In your interest.
Online Personal Finance Magazine
No beating about the bush.
Legislators, who are wittingly or unwittingly promoting UIDAI’s biometric data collection, have committed an inexcusable, unpardonable blunder. Our future generations may deem this to be an act of treason for having facilitated entry of cyber Trojans that endangered India's territorial integrity by hollowing it from within
If I were two-faced, would I be wearing this one?
-Abraham Lincoln, the 16th President of US, who was assassinated in 1865
The Internet was conceived and designed by a man named Larry Roberts in 1963. Larry was invited to Washington by Ivan Sutherland, the then head of Advanced Research Projects Agency (ARPA)’s computer research. Internet was called ARPA network (ARPAnet) then and was designed to be a fail-safe messaging system that packetized information. The military was funding ARPAnet at a time when the cold war was almost at its peak. Some countries including United States, want to make sure that there is some means for them to listen into messages, like wiretapping.
-Prof Nicholas Negroponte, author of Being Digital, 1995
“Who arrogates the power to spy on the entire earth-every single of us-and when he is caught red handed, explains to us that “we’re going to have to make a choice. Who is that person? Let’s be careful about who we call “traitor”. Edward Snowden is one of us. Bradley Manning is one of us. They are young, technically minded people from the generation Barack Obama betrayed. They are the generation that grew up on the internet, and were shaped by it.”
-Statement of Julian Assange of Wikileaks, who may have to stay in Eucadorian Embassy until 2022 (22 June 2013)
“We have maintained a silence closely resembling stupidity.”
- a Proclamation from La Paz, capital of Bolivia, 16 July 1809
It has officially been admitted that the chief executive (CEO) of MongoDB met senior officials of Unique Identification Authority of India (UIDAI)’s Technology Centre at Bangalore. In a reply to a RTI question, UIDAI said, “Mr Max Schireson CEO Mongo DB while on a tour to India, sought a meeting at UIDAI Tech Centre and the meeting was held on 13 November, 2013.”
These disclosures do not reveal what was the aim of MongoDB chief’s visit to India and whether the CEO accomplished the task for which he had come. MongoDB’s link with US Central Intelligence Agency (CIA) and National Security Agency (NSA) merits the attention of Indian voters to ascertain what is uniquely strategic about a MongoDB database and similar other databases being creation. It is akin to identifying and matching mailing addresses of communities, ethnic groups and individuals against a database. It is as specific as targets for precision bombing and drone attacks.
Political parties must be made to include their position on cloud computing in their manifesto especially in the aftermath of disclosures by whistleblowers like Wikileaks, Bradley Manning, Edward Snowden and the recent report of the Parliamentary Standing Committee on Information Technology. Cloud computing refers to a computing model enabling ubiquitous network access to a shared and virtualised pool of computing capabilities (e.g., network, storage, processing, and memory) that can be rapidly provisioned with minimal management effort.
In response to a question as to the names of UIDAI officials who met MongoDB’s CEO during all the meetings, the UIDAI said, “DDG Tech Centre and ADG IT-II, Tech Centre” met him. In reply to the query about the copy of the full contract signed between UIDAI and MongoDB, and/or any of its previous or successor names / titles / agents, UIDAI and IBM, UIDAI and Oracle and UIDAI and In-Q-Tel, the UIDAI has written, “No contract signed” between UIDAI and MongoDB, and/or any of its previous or successor names / titles / agents and “No contract signed” between UIDAI and IBM.
With regard to the query about contract between UIDAI and Oracle, UIDAI has stated, “Production support for MySQL is provided by Oracle; not contact signed.” This reply reveals that UIDAI is engaging companies like Oracle and others without signing any contract. As to contract agreement between UIDAI and In-Q-Tel, UIDAI has written “No contract signed” between them. Oracle too is also in the business of ‘cloudifying’ database that seems to have the potential to turn governments into puppets at least as far as control over database is concerned.
Strangely, in response to the query about “the country of registration of above listed companies and the names and profile of the persons as the Board of Directors”, UIDAI has given an evasive and disturbing reply stating, “No Information is known”. This reply merits probe. Similar reply was initially given by UIDAI when it was asked about the origin of the country of security, identification and surveillance companies like Accenture, Safran Group’s Sagem Morpho and L1 Identity solution who had signed contracts with UIDAI.
To the query about copy of the relevant pages of the guidelines, surveys and reports on record for 100% accuracy of biometrics and that biometrics data of any person that changes because of ageing, UIDAI states, “Information is not available.” The RTI application was filed on 24 December 2013. The reply is dated 14 February 2014 by UIDAI but it was received on 21 February 2014 by speed post. The reply states that the point wise response to the RTI application was given by the Tech Centre, Bangalore, UIDAI. The RTI application was filed by Qaneez-e-Fatemah Sukhrani.
