In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Sunday, June 23, 2013

3445 - Edward Snowden's Wake Up Call: Cyber Security, Surveillance And Democracy By S.G.Vombatkere - Counter Currents


By S.G.Vombatkere
21 June, 2013
Countercurrents.org

Edward Snowden, in his courageous, principled expose, has brought out how USA's National Security Agency (NSA) has been spying on most nations in the world. This spying is clearly to establish or strengthen USA's political, economic and military global clout. India is the fifth-most spied-upon nation, even more than China and Russia. Considering that India is USA's strategic partner, spying on India is breach of faith. Iran tops the list (14 billion pieces of intelligence); then come Pakistan (13.5 billion), Jordan (12.7 billion), Egypt (7.6 billion), and India (6.3 billion). [Ref.1] It is piquant that India, USA's strategic partner, is in the “club” of Iran, Pakistan, Jordan and Egypt, where USA perceives “threat” to its global hegemony. USA has other strategic partners and doubtless they too are being spied upon, and many national leaders, notably of Turkey, Germany and Russia, have raised serious objections. But India is USA's junior and subservient strategic partner due to the long-term, built-in subservience of India's political and bureaucratic architects of the strategic alliance.

There has been no official Indian protest and there is unlikely to be even a squeak on this sovereignty issue. However, people's voices have been raised, especially from within USA, against USA's presidentially-sanctioned, global electronic spying and surveillance. These voices are directed simultaneously at demanding recognition and protection of individual privacy rights, calling for accountability and transparency of U.S presidential and Congress decisions, and attempting to influence USA to pardon whistleblower Edward Snowden who is still in hiding.

Snowden's expose on the heels of the commencement of the trial of that other courageous and righteous prisoner-of-conscience whistleblower Bradley Manning, is a grievous blow to the pride of NSA and the U.S establishment. Thus these whistleblowers are “traitors” who need to be punished severely because they have weakened USA against its “enemies”, self-created and self-imagined. Added to the list of “traitors” are the courageous people in The Guardian and Washington Post, like Laura Poitras and Glenn Greenwald, who actually brought Snowden's leaked information to public glare. It is now clearer than ever before that USA's official enemy is not this country or that, not Al Qaeda or Taliban, not this religion or that, but the spread of peace and real democracy, and the demands for human and civic rights, all of which threaten the pre-eminence of the military-industrial complex MNCs which run USA from behind a teflon curtain.

Like all colonial powers of the past, this pre-eminence is based heavily on political, economic and military intelligence. In modern times it calls for surveillance and access to data and information from within and outside USA. Thus, U.S intelligence agencies would be particularly interested to access databases of various kinds, and real-time data as it is being created by land, ocean, aerial and space surveillance devices. With the kind of super-computing capability, global intelligence experience, and unparalleled military power and reach that USA possesses, this collated intelligence can be used for hegemonic aims. These are stated in the Project for a New American Century (PNAC) created in 1997 by a group of conservative American politicians, academics and policy brokers. PNAC aims to “shape a new century favourable to American principles and interests” and “make the case and rally support for American global leadership” [Ref.2].

Thus it is the business of every country to protect its databases from hackers, sleuths, mercenary spies and intelligence agents, who try to obtain intelligence by one or more of several fair or foul means.

