The elderly is another group that would be massively excluded. As the PoC reports admit, those above 60 years had the “highest rejection rates” at authentication. Yet, the Mid-Term Review of the Eleventh Plan by the Planning Commission has recommended the use of Aadhaar fingerprints to pay pension to the elderly through the National Social Assistance Programme (NSAP). The recommendation is to use “banking correspondents”, who would carry handheld fingerprint devices, to make “payments at the doorstep”. A sure recipe for exclusion, it would appear.

In fact, the only group that appears certain to gain from the Aadhaar project is the global biometric industry. As Nandan Nilekani suggested in an interview, “the Unique Identification Project is creating new opportunities for biometric technology…. Our success can, therefore, determine the course the industry will take, since these technologies will be tested in India on an unprecedented scale.” On the other hand, the losses are likely to be felt mostly by the poor. It would be an irony that a project that is marketed in the name of “including the poor” would end up excluding them massively from whatever meagre provisions they obtain from the state today.

R. Ramakumar is Associate Professor at the Tata Institute of Social Sciences, Mumbai.

2635 - Mankind’s Biggest Identification Database will Create Permanent Emergency Architecture


Media Briefing Paper
                                                                                                                             June 25, 2012

Mankind’s Biggest Identification Database will Create Permanent Emergency Architecture

Data Mining Mafia Threatens National Security and Citizens Rights  

Citizens Must Boycott Biometric Information Based Registers like CIDR, NPR & DNA Bank 

New Chief Election Commissioner Should Cancel Proposal to link UID with Voter Card   

The Presidential candidate of Indian National Congress led United Progressive Alliance, Pranab Kumar Mukherjee owes an answer to the question: Will “online data base” of residents of India (inclusive of citizens) safeguard the sovereignty of the Republic? The biggest-ever database being attempted in the history of mankind merits a rigorous political debate. An autocratic social control technology regime is silently giving birth to a permanent emergency architecture.

In his 2009-10 Budget Speech as Finance Minister, Mukherjee had said, “The UIDAI (Unique Identification Authority of India) will set up an online data base with identity and biometric details of Indian residents and provide enrolment and verification services across the country.” In an act of Himalayan blunder, h did not seek any ‘legislative framework’. When he did through Union Ministry of Planning, there was an effort to turn Parliament into a rubber stamp; its proposal was rejected by the Parliamentary Committee on Finance. Revealing his callousness towards lack of the legal mandate, he continued to make budgetary allocations for UIDAI from 2009 till 2012.

Under the chapter, ‘Creating an appropriate legislative framework’ the White Paper on Black Money prepared by Union Finance Ministry during is current tenure elaborates on the role of the Unique Identity (UID)-Aadhaar project. The relevant text of the White Paper at page 49 reads: “As announced by the Finance Minister in his Budget speech, enrolments into the Aadhaar system have crossed 20 crore and the Aadhaar numbers generated up to date 14 crore. Adequate funds have been allocated for completing another 40 crore enrolments starting from 1 April 2012. The Aadhaar platform will facilitate payments under the Mahatma Gandhi National Rural Employment Guarantee Act (MG-NREGA); old age, widow and disability pensions; and scholarships to be made directly into beneficiary accounts in selected areas. This initiative will cut down corruption and the generation of black money in India.” It is ironical that Unique Identity (UID)-Aadhaar project is mentioned under the title ‘Creating an appropriate legislative framework’ because its Centralized Identities Data Register (CIDR) is being prepared outside any ‘appropriate legislative framework’. 

The biometric data based ‘20 crore enrollments’ and 14 crore Aadhaar numbers generated so far are illegal. It is in contempt of Parliament. In any case even these figures do not appear to be reliable because there are several inconsistencies.

It is noteworthy that the Union Cabinet approved the scheme for creation of Union Home Ministry’s National Population Register (NPR) of usual residents of the country on March 19, 2010. Even before this approval the terms of reference of Planning Commission’s notification to set up UIDAI for Centalized Identities Data Register (CIDR) dated January 28, 2009 referred to collation of NPR and UID data. Therefore, the reported conflict between Home Ministry and UIDAI appears managed for public consumption.  

Both CIDR and NPR schemes are for unique identification that involves collection of demographic and biometric information from usual residents of India. After Parliamentary Standing Committee (PSC) on Finance rejected the National Identification Authority of India Bill, 2012, now there is a proposal for a National Human DNA Profiling Bill, 2012 which is also about unique identification based on collection of biometric information like DNA.  PSC had taken cognizance of the possibility of ‘manipulation of biometric information’. 

While use of biometric technology, an advanced technique for the identification of humans, based on their characteristics or traits is unfolding there is agency within India to. These traits can be face, fingerprint, iris, voice, signature, palm, vein, and DNA. DNA recognition and vein recognition are the latest and most advanced types of biometric authentication.  Biometric technology is being deployed in the application areas like government, travel and immigration, banking and finance, and defense. Government applications cover voting, personal ID, license, building access, etc.; whereas travel and immigration use biometric authentication for border access control, immigration, detection of explosives at the airports, etc. Banking and finance sector use biometric authentication for account access, ATM security, etc. In two separate letters to the National Human Rights Commission and President of India, Citizens Forum for Civil Liberties (CFCL) has underlined how Human DNA Profiling Bill, 2012 will lead to dangerous erosion of privacy and how black projects like CIDR and NPR are part of the black economy and part of the solution as suggested in the White Paper on Black Money. Both the letter are attached.      

Newspapers and other news agencies have generally failed to note the implications of the recommendations of the PSC wherein it says, “The collection of biometric information and its linkage with personal information of individuals without amendment to the Citizenship Act, 1955 as well as the Citizenship (Registration of Citizens and Issue of National Identity Cards) Rules, 2003, appears to be beyond the scope of subordinate legislation, which needs to be examined in detail by Parliament.” Now that the opinion of the Attorney-General of India defending governmental action in regard to issuance of Planning Commission’s notification to set up UIDAI has rightly been rejected by the Government, logically, till such parent legislation is passed which mandates collection of biometric information by UIDAI and Home Ministry’s Registrar General of NPR, the implementation of both CIDR and NPR must be put on hold. 

PSC recorded the legal opinion saying, “Article 20 (3) of the Constitution provides protection against 23 compulsory extraction of personal information. Denying services, and rights, to persons because they are unwilling to part with the information in a manner that is more than likely to result in convergence and commodification of their personal information, surveillance, profiling, tagging and tracking is compulsory extraction that clearly reduces the constitutional rights of an ordinary citizen to less than that of an alleged offender.” Most media persons have ignored that the CIDR and NPR is being implemented in violation of the Constitution.   

