Media Briefing Paper
June 25, 2012
Mankind’s Biggest Identification Database will Create Permanent Emergency Architecture
Data Mining Mafia Threatens National Security and Citizens Rights
Citizens Must Boycott Biometric Information Based Registers like CIDR, NPR & DNA Bank
New Chief Election Commissioner Should Cancel Proposal to link UID with Voter Card
The Presidential candidate of Indian National Congress led United Progressive Alliance, Pranab Kumar Mukherjee owes an answer to the question: Will “online data base” of residents of India (inclusive of citizens) safeguard the sovereignty of the Republic? The biggest-ever database being attempted in the history of mankind merits a rigorous political debate. An autocratic social control technology regime is silently giving birth to a permanent emergency architecture.
In his 2009-10 Budget Speech as Finance Minister, Mukherjee had said, “The UIDAI (Unique Identification Authority of India) will set up an online data base with identity and biometric details of Indian residents and provide enrolment and verification services across the country.” In an act of Himalayan blunder, h did not seek any ‘legislative framework’. When he did through Union Ministry of Planning, there was an effort to turn Parliament into a rubber stamp; its proposal was rejected by the Parliamentary Committee on Finance. Revealing his callousness towards lack of the legal mandate, he continued to make budgetary allocations for UIDAI from 2009 till 2012.
Under the chapter, ‘Creating an appropriate legislative framework’ the White Paper on Black Money prepared by Union Finance Ministry during is current tenure elaborates on the role of the Unique Identity (UID)-Aadhaar project. The relevant text of the White Paper at page 49 reads: “As announced by the Finance Minister in his Budget speech, enrolments into the Aadhaar system have crossed 20 crore and the Aadhaar numbers generated up to date 14 crore. Adequate funds have been allocated for completing another 40 crore enrolments starting from 1 April 2012. The Aadhaar platform will facilitate payments under the Mahatma Gandhi National Rural Employment Guarantee Act (MG-NREGA); old age, widow and disability pensions; and scholarships to be made directly into beneficiary accounts in selected areas. This initiative will cut down corruption and the generation of black money in India.” It is ironical that Unique Identity (UID)-Aadhaar project is mentioned under the title ‘Creating an appropriate legislative framework’ because its Centralized Identities Data Register (CIDR) is being prepared outside any ‘appropriate legislative framework’.
The biometric data based ‘20 crore enrollments’ and 14 crore Aadhaar numbers generated so far are illegal. It is in contempt of Parliament. In any case even these figures do not appear to be reliable because there are several inconsistencies.
It is noteworthy that the Union Cabinet approved the scheme for creation of Union Home Ministry’s National Population Register (NPR) of usual residents of the country on March 19, 2010. Even before this approval the terms of reference of Planning Commission’s notification to set up UIDAI for Centalized Identities Data Register (CIDR) dated January 28, 2009 referred to collation of NPR and UID data. Therefore, the reported conflict between Home Ministry and UIDAI appears managed for public consumption.
Both CIDR and NPR schemes are for unique identification that involves collection of demographic and biometric information from usual residents of India. After Parliamentary Standing Committee (PSC) on Finance rejected the National Identification Authority of India Bill, 2012, now there is a proposal for a National Human DNA Profiling Bill, 2012 which is also about unique identification based on collection of biometric information like DNA. PSC had taken cognizance of the possibility of ‘manipulation of biometric information’.
While use of biometric technology, an advanced technique for the identification of humans, based on their characteristics or traits is unfolding there is agency within India to. These traits can be face, fingerprint, iris, voice, signature, palm, vein, and DNA. DNA recognition and vein recognition are the latest and most advanced types of biometric authentication. Biometric technology is being deployed in the application areas like government, travel and immigration, banking and finance, and defense. Government applications cover voting, personal ID, license, building access, etc.; whereas travel and immigration use biometric authentication for border access control, immigration, detection of explosives at the airports, etc. Banking and finance sector use biometric authentication for account access, ATM security, etc. In two separate letters to the National Human Rights Commission and President of India, Citizens Forum for Civil Liberties (CFCL) has underlined how Human DNA Profiling Bill, 2012 will lead to dangerous erosion of privacy and how black projects like CIDR and NPR are part of the black economy and part of the solution as suggested in the White Paper on Black Money. Both the letter are attached.
