Aadhaar & database risks: Will India evaporate to become nobody in our life time? –Part 28

Legislators, who are wittingly or unwittingly promoting UIDAI’s biometric data collection, have committed an inexcusable, unpardonable blunder. Our future generations may deem this to be an act of treason for having facilitated entry of cyber Trojans that endangered India's territorial integrity by hollowing it from within

If I were two-faced, would I be wearing this one?

-Abraham Lincoln, the 16th President of US, who was assassinated in 1865


The Internet was conceived and designed by a man named Larry Roberts in 1963. Larry was invited to Washington by Ivan Sutherland, the then head of Advanced Research Projects Agency (ARPA)’s computer research. Internet was called ARPA network (ARPAnet) then and was designed to be a fail-safe messaging system that packetized information. The military was funding ARPAnet at a time when the cold war was almost at its peak. Some countries including United States, want to make sure that there is some means for them to listen into messages, like wiretapping.

-Prof Nicholas Negroponte, author of Being Digital, 1995


“Who arrogates the power to spy on the entire earth-every single of us-and when he is caught red handed, explains to us that “we’re going to have to make a choice. Who is that person? Let’s be careful about who we call “traitor”.  Edward Snowden is one of us. Bradley Manning is one of us. They are young, technically minded people from the generation Barack Obama betrayed. They are the generation that grew up on the internet, and were shaped by it.”     

-Statement of Julian Assange of Wikileaks, who may have to stay in Eucadorian Embassy until 2022 (22 June 2013) 


“We have maintained a silence closely resembling stupidity.”

- a Proclamation from La Paz, capital of Bolivia, 16 July 1809


It has officially been admitted that the chief executive (CEO) of MongoDB met senior officials of Unique Identification Authority of India (UIDAI)’s Technology Centre at Bangalore. In a reply to a RTI question, UIDAI said, “Mr Max Schireson CEO Mongo DB while on a tour to India, sought a meeting at UIDAI Tech Centre and the meeting was held on 13 November, 2013.”

These disclosures do not reveal what was the aim of MongoDB chief’s visit to India and whether the CEO accomplished the task for which he had come. MongoDB’s link with US Central Intelligence Agency (CIA) and National Security Agency (NSA) merits the attention of Indian voters to ascertain what is uniquely strategic about a MongoDB database and similar other databases being creation. It is akin to identifying and matching mailing addresses of communities, ethnic groups and individuals against a database. It is as specific as targets for precision bombing and drone attacks.

Political parties must be made to include their position on cloud computing in their manifesto especially in the aftermath of disclosures by whistleblowers like Wikileaks, Bradley Manning, Edward Snowden and the recent report of the Parliamentary Standing Committee on Information Technology. Cloud computing refers to a computing model enabling ubiquitous network access to a shared and virtualised pool of computing capabilities (e.g., network, storage, processing, and memory) that can be rapidly provisioned with minimal management effort. 


In response to a question as to the names of UIDAI officials who met MongoDB’s CEO during all the meetings, the UIDAI said, “DDG Tech Centre and ADG IT-II, Tech Centre” met him. In reply to the query about the copy of the full contract signed between UIDAI and MongoDB, and/or any of its previous or successor names / titles / agents, UIDAI and IBM, UIDAI and Oracle and UIDAI and In-Q-Tel, the UIDAI has written, “No contract signed” between UIDAI and MongoDB, and/or any of its previous or successor names / titles / agents and “No contract signed” between UIDAI and IBM.


With regard to the query about contract between UIDAI and Oracle, UIDAI has stated, “Production support for MySQL is provided by Oracle; not contact signed.” This reply reveals that UIDAI is engaging companies like Oracle and others without signing any contract. As to contract agreement between UIDAI and In-Q-Tel, UIDAI has written “No contract signed” between them. Oracle too is also in the business of ‘cloudifying’ database that seems to have the potential to turn governments into puppets at least as far as control over database is concerned.


Strangely, in response to the query about “the country of registration of above listed companies and the names and profile of the persons as the Board of Directors”, UIDAI has given an evasive and disturbing reply stating, “No Information is known”. This reply merits probe. Similar reply was initially given by UIDAI when it was asked about the origin of the country of security, identification and surveillance companies like Accenture, Safran Group’s Sagem Morpho and L1 Identity solution who had signed contracts with UIDAI.