The Union Cabinet on June 7, 2012 decided that both the Union Home Ministry and the UIDAI will collect biometric data of 1.2 billion Indians. In January, 2012 the Cabinet Committee on UIDAI Related Matters set up on October 22, 2009 was reported to have resolved the issue of conflict and duplication of work between UID and NPR. The June 2012 cabinet meeting clearly shows that a section of media which is simply reproducing government’s version was misled into believing that conflict between Planning Commission’s UIDAI and Home Ministry’s NPR does not fester anymore.   

A section of media is being briefed incorrectly by the interested parties in the matter of NPR and CIDR. It is being reported as truth that the NPR which would lead to a resident identity card and will culminate in a citizenship card based on biometric data has legal mandate to do so.

A section media has been acting like a stenographer of UIDAI which has been reporting with a blinkers on about how CIDR project is compiling Aadhaar seeks to provide unique identity numbers for access to government’s social welfare benefits to ‘residents’ of the country like Dalai Lama and ‘certain other persons’. This section of media does not realize that government’s social welfare benefits are for citizens and not for the ‘residents’ and residentship does not entitle people to access these benefits. Also till date media has not inquired about who these ‘certain other persons’ are.  

"The collection of photographs and biometrics has been facing hurdles at every step on account approach of the UIDAI, which, it seems, has failed to appreciate the core purpose of the National Population Register" Union Home Minister reportedly wrote in his letter to the Prime Minister in violation of Union Cabinet's decision "Despite clear orders from the cabinet, the UIDAI is objecting to the conduct of NPR camps in certain states and is also refusing to accept the biometric data of NPR for de-duplication and generation of Aadhaar number".

Under the influence of biometric technology companies, besides Planning Commission’s UIDAI and Home Ministry, Department of Public Distribution System, Ministry of Rural Development,  (MoRD), the Rashtriya Swasthya Bima Yojana, Banks, Department of Social Welfare, Post Office, States’ Education Departments etc have started collecting biometric information without any legal mandate. 

India is a federal structure and there is a clear distinction between the role of central and state governments but CIDR and NPR appear to be trying to converge sates’ power and subordinating citizens rights and converting them into subjects.

In the meanwhile, in UK civil rights activists are protesting about the involvement of Lockheed Martin in the census of 2011. In a judicial review, lawyers are arguing that the Office for National Statistics' decision to grant a data processing contract to a UK subsidiary of the US defence contractor Lockheed Martin breaches right to privacy as guaranteed by the European convention on human rights. In India too, although Section 15 of the Census Act 1948 provides that census records 'will not be open to inspection or admissible as evidence', given the fact that Home Ministry’s Census Commissioner is also ex-officio Registrar General of India for NPR structurally betrays the confidentiality promised because NPR is open to ‘social vetting’.  

The PSC during briefing on the UID Bill raised inter-alia the issue of possibility of dovetailing the UID exercise with the census operation. In this regard, the Ministry of Planning in their written reply have, among other things, stated as follows, “….the UIDAI is adopting a multiple registrar approach and the Registrar General of India (RGI) will be one of the Registrars of the UIDAI. To synergize the two exercises, an Inter Ministerial Coordination Committee has been set up to minimize duplication. The UIDAI is making all efforts to synergize with National Population Register (NPR) exercise….”  

Planning Commission’s ‘voluntary’ database of Indian residents based on biometric data which is linked to country's first ever ‘compulsory’ National Population Register (NPR), a biometric data based comprehensive identity database of ‘usual residents of the country’ to be maintained by the Registrar General and Census Commissioner of India, Union Ministry of Home Affairs and the 15th National Census.  On March 16, 2011 MoU was signed between UIDAI and Union Home Ministry’s Registrar General of National Population Register (NPR), Dr C Chandramouli for convergence of their respective data. As a consequence a deliberate but a major lapse has occurred which needs to be urgently rectified. Under law the census data is confidential which cannot be given even to the courts but data collected for NPR is not confidential.

"The Census process involves visiting each and every household and gathering particulars by asking questions and filling up Census Forms. The information collected about individuals is kept absolutely confidential. In fact this information is not accessible even to Courts of law."Reference: http://censusindia.gov.in/2011-FAQ/FAQ-Public.html But UID and NPR have violated the promised confidentiality. A careful reading of even the FAQ reveals it. This means that data of UIDAI, NPR and Census is being converged without any legal mandate. Thus, it was not surprising that the National Identification Authority of India (NIDAI) Bill, 2010 that has been rejected by PSC, made a provision in it to seek the rubber stamp of the Parliament for all the acts of omission and commission (as per Section 57 of the Bill) by UIDAI since January 28, 2009 when it was set up as per a notification of Planning Commission.

CIDR and NPR project a questionable imitation of initiatives launched by International Financial Institutions (IFIs) like World Bank Group, North Atlantic Treaty Organisation (NATO), a 28-nation military alliance and Business Enterprise Architecture of USA’s Department of Defense which was designed to assist the transformation. Not only are all the ideas, initiatives, proposals but also the words, phrases and punctuations being used by proponents of UID-Aadhaar like projects is borrowed from IFIs, NATO and USA’ Department of Defense.

The idea of UID/Aadhaar Number proposed by UIDAI is a replication of Pakistan's National Database & Registration Authority (NADRA) that was established in March 2000 to provide integrated homeland security solutions in Pakistan. The program replaced the paper based Personal Identity System of Pakistan that had been in use since 1971.This year is also quite important. NADRA violated fundamental human rights in Pakistan. UIDAI violates fundamental human rights in India.

In his book Imagining India, Nilekani has argued that national ID system would be a big step for land markets to facilitate right to property and undoing of abolition of right to property in 1978 in order to bring down poverty! Not surprisingly, Section 10 and 36 of Union Rural Development Ministry’s Land Titling Bill, 2011 provides for linking land titles to UID/Aadhaar.  

Government, the Parliament and the citizens must not be misled by unelected cabinet minister ranked officials who say, “Technology has no history and no bias, it treats everyone the same way.” The collective colonial experience and the history of technologies have revealed that it is the owners of such technologies who are true beneficiaries especially when it is used for social control and surveillance. These biometric information based projects are aimed at creating a perfect common land and water market among other things.

There is a compelling need to urgently assess the claims and risks of blindly trusting biometric, surveillance and identification technology companies who have made UID appear politically persuasive for the gullible ruling parties by cleverly intertwining it with the crying need for governance.

At page 75-76 the White Paper says, “While efforts such as UID and direct transfer of subsidies will stop leakages in some sectors, in other sectors the problem will have to be addressed differently” under the title ‘Strategies for Curbing Generation of Black Money through Illegal or Criminal Activities.’ The fact is whether or not biometric, surveillance, identification and security technology companies are involved in amassing Black Money as part of Black Economy-through electoral finance and other unrecorded means- is yet to be conclusively established.
Union Finance Ministry should be dissuaded from relying on illegal biometric profiling of citizens which is being done under UID-Aadhaar project. In fact, there is a need to set up a high powered independent commission to examine the impact of high-risk biometric, surveillance, identification and security technologies and threats to civil liberties and country’s security and sovereignty.