Newspapers and other news agencies have generally failed to note the implications of the recommendations of the PSC wherein it says, “The collection of biometric information and its linkage with personal information of individuals without amendment to the Citizenship Act, 1955 as well as the Citizenship (Registration of Citizens and Issue of National Identity Cards) Rules, 2003, appears to be beyond the scope of subordinate legislation, which needs to be examined in detail by Parliament.” Now that the opinion of the Attorney-General of India defending governmental action in regard to issuance of Planning Commission’s notification to set up UIDAI has rightly been rejected by the Government, logically, till such parent legislation is passed which mandates collection of biometric information by UIDAI and Home Ministry’s Registrar General of NPR, the implementation of both CIDR and NPR must be put on hold.
PSC recorded the legal opinion saying, “Article 20 (3) of the Constitution provides protection against 23 compulsory extraction of personal information. Denying services, and rights, to persons because they are unwilling to part with the information in a manner that is more than likely to result in convergence and commodification of their personal information, surveillance, profiling, tagging and tracking is compulsory extraction that clearly reduces the constitutional rights of an ordinary citizen to less than that of an alleged offender.” Most media persons have ignored that the CIDR and NPR is being implemented in violation of the Constitution.
The Union Cabinet on June 7, 2012 decided that both the Union Home Ministry and the UIDAI will collect biometric data of 1.2 billion Indians. In January, 2012 the Cabinet Committee on UIDAI Related Matters set up on October 22, 2009 was reported to have resolved the issue of conflict and duplication of work between UID and NPR. The June 2012 cabinet meeting clearly shows that a section of media which is simply reproducing government’s version was misled into believing that conflict between Planning Commission’s UIDAI and Home Ministry’s NPR does not fester anymore.
A section of media is being briefed incorrectly by the interested parties in the matter of NPR and CIDR. It is being reported as truth that the NPR which would lead to a resident identity card and will culminate in a citizenship card based on biometric data has legal mandate to do so.
A section media has been acting like a stenographer of UIDAI which has been reporting with a blinkers on about how CIDR project is compiling Aadhaar seeks to provide unique identity numbers for access to government’s social welfare benefits to ‘residents’ of the country like Dalai Lama and ‘certain other persons’. This section of media does not realize that government’s social welfare benefits are for citizens and not for the ‘residents’ and residentship does not entitle people to access these benefits. Also till date media has not inquired about who these ‘certain other persons’ are.
"The collection of photographs and biometrics has been facing hurdles at every step on account approach of the UIDAI, which, it seems, has failed to appreciate the core purpose of the National Population Register" Union Home Minister reportedly wrote in his letter to the Prime Minister in violation of Union Cabinet's decision "Despite clear orders from the cabinet, the UIDAI is objecting to the conduct of NPR camps in certain states and is also refusing to accept the biometric data of NPR for de-duplication and generation of Aadhaar number".
Under the influence of biometric technology companies, besides Planning Commission’s UIDAI and Home Ministry, Department of Public Distribution System, Ministry of Rural Development, (MoRD), the Rashtriya Swasthya Bima Yojana, Banks, Department of Social Welfare, Post Office, States’ Education Departments etc have started collecting biometric information without any legal mandate.
India is a federal structure and there is a clear distinction between the role of central and state governments but CIDR and NPR appear to be trying to converge sates’ power and subordinating citizens rights and converting them into subjects.
In the meanwhile, in UK civil rights activists are protesting about the involvement of Lockheed Martin in the census of 2011. In a judicial review, lawyers are arguing that the Office for National Statistics' decision to grant a data processing contract to a UK subsidiary of the US defence contractor Lockheed Martin breaches right to privacy as guaranteed by the European convention on human rights. In India too, although Section 15 of the Census Act 1948 provides that census records 'will not be open to inspection or admissible as evidence', given the fact that Home Ministry’s Census Commissioner is also ex-officio Registrar General of India for NPR structurally betrays the confidentiality promised because NPR is open to ‘social vetting’.