To the query about copy of the relevant pages of the guidelines, surveys and reports on record for 100% accuracy of biometrics and that biometrics data of any person that changes because of ageing, UIDAI states, “Information is not available.” The RTI application was filed on 24 December 2013. The reply is dated 14 February 2014 by UIDAI but it was received on 21 February 2014 by speed post. The reply states that the point wise response to the RTI application was given by the Tech Centre, Bangalore, UIDAI. The RTI application was filed by Qaneez-e-Fatemah Sukhrani.


It may be recalled that MongoDB (formerly called 10gen) is a technology company from the US, which is co-funded by the CIA. It has not been explained as to what transpired at the meeting of UIDAI officials like DDG Tech Centre and ADG IT-II, Tech Centre, Bangalore with Max Schireson, CEO of MongoDB. Ashok MR Dalwai is Deputy Director General (ADG), Tech Centre.

MongoDB company is a Palo Alto and Manhattan-based database software provider in the $30 billion relational database market. Relational databases commenced in the 1970s when computers were moving away from punch cards (that facilitated holocaust in Germany using census data) to terminals. UIDAI remains tight lipped about MongoDB’s relationship with CIA. It is yet to become clear whether this company is providing “production support” like Oracle without signing any contract or is it operating through some pre-existing entity, which is already working with UIDAI.  In a somewhat different context, Schireson has explained, “We deliver enterprises a 10 to 1 improvement — we charge tens of thousands of dollars to complete projects in a few months that they charge millions of dollars to finish in years” processes for large volume and diverse variety of big data.

It is germane to recall that one of the investors of MongoDB is In-Q-Tel (IQT), a not-for-profit organization based in Virginia, US created to bridge the gap between the technology needs of the US Intelligence Community and emerging commercial innovation. IQT was launched in 1999. Its core purpose is to keep CIA and other intelligence agencies equipped with the latest in information technology to support of intelligence capability.

George Tenet, former CIA director has revealed in writing, “We (the CIA) decided to use our limited dollars to leverage technology developed elsewhere. In 1999 we chartered ... In-Q-Tel.... While we pay the bills, In-Q-Tel is independent of CIA. CIA identifies pressing problems, and In-Q-Tel provides the technology to address them.” In-Q-Tel was funded with about $37 million a year from the CIA. Notably, In-Q-Tel sold 5,636 shares of Google in 2005. The stocks were a result of Google’s acquisition of Keyhole, the CIA funded satellite mapping software now known as Google Earth.

In its reply UIDAI should have disclosed the names of companies which are providing support to it without signing any contract, the details of the terms and conditions and financial component involved in the production support being offered by Oracle and the details of meetings between MongoDB and Nandan Nilekani, the biometric data collector.

In a statement dated 5 December 2013, Communist Party of India (Marxist) had taken cognizance of the engagement between MongoDB, L-1 Identity Solutions, Safran Group and UIDAI. It stated, “The collection of personal data and biometrics of all Indian citizens through the Aaadhar programme has been made available to the US agencies through the employment of these companies. It is now known through the Snowden files that the US authorities have been suborning all data through US telecom and internet companies.  The Indian government and the UIDAI has compromised the vital data collected of Indian citizens by such tie-ups. The UIDAI collection of data has no legal basis.”

This party had demanded “the cancellation of the tie-up with foreign companies and a suspension of the Aaadhar scheme till Parliament deliberates and decides on its future and, if required, a legislative enactment.” It is puzzling as to why this party’s government in Tripura has not cancelled the MoU it has signed with UIDAI? Notably, in the home state of Nandan Nilekani, Karantaka BJP took cognizance of the news report in December 2013 about MongoDB but stopped short of issuing any statement.     