It has reliably been learnt that officials from companies like Infosys Technologies have been giving leadership training to leaders of the ruling parties. This may have impacted decision making with regard to UID-Aadhaar. It is noteworthy that the original vision document for Unique Identification Authority of India (UIDAI) prepared by Wipro Technologies Ltd in 2006 is missing. This merits probe.   

Recent news reports of efforts to put Union Finance Minister and Union Defence Minister under surveillance by unidentified agencies reveal that there is paucity of capacity to monitor or regulate these technologies. If this is the plight of the ministers and technologically challenged political class, the threat for citizens can easily be understood.    
Union Government must be persuaded to review its capacity to regulate an emerging identification technology regime that is undermining democracy and sovereignty.

The unfolding of World Bank Group’s  eTransform Initiative  with support from global partners such as Gemalto, IBM, L-1 Identity Solutions, Microsoft and Pfizer and two national governments of France and South Korea since April 2010 for implementing its Tranformational Government project to converge private sector, public sector and citizens sector.

In the meanwhile, the US biometric, identification and security technology company, L-1 Identity Solutions which was given contact by UIDAI on July 30, 2010 has been purchased by French company Safran Group whose subsidiary too had been awarded a contract on July 30, 2010 after national security clearance from US Senate Committee. This company is also in the business of biometric, identification and security technologies with French government having major investment in it. This company is in long term agreement with China as well. 

It has come to light that Shri Nilekani who heads Unique Identification Authority of India (UIDAI) in the rank of a Cabinet Minister was given ID Limelight Award at the ID WORLD International Congress in Italy. The key sponsors of Congress include Morpho (Safran group), a French multinational corporation specializing in ID credentials solutions incorporating biometrics application in passports, visas, ID documents, health and social benefits, elections, etc. Its subsidiary, Sagem Morpho Security Pvt. Ltd has been awarded contract for the purchase of Biometric Authentication Devices on February 2, 2011 by the UIDAI.  Earlier, on July 30, 2010, in a joint press release, it was announced that “the Mahindra Satyam and Morpho led consortium has been selected as one of the key partners to implement and deliver the Aadhaar program by UIDAI (Unique Identification Authority of India).” This means that at least two contracts have been awarded to the French conglomerate led consortium.  Is it a coincidence that Morpho (Safran group) sponsored the award to Chairman, UIDAI and the former got a contract from the latter?

Nilekani was given the award at the ID WORLD International Congress in 2010 held in Milan during November 16-18, 2010. One of the two Platinum Sponsors was Morpho (Safran group), a French high-technology company with three core businesses: Aerospace, Defense and Security.  Coincidentally, this Global Summit on Automatic Identification in 2009 had awarded Shri Tariq Malik, Deputy Chairman of Islamabad based National Database & Registration Authority (NADRA) too for implementing UID project in Pakistan.

Nilekani was given the award "For being the force behind a transformational project ID project in India...and "to provide identification cards for each resident across the country and would be used primarily as the basis for efficient delivery of welfare services. It would also act as a tool for effective monitoring of various programs and schemes of the Government."  There is a conflict of interest and it appears to be an act done in lieu of the contract. 

Notably, UIDAI awarded contracts to three companies namely, Satyam Computer Services Ltd. (Mahindra Satyam), as part of a “Morpho led consortium”, L1 Identity Solutions Operating Company and Accenture Services Pvt. Ltd of USA for the “Implementation of Biometric Solution for UIDAI” on July 30, 2010. L-1 Identity Solutions, Inc. is in the business of protecting and securing personal identities and assets. It claims that with the confidence in individual identities provided by L-1 to international governments, federal and state agencies, law enforcement and commercial businesses can better guard the public against global terrorism, crime and identity theft fostered by fraudulent identity. It is germane to note that L-1’s Intelligence Services Businesses were sold to BAE Systems, Inc. (the U.S. affiliate of BAE Systems plc). 

On September 20, 2010, L-1 Identity Solutions announced that it has entered into an agreement to be acquired by Safran in a merger transaction. As a result both Morpho led consortium and L-1 Identity Solutions who were awarded contracts are under Safran group company. Safran is a leading international high-technology group with three core businesses: Aerospace (propulsion and equipment), Defence and Security.  The transaction was subject to review by the U.S. Committee on Foreign Investment in the United States (CFIUS), an inter-agency committee of the United States Government that reviews the national security implications of foreign investments in U.S. companies or operations among other conditions. CFIUS notified on July 19, 2011 that “there are no unresolved national security concerns with respect to the transaction”.

Union Cabinet and the Parliament must scrutinize the roles of these companies which are involved in biometric information based projects.  

The manifest short term and long term foreign interest in biometric information based projects is aimed at creating ‘solutions architecture’ through linguistic corruption in the form of proposed National Information Utilities (NIUs) by Union Finance Ministry’s Technology Advisory Group on Unique projects. These NIUs are envisaged as private companies with public purpose and with profit making as the motive but not profit maximizing. The construction of this sentence betrays the ulterior motives of vested interests.  It appears that words indeed have meaning, which the masters give to it a classic case of nominalism, a tendency of the ruling elite to decide on the meaning of a word.

CFCL demands that the new Chief Election Commissioner, V.S. Sampath should rescind the dangerous proposal of S.Y. Quraishi, his predecessor to Union Ministry of Home Affairs asking it “to merge the Election IDcards with UID”. 

Such an exercise would mean rewriting and engineering the electoral ecosystem with the unconstitutional and illegal use of biometric technology in a context where electoral finance has become source of corruption and black money in the country. This would lead to linking of UID, Election ID and Electronic Voting Machines (EVMs) which is not as innocent and as politically neutral as it has been made out to be. It is noteworthy that all EVMs have a UID as well. This proposal makes a mockery of the recommendations of the Parliamentary Committee on Finance on UID Bill.

Most people who filled biometric information based UID/Aadhaar Enrolment Form have failed to observe Column 9 of the Form that reads: "I have no objection to the UIDAI sharing information provided by me to the UIDAI with agencies engaged in delivery of welfare services". In front of this column, there is a "Yes" and "No" option. Irrespective of what option residents of India exercise (which is being ticked automatically by the enroler in any case as of now), the fact is this information being collected for creating Centralized Identity Data Register (CIDR) and NPR (column 7) are being handed over to biometric technology companies like French Safran Group’s Satyam Computer Services/Sagem Morpho, L1 Identities Solutions and US Accenture Services of all shades who have already been awarded contracts. 