The PSC during briefing on the UID Bill raised inter-alia the issue of possibility of dovetailing the UID exercise with the census operation. In this regard, the Ministry of Planning in their written reply have, among other things, stated as follows, “….the UIDAI is adopting a multiple registrar approach and the Registrar General of India (RGI) will be one of the Registrars of the UIDAI. To synergize the two exercises, an Inter Ministerial Coordination Committee has been set up to minimize duplication. The UIDAI is making all efforts to synergize with National Population Register (NPR) exercise….”
Planning Commission’s ‘voluntary’ database of Indian residents based on biometric data which is linked to country's first ever ‘compulsory’ National Population Register (NPR), a biometric data based comprehensive identity database of ‘usual residents of the country’ to be maintained by the Registrar General and Census Commissioner of India, Union Ministry of Home Affairs and the 15th National Census. On March 16, 2011 MoU was signed between UIDAI and Union Home Ministry’s Registrar General of National Population Register (NPR), Dr C Chandramouli for convergence of their respective data. As a consequence a deliberate but a major lapse has occurred which needs to be urgently rectified. Under law the census data is confidential which cannot be given even to the courts but data collected for NPR is not confidential.
"The Census process involves visiting each and every household and gathering particulars by asking questions and filling up Census Forms. The information collected about individuals is kept absolutely confidential. In fact this information is not accessible even to Courts of law."Reference:
http://censusindia.gov.in/2011-FAQ/FAQ-Public.html But UID and NPR have violated the promised confidentiality. A careful reading of even the FAQ reveals it. This means that data of UIDAI, NPR and Census is being converged without any legal mandate. Thus, it was not surprising that the National Identification Authority of India (NIDAI) Bill, 2010 that has been rejected by PSC, made a provision in it to seek the rubber stamp of the Parliament for all the acts of omission and commission (as per Section 57 of the Bill) by UIDAI since January 28, 2009 when it was set up as per a notification of Planning Commission.
CIDR and NPR project a questionable imitation of initiatives launched by International Financial Institutions (IFIs) like World Bank Group, North Atlantic Treaty Organisation (NATO), a 28-nation military alliance and Business Enterprise Architecture of USA’s Department of Defense which was designed to assist the transformation. Not only are all the ideas, initiatives, proposals but also the words, phrases and punctuations being used by proponents of UID-Aadhaar like projects is borrowed from IFIs, NATO and USA’ Department of Defense.
The idea of UID/Aadhaar Number proposed by UIDAI is a replication of Pakistan's National Database & Registration Authority (NADRA) that was established in March 2000 to provide integrated homeland security solutions in Pakistan. The program replaced the paper based Personal Identity System of Pakistan that had been in use since 1971.This year is also quite important. NADRA violated fundamental human rights in Pakistan. UIDAI violates fundamental human rights in India.
In his book Imagining India, Nilekani has argued that national ID system would be a big step for land markets to facilitate right to property and undoing of abolition of right to property in 1978 in order to bring down poverty! Not surprisingly, Section 10 and 36 of Union Rural Development Ministry’s Land Titling Bill, 2011 provides for linking land titles to UID/Aadhaar.
Government, the Parliament and the citizens must not be misled by unelected cabinet minister ranked officials who say, “Technology has no history and no bias, it treats everyone the same way.” The collective colonial experience and the history of technologies have revealed that it is the owners of such technologies who are true beneficiaries especially when it is used for social control and surveillance. These biometric information based projects are aimed at creating a perfect common land and water market among other things.
There is a compelling need to urgently assess the claims and risks of blindly trusting biometric, surveillance and identification technology companies who have made UID appear politically persuasive for the gullible ruling parties by cleverly intertwining it with the crying need for governance.
At page 75-76 the White Paper says, “While efforts such as UID and direct transfer of subsidies will stop leakages in some sectors, in other sectors the problem will have to be addressed differently” under the title ‘Strategies for Curbing Generation of Black Money through Illegal or Criminal Activities.’ The fact is whether or not biometric, surveillance, identification and security technology companies are involved in amassing Black Money as part of Black Economy-through electoral finance and other unrecorded means- is yet to be conclusively established.
Union Finance Ministry should be dissuaded from relying on illegal biometric profiling of citizens which is being done under UID-Aadhaar project. In fact, there is a need to set up a high powered independent commission to examine the impact of high-risk biometric, surveillance, identification and security technologies and threats to civil liberties and country’s security and sovereignty.