System and data security
The damage that can be wreaked by deliberate corruption or destruction of programs or data, or lifting of data without the knowledge of the rightful owner of the data, by illegal access into the operating system is enormous. For example, if the computer system of Indian Railways is tampered with, goods and passenger trains across the country can be brought to a halt, causing huge economic loss, with heightened accident risk. Or if, like NSA's Stuxnet program destroyed Iran's nuclear enrichment centrifuges, our nuclear power plants' systems are broken into, it can result in a nuclear disaster. Government of India (GoI) has listed“the civil aviation sector (ATC), railway passenger reservation system and communication network, port management, companies and organizations in power, oil and natural gas sectors, banking and finance and telecom sectors” as critical, apart from certain “strategic government departments such as space (ISRO), External Affairs Ministry (passport database), the Home Ministry's police and intelligence networks,.... the Prime Minister's Office (PMO), the NSCS and the Cabinet Secretariat”. [Ref.3].
Security of government data and data concerning its citizens is vital for any government. Government and private intelligence agencies (the services of the latter purchasable by the highest bidder) are engaged in acquiring or “mining” information from their own country and from other countries which are competitors in the political, economic or military senses. It is standard security practice, for instance, that computers which are connected to the internet are not connected with the LAN, so that there is no access to the system through the internet. Other security measures are physical security to ensure that data is not tampered with or copied by individuals who work within the system or obtain physical access to the system. However, for systems which are necessarily connected to the internet for their functioning (e.g., internet banking), it is a mere combination of motivation – money, display of capability, ideology, etc – and time-on-the-job, for an experienced hacker to crack firewall codes and find passwords to gain access to programs and data. This has been demonstrated by hackers, detected and punished or not, who have broken into systems as varied as banks, strategic, military, scientific, technical or industrial databases around the world. Another method is to plant viruses or clandestinely embed special-purpose hardware and software into commercially supplied hardware devices and software systems to transmit data that passes through the system. Routinely, firewalls to prevent unauthorized access into systems, regular change of passwords at all levels within the system, and restricting physical access to system terminals are time-tested methods for system and data security.

Rudderless national security ?
It is known that GoI intelligence or infotech agencies have not indigenously created, tested and certified a firewall for system and database security. The GoI firewalls in use are purchased commercially from international infotech vendors. It is no big deal for an employee of an infotech corporation which has designed GoI's firewalls, to part with key information for personal gain, to any person or intelligence agency who wants to break into GoI systems without even being observed.

India's apex security body, the National Security Council (NSC), admits that India's cyber security strength is “grossly inadequate to handle cyber security activities in a meaningful and effective manner”. Therefore, “Now, India is also setting up its own 'cyber security architecture' that will comprise the National Cyber Coordination Centre (NCCC), ... the Cyber Operation Centre, ... and National Critical Information Infrastructure Protection Centre (NCIIPC) ...”. [Ref.3]. This pathetic admission, clearly after exposure of NSA's spying success with India as a preferred target, indicates institutional failure of India's intelligence organizations, and worse, failure of NSC itself to comprehend strategic imperatives. If this is considered an unduly harsh statement, consider that in 15 years of its existence, NSC, headed by none less than the Prime Minister of India, has not brought out a national security strategic document. NSC's post-Snowden awakening to India's gross inadequacy in cyber security appears to be a knee-jerk reaction rather than part of a strategic plan.

Corporations in intelligence and surveillance
One of India's premier science institutions, The Indian Institute of Science (IISc), Bangalore, signed an agreement with Huawei Technologies Corporation, to set up a telecom laboratory. The data that Huawei would have access to, would not only be that of IISc research but also of its projects financed by GoI, and access through internet and other means to the GoI agencies with which IISc has data exchange and correspondence. Since Huawei has close links with the Chinese government, the Indian intelligence community expressed disapproval of this transaction, obviously because data security was a concern.
However, according to the Unique ID Authority of India website (UIDAI is the creator of India's grandiose national information infrastructure “Aadhaar”), several U.S firms have been awarded contracts to provide goods and services to implement the Aadhaar project. For example, Ernst & Young was contracted for setting up UIDAI's Central ID Data Repository (CIDR), and L-1 Identity Solutions Inc., a U.S-based intelligence and surveillance corporation, for technical support and biometric capture devices. Also, Accenture Services Pvt Ltd which works with U.S Homeland Security, was contracted for implementation of biometric solution. Thus, U.S firms with known links to U.S intelligence are in a position where they can directly or indirectly, by contract or clandestinely, access India's national database owned and operated by UIDAI.

Surely this was known to data system designers in UIDAI and to India's intelligence organizations. Also surely known is the fact that U.S legislation makes it mandatory for U.S firms to provide to the U.S administration on demand, any or all data or information that they may acquire in the course of their operations. Thus, the fact that the Indian intelligence community was strangely silent on the UIDAI contracts, leads an impartial observer to view this as another sign of India's subservience to U.S diktat, not necessarily unconnected with corruption at some individual level. Whatever the reason for this, there can be no excuse for compromising India's data security.
India also imports electronic hardware from China (e.g. data routers, which handle data within networks), Japan and South Korea, which is used in government departments. There is little if any systemic method by which these hardware devices with embedded software can be checked for their ability to access the data which they are only meant to handle.