It may be recalled that MongoDB (formerly called 10gen) is a technology company from the US, which is co-funded by the CIA. It has not been explained as to what transpired at the meeting of UIDAI officials like DDG Tech Centre and ADG IT-II, Tech Centre, Bangalore with Max Schireson, CEO of MongoDB. Ashok MR Dalwai is Deputy Director General (ADG), Tech Centre.
MongoDB company is a Palo Alto and Manhattan-based database software provider in the $30 billion relational database market. Relational databases commenced in the 1970s when computers were moving away from punch cards (that facilitated holocaust in Germany using census data) to terminals. UIDAI remains tight lipped about MongoDB’s relationship with CIA. It is yet to become clear whether this company is providing “production support” like Oracle without signing any contract or is it operating through some pre-existing entity, which is already working with UIDAI. In a somewhat different context, Schireson has explained, “We deliver enterprises a 10 to 1 improvement — we charge tens of thousands of dollars to complete projects in a few months that they charge millions of dollars to finish in years” processes for large volume and diverse variety of big data.
It is germane to recall that one of the investors of MongoDB is In-Q-Tel (IQT), a not-for-profit organization based in Virginia, US created to bridge the gap between the technology needs of the US Intelligence Community and emerging commercial innovation. IQT was launched in 1999. Its core purpose is to keep CIA and other intelligence agencies equipped with the latest in information technology to support of intelligence capability.
George Tenet, former CIA director has revealed in writing, “We (the CIA) decided to use our limited dollars to leverage technology developed elsewhere. In 1999 we chartered ... In-Q-Tel.... While we pay the bills, In-Q-Tel is independent of CIA. CIA identifies pressing problems, and In-Q-Tel provides the technology to address them.” In-Q-Tel was funded with about $37 million a year from the CIA. Notably, In-Q-Tel sold 5,636 shares of Google in 2005. The stocks were a result of Google’s acquisition of Keyhole, the CIA funded satellite mapping software now known as Google Earth.
In its reply UIDAI should have disclosed the names of companies which are providing support to it without signing any contract, the details of the terms and conditions and financial component involved in the production support being offered by Oracle and the details of meetings between MongoDB and Nandan Nilekani, the biometric data collector.
In a statement dated 5 December 2013, Communist Party of India (Marxist) had taken cognizance of the engagement between MongoDB, L-1 Identity Solutions, Safran Group and UIDAI. It stated, “The collection of personal data and biometrics of all Indian citizens through the Aaadhar programme has been made available to the US agencies through the employment of these companies. It is now known through the Snowden files that the US authorities have been suborning all data through US telecom and internet companies. The Indian government and the UIDAI has compromised the vital data collected of Indian citizens by such tie-ups. The UIDAI collection of data has no legal basis.”
This party had demanded “the cancellation of the tie-up with foreign companies and a suspension of the Aaadhar scheme till Parliament deliberates and decides on its future and, if required, a legislative enactment.” It is puzzling as to why this party’s government in Tripura has not cancelled the MoU it has signed with UIDAI? Notably, in the home state of Nandan Nilekani, Karantaka BJP took cognizance of the news report in December 2013 about MongoDB but stopped short of issuing any statement.
In a seemingly different context, on 14 February 2014, The Hindu published an AFP news report from Kabul on its front page titled “Prisoners’ release from Bagram angers US”. The news story is about how ahead of withdrawal of US-led foreign troops after 13 years of battling militants, some 65 alleged Taliban fighters walked free from jail in Afghanistan, who were allegedly responsible for killing NATO and Afghan soldiers and civilians. They were released from Bagram prison compound, 50km north of Kabul. It is noteworthy that according to US military one of the released prisoners Mohammad Wali is suspected Taliban explosives expert is “biometrically linked” to two bombings against troops in Helmand province. The question arises as to whether Government of Afghanistan right in releasing the “biometrically linked” prisoners in a context where biometrics is admittedly “inherently fallible” or is Government of US right in biometrically profiling the Afghan citizens? It seems evident that Government of US has the biometric database of citizens of Afghanistan. Is it in the national interest of Afghanistan?
The mission of India’s National Cyber Security Policy dated 8 May 2013 is "to protect information and information infrastructure in cyber space, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation." This is an afterthought. The biometric data collection for unique identification number being generated by Planning Commission’s UIDAI and Registrar General of India for National Population Register (NPR) under Ministry of Home Affairs (MHA) has created “Big” data and has deliberately been compromised. Is it in accessible to data miners like Government of US? Is it really in India’s national interest to ensure that Indians are biometrically profiled the way Afghanistanis, Pakistanis and Egyptians have been profiled?