It has reliably been learnt that officials from companies like Infosys Technologies have been giving leadership training to leaders of the ruling parties. This may have impacted decision making with regard to UID-Aadhaar. It is noteworthy that the original vision document for Unique Identification Authority of India (UIDAI) prepared by Wipro Technologies Ltd in 2006 is missing. This merits probe.
Recent news reports of efforts to put Union Finance Minister and Union Defence Minister under surveillance by unidentified agencies reveal that there is paucity of capacity to monitor or regulate these technologies. If this is the plight of the ministers and technologically challenged political class, the threat for citizens can easily be understood.
Union Government must be persuaded to review its capacity to regulate an emerging identification technology regime that is undermining democracy and sovereignty.
The unfolding of World Bank Group’s eTransform Initiative with support from global partners such as Gemalto, IBM, L-1 Identity Solutions, Microsoft and Pfizer and two national governments of France and South Korea since April 2010 for implementing its Tranformational Government project to converge private sector, public sector and citizens sector.
In the meanwhile, the US biometric, identification and security technology company, L-1 Identity Solutions which was given contact by UIDAI on July 30, 2010 has been purchased by French company Safran Group whose subsidiary too had been awarded a contract on July 30, 2010 after national security clearance from US Senate Committee. This company is also in the business of biometric, identification and security technologies with French government having major investment in it. This company is in long term agreement with China as well.
It has come to light that Shri Nilekani who heads Unique Identification Authority of India (UIDAI) in the rank of a Cabinet Minister was given ID Limelight Award at the ID WORLD International Congress in Italy. The key sponsors of Congress include Morpho (Safran group), a French multinational corporation specializing in ID credentials solutions incorporating biometrics application in passports, visas, ID documents, health and social benefits, elections, etc. Its subsidiary, Sagem Morpho Security Pvt. Ltd has been awarded contract for the purchase of Biometric Authentication Devices on February 2, 2011 by the UIDAI. Earlier, on July 30, 2010, in a joint press release, it was announced that “the Mahindra Satyam and Morpho led consortium has been selected as one of the key partners to implement and deliver the Aadhaar program by UIDAI (Unique Identification Authority of India).” This means that at least two contracts have been awarded to the French conglomerate led consortium. Is it a coincidence that Morpho (Safran group) sponsored the award to Chairman, UIDAI and the former got a contract from the latter?
Nilekani was given the award at the ID WORLD International Congress in 2010 held in Milan during November 16-18, 2010. One of the two Platinum Sponsors was Morpho (Safran group), a French high-technology company with three core businesses: Aerospace, Defense and Security. Coincidentally, this Global Summit on Automatic Identification in 2009 had awarded Shri Tariq Malik, Deputy Chairman of Islamabad based National Database & Registration Authority (NADRA) too for implementing UID project in Pakistan.
Nilekani was given the award "For being the force behind a transformational project ID project in India...and "to provide identification cards for each resident across the country and would be used primarily as the basis for efficient delivery of welfare services. It would also act as a tool for effective monitoring of various programs and schemes of the Government." There is a conflict of interest and it appears to be an act done in lieu of the contract.
Notably, UIDAI awarded contracts to three companies namely, Satyam Computer Services Ltd. (Mahindra Satyam), as part of a “Morpho led consortium”, L1 Identity Solutions Operating Company and Accenture Services Pvt. Ltd of USA for the “Implementation of Biometric Solution for UIDAI” on July 30, 2010. L-1 Identity Solutions, Inc. is in the business of protecting and securing personal identities and assets. It claims that with the confidence in individual identities provided by L-1 to international governments, federal and state agencies, law enforcement and commercial businesses can better guard the public against global terrorism, crime and identity theft fostered by fraudulent identity. It is germane to note that L-1’s Intelligence Services Businesses were sold to BAE Systems, Inc. (the U.S. affiliate of BAE Systems plc).
On September 20, 2010, L-1 Identity Solutions announced that it has entered into an agreement to be acquired by Safran in a merger transaction. As a result both Morpho led consortium and L-1 Identity Solutions who were awarded contracts are under Safran group company. Safran is a leading international high-technology group with three core businesses: Aerospace (propulsion and equipment), Defence and Security. The transaction was subject to review by the U.S. Committee on Foreign Investment in the United States (CFIUS), an inter-agency committee of the United States Government that reviews the national security implications of foreign investments in U.S. companies or operations among other conditions. CFIUS notified on July 19, 2011 that “there are no unresolved national security concerns with respect to the transaction”.