In a seemingly different context, on 14 February 2014, The Hindu published an AFP news report from Kabul on its front page titled “Prisoners’ release from Bagram angers US”. The news story is about how ahead of withdrawal of US-led foreign troops after 13 years of battling militants, some 65 alleged Taliban fighters walked free from jail in Afghanistan, who were allegedly responsible for killing NATO and Afghan soldiers and civilians.  They were released from Bagram prison compound, 50km north of Kabul. It is noteworthy that according to US military one of the released prisoners Mohammad Wali is suspected Taliban explosives expert is “biometrically linked” to two bombings against troops in Helmand province. The question arises as to whether Government of Afghanistan right in releasing the “biometrically linked” prisoners in a context where biometrics is admittedly “inherently fallible” or is Government of US right in biometrically profiling the Afghan citizens? It seems evident that Government of US has the biometric database of citizens of Afghanistan. Is it in the national interest of Afghanistan?

The mission of India’s National Cyber Security Policy dated 8 May 2013 is "to protect information and information infrastructure in cyber space, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation." This is an afterthought. The biometric data collection for unique identification number being generated by Planning Commission’s UIDAI and Registrar General of India for National Population Register (NPR) under Ministry of Home Affairs (MHA) has created “Big” data and has deliberately been compromised. Is it in accessible to data miners like Government of US? Is it really in India’s national interest to ensure that Indians are biometrically profiled the way Afghanistanis, Pakistanis and Egyptians have been profiled?

“Data can be considered as the equivalent of water. There are a number of processes involved before the actual consumption of water and data. The journey begins with data, like water, being generated at multiple sources. These are then brought together into one central location”, reads a paper titled Analytics - Empowering Operations: The UIDAI Experience.  The paper is dated January 2012.


The simile of water flow for data flow reveals the sensitivity of the controller and owner of the grids- be it water grid, power grid or data grid. Do Indians know about the forces that seeks centralization of every conceivable resource and its civilizational cost? Is the legal and political imagination of Indians in general and informed citizens in particular so barren that it cannot fathom its far reaching ramifications despite colonial experience? One of the key factors for colonization was information asymmetry between the occupiers and the occupied.


The UIDAI’s paper states that “The Unique Identification Authority of India (UIDAI) is working to provide residents of India a Unique Identification number (called Aadhaar).The authority, in a short span, is set to become the largest biometric capture and identification project in the world.” The paper goes on to explain how to handle “Big” data. It states that “Over time, data will increase exponentially, fuelled by data coming in from residents, vendors and partners. Big data refers to data that is many orders of magnitude larger than traditional data. This size and nature of data makes the traditional database methodologies and technologies obsolete. Hence, provision should be made to ensure the system can handle this.”


Who is the handler of the system?


Dermot Mccormack et al, in the book 10 Technologies Every Executive Needs to Know, underline how some of the encryption, security and signal encoding issues that we might blame the manufacturers on may in fact have another source of culpability. During the 1990s the US Government was urging the industry to pursue a policy of “weak encryption”. The Government’s argument was based on the belief that building highly encrypted, absolutely secure products would be an impediment to their intelligence gathering operations! It is unclear who is winning the argument for tougher security. In the post 9/11 world the government is in a strong position to browbeat security wireless system manufacturers to abide by their ‘guidance’.”


Nilekani, the cabinet minister-ranked chief of UIDAI, who has been made the chairman of Congress Manifesto Consultation Committee, has been assuring Indians that firewalls that have been created will protect the biometric assets of the Indian residents. He refrains from referring to them as his compatriots. Dermot Mccormack et al categorically state, “Firewalls are not a security panacea.”    


In simple words, Prof Nicholas Negroponte, author of Being Digital explains how world trade has traditionally consisted of exchanging atoms, not bits. Bits form the basis of cyber world. He predicts that “Like a mothball, which goes from solid to gas directly, I expect the nation-state to evaporate without first going into a gooey, inoperative mess, before some global cyber state commands the cyber ether. Without question, the role of the nation-state will change dramatically and there will be no room for nationalism than there is for small pox.”

His argument that most laws were conceived in and for a world of atoms, not bits therefore it seems national law has no place in cyber law. He underlines that cyber law is global law. This merits urgent attention of jurists, law makers and legal luminaries else the country can get colonized yet again by the asymmetry of information about information, communication, identification and surveillance technologies.


The promoters of online database of Indians like Nilekani and Sam Pitroda, the cabinet minister-ranked chief of Public Information Infrastructure have implied that nation-state is an endangered entity in the cyber world.    