“Data can be considered as the equivalent of water. There are a number of processes involved before the actual consumption of water and data. The journey begins with data, like water, being generated at multiple sources. These are then brought together into one central location”, reads a paper titled Analytics - Empowering Operations: The UIDAI Experience. The paper is dated January 2012.
The simile of water flow for data flow reveals the sensitivity of the controller and owner of the grids- be it water grid, power grid or data grid. Do Indians know about the forces that seeks centralization of every conceivable resource and its civilizational cost? Is the legal and political imagination of Indians in general and informed citizens in particular so barren that it cannot fathom its far reaching ramifications despite colonial experience? One of the key factors for colonization was information asymmetry between the occupiers and the occupied.
The UIDAI’s paper states that “The Unique Identification Authority of India (UIDAI) is working to provide residents of India a Unique Identification number (called Aadhaar).The authority, in a short span, is set to become the largest biometric capture and identification project in the world.” The paper goes on to explain how to handle “Big” data. It states that “Over time, data will increase exponentially, fuelled by data coming in from residents, vendors and partners. Big data refers to data that is many orders of magnitude larger than traditional data. This size and nature of data makes the traditional database methodologies and technologies obsolete. Hence, provision should be made to ensure the system can handle this.”
Who is the handler of the system?
Dermot Mccormack et al, in the book 10 Technologies Every Executive Needs to Know, underline how some of the encryption, security and signal encoding issues that we might blame the manufacturers on may in fact have another source of culpability. During the 1990s the US Government was urging the industry to pursue a policy of “weak encryption”. The Government’s argument was based on the belief that building highly encrypted, absolutely secure products would be an impediment to their intelligence gathering operations! It is unclear who is winning the argument for tougher security. In the post 9/11 world the government is in a strong position to browbeat security wireless system manufacturers to abide by their ‘guidance’.”
Nilekani, the cabinet minister-ranked chief of UIDAI, who has been made the chairman of Congress Manifesto Consultation Committee, has been assuring Indians that firewalls that have been created will protect the biometric assets of the Indian residents. He refrains from referring to them as his compatriots. Dermot Mccormack et al categorically state, “Firewalls are not a security panacea.”
In simple words, Prof Nicholas Negroponte, author of Being Digital explains how world trade has traditionally consisted of exchanging atoms, not bits. Bits form the basis of cyber world. He predicts that “Like a mothball, which goes from solid to gas directly, I expect the nation-state to evaporate without first going into a gooey, inoperative mess, before some global cyber state commands the cyber ether. Without question, the role of the nation-state will change dramatically and there will be no room for nationalism than there is for small pox.”
His argument that most laws were conceived in and for a world of atoms, not bits therefore it seems national law has no place in cyber law. He underlines that cyber law is global law. This merits urgent attention of jurists, law makers and legal luminaries else the country can get colonized yet again by the asymmetry of information about information, communication, identification and surveillance technologies.
The promoters of online database of Indians like Nilekani and Sam Pitroda, the cabinet minister-ranked chief of Public Information Infrastructure have implied that nation-state is an endangered entity in the cyber world.
In the Lok Sabha, Ministry of Home Affairs (MHA) was asked whether the Ministry has received proposals from various quarters for the issuance of unique identity card and resident identity card based on the National Population Register (NPR) in the country including nearly 130 border districts. Eight Members of Parliament (MPs) namely, Ingrid Mcleod, Jose K Mani, Madhu Goud Yaskhi, Anandrao Adsul, Dharmendra Yadav, Gajanan D Babar, DB Chandre Gowda and Shivaji Adhalrao Patil asked the question on 26 February 2013. They wanted to know the steps being taken by the government to check duplicity in the issuance of such cards and whether the government proposes to link the cards being issued under the NPR with that of the Aaadhar being issued by the UIDAI to check duplication of efforts.
RPN Singh, the minister of state in MHA replied, “The requests have been received from various security agencies to complete the National Population Register (NPR) and issue Resident Identity Cards based on NPR in the country.” He added, “Government has approved the scheme of creation of NPR in the country at an estimated cost of Rs6,649.05 crore and the same is under implementation. Presently, the proposal for issuance of Resident Identity (smart) Cards to all the usual residents in the country who are of age 18 years and above under the scheme of creation of NPR has been appraised by the Expenditure Finance Committee (EFC) and recommended. The Union Cabinet, in its meeting on 31 January 2013, has considered the proposal and referred the same to a Group of Ministers (GoM).”