Union Cabinet and the Parliament must scrutinize the roles of these companies which are involved in biometric information based projects.
The manifest short term and long term foreign interest in biometric information based projects is aimed at creating ‘solutions architecture’ through linguistic corruption in the form of proposed National Information Utilities (NIUs) by Union Finance Ministry’s Technology Advisory Group on Unique projects. These NIUs are envisaged as private companies with public purpose and with profit making as the motive but not profit maximizing. The construction of this sentence betrays the ulterior motives of vested interests. It appears that words indeed have meaning, which the masters give to it a classic case of nominalism, a tendency of the ruling elite to decide on the meaning of a word.
CFCL demands that the new Chief Election Commissioner, V.S. Sampath should rescind the dangerous proposal of S.Y. Quraishi, his predecessor to Union Ministry of Home Affairs asking it “to merge the Election ID cards with UID”.
Such an exercise would mean rewriting and engineering the electoral ecosystem with the unconstitutional and illegal use of biometric technology in a context where electoral finance has become source of corruption and black money in the country. This would lead to linking of UID, Election ID and Electronic Voting Machines (EVMs) which is not as innocent and as politically neutral as it has been made out to be. It is noteworthy that all EVMs have a UID as well. This proposal makes a mockery of the recommendations of the Parliamentary Committee on Finance on UID Bill.
Most people who filled biometric information based UID/Aadhaar Enrolment Form have failed to observe Column 9 of the Form that reads: "I have no objection to the UIDAI sharing information provided by me to the UIDAI with agencies engaged in delivery of welfare services". In front of this column, there is a "Yes" and "No" option. Irrespective of what option residents of India exercise (which is being ticked automatically by the enroler in any case as of now), the fact is this information being collected for creating Centralized Identity Data Register (CIDR) and NPR (column 7) are being handed over to biometric technology companies like French Safran Group’s Satyam Computer Services/Sagem Morpho, L1 Identities Solutions and US Accenture Services of all shades who have already been awarded contracts.
The reply of Davinder Kumar, Deputy Director General, UIDAI merits attention. He will have residents/ citizens of India believe that the three transnational biometric technology companies working with foreign intelligence agencies namely:1) Mahindra Satyam Computer Services/Sagem Morpho, 2) L1 Identities Solutions and 3) Accenture Services who were awarded contracts by UIDAI that “There are no means to verify whether the said companies are of US origin or not” in a reply to Right to Information (RTI) application dated 21st July, 2011. This is quite a stark act of omission and commission that is likely to put residents/citizens of India under surveillance using delivery of public services as fish bait forever.
Planning Commission and Nilekani should be asked to verify whether they know the country of origin of the award and the country of origin of their sponsors who were awarded contract by UIDAI prior to taking the award. Had Nilekani known about their country of origin, would he have taken the award in Italy? Now that the information has become public knowledge what is it that the Planning Commission and UIDAI intend to do about it?
The second company, L1 Identities Solutions is headquartered in Stamford, Connecticut, U.S website and its press releases at
http://ir.l1id.com/releases.cfm?header=news reveal that the company received $24.5 Million in Purchase Orders in the Initial Phase of India's Unique Identification Number Program for Certified Agile TP (TM) Fingerprint Slap Devices and Mobile-Eyes(TM) Iris Cameras.
http://ir.l1id.com/releasedetail.cfm?ReleaseID=509971). I submit that as a consequence of Safran’s purchase of L-1 Identity Solutions, the de-duplication contracts of UIDAI’s CIDR which was given to two companies on July 30, 2010, both contracts are with one company now.
Union Government and Parliament do not appear to have taken into account the uncertain corporate world of acquisitions and mergers. It seems to be part of unfolding of a surveillance movement based on global ID card. Commenting on the merger of the two biometric technology companies, Mark Lerner, the author of the book “Your Body is Your ID” says, “Safran is a French company, 30% owned by the French government”. Safran has a 40 year partnership with China in the aerospace and the security sectors too.