In the Lok Sabha, Ministry of Home Affairs (MHA) was asked whether the Ministry has received proposals from various quarters for the issuance of unique identity card and resident identity card based on the National Population Register (NPR) in the country including nearly 130 border districts. Eight Members of Parliament (MPs) namely, Ingrid Mcleod, Jose K Mani, Madhu Goud Yaskhi, Anandrao Adsul, Dharmendra Yadav, Gajanan D Babar, DB Chandre Gowda and Shivaji Adhalrao Patil asked the question on 26 February 2013. They wanted to know the steps being taken by the government to check duplicity in the issuance of such cards and whether the government proposes to link the cards being issued under the NPR with that of the Aaadhar being issued by the UIDAI to check duplication of efforts.


RPN Singh, the minister of state in MHA replied, “The requests have been received from various security agencies to complete the National Population Register (NPR) and issue Resident Identity Cards based on NPR in the country.” He added, “Government has approved the scheme of creation of NPR in the country at an estimated cost of Rs6,649.05 crore and the same is under implementation. Presently, the proposal for issuance of Resident Identity (smart) Cards to all the usual residents in the country who are of age 18 years and above under the scheme of creation of NPR has been appraised by the Expenditure Finance Committee (EFC) and recommended. The Union Cabinet, in its meeting on 31 January 2013, has considered the proposal and referred the same to a Group of Ministers (GoM).”


The minister explained, “As per the approved methodology, three biometrics collected under NPR (photographs, 10 finger prints and 2 IRIS prints) are sent to UIDAI for de-duplication based on biometrics and assigning of Aadhaar number to each resident. This would ensure that there are no duplicates in the NPR. The Aadhaar number would be printed on the Resident Identity Card. The mandate of the UIDAI is to issue unique identity numbers (Aadhaar) to all residents of the country and not a card. The UIDAI is generating Aadhaar numbers and communicating it to the residents through a letter which is referred to in common parlance as the “Aadhaar Card”. The proposed Resident Identity Card on the other hand is a Plastic Smart Card, which would not only be durable but also enable field authentication of identity without dependence on any external media like internet on mobile connectivity. Given the security threat perception in the country, this Smart Identity Card would greatly enhance the capability of agencies involved in counter-terrorism, anti-insurgency and border control to check identity of persons on the spot.”


The MPs who posed the questions feigned ignorance about the recommendations of the Parliamentary Standing Committee on Finance on biometric data collection. By accepting the fait accompli with regard to ongoing illegal and illegitimate biometric data collection they seem to be complicit in implicitly supporting it. The February 2014 report of Parliamentary Standing Committee on Information Technology on Cyber Crime, Cyber Security and Right to Privacy reveals how Aadhaar number and NPR number compromise both national security and citizens’ sovereignty for good. The database of these numbers is being stored on cloud which is beyond India’s jurisdiction. Those legislators who are wittingly or unwittingly promoting them have committed an inexcusable and unpardonable blunder which future generations may deem to be an act of treason for having facilitated entry of cyber Trojans that endangered India’s territorial integrity by hollowing it from within. Is it irrelevant to recollect the role of the Trojan horse in the battle of Troy?


“The division of labour among nations is that some specialize in winning and others in losing,” said Eduardo Galeano, the author of Open Veins of Latin America: Five centuries of the pillage of a Continent. To quote his words in the Indian context, it is apt state that our part of the world was precocious: it has specialized in losing since those remote times when Renaissance Europeans ventured across the ocean and buried their teeth in the throats of the Indian civilization. Centuries have passed, and Indian sub-continent perfected its role. Cyber Trojans can easily masquerade like the character of “No Body” in Homer’s epic Odyssey to vanquish nation-states with a hitherto unknown finality. "Nobody" is the name Odysseus gives to himself when Cyclops Polyphemos asks for Odysseus' name, he gives his name as 'No Body'. When Polyphemus is screaming on being beaten to death, the Cyclops screams that ‘Nobody’ is hurting him.