The reply of Davinder Kumar, Deputy Director General, UIDAI merits attention. He will have residents/ citizens of India believe that the three transnational biometric technology companies working with foreign intelligence agencies namely:1) Mahindra Satyam Computer Services/Sagem Morpho, 2) L1 Identities Solutions and 3) Accenture Services who were awarded contracts by UIDAI that “There are no means to verify whether the said companies are of US origin or not” in a reply to Right to Information (RTI) application dated 21st July, 2011. This is quite a stark act of omission and commission that is likely to put residents/citizens of India under surveillance using delivery of public services as fish bait forever.

Planning Commission and Nilekani should be asked to verify whether they know the country of origin of the award and the country of origin of their sponsors who were awarded contract by UIDAI prior to taking the award. Had Nilekani known about their country of origin, would he have taken the award in Italy? Now that the information has become public knowledge what is it that the Planning Commission and UIDAI intend to do about it?

UIDAI officials like its Deputy Director General do not have the “means to verify” the country of the origin of three companies in questions. CFCL informs them that the first company Morpho’s website is http://www.morpho.com/qui-sommes-nous/implantations-internationales/morpho-en-inde/?lang=en The information at the website of Morpho http://www.morpho.com/evenements-et-actualites-348/presse/mahindra-satyam-and-morpho-selected-to-deliver-india-s-next-generation-unique-identification-number-program?lang=en and Safran www.safran-group.com reveals its partnership with Mahindra Satyam.

The second company, L1 Identities Solutions is headquartered in Stamford, Connecticut, U.S website and its press releases at http://ir.l1id.com/releases.cfm?header=news reveal that the company received $24.5 Million in Purchase Orders in the Initial Phase of India's Unique Identification Number Program for Certified Agile TP (TM) Fingerprint Slap Devices and Mobile-Eyes(TM) Iris Cameras. http://ir.l1id.com/releasedetail.cfm?ReleaseID=509971). I submit that as a consequence of Safran’s purchase of L-1 Identity Solutions, the de-duplication contracts of UIDAI’s CIDR which was given to two companies on July 30, 2010, both contracts are with one company now.

Union Government and Parliament do not appear to have taken into account the uncertain corporate world of acquisitions and mergers. It seems to be part of unfolding of a surveillance movement based on global ID card. Commenting on the merger of the two biometric technology companies, Mark Lerner, the author of the book “Your Body is Your ID” says, “Safran is a French company, 30% owned by the French government”. Safran has a 40 year partnership with China in the aerospace and the security sectors too.

The third company, Accenture, a US company headquartered in Dublin, Republic of Ireland. It won US Department of Homeland Security’s contract for five years to design and implement the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program based on biometric technology for checking identities of foreigners visiting USA.  The contract includes five base years plus five option years mandated by U.S. Congress for Smart Border Alliance project.  It is one of the main privatized gatekeepers of US borders.

The attached Aadhaar Enrolment Form. There are ten columns in the Form seeking information. Column 7 refers to Union Home Ministry’s NPR and 9 which is linked to Centralized Identity Data Register (CIDR) of UID/Aadhaar, which is to be supervised by yet to be born NIAI. It is a strange case of the child- the UID/Aadhaar- having become more than 4 years old but the legislature, the parent is yet to take charge. It is evident that UIDAI is displaying manifest contempt towards Parliament. Residents of India are being enrolled for UID-Aadhaar without the passage of the required legislation. The same is true about NPR. 

The National Human Rights Commission has expressed grave concerns discrimination, protection of information and identity theft in its written submission. It is reported in NHRC newsletter, August 2011 at page no. 7 and 8. One opinion poll that at least 41 % of India's population is opposed to UID/Aadhaar, when publications and news channels get dictated by advertisements then truth in general and legislative truth in particular has become a casualty-the opposition is bigger than is being reported.

India's corporate media seems quite indulgent towards the emergence of a technology-based social control regime due to "Paid News" phenomenon; it is for the legislature to bring them under control by revealing the true nature of biometric information based identification exercises like.

Unmindful of the erosion of federal structure of the State Governments have been misled into signing MoUs with the UIDAI. For instance, Smaarftech Technologies, a company that provides e-governance solutions was assigned to do the job in Bihar for carrying out the Proof of Concept study. The iris recognition device that is being used by them comes from Florida-based Crossmatch Technologies, and is used by agencies like NASA and the Department of Homeland Security in the US. State governments have not been informed about its implications and they have not applied their legal imagination to fathom the threats from UID-Aadhaar related proposals.

These acts of convergence will undermine the constitutional rights and change the meaning of democracy as we know it. It is an act of changing both the form and content of democracy and democratic rights in a new technology based regime where technologies and technology companies are beyond regulation because they are bigger than the government and legislatures.

The old maxim, 'If you have nothing to hide, you have nothing to fear' has been given a very public burial. Database State, a report from the United Kingdom states, 'In October 2007, Her Majesty's Revenue and Customs lost two discs containing a copy of the entire child benefit database. Suddenly issues of privacy and data security were on the front page of most newspapers and leading the TV news bulletins. The millions of people affected by this data loss, who may have thought they had nothing to hide, were shown that they do have much to fear from the failures of the database state.'  No one knows for sure whether it was lost or sold.

There is a history of attempts by the old and new colonial and imperial powers to number human beings, create a database and put present and future generations under constant surveillance.

Under the US's Patriot Act, the US government can compel any US company to hand over information it holds for the purposes of a criminal investigation. In India, UIDAI has given contracts to US and French companies like Accenture and Safran Group which work with intelligence agencies of their countries and under their domestic laws the CIDR which will be handed over to them for de-duplication is likely to be disclosed to US and French government agencies on one pretext or the other. . 

The implementation of CIDR and NPR with without Parliaments‘approval sets a dangerous precedent in the Parliamentary form of Government. PSC report recorded that the legal view that “'delegated legislation' or 'subordinate legislation' has to be within the extent of the 'parent statute'….. It is a plain misconception to think that the executive can do what it pleases, including in relation to infringing constitutional rights and protections for the reason that Parliament and legislatures have the power to make law on the subject.”

The PSC report observes unequivocally, “The Committee are constrained to point out that in the instant case, since the law making is underway with the bill being pending, any executive action is as unethical and violative of Parliaments prerogatives as promulgation of an ordinance while one of the Houses of Parliament being in session.”
PSC recorded what the Philippines Supreme Court has said in this regard:” ……the data may be gathered for gainful and useful government purposes; but the existence of this vast reservoir of personal information constitutes a covert invitation to misuse, a temptation that may be too great for some of our authorities to resist” while rejecting a similar project.

It all started in the name of the poor. The concept of a Unique Identification (UID) scheme was first discussed and worked upon since 2006 when administrative approval for the scheme ―Unique ID for BPL families was given on 3rd March, 2006 by the Department of Information Technology, Ministry of Communications and Information Technology. This WIPRO document is missing from the public domain. The PSC report does not reveal whether or not it was given access to it.