The third company, Accenture, a US company headquartered in Dublin, Republic of Ireland. It won US Department of Homeland Security’s contract for five years to design and implement the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program based on biometric technology for checking identities of foreigners visiting USA. The contract includes five base years plus five option years mandated by U.S. Congress for Smart Border Alliance project. It is one of the main privatized gatekeepers of US borders.
The attached Aadhaar Enrolment Form. There are ten columns in the Form seeking information. Column 7 refers to Union Home Ministry’s NPR and 9 which is linked to Centralized Identity Data Register (CIDR) of UID/Aadhaar, which is to be supervised by yet to be born NIAI. It is a strange case of the child- the UID/Aadhaar- having become more than 4 years old but the legislature, the parent is yet to take charge. It is evident that UIDAI is displaying manifest contempt towards Parliament. Residents of India are being enrolled for UID-Aadhaar without the passage of the required legislation. The same is true about NPR.
The National Human Rights Commission has expressed grave concerns discrimination, protection of information and identity theft in its written submission. It is reported in NHRC newsletter, August 2011 at page no. 7 and 8. One opinion poll that at least 41 % of India's population is opposed to UID/Aadhaar, when publications and news channels get dictated by advertisements then truth in general and legislative truth in particular has become a casualty-the opposition is bigger than is being reported.
India's corporate media seems quite indulgent towards the emergence of a technology-based social control regime due to "Paid News" phenomenon; it is for the legislature to bring them under control by revealing the true nature of biometric information based identification exercises like.
Unmindful of the erosion of federal structure of the State Governments have been misled into signing MoUs with the UIDAI. For instance, Smaarftech Technologies, a company that provides e-governance solutions was assigned to do the job in Bihar for carrying out the Proof of Concept study. The iris recognition device that is being used by them comes from Florida-based Crossmatch Technologies, and is used by agencies like NASA and the Department of Homeland Security in the US. State governments have not been informed about its implications and they have not applied their legal imagination to fathom the threats from UID-Aadhaar related proposals.
These acts of convergence will undermine the constitutional rights and change the meaning of democracy as we know it. It is an act of changing both the form and content of democracy and democratic rights in a new technology based regime where technologies and technology companies are beyond regulation because they are bigger than the government and legislatures.
The old maxim, 'If you have nothing to hide, you have nothing to fear' has been given a very public burial. Database State, a report from the United Kingdom states, 'In October 2007, Her Majesty's Revenue and Customs lost two discs containing a copy of the entire child benefit database. Suddenly issues of privacy and data security were on the front page of most newspapers and leading the TV news bulletins. The millions of people affected by this data loss, who may have thought they had nothing to hide, were shown that they do have much to fear from the failures of the database state.' No one knows for sure whether it was lost or sold.
There is a history of attempts by the old and new colonial and imperial powers to number human beings, create a database and put present and future generations under constant surveillance.
Under the US's Patriot Act, the US government can compel any US company to hand over information it holds for the purposes of a criminal investigation. In India, UIDAI has given contracts to US and French companies like Accenture and Safran Group which work with intelligence agencies of their countries and under their domestic laws the CIDR which will be handed over to them for de-duplication is likely to be disclosed to US and French government agencies on one pretext or the other. .
The implementation of CIDR and NPR with without Parliaments‘approval sets a dangerous precedent in the Parliamentary form of Government. PSC report recorded that the legal view that “'delegated legislation' or 'subordinate legislation' has to be within the extent of the 'parent statute'….. It is a plain misconception to think that the executive can do what it pleases, including in relation to infringing constitutional rights and protections for the reason that Parliament and legislatures have the power to make law on the subject.”
The PSC report observes unequivocally, “The Committee are constrained to point out that in the instant case, since the law making is underway with the bill being pending, any executive action is as unethical and violative of Parliaments prerogatives as promulgation of an ordinance while one of the Houses of Parliament being in session.”
PSC recorded what the Philippines Supreme Court has said in this regard:” ……the data may be gathered for gainful and useful government purposes; but the existence of this vast reservoir of personal information constitutes a covert invitation to misuse, a temptation that may be too great for some of our authorities to resist” while rejecting a similar project.