The position of BJP led alliance on cyber Trojans leaves a lot to be desired, the surrender of Congress led alliance to NSA and its machinations is quite manifest but the stance of the Left Front and their alliance partners for Federal Front on the unfolding global surveillance regime does not cover themselves with any glory either. The way likes of Mamata Banerjee and Arvind Kejriwal have failed to rigorously examine this grave issue of life and death too is highly disappointing. The imagination of the political class as a whole seems to have become infertile. The political workers who are not pimps of business enterprises seem frozen by the stance of their parties which are evidently caught in a time warp. What is politics without imagination? Are these political organizations structurally myopic? Or have they outlived their utility?


Can voters turn their subjugation through databasing by national and transnational tycoons in league with countries like the US into an electoral issue? Isn’t it a case of so called “free trade” in personal sensitive information at any national cost? It appears to be more lucrative than trade in opium and the real estate. Perhaps, it is an extension of the trade in real estate.  


India has been shrinking in the last few centuries. Its trade share in the world trade too has been shrinking. Surveillance is not only about violation of privacy but also about the treasure hunt for unprecedented financial surveillance and economic intelligence in the economic history of mankind. Will India evaporate to become a cipher in our life time? If Nilekanis, Pitrodas and Rahul Gandhis have their way, the path appear paved to that end with the “solutions architecture” akin to The Final Solution for divided Indians. The electoral verdict of 2014 general elections is turning out to be a referendum on the life span of India as a nation state.         


You may also want to read…

Why biometric identification of citizens must be resisted? Part I

Biometric identification is modern day enslavement -Part II

Biometric profiling, including DNA, is dehumanising -Part III

Marketing and advertising blitzkrieg of biometric techies and supporters -Part IV

History of technologies reveals it is their owners who are true beneficiaries -Part V

UID's promise of service delivery to poor hides IT, biometrics industry profits –Part VI

Technologies and technology companies are beyond regulation? -Part VII

Surveillance through biometrics-based Aadhaar –Part VIII

Narendra Modi biometrically profiled. What about Congress leaders?-Part IX

Aadhaar: Why opposition ruled states are playing partner for biometric UID? -Part X


Is Nandan Nilekani acting as an agent of non-state actors? –Part XI


Aadhaar and UPA govt's obsession for private sector benefits–Part XII

CIA-funded MongoDB partners with UIDAI to handle Aadhaar data –Part XIII


Are Indians being used as guinea pigs of biometric technology companies? -Part XIV

Aadhaar: Is the biometric data of human body immortal and ageless? Part XV

Aadhaar: The propaganda of transnational vested interests –Part XVI


Aadhaar: Pakistan handed over, India giving database on a platter– Part XVII

Engineered row in US-India relations, an attention diversion tactics of big brothers?—Part XVIII


Aadhaar: UIDAI and the ‘fifth column’ of Napoleon—Part XIX

Aadhaar: Turning citizens into subjects through social control technology companies –PartXX


Why Kejriwal govt in Delhi should abandon biometric Aadhaar?—Part XXI


Aadhaar for LPG: Oil companies, Ministry of Petroleum & UIDAI disobeying Supreme Court order–Part XXII


Why Vasundhara Raje should immediately withdraw circulars making Aadhaar mandatory -Part XXIII


How Congress has been proven wrong on biometric Aadhaar and NPR -Part XXIV


Aadhaar, NPR, UN resolution and deafening silence of political parties –Part XXV

Is Congress converging UID numbers of EVMs and Indian voters? –Part XXVI


Is our political class trapped by economic hit men from database empires? -Part XXVII

(Gopal Krishna is member of Citizens Forum for Civil Liberties (CFCL), which is campaigning against surveillance technologies since 2010)

10 years ago
While the concerns on privacy are legitimate, the issues on technology are bit overstated. Oracle does operate a database on Cloud, but it is not known whether it is free and open source MySQL or Oracle's own proprietary Oracle DB. Similarly we reliably don't know what support is 10 gen providing. We don't know if data will reside in servers of 10 gen's premises (unlikely). We also don't know which cloud platform is UIDAI using? Is it Amazon's EC2 or Rackspace or Heroku? Coincidentally Indian government also operates a cloud - but that could also be backed by EC2, Rackspace or Heroku.

While Cloud Computing has privacy concerns, there is also a private cloud which is hosted on premise. Is UIDAI using this technology (Openstack)? We don't know.
Free Helpline
Legal Credit