Enabling U.S cyber hegemony
Linked with Snowden's expose is the report that U.S president Obama has authorized drawing up a list of potential targets for Offensive Cyber Effects Operations (OCEO), to advance “U.S national objectives around the world”. This could be in pursuance of the PNAC. An intelligence source with extensive knowledge of NSA's systems told the Guardian, that with both defensive and offensive cyber operations being central to U.S strategy, “ ... America had participated in offensive cyber operations and widespread hacking – breaking into foreign computer systems to mine information”. OCEO by the U.S military is also very much on the table. [Ref.4]. Thus the hegemonic cyber-power of USA in political, economic and military spaces is frighteningly real.
UIDAI's Aadhaar program aims to provide a unique identity to all Indian residents including non-citizens, by providing a unique 12-digit number based upon biometric records of every individual, to form India's flagship database. The Aadhaar number will be used by various government, quasi-government and non-government systems across India to establish the identity of any person who wishes to receive a service or derive benefit from it. Breaking into the Aadhaar database can provide an individual's primary personal data (e.g., biometrics, name, age, sex, relation, address, mobile number, bank account, etc), thus violating his/her privacy. [Ref.5].

Thus, access into UIDAI's CIDR and associated programs due to UIDAI's contracts, provides reach into personal information of all India's residents. Compromising an individual’s personal data affects only that person, but when the personal data of many millions of people is involved, there is potential for all kinds of use of data for corporate gain or for misuse for profiling people on the basis of caste, religion, language, etc. This would be an unmitigated national disaster not merely because of loss of security and the resulting disgrace, but also because it will effectively allow foreign control of India's flagship database.

The Indian establishment may publicly rubbish the foregoing, but that is only to be expected from a political-bureaucratic-intelligence set-up that has possibly colluded to award sensitive contracts concerning India's strategic interests to U.S corporations specializing in intelligence and surveillance. This is not to suggest that USA will launch offensive cyber operations against its strategic partner, but to point out that with the strategic upper hand, USA will be in a position to dictate policy and action to India, exacerbating its subservience besides compromising sovereignty. That the U.S military, already organized into six commands that straddle the globe [Ref.6] has expanded its Cyber Command, should sound alarm bells in the Indian military, unless the canker of subservience has affected it too.

Ownership of databases
Data is the new property. An executive notification of the Planning Commission dated January 28, 2009, stated among other things, that UIDAI “shall own and operate” the Aadhaar database. [Ref.7]. The Technical Advisory Group for Unique Projects (TAG-UP) chaired by UIDAI Chairman Nandan Nilekani, envisages formation of National Information Utilities (NIUs) which would be “private companies with a public purpose: profit-making, not profit maximising”, with at least 51% private ownership and at least 26% government shares. TAG-UP envisages that when the Aadhaar system attains a “steady state”, the database will be taken over by a NIU and government, which set up the Aadhaar system at enormous public cost, will take the role of a “paying customer”. Indeed, the TAG-UP states, “Once the rollout is completed, the government’s role shifts to that of a customer“.

Apart from the sheer audacity of TAG-UP's proposal of government funding the start-up of private companies, the data-security risks of private companies owning and handling strategic databases appears to have been overlooked. Data security of Indian citizens and other residents would be compromised, simplifying the task for NSA. Purchasing the desired data from an entity which has it or has access to it, is so much more elegant, risk-free and cheaper that hacking into a system! This is not to suggest that only USA (through its NSA, CIA and FBI) would be interested in hacking into India's critical information infrastructures. Surely China, Pakistan, Russia, Israel, Britain, France, Iran, Bangladesh, Sri Lanka and Myanmar at the very least, would have reasons to obtain data and information from India for political, economic and military purposes.