PSC report take into account the report of the Biometrics Standards Committee set up by the UIDAI. It has recognized in its report that a fingerprints-based biometric system shall be at the core of the UIDAI‘s de-duplication efforts. It has further noted that it is: ―”…conscious of the fact that de-duplication of the magnitude required by the UIDAI has never been implemented in the world. In the global context, a de-duplication accuracy of 99% has been achieved so far, using good quality fingerprints against a database of up to fifty million. Two factors however, raise uncertainty about the accuracy that can be achieved through fingerprints. First, retaining efficacy while scaling the database size from fifty million to a billion has not been adequately analyzed. Second, fingerprint quality, the most important variable for determining de-duplication accuracy, has not been studied in depth in the Indian context.”

PSC asked to explain the reliability of technical architecture of the UID scheme, the Ministry of Planning in a detailed note on the NIDAI Bill have, among other things, stated as follows, ”The UID project is a complex technology project. Nowhere in the world has such a large biometric database of a billion people being maintained. The frontiers of technology in biometrics are being tested and used in the project…… The technical architecture of the UID scheme is at this point, is based on high-level assumptions. The architecture has been structured to ensure clear data verification, authentication and de-duplication, while ensuring a high level of privacy and information security….. The project team is learning and adapting to the challenges and ensuring that the solutions that are being offered are the best in the world to achieve the task…”

PSC further asked as to given the high degree of assumptions on the reliability of technology adopted by the UIDAI and probability of system failures of different degrees, whether incurring huge costs on the UID scheme is prudent and affordable, the Ministry have stated in a written reply, among other things, as follows,”..UIDAI is cognizant of the fact that biometric matching (which is a patterns matching) by its very nature will suffer from inaccuracy. However, these inaccuracy levels are less than 1%. This cannot be a reason for not attempting to use the technology. It is well acknowledged that there will be failures in authentication for various reasons. After Proof of Concept studies on authentication, appropriate policies and processes will be developed to take care of situations where failure occurs for various reasons…The choice of using the authentication services is left to the third party service provider…..Concerned agencies will have to develop policies and procedures to handle such exceptional situations…”

Sadly, although PSC was informed about the sensitive nature of the third party service providers, it did not go beyond asking “could outside agencies be allowed to partake in the UID scheme when doubts have been expressed on possible compromise with the interests of the national security” and accepted government’s reply. “The UIDAI has also implemented a comprehensive information security policy…..” without further examining the matter with the seriousness it deserved. PSC also erred in inconsistently recommending that the UIDAI data be transferred to biometric information based NPR perhaps as an interim measure before Parliament scrutinizes it.

PSC report reveals that on the issue of security of proposed data of UIDAI, an unstarred question (no.2989) was raised in Rajya Sabha. The Minister of State in the Ministry of Planning and Minister of State in the Ministry of Parliamentary Affairs tabled the answer to the above said question in Rajya Sabha on 22 April, 2010 as follows, “National Informatics Centre (NIC) had pointed out that the issues relating to privacy and security of UID data, in case the data is not hosted in a Government data centre may be taken into consideration. UIDAI is of the opinion that the hosting of data in a private data centre does not necessarily lead to a violation of privacy or security. Appropriate contractual arrangement shall be put in place with the data centre space provider to ensure security and privacy of the data. At present, UIDAI does not have its own permanent facility to house its data centre. Therefore, 75 sq.ft of data centre space has been hired from M/s. ITI Ltd. for proof of concept and pilot on a rental basis.” This compromises national security.

A section of the financial newspapers and channels are quite gung ho about these projects but have chosen to ignore that when PSC asked about the Comparative cost of aadhaar number and existing ID documents and “47. Asked to furnish the details of comparative cost of existing ID documents (per individual), namely, Voter Id card, PAN card, driving license and aadhaar number, the Ministry has inter-alia informed the Committee in a written reply that the comparative costs of the documents mentioned above are not available.” The fact is there are 15 pre-existing identity proofs recognized by Election Commission of India, the necessity for 16th and 17th identity proof in the form of CIDR and NPR has clearly been not made out. Both projects appear to be unfolding under the influence marketing blitzkrieg of transnational biometric and surveillance technology companies. 

A new market research report "Next Generation Biometric Technologies Market - Global Forecast & Analysis (2012 - 2017)" reveals that the total biometric technologies market is expected to reach $13.89 billion by 2017. Now that technologies are to be sold, need for identification based biometric information is being manufactured by companies in collusion with government authorities. Parliament must intervene to examine issue threadbare and save democracy and citizens rights from the emergence Database and Surveillance State.   

Data Mining Mafia Threatens National Security and Citizens Rights  

Western communication and biometric technology companies export surveillance equipments for tracking and profiling of citizens in general and political activists in particular as part of their flourishing global business. This poses a grave threat to free speech, privacy and civil liberties. Indeed Privacy is essential if right to free speech is to survive. Central Government’s initiatives like National Counter Terrorism Centre, National Intelligence Grid, National Population Register, Public Information Infrastructure and Unique Identification (UID)/Aadhaar program, in effect, are exercises to monitor citizens’ activities through a national database as never before. This is being done despite the fact that hacking into user systems has been enabled using network surveillance tools.

The marriage of data miners and data controllers has the potential to change the geo-political landscape to the detriment democracy and constitutional guarantees. What had started as legal targeted surveillance has now turned in to illegal mass surveillance.

When Wikileaks Spy Files was mined for a sample of mass surveillance practices recently, it was found that in a total of 400 files, there were 80 occurrences of the word 'mass' and 35 occurrences of the term 'mass surveillance'.

While marketing their surveillance product companies like Cleartrail claim, "We have expertise in countrywide monitoring and offer systems with a wide range of interception capabilities in complex communication networks." VasTech, another company claims, "A high end system can comprise of more than 100,000 simultaneous voice channels, allowing it to capture up to one billion intercepts per day and storing in excess of 5,000 Terabytes of information."

Telesoft company claims, "...capable of targeted or mass capture of a few conversations on a handful of STM-1/OC-3 links to entire countrywide wireline telecommunications networks." Utimaco claims, "Mass intercept monitors all calls and messages..." and Agnitio company states, "8s3 Strategic, designed for mass voice interception and voice mining..." 

Clearly, data mining, hacking and interception using surveillance technology do not increase national security and industrial safety. It facilitates "insider" attack and creates vulnerability from external attacks. It has been and will be used against society, political parties in opposition and business enterprises by corrupt officials, politicians and transnational companies. Surveillance capabilities are in built into these technologies. Industrial espionage using them can pulverize the whole formal economy. It is a huge possibility that government’s initiatives are guided by unscrupulous data mining mafia and a colossal cyber industrial complex comprising of Internet Service Providers, web hosting companies, cloud and mobile providers, telecommunications, digital, financial and identification technology companies. 

Companies in the surveillance and communication industry are blinded by their profit motive disregarding its hitherto unimaginable abnormal impact and harm for democratic and open societies.