The minister explained, “As per the approved methodology, three biometrics collected under NPR (photographs, 10 finger prints and 2 IRIS prints) are sent to UIDAI for de-duplication based on biometrics and assigning of Aadhaar number to each resident. This would ensure that there are no duplicates in the NPR. The Aadhaar number would be printed on the Resident Identity Card. The mandate of the UIDAI is to issue unique identity numbers (Aadhaar) to all residents of the country and not a card. The UIDAI is generating Aadhaar numbers and communicating it to the residents through a letter which is referred to in common parlance as the “Aadhaar Card”. The proposed Resident Identity Card on the other hand is a Plastic Smart Card, which would not only be durable but also enable field authentication of identity without dependence on any external media like internet on mobile connectivity. Given the security threat perception in the country, this Smart Identity Card would greatly enhance the capability of agencies involved in counter-terrorism, anti-insurgency and border control to check identity of persons on the spot.”
The MPs who posed the questions feigned ignorance about the recommendations of the Parliamentary Standing Committee on Finance on biometric data collection. By accepting the fait accompli with regard to ongoing illegal and illegitimate biometric data collection they seem to be complicit in implicitly supporting it. The February 2014 report of Parliamentary Standing Committee on Information Technology on Cyber Crime, Cyber Security and Right to Privacy reveals how Aadhaar number and NPR number compromise both national security and citizens’ sovereignty for good. The database of these numbers is being stored on cloud which is beyond India’s jurisdiction. Those legislators who are wittingly or unwittingly promoting them have committed an inexcusable and unpardonable blunder which future generations may deem to be an act of treason for having facilitated entry of cyber Trojans that endangered India’s territorial integrity by hollowing it from within. Is it irrelevant to recollect the role of the Trojan horse in the battle of Troy?
“The division of labour among nations is that some specialize in winning and others in losing,” said Eduardo Galeano, the author of Open Veins of Latin America: Five centuries of the pillage of a Continent. To quote his words in the Indian context, it is apt state that our part of the world was precocious: it has specialized in losing since those remote times when Renaissance Europeans ventured across the ocean and buried their teeth in the throats of the Indian civilization. Centuries have passed, and Indian sub-continent perfected its role. Cyber Trojans can easily masquerade like the character of “No Body” in Homer’s epic Odyssey to vanquish nation-states with a hitherto unknown finality. "Nobody" is the name Odysseus gives to himself when Cyclops Polyphemos asks for Odysseus' name, he gives his name as 'No Body'. When Polyphemus is screaming on being beaten to death, the Cyclops screams that ‘Nobody’ is hurting him.
The position of BJP led alliance on cyber Trojans leaves a lot to be desired, the surrender of Congress led alliance to NSA and its machinations is quite manifest but the stance of the Left Front and their alliance partners for Federal Front on the unfolding global surveillance regime does not cover themselves with any glory either. The way likes of Mamata Banerjee and Arvind Kejriwal have failed to rigorously examine this grave issue of life and death too is highly disappointing. The imagination of the political class as a whole seems to have become infertile. The political workers who are not pimps of business enterprises seem frozen by the stance of their parties which are evidently caught in a time warp. What is politics without imagination? Are these political organizations structurally myopic? Or have they outlived their utility?
Can voters turn their subjugation through databasing by national and transnational tycoons in league with countries like the US into an electoral issue? Isn’t it a case of so called “free trade” in personal sensitive information at any national cost? It appears to be more lucrative than trade in opium and the real estate. Perhaps, it is an extension of the trade in real estate.
India has been shrinking in the last few centuries. Its trade share in the world trade too has been shrinking. Surveillance is not only about violation of privacy but also about the treasure hunt for unprecedented financial surveillance and economic intelligence in the economic history of mankind. Will India evaporate to become a cipher in our life time? If Nilekanis, Pitrodas and Rahul Gandhis have their way, the path appear paved to that end with the “solutions architecture” akin to The Final Solution for divided Indians. The electoral verdict of 2014 general elections is turning out to be a referendum on the life span of India as a nation state.
You may also want to read…
(Gopal Krishna is member of Citizens Forum for Civil Liberties (CFCL), which is campaigning against surveillance technologies since 2010)
A clarification on delinking Aadhaar account from disbursal of subsidised LPG cylinders would be issued within a week, the minister told the Lok Sabha
Consumers across the country can buy subsidised LPG cylinders without an Aadhaar-linked bank account, the government informed the Lok Sabha on Friday.