It all started in the name of the poor. The concept of a Unique Identification (UID) scheme was first discussed and worked upon since 2006 when administrative approval for the scheme ―Unique ID for BPL families‖ was given on 3rd March, 2006 by the Department of Information Technology, Ministry of Communications and Information Technology. This WIPRO document is missing from the public domain. The PSC report does not reveal whether or not it was given access to it.
PSC report take into account the report of the Biometrics Standards Committee set up by the UIDAI. It has recognized in its report that a fingerprints-based biometric system shall be at the core of the UIDAI‘s de-duplication efforts. It has further noted that it is: ―”…conscious of the fact that de-duplication of the magnitude required by the UIDAI has never been implemented in the world. In the global context, a de-duplication accuracy of 99% has been achieved so far, using good quality fingerprints against a database of up to fifty million. Two factors however, raise uncertainty about the accuracy that can be achieved through fingerprints. First, retaining efficacy while scaling the database size from fifty million to a billion has not been adequately analyzed. Second, fingerprint quality, the most important variable for determining de-duplication accuracy, has not been studied in depth in the Indian context.”
PSC asked to explain the reliability of technical architecture of the UID scheme, the Ministry of Planning in a detailed note on the NIDAI Bill have, among other things, stated as follows, ”The UID project is a complex technology project. Nowhere in the world has such a large biometric database of a billion people being maintained. The frontiers of technology in biometrics are being tested and used in the project…… The technical architecture of the UID scheme is at this point, is based on high-level assumptions. The architecture has been structured to ensure clear data verification, authentication and de-duplication, while ensuring a high level of privacy and information security….. The project team is learning and adapting to the challenges and ensuring that the solutions that are being offered are the best in the world to achieve the task…”
PSC further asked as to given the high degree of assumptions on the reliability of technology adopted by the UIDAI and probability of system failures of different degrees, whether incurring huge costs on the UID scheme is prudent and affordable, the Ministry have stated in a written reply, among other things, as follows,”..UIDAI is cognizant of the fact that biometric matching (which is a patterns matching) by its very nature will suffer from inaccuracy. However, these inaccuracy levels are less than 1%. This cannot be a reason for not attempting to use the technology. It is well acknowledged that there will be failures in authentication for various reasons. After Proof of Concept studies on authentication, appropriate policies and processes will be developed to take care of situations where failure occurs for various reasons…The choice of using the authentication services is left to the third party service provider…..Concerned agencies will have to develop policies and procedures to handle such exceptional situations…”
Sadly, although PSC was informed about the sensitive nature of the third party service providers, it did not go beyond asking “could outside agencies be allowed to partake in the UID scheme when doubts have been expressed on possible compromise with the interests of the national security” and accepted government’s reply. “The UIDAI has also implemented a comprehensive information security policy…..” without further examining the matter with the seriousness it deserved. PSC also erred in inconsistently recommending that the UIDAI data be transferred to biometric information based NPR perhaps as an interim measure before Parliament scrutinizes it.
PSC report reveals that on the issue of security of proposed data of UIDAI, an unstarred question (no.2989) was raised in Rajya Sabha. The Minister of State in the Ministry of Planning and Minister of State in the Ministry of Parliamentary Affairs tabled the answer to the above said question in Rajya Sabha on 22 April, 2010 as follows, “National Informatics Centre (NIC) had pointed out that the issues relating to privacy and security of UID data, in case the data is not hosted in a Government data centre may be taken into consideration. UIDAI is of the opinion that the hosting of data in a private data centre does not necessarily lead to a violation of privacy or security. Appropriate contractual arrangement shall be put in place with the data centre space provider to ensure security and privacy of the data. At present, UIDAI does not have its own permanent facility to house its data centre. Therefore, 75 sq.ft of data centre space has been hired from M/s. ITI Ltd. for proof of concept and pilot on a rental basis.” This compromises national security.
A section of the financial newspapers and channels are quite gung ho about these projects but have chosen to ignore that when PSC asked about the Comparative cost of aadhaar number and existing ID documents and “47. Asked to furnish the details of comparative cost of existing ID documents (per individual), namely, Voter Id card, PAN card, driving license and aadhaar number, the Ministry has inter-alia informed the Committee in a written reply that the comparative costs of the documents mentioned above are not available.” The fact is there are 15 pre-existing identity proofs recognized by Election Commission of India, the necessity for 16th and 17th identity proof in the form of CIDR and NPR has clearly been not made out. Both projects appear to be unfolding under the influence marketing blitzkrieg of transnational biometric and surveillance technology companies.