For instance, it has come to light that Gamma International UK Ltd has a software program that could be used to access emails and Skype conversations. The companies from US and France have also been supplying surveillance equipment to authoritarian governments.

The talks at the Intelligence Support Systems (ISS) World conference in Kuala Lumpur in December 2011 made repeated references to mass surveillance at the gathering of Asia Pacific Law Enforcement, Intelligence and Homeland Security Analysts and Telecom Operators who are in the business of interception, electronic criminal investigations and network intelligence gathering”. They will assemble again in the same city this December. The technologies, papers and talks presented at these meetings merit rigorous scrutiny by all the lovers of democratic rights before it is too late. 

There is a need for a high powered all party parliamentary committee besides an informed citizens council to examine the ramifications of surveillance trade and to identify the buyers of these equipments and their users.
The biometric and surveillance technology companies are beyond the reach of Indian Computer Emergency Response Team (CERT-In), the nodal agency for cyber security and any other regulatory agencies in India.

CFCL demands that Union Government should desist from pursuing biometric information based initiatives like CIDR, NPR and Human DNA Profiling Bill, 2012.

For Details: Gopal Krishna, Citizens Forum for Civil Liberties (CFCL), Mb: 08002263335, 09818089660, E-mail-krishna1715@gmail.com 

2634 - UID: Are your biometric I-cards stacked against you? - Economic Times





24 Jun, 2012, 01.31PM IST, M Rajshekhar, ET Bureau 

Imagine a rural family of five. Mom. Dad. Two kids. And Grandma. Assume too that they are below the poverty line. The day is coming when this family will have to give its biometrics out to myriad agencies. 


You know that Nandan Nilekani's Unique Identification Authority of India (UIDAI) or the Registrar General's National Population Register (NPR) has been collecting biometrics for a while now. 

But a set of other departments have entered the fray. This ranges from the PDS department, ministry of rural development (MoRD), states' education departments, the Rashtriya Swasthya Bima Yojana (RSBY), banks, the department of social welfare, the post office...they are all collecting biometrics (see Agencies Collecting Biometrics Right Now). 

This is the latest iteration in India's tryst with biometrics. From a beginning where only the NPR - and, a little later, the UIDAI - were to capture biometrics, we have now reached a point where myriad departments and ministries are camping in India's villages and towns, capturing fingerprints and iris images. 

Identity Thieves 

There was to be one large database. Now, we are moving to a system where multiple agencies capture and store biometrics data in myriad servers. This is amplifying the risk of biometric theft. 

As Sunil Abraham, the head of Bangalore-based Centre for Internet and Society says, "If biometrics is used as authentication factor then it would be possible for a criminal to harvest your biometrics - such as using a glass to collect fingerprints - without your conscious cooperation. Or the registrar can cache your biometrics and duplicate transactions." 

As the number of databases containing biometrics rises, the risk of this information leaking out increases. There have been complaints against an UIDAI enrolment agency called Madras Security Printers that it had sold data to private companies. There were also charges that enrolment agencies had outsourced the enrolment work to other companies, which they are not allowed to do. 

What complicates matters further is there are not many safeguards. The country doesn't have a policy on how biometrics can be captured, used, stored and destroyed. But before we get deeper into that story, it is useful to understand why multiple departments have begun collecting biometrics. 

Biometric Rush 

According to a senior bureaucrat who recently retired from the ministry of planning, the answer lies in the 2014 elections. "For the government, cash transfers are the large reforms that they think UPA 2 can point towards in the next elections. For this reason, they need all this up and running before 2014." 




However, over the past few months, parts of the government are increasingly unsure if UIDAI and NPR will meet their targets. "I do not think the 2014 target can be met at all," says a senior official in the National Informatics Centre (NIC). "We have to enroll another 800 million people. Then, we have to deduplicate them. Then, we have to make the cards and distribute them." 

This is one reason why a set of government departments are configuring their own alternatives. Take the Department of Financial Services (DFS). It has been testing an online, biometric system for cash payments in Haryana's Mewat district for months now. Here, each bank will store its customers' biometric information in its own servers. 

If a customer of bank A goes to a banking correspondent (BC) agent of bank B, his biometrics would be forwarded by bank B to bank A for authentication. Once authenticated, the transaction will be completed. "We should be rolling the new system out nationally from July or August," says the bureaucrat. 

The rural development ministry is also testing its payment system. Once the local administration tells the ministry about who worked how many days, the ministry will be able to put money into their accounts automatically via a payment gateway. Right now, this is done manually with the block development officer and sarpanch making out the cheques. 

This pilot, says DK Jain, joint secretary, MoRD, started 3-4 months ago in parts of Gujarat, Karnataka, Odisha and Rajasthan. In another six months, it will be available across the country. And then, there is the PDS. 

Here, different states are putting different systems in place. Andhra, says a senior mandarin in the food ministry, is going with UID, Haryana is looking at smart cards, Jharkhand is going with Aadhaar, MP and Gujarat are testing food coupons, while Chhattisgarh has decided to use RSBY and Orissa has chosen NPR. 

Apart from this, data is also being collected by the RSBY and BC companies on behalf of the banks handling welfare payments, or scrambling to meet their financial inclusion targets. 

A New Set of Worries 

As the number of databases rises, a new set of worrying questions are coming to the fore. The first has to do with this enthusiastic adoption of biometrics. If they do not work, people might be excluded from something as basic as citizenship, or from government programmes. 


IISc students staged a silent protest against UID after Nandan Nilekani, chairman of UID, addressed students of National Institute of Advanced Studies at IISc campus in Bangalore. 

Second, safety of this information. If your credit card PIN becomes public information, you can always call your bank and get it blocked. But what do you do if someone gets hold of your biometrics? 

Says human rights researcher Usha Ramanathan, "Biometrics is intimate personal data. Its proliferation represents a distinct threat to the personal security of the individual. Interestingly, it has hardly been tested, and when tested, been found deeply defective. Biometrics does not work for everyone, it can be stolen, it cannot be replaced, it changes, and none of this is acknowledged. Biometrics is too sensitive to be collected, held, transacted and shared without stringent protection of law." 

However, we have rushed ahead. A suggestion from the standing committee on finance which, while rejecting the draft National Identification Authority of India Bill, said biometrics cannot be collected without discussion and authorisation by the parliament has gone entirely ignored. 

Cyber Security 

And then, there are data safety questions. Says the NIC official, "In my opinion if all the solutions are in isolation to each other then there cannot be any common safeguard mechanism. Every organisation shall have to ensure their own data security by applying normal cyber security principles." 

The official was referring to technology standards - on data encryption and firewalls. How are we doing here? Not very well. Says B Sambamurthy, head of Hyderabad-based Institute for Development and Research into Banking Technology: "There are standards for capturing, storaging and retrieving of biometric data. The problem is not with technology or standards but rigorous compliance." 