A clarification on delinking Aadhaar account from disbursal of subsidised LPG cylinders would be issued within a week, Petroleum and Natural Gas Minister Veerappa Moily said during the Question Hour.
As far as direct benefit transfer (DBT) is concerned, Cabinet has decided to delink Aadhar account from disbursal of subsidised LPG cylinders. Now, subsidised cylinders can be purchased without Aadhaar account, the minister said.
He said there have been some problems in DBT programme, mainly related to banks, which have been given Rs435 per cylinder (for subsidy) which is not enough since the subsidised price of one cylinder has increased to Rs700.
He also emphasised that the government has not increased the price of subsidised cylinders for consumers.
Under DBT, about 4.86 crore accounts have been made and around 2.06 crore households have received subsidised cylinders.
Regarding know your customer (KYC) norms for LPG connections, the minister said the government has already issued clarifications regarding multiple connections and would liberally look into the matter if required.
“If there are two separate LPG connections in the same address, it would be allowed if there are separate kitchens or separate households... A declaration has to be made (by the consumer),” he added.
Neither President Pranab Mukherjee, Congress chief Sonia Gandhi, Rahul Gandhi nor several ministers from UPA have enrolled for the Aadhaar scheme. Yet, the UPA government proposes to re-introduce the NIDAI Bill thus mocking parliamentary process at the fag end of the 5-year term after execution of the Aadhaar project
India ranks fifth among countries reporting maximum number of cybercrimes, as per the latest report released by Internet Crime Complaint Centre of the US. There are 20 types of cybercrime being witnessed worldwide. The need for new cyber jurisprudence and new international court for cyber jurisprudence has to come up.
The Committee note that the complex inter-connectivity of Internet with borderless environment, evolving innovative technologies, lack of awareness and rapidly changing security and threat landscape has posed massive challenge to cyber security ranging from data theft, espionage and Denial of Service (DoS) attacks to offensive actions by adversarial State and Non-State actors. The Committee also note that anonymous attacks – groups sponsored by Nations and terrorist groups also have become a major cross border challenge in Cyber Space.
- Report on Cyber Crime, Cyber Security and Right to Privacy, Parliamentary Standing Committee on Information Technology, February 2014
Besides interim budget, fiscal policy statements for 2014-15 and supplementary grants for 2013-14 by P Chidambram, the Finance Minister, the schedule for 17 February 2014 in Rajya Sabha has eight items listed for the legislative business. This list dated, 13 February 2014, has been signed by Shumsher K Sheriff, Secretary General, Rajya Sabha. The last item mentions The National Identification Authority of India (NIDAI) Bill to be re-introduced. It is meant to legalise biometric data collector, Unique Identification Authority of India (UIDAI)’s work done since 28 January 2009. This Bill was trashed and rejected by Parliamentary Standing Committee on Finance in its report to both the Houses of Parliament. This exercise by this lame duck minority government led by Indian National Congress is manifestly insincere.
The item No8 in the legislative business reads “RAJEEV SHUKLA to move that Bill to provide for the establishment of The National Identification Authority of India for the purpose of issuing identification numbers to individuals residing in India and to certain other classes of individuals and manner of authentication of such individuals to facilitate access to benefits and services to such individuals to which they are entitled and for matters connected therewith or incidental thereto, be taken into consideration.” Rajeev Shukla is the Minister of state in the Ministry of Parliamentary Affairs and Planning.
In its observations and recommendations, 25 member Parliamentary Standing Committee on Information Technology in its 88 page report on Cyber Crime, Cyber Security and Right to Privacy dated February, 2014 states, “the Committee is extremely unhappy to note that the Government is yet to institute a legal framework on privacy. When asked about the status of the above legislation, the Department has diverted the issue stating that the Department of Personnel and Training (DoPT) is still in the process of evolving legislation to address concerns of privacy, in general, and it is still at the drafting stage. The Committee seriously feels that in view of enormous data, very sensitive in nature, being consigned to cyber space each day particularly in the light of Government’s visionary UIDAI programme, the Government should not jeopardise the privacy of citizens on the plea that the Department is concerned only with Section 43(A) which it is based on self-regulation.”
The real issue of unhappiness of citizens is why should UID/Aadhaar programme and National Population Register (NPR) be proposed and executed prior to the legal framework for safeguarding right to privacy? How can this Committee feign ignorance of the fact that far from UIDAI programme being “visionary”, it lacks the legal mandate to be brought into operations? Perhaps, the word has been used to underline the irony.