Impending death of democracy
India's new Centralized Monitoring System (CMS) has, like UIDAI before it, been created by executive fiat. CMS is a wide-ranging surveillance programme that will give its security agencies the ability to tap directly into e-mails and phone calls without oversight by courts or parliament. Security agencies will not need to seek a court order for surveillance. CMS will provide government unfettered access to all landline and mobile phone calls (900 million subscribers), SMSs, e-mails, web browsing (120 million internet users), video-conferencing, multi-media streaming and even video games. [Ref.8]. This has been planned and put into place without any legal safeguards and procedures concerning who or what will be surveilled, who will authorise surveillance, the period of surveillance, etc. In typical obfuscation, junior minister for Information Technology, Mr.Milind Deora, said the new data collection system would actually improve citizens' privacy because telecommunications companies would no longer be directly involved in the surveillance - only government officials would.

The purpose of UIDAI's Aadhaar project was stated to be reaching government benefits and programs to the poor by direct benefit transfer (DBT). If that was indeed so, then there was no need to coercively enrol the non-poor into Aadhaar as has been done, and to link up rights like salary and pension to the Aadhaar number. Thus, with plans to hand over strategic databases to private entities (NIUs), there is little doubt that UIDAI's Aadhaar project will be an enabler in the CMS plan. The doubt is only whether it was planned to be the enabler, to facilitate surveillance.

The operationalization of CMS together with UIDAI's Aadhaar operating in corporate (NIU) hands will make India into a police state under unfettered capitalism of corporate control. The power of the people by electing representatives to legislatures will be meaningless as legislators are themselves corporate honchos or increasingly under the influence of corporates. Those who are not, will be silenced with information obtained by CMS investigation.
The strategic subservience of India to USA and the latter's PRISM, will ensure that India's chief executive (prime minister) will toe the U.S line, not unlike USA's imposition of dictators in the countries of South America in the 1970s and 1980s. This was done to impose neo-liberal economic policies according to Milton Friedman, through political shock doctrine methods. These include harassing, arresting or “disappearing” dissenters, objectors, political opponents, trade union leaders, whistleblowers, intellectuals, and all those who are foolish or courageous enough to demand social justice, equity and democracy, because locating and targetting them through Aadhaar and CMS will be child's play. [Ref.9].

References
1. Tom Engelhardt; “The Making of a Global Security State”; <http://www.countercurrents.org/engelhardt180613.htm>; Countercurrents.org; June 18, 2013.
2. Zia Mian, “America's Time and Place”; Economic & Political Weekly; Vol.XL, No.16, April 16, 2005.
3. Sandeep Joshi; “Waking up now, India to up cyber security strength”; The Hindu, Bangalore, June 19, 2013, p.14.
4. “Obama orders US to draw up overseas target list for cyber-attacks”; The Guardian; <http://www.guardian.co.uk/world/2013/jun/07/obama-china-targets-cyber-overseas>; June 9, 2013.
5. Indulekha Aravind; “Criminals will be able to crack UID system easily: Jacob Appelbaum”; <http://www.business-standard.com/article/economy-policy/criminals-will-be-able-to-crack-uid-system-easily-jacob-appelbaum-113053100728_1.html>; Business Standard, Bangalore, June 1, 2013.
6. Vombatkere, S.G., “The US War Machine – Yesterday, Today and Tomorrow”, Mainstream, New Delhi, Vol XLVIII No 17, April 17, 2010, p.25-30.
7. Usha Ramanathan; “Your data, going on sale soon”; <http://www.thehindu.com/opinion/op-ed/your-data-going-on-sale-soon/article4733606.ece>; The Hindu; May 13, 2013.
8. Shalini Singh; “India's surveillance project may be as lethal as PRISM”; The Hindu; June 21, 2013; p.1.
9. Naomi Klein; “The Shock Doctrine: The Rise of Disaster Capitalism”; Random House, Toronto, 2007.


Major General S.G. Vombatkere retired as the Additional Director General, Discipline & Vigilance in Army HQ, New Delhi. The President of India awarded him the Visishta Seva Medal in 1993 for distinguished service rendered over 5 years in Ladakh. He holds a PhD degree in Structural Dynamics from IIT, Madras. He is Adjunct Associate Professor of the University of Iowa, USA, and is a member of NAPM and PUCL. He writes on strategic and development-related issues.: Email: sg9kere@live.com