And then, there are more procedural aspects - like ensuring that the information collected is not shared, or that it be used only for the purpose for which it was collected. These are entirely missing. Take Andhra Pradesh, where the government tried to share the biometrics it had collected for one programme with other government departments. But that triggers larger questions about consent and ownership over biometric information. Can a person's biometrics be used in ways he or she has not expressly authorised? 

These are issues that the privacy bill will have to look at. Says a bureaucrat working on the bill, "It will lay down the broad standards. Any agency which wants to collect this information will need to get enrolled or registered with a central body before it can start collecting data. It cannot share this data with anyone else. It also lays down the penalties in case anyone violates these terms." 

It also envisages the creation of a new agency - a standalone agency which will define privacy standards and monitor compliance. But, it is a long way off. The ministry wants to revise the Bill in the coming month, and then place the bill online for public comments, and then another round of interministerial consultations. 

In the meantime, be careful. There is little by way of penalties that can be imposed on any organisation that shares your information with anyone. 

2633 - Poverty will be eliminated in 8 years, says plan panel - Hindustan Times



Sunday, June 24, 2012
Chetan Chauhan, Hindustan Times
New Delhi, April 24, 2012


First Published: 19:44 IST(24/4/2012)
Last Updated: 23:10 IST(24/4/2012)
If the Planning Commission is to be believed, the next eight years may be all it would take for India to achieve something it could not manage in 64 years since Independence. According to the country’s top advisory body, the country would be able to eliminate poverty by 2020. The commission made this submission before the Parliamentary Standing Committee on Finance, leaving it aghast. “The committee is at a loss to understand as to how the target for poverty elimination can be achieved on a recomputed higher estimate,” the committee, headed by Bharatiya Janata Party leader Yashwant Sinha, said.

The plan panel had set the target for poverty elimination at 2020 or the end of 13th Five Year Plan (2021-22), based on estimates of the Lakdawala Committee.

As per its 2004-05 data, the Lakdawala Committee had pegged the estimate of poor Indians at 27.5%. However, the planning commission later adopted the Suresh Tendulkar methodology, which estimated that 37.5% of Indians were poor as per 2004-05 consumer expenditure data.

As per the 2009-10 data, the panel had estimated that poverty has come down to 29.8%, a dip of 7.4%. The figure raised an adverse reaction, with many stating that the poverty line was unrealistic. Eventually, the government constituted another expert group for estimating poverty.

It was in the midst of this controversy that the Planning Commission pegged 2020 as the target year for elimination of poverty.
Expressing its “surprise”, the Parliamentary Standing Committee on Finance asked the commission to make more rigorous efforts to ensure that the target was met.

Other concerns raised by standing committee:
Govt told to address UIDAI Bill concerns

The Parliamentary Standing Committee has expressed anguish over how the government was continuing with the UID or Aadhaar number scheme without legislative approval. Recalling its recommendations on the unacceptability of the Unique Identification Authority of India (UIDAI) Bill, the committee urged the central government to address the issues raised by it immediately.

‘Plan Panel hardly serious in approach’
The Parliamentary Standing Committee observed that the Planning Commission was not “serious in its approach” for evaluating its performance and redefining its role to make it more relevant and effective.
It has asked the central government to appoint an expert group to evaluate the performance of the Planning Commission and redefine its role at the earliest.

2632 - Govt takes panel advice, tells UIDAI to draft new bill - Hindustan Times


Chetan Chauhan, Hindustan Times
New Delhi, June 24, 2012
  Email to Author


The government has overruled the opinion of its top law officer that the Nandan Nilekani-led Unique Identification Authority of India (UIDAI) should be able to “execute powers independently” of Parliament, and asked the authority to draft a new bill in consonance with the views of a parliamentary
committee.


There has been a lot of debate on the UIDAI’s authority to collect citizens’ biometric information for the issuance of a unique identity (Aadhaar) number without legislative backing, considering that issues such as security of data and privacy of individuals were involved.

Attorney general GE Vahanvati had told the government that there was nothing in the law against the UIDAI functioning as an executive authority. “The power of the executive is clear and there is no question of circumventing Parliament, or the executive becoming a substitute of Parliament,” he had said.

A parliamentary standing committee, on the other hand, had observed that the UIDAI’s executive powers were “unethical” and “violative” of the Parliament’s prerogative, asking the government to bring a new bill before the Parliament to define the body’s powers, functions and responsibilities. It had also pointed out several deficiencies in the functioning of the authority.

Taking the panel’s views seriously, the government asked the UIDAI to draft a new bill. “The bill has been sent back to the drawing board,” a senior government official said, adding that the government wants more clarity on its “objects and reasons”.

The UIDAI’s latest draft bill did not clarify why Aadhaar was required when the home ministry’s National Population Register (NPR) was mandated under the law to collect biometric details of citizens. The fact that the NPR had the legal mandate to collect biometric information was the main reason for the parliamentary standing committee opposing the UPA government’s development initiative – aimed at plugging government subsidies in welfare programmes.

Sources said the proposed bill had also failed to deal with issues related to security of data, privacy of individuals, and the purpose of the information. The government has also reportedly rejected the UIDAI’s rejoinder to the standing committee report, and told it to incorporate “all possible” suggestions made by it.

2631 - Facebook buys facial recognition firm Face.com - The Hindu


Facebook buys facial recognition firm Face.com
Facebook has acquired Israeli facial recognition firm Face.com in a bid to strengthen its photo-sharing platform.

Social networking giant Facebook has acquired Israeli facial recognition firm Face.com for an undisclosed amount in a bid to strengthen its photo-sharing platform.

Face.com’s software is used for facial recognition on photos loaded on its websites and through mobile applications.
“Facebook has acquired Face.com,” Face.com Founder Gil Hirsh has said on his blog.

The announcement comes about two months after Facebook shelled out $1 billion for photo-sharing service firm Instagram.

Although financial details of the deals were not disclosed, media reports have pegged the transaction in the range of $60 million to $100 million.

Announcing the deal, Mr. Hirsh said, “Facebook is a part of your life every single day. We keep up with our friends and family, share interesting (or mundane) experiences from our daily lives, and perhaps most importantly for us, we share a lot of photos.”
“...By working with Facebook directly, and joining their team, we’ll have more opportunities to build amazing products that will be employed by consumers — that’s all we’ve ever wanted to do,” he added.

Face.com’s apps scan billions of photos monthly, and have helped tag hundreds of millions of faces. It helps people to tag their own photos quickly and easily, and discover photos of themselves and their friends that they never knew existed.