The report aptly states, “The Committee observes that National e-Governance Programme (NeGP) is one of the ambitious projects of the Government and the Department is planning to use ‘Cloud computing’ for e-Governance Programmes and for storing its data. The Committee also note that the Government of India has recently published GI Cloud (Meghraj) – ‘Strategic Direction Paper’ and ‘Adoption and implementation Roadmap’ as a part of this Cloud initiative, which prescribes the precautions, standards and guidelines on security addressing the various challenges and risks and gives more clear dimension to the timelines of implementation. With regard to the usage of ‘Cloud computing’, the Committee in their Twenty-seventh Report (2011-12), had expressed apprehensions about technological and legal challenges associated with the concept of ‘shared platform’ and had recommended the Department to conduct a study/survey to find out the existing scenario nationally and internationally and be prepared with a mechanism to deal with the risks associated with the usage of Cloud computing and be vigilant about such emerging technologies. However, the Committee is surprised to note that though NeGP has entered seventh year of its implementation, the Department has neither conducted any study/survey in this regard nor has any data on instances of cyber security breaches encountered in e-Governance projects. The Committee feel that NeGP being a visionary project of the Government, the Department should not show any laxity. The Committee, therefore, recommend the Department to conduct a study/survey to find out the instances of cyber security breaches in NeGP projects. While cautioning the Department to be extra vigilant with the usage of the new technology ‘cloud’ which is still at a nascent stage, the Committee desire that the Department would stick to their assurance of keeping security issues on priority, particularly, in the implementation of e-Governance projects and make the programme foolproof.”
The report has revealed that the Government has jeopardized the privacy of citizens through UIDAI’s biometric identification exercise in that case how is that the Committee mention Government’s UIDAI programme as visionary. Given the fact that the UIDAI’s data is admittedly stored on cloud, the fact that government ignored the Committee's apprehensions on the usage of ‘Cloud computing’, the concept of ‘shared platform’ and the risks associated with the usage of Cloud computing in the 5th year of the implementation of Aadhaar unmindful of cyber security breaches encountered in e-Governance projects, the government merited strong criticism. Instead of censuring the Government and making it accountable, the Committee only expresses surprise. But in its own mild way, this Committee also trashed government’s unpardonable callousness towards the security ramifications of storing UID/Aadhaar data on cloud and the failure to enact a legal framework for right to privacy. As has been done with right to privacy although the government admitted the need of enacting a legal framework for UIDAI, its tenure is about to an end without enacting it.
At page no. 46-47, the report Parliamentary Standing Committee on Information Technology that examined the work of Department of Electronics and Information Technology (DeitY), Ministry of Communications and Information Technology, asked about the surveillance by National Security Agency (NSA) of the US. It states that in the context of privacy of data, the Committee desired to know the Department’s stand on the issue of surveillance by US and interception of data sent through e-mails. To this, J Satyanarayana, Secretary, DeitY, responded during the evidence as under:-
“Sir, about the US surveillance issue, there has been a debate, as you are aware, this morning in the Rajya Sabha itself and the hon. Minister has addressed this issue. He also emphasised that as far as the Government data and Government mails are concerned, the policy, the copy of which I have given to the Committee earlier, is going to address a large part of it. Hopefully, by the end of this year, if it is implemented, the things will be absolutely safe and secure…x.x.x.x…In the reply, the Hon. Minister also said that we have expressed our serious concern about the reported leakages and in the name of surveillance, the data that has been secured from various private sources, internet resources by the US Government. We have expressed it formally to the Government of the US and also during the Secretary of State’s visit a few weeks ago in India, this has been reinforced on a person to person basis. We have been assured that whatever data has been gathered by them for surveillance relates only to the metadata. It has been reiterated and stated at the highest level of the US President that only the metadata has been accessed, which is, the origin of the message and the receiving point, the destination and the route through which it has gone, but not the actual content itself. This has been reiterated by them, but we expressed that any incursion into the content will not be tolerated and is not tolerable from Indian stand and point of view. That has been mentioned very clearly and firmly by our Government.”
In effect, the Indian National Congress-led government has formally communicated to Government of US that India has no problem if they conduct surveillance for metadata in fact it is acceptable and tolerable but “incursion into the content will not be tolerated and is not tolerable.” An Urdu couplet- hum woh hai jo khat ka mazmoon bhaap lete hai lifafa dekhkar (we are those who can assess the content of letter by merely looking at the envelop)-captures the message from the US what Congress party in particular and the political class in general have missed. Such faith in Government of US' empty words is akin to Jawaharlal Nehru's gullibility with regard to designs of Chinese government that led to the humiliating defeat of India in 1962 and Mir Jafar's touching 'innocence' about the deeper designs of British East India Company that compelled him to switch sides in the battle of Plassey in 1757.