A new market research report "Next Generation Biometric Technologies Market - Global Forecast & Analysis (2012 - 2017)" reveals that the total biometric technologies market is expected to reach $13.89 billion by 2017. Now that technologies are to be sold, need for identification based biometric information is being manufactured by companies in collusion with government authorities. Parliament must intervene to examine issue threadbare and save democracy and citizens rights from the emergence Database and Surveillance State.
Data Mining Mafia Threatens National Security and Citizens Rights
Western communication and biometric technology companies export surveillance equipments for tracking and profiling of citizens in general and political activists in particular as part of their flourishing global business. This poses a grave threat to free speech, privacy and civil liberties. Indeed Privacy is essential if right to free speech is to survive. Central Government’s initiatives like National Counter Terrorism Centre, National Intelligence Grid, National Population Register, Public Information Infrastructure and Unique Identification (UID)/Aadhaar program, in effect, are exercises to monitor citizens’ activities through a national database as never before. This is being done despite the fact that hacking into user systems has been enabled using network surveillance tools.
The marriage of data miners and data controllers has the potential to change the geo-political landscape to the detriment democracy and constitutional guarantees. What had started as legal targeted surveillance has now turned in to illegal mass surveillance.
When Wikileaks Spy Files was mined for a sample of mass surveillance practices recently, it was found that in a total of 400 files, there were 80 occurrences of the word 'mass' and 35 occurrences of the term 'mass surveillance'.
While marketing their surveillance product companies like Cleartrail claim, "We have expertise in countrywide monitoring and offer systems with a wide range of interception capabilities in complex communication networks." VasTech, another company claims, "A high end system can comprise of more than 100,000 simultaneous voice channels, allowing it to capture up to one billion intercepts per day and storing in excess of 5,000 Terabytes of information."
Telesoft company claims, "...capable of targeted or mass capture of a few conversations on a handful of STM-1/OC-3 links to entire countrywide wireline telecommunications networks." Utimaco claims, "Mass intercept monitors all calls and messages..." and Agnitio company states, "8s3 Strategic, designed for mass voice interception and voice mining..."
Clearly, data mining, hacking and interception using surveillance technology do not increase national security and industrial safety. It facilitates "insider" attack and creates vulnerability from external attacks. It has been and will be used against society, political parties in opposition and business enterprises by corrupt officials, politicians and transnational companies. Surveillance capabilities are in built into these technologies. Industrial espionage using them can pulverize the whole formal economy. It is a huge possibility that government’s initiatives are guided by unscrupulous data mining mafia and a colossal cyber industrial complex comprising of Internet Service Providers, web hosting companies, cloud and mobile providers, telecommunications, digital, financial and identification technology companies.
Companies in the surveillance and communication industry are blinded by their profit motive disregarding its hitherto unimaginable abnormal impact and harm for democratic and open societies.
For instance, it has come to light that Gamma International UK Ltd has a software program that could be used to access emails and Skype conversations. The companies from US and France have also been supplying surveillance equipment to authoritarian governments.
The talks at the Intelligence Support Systems (ISS) World conference in Kuala Lumpur in December 2011 made repeated references to mass surveillance at the gathering of Asia Pacific Law Enforcement, Intelligence and Homeland Security Analysts and Telecom Operators who are in the business of interception, electronic criminal investigations and network intelligence gathering”. They will assemble again in the same city this December. The technologies, papers and talks presented at these meetings merit rigorous scrutiny by all the lovers of democratic rights before it is too late.
There is a need for a high powered all party parliamentary committee besides an informed citizens council to examine the ramifications of surveillance trade and to identify the buyers of these equipments and their users.
The biometric and surveillance technology companies are beyond the reach of Indian Computer Emergency Response Team (CERT-In), the nodal agency for cyber security and any other regulatory agencies in India.
CFCL demands that Union Government should desist from pursuing biometric information based initiatives like CIDR, NPR and Human DNA Profiling Bill, 2012.