The two recent acquisitions by Facebook, which has over 900 million users across the world, suggest that the social networking firm is taking huge interest in strengthening its photo-sharing platform. 
June 20
The Hindu

2630 - ‘Terrorism Isn’t The Disease; Egregious Injustice Is’ - Outlook India


INTERVIEW
On laws like AFSPA, Unlawful Activities (Prevention) Act, sedition, democracy, terrorism and more


No one individual critic has taken on the Indian State like Arundhati Roy has. In a fight that began with Pokhran, moved to Narmada, and over the years extended to other insurgencies, people’s struggles and the Maoist underground, she has used her pensmanship to challenge India’s government, its elite, corporate giants, and most recently, the entire structure of global finance and capitalism. She was jailed for a day in 2002 for contempt of court, and slapped with sedition charges in November 2010 for an alleged anti-India speech she delivered, along with others, at a seminar in New Delhi on Kashmir, titled ‘Azadi—the only way’. Excerpts from an interview to Panini Anand:

How do you look at laws like sedition and the Unlawful Activities (Prevention) Act, or those like AFSPA, in what is touted as the largest democracy?
I’m glad you used the word touted. It’s a good word to use in connection with India’s democracy. It certainly is a democracy for the middle class. In places like Kashmir or Manipur or Chhattisgarh, democracy is not available. Not even in the black market. Laws like the UAPA, which is just the UPA government’s version of POTA, and the AFSPA are ridiculously authoritarian—they allow the State to detain and even kill people with complete impunity. They simply ought to have no place in a democracy. But as long as they don’t affect the mainstream middle class, as long as they are used against people in Manipur, Nagaland or Kashmir, or against the poor or against Muslim ‘terrorists’ in the ‘mainland’, nobody seems to mind very much.





“India’s democracy is for the middle class; for Kashmir or Manipur, it’s not available. Not even in the black market."




Are the people waging war against the State or is the State waging war against its people? How do you look at the Emergency of the ’70s, or the minorities who feel targeted, earlier the Sikhs and now the Muslims?

Some people are waging war against the State. The State is waging a war against a majority of its citizens. The Emergency in the ’70s became a problem because Indira Gandhi’s government was foolish enough to target the middle class, foolish enough to lump them with the lower classes and the disenfranchised. Vast parts of the country today are in a much more severe Emergency-like situation. But this contemporary Emergency has gone into the workshop for denting-painting. It’s come out smarter, more streamlined. I’ve said this before: look at the wars the Indian government has waged since India became a sovereign nation; look at the instances when the army has been called out against its ‘own’ people—Nagaland, Assam, Mizoram, Manipur, Kashmir, Telangana, Goa, Bengal, Punjab and (soon to come) Chhattisgarh—it is a State that is constantly at war. And always against minorities—tribal people, Christians, Muslims, Sikhs, never against the middle class, upper-caste Hindus.

How does one curb the cycle of violence if the State takes no action against ultra-left ‘terrorist groups’? Wouldn’t it jeopardise internal security?
I don’t think anybody is advocating that no action should be taken against terrorist groups, not even the ‘terrorists’ themselves. They are not asking for anti-terror laws to be done away with. They are doing what they do, knowing full well what the consequences will be, legally or otherwise. They are expressing fury and fighting for a change in a system that manufactures injustice and inequality. They don’t see themselves as ‘terrorists’. When you say ‘terrorists’ if you are referring to the CPI (Maoist), though I do not subscribe to Maoist ideology, I certainly do not see them as terrorists. Yes they are militant, they are outlaws. But then anybody who resists the corporate-state juggernaut is now labelled a Maoist—whether or not they belong to or even agree with the Maoist ideology. People like Seema Azad are being sentenced to life imprisonment for possessing banned literature. So what is the definition of ‘terrorist’ now, in 2012? It is actually the economic policies that are causing this massive inequality, this hunger, this displacement that is jeopardising internal security—not the people who are protesting against them. Do we want to address the symptoms or the disease? The disease is not terrorism. It’s egregious injustice. Sure, even if we were a reasonably just society, Maoists would still exist. So would other extremist groups who believe in armed resistance or in terrorist attacks. But they would not have the support they have today. As a country, we should be ashamed of ourselves for tolerating this squalor, this misery and the overt as well as covert ethnic and religious bigotry we see all around us. (Narendra Modi for Prime Minister!! Who in their right mind can even imagine that?) We have stopped even pretending that we have a sense of justice. All we’re doing is genuflecting to major corporations and to that sinking ocean-liner known as the United States of America.

Is the State acting like the Orwellian Big Brother, with its tapping of phones, attacks on social networks?
The government has become so brazen about admitting that it is spying on all of us all the time. If it does not see any protest on the horizon, why shouldn’t it? Controlling people is in the nature of all ruling establishments, is it not? While the whole country becomes more and more religious and obscurantist, visiting shrines and temples and masjids and churches in their millions, praying to one god or another to be delivered from their unhappy lives, we are entering the age of robots, where computer-programmed machines will decide everything, will control us entirely—they’ll decide what is ethical and what is not, what collateral damage is acceptable and what is not. Forget religious texts. Computers will decide what’s right and wrong. There are surveillance devices the size of a sandfly that can record our every move. Not in India yet, but coming soon, I’m sure. The UID is another elaborate form of control and surveillance, but people are falling over themselves to get one. The challenge is how to function, how to continue to resist despite this level of mind-games and surveillance.





"Contemporary Emergency has gone to the workshop for denting-painting. It’s come out smarter, and more streamlined.”




Why do you feel there’s no mass reaction in the polity to the plight of undertrials in jails, people booked under sedition or towards encounter killings? Are these a non-issue manufactured by few rights groups?

Of course, they are not non-issues. This is a huge issue. Thousands of people are in jail, charged with sedition or under the UAPA, broadly they are either accused of being Maoists or Muslim ‘terrorists’. Shockingly, there are no official figures. All we have to go on is a sense you get from visiting places, from individual rights activists collating information in their separate areas. Torture has become completely acceptable to the government and police establishment. The nhrc came up with a report that mentioned 3,000 custodial deaths last year alone. You ask why there is no mass reaction? Well, because everybody who reacts is jailed! Or threatened or terrorised. Also, between the coopting and divisiveness of ngos and the reality of State repression and surveillance, I don’t know whether mass movements have a future. Yes, we keep looking to the Arab ‘spring’, but look a little harder and you see how even there, people are being manipulated and ‘played’. I think subversion will take precedence over mass resistance in the years to come. And unfortunately, terrorism is an extreme form of subversion.

Without the State invoking laws, an active police, intelligence, even armed forces, won’t we have anarchy?
We will end up in a state of—not anarchy, but war—if we do not address the causes of people’s rising fury. When you make laws that serve the rich, that helps them hold onto their wealth, to amass more and more, then dissent and unlawful activity becomes honourable, does it not? Eventually I’m not at all sure that you can continue to impoverish millions of people, steal their land, their livelihoods, push them into cities, then demolish the slums they live in and push them out again and expect that you can simply stub out their anger with the help of the army and the police and prison terms. But perhaps I’m wrong. Maybe you can. Starve them, jail them, kill them. And call it Globalisation with a Human Face.