The Parliamentary Committee observes, “While taking note of the Department’s stand on the recent instances of surveillance and interception of data (though only meta-data) by other countries, that incursion into the content of the country’s data will not be tolerated, the Committee is of the strong opinion that the Department should have exercised enough caution so that such a situation was not allowed to occur at the first instance. Further, the Committee feels that the Department should be extremely vigilant and cautious in terms of safety as well as in terms of policy with different countries so as to avoid such leakage and interception of sensitive data in the name of surveillance. The Committee, therefore, strongly recommends the Department to take remedial measures and come out with a policy which should be implemented stringently so as to obviate recurrence of such instances.”
This report was presented to both the Houses of Parliament on 12 February 2014. It reveals that Indian Computer Emergency Response Team (CERT-In) has signed memorandum of understanding (MoU) with Computer Emergency Response Team, US (US-CERT), Japanese Computer Emergency Response Team Coordination Centre (JP-CERT/CC), National Cyber Security Centre (NCSC), South Korea, Computer Emergency Response Team, Mauritius (CERT Mauritius, Computer Emergency Response Team, Kazakhstan (CERT Kazakhstan) and Government of Finland for international cyber security cooperation arrangements. Department of Electronics and Information Technology have signed a MoU with Canada in ICT and Electronics sector. The Department, with the help of Ministry of External Affairs, is having engagement dialogue with several countries such as Malaysia, Israel, Egypt, Canada and Brazil on cyber security incidents and vulnerabilities in IT products and systems.
Edward Snowden has disclosed that several of the countries like Canada, South Korea and others, with whom the MoU has been signed, are in the intelligence bartering/ sharing alliance with the US, prior to India’s independence.
While presenting the Union Budget 2009-10, the then Finance Minister, Pranab Mukherjee had announced the setting up of the UIDAI by the Government to “establish an online data base with identity and biometric details of Indian residence and provide enrolment and verification services across the country.” He had allocated Rs120 crore for this project as “a major step in improving governance with regard to delivery of public services.”
The Minister did not inform the Parliament that UIDAI “was created during 2009-10 and a modest start with an expenditure of Rs30.92 crore was made.” Parliament has been kept in dark about how Unique Identification (UID) /Aadhaar Numbers to every resident in India started unfolding without sharing “the linkages of various welfare schemes steered by different Ministries/departments of Government of India”.
The Parliament remains unaware about how UIDAI selected the “Managed Service Provider” for the Central Identity Data Repository (CIDR) of biometric UID/Aadhaar numbers. For this, a budget of Rs1900 crores was allocated in the Union Budget 2010-11 by the Finance Minister. It is admitted that “CIDR will be handed over to the Managed Service Provider (MSP) on a long term contract basis.”
Economic Survey 2011-12 claimed, “The Aadhaar project is set to become the largest biometric capture and identification project in the world.” It is admitted by UIDAI that there are “ownership risks (Ownership of the project by stakeholders), Technology risks (nowhere in the world a project of this size has been implemented) and privacy concerns (there may be groups raising privacy issues – many ID Projects in western countries have been stalled due to the opposition of privacy groups).” The UIDAI claims that it is “putting into place the risk mitigation strategies to minimize some of these risks” but this has never been shared with the Parliament and the citizens.
Union Budget speech 2012-13 under the heading Growth, Fiscal Consolidation and Subsidies reads: “23. The recommendations of the task force headed by Shri Nandan Nilekani on IT strategy for direct transfer of subsidy have been accepted…This step will benefit 12 crore farmer families, while reducing expenditure on subsidies by curtailing misuse of fertilizers.” Such claims of benefits from direct transfer of subsidy has been debunked in the past, but government remains adamant to pursue this path under the influence of vested interests.
The Ministry of Planning, in their Action Taken Reply has been quoted as having stated that “UIDAI has been authorized to enroll 60 crore residents by March 2014 through the multiple registrar approach. As against this, UIDAI has enrolled 36.58 crore residents and a further 10.94 crore residents have been enrolled by RGI. Total enrolments by the end of June 2013 is 47.52 crore. The total Aadhaar generation up to the end of June 2013 is 37.37 crore......The average cost per card is estimated to range between Rs100 to Rs157” in October 2013 report of PSC to the Parliament. The total budgetary allocations made for UIDAI since its inception up to 31 March 2014 is Rs5,440.30 crore, as per details given below:
Amount (Rs. crore)
*Actual Expenditure, ^ Budget Estimates
The budget of this project comes under the ministry of planning. The budgetary support to Aadhaar was increased by 47% to Rs1,758 crore in 2012-13 from Rs1,200 crore in 2011-12 for UIDAI to enroll Indian residents for their unique IDs/Aadhaar to 60 crore from 20 crore. A provision of Rs2,620 crore has been allocated in Budget Estimate (2013-14) for UIDAI and a major part of the budget provision for Rs1,040 crore is earmarked for ‘Enrolment Authentication and Updation’, out of which Rs1,000 crore has been earmarked under the head ‘other charges’. What is this “other charges”?
Besides this what is the justification of Planning Commission undertaking enrolment of 60 crore Indian residents under UID and Ministry of Home Affairs enrolling 61 crores under NPR. Is the Congress-led government running two similar projects with public money to merely satisfy the anonymous donors of the party?
The 31-member Parliamentary Standing Committee on Finance examined and censured on numerous occasions. In its April 2013 report on UIDAI (Sixty-Ninth Report) observes, “The Committee is concerned to note that during the last three financial years (up to January, 2013), a huge sum of Rs2,342 crore has been spent on the Scheme and Rs2,620 crore has been allocated in BE 2013-14, out of which Rs1,040 crore is earmarked for ‘Enrolment Authentication and Updation’ pending legislative sanction of the Scheme. The Committee strongly feels that in the absence of legislation, Unique Identification Authority of India (UIDAI) is discharging its functions without any legal basis.”
As of 1 February 2014, the members of the Cabinet Committee on Unique Identification Authority of India (CCUIDAI) related issues that oversee the project include Dr Manmohan Singh, Sharad Pawar, P Chidambaram, Sushilkumar Shinde, Kapil Sibal, Girija Vyas and Jairam Ramesh. After it came to light in a cabinet meeting that these ministers themselves were not clear as to whether biometric identifier number branded as Aadhaar refers to a card or a number, the Group of Ministers (GoM) regarding ‘Issue of Resident Identity Cards’ to all usual residents of the country of age 18 years and above under the scheme of National Population Register (NPR) was constituted to look for an answer, it seems. The Terms of Reference of this GoM is to “examine all aspects relating to the proposal for issuing Resident Identity Cards to the usual residents of the country, keeping in view all relevant issues and finalize its recommendations at an early date.” This GoM on Resident Identity Cards has an ulterior motive of outwitting opposition parties because during Bharatiya Janata Party (BJP)-led National Democratic Alliance (NDA) regime, the same was proposed. It is an exercise to create an illusion of bipartisan support.
It is quite astounding that none of the members of CCUIDAI or the GoM members, be it AK Antony, P Chidambaram, Ghulam Nabi Azad, Sushilkumar Shinde, Ajit Singh, Kapil Sibal, Praful Patel, V Kishore Chandra Deo or Jairam Ramesh have got themselves enrolled for either UID/Aadhaar or NPR. Notably, Sonia Gandhi and Rahul Gandhi, the political patrons of the project have chosen not to enroll and baptize themselves with so-called right to identity to them. Pranab Mukheree, who fathered the project and declares how he set it rolling in his bio-data is also conspicuous by refraining from enrolment like LK Advani, Mayawati, Mamata Banerjee, Mulayam Singh Yadav, Prakash Karat, Nitish Kumar or Arvind Kejriwal. None of the known editors of print and electronic media have enrolled themselves for it. No known social worker, be it Medha Patkar, Aruna Roy or Sandeep Pandey have endorsed it. No known judges, lawyers, jurists or academicians of the country have got themselves biometrically profiled under the project. In fact acclaimed scholars like Ashis Nandy have referred to UID number as prison number. Likes of whistleblowers such as AK Jain and Press Council of India member, Arun Kumar have debunked it. This demonstrates that the project does not enjoy the confidence of the senior most politicians, judges, scholars, activists and the legal fraternity of the country. From among the political class only those who appear innocent of deeper politics like Raj Thackeray, Arjun Munda and Narendra Modi have been conned into it.
In such a scenario, any further allocation for UIDAI in the interim budget, 2014-15 which “is discharging its functions without any legal basis” will be yet another act of contempt towards Parliament and citizens’ democratic rights. The proposal to re-introduce the NIDAI Bill is a disingenuous exercise mocking parliamentary process at the fag end of the 5-year term after the execution of the project, which seems aimed at creating a charade of trying to create a legal basis for indefensible UIDAI.
Attempts are underway to make this ‘online” demographic and biometric database cloud irreversible and ubiquitous so that it can be the cow, which can be milked until the sun sets on national and transnational patrons of Congressmen, their acolytes and outsourcing companies.
You may also want to read…
(Gopal Krishna is member of Citizens Forum for Civil Liberties (CFCL), which is campaigning against surveillance technologies since 2010)