In your interest.
Online Personal Finance Magazine
No beating about the bush.
Will UID now be open to a debate on privacy and security issues?
The Supreme Court’s stay order of 23rd September on the implementation of Aadhaar has provided much needed relief to people who were being forced to avail of this biometric identity due to backdoor government mandates for access to essential facilities and services such as gas cylinders, registration of birth, property and marriages, salaries in municipal schools and even admission to schools. It has also triggered a discussion on this expensive and dangerous experiment with people’s biometric identifiers (iris scan and fingerprints), under the guise of delivering economic benefits to poor people who do not have an identity. The stay order given by Justices Dr BS Chauhan and SA Bobde in connection with a public interest litigation (PIL) filed by Justice KS Puttaswamy (retd) has caused jubilation among privacy activists. Several other petitions filed in the Chennai and Mumbai High Courts have also been transferred to the Supreme Court for hearing. Fortunately, the United Progressive Alliance (UPA) does not seem to be in a mood to challenge the Supreme Court order.
The immediate impact of the judgement is to create greater awareness among India’s largely indifferent middle-class to the dangers of identity theft or worse. Privacy activists have pointed out that, all over the world, there is recognition that centralised databases, especially those linked to a person’s biometrics, leave a person vulnerable to identity theft. Worse, the UIDAI, which was rejected by a parliamentary standing committee and has not been approved by parliament, has no provisions for providing recourse to any person whose unique identity number, or Aadhaar, has been misused. In fact, it does not even provide for cancellation of an Aadhaar, once it has been issued, or offer even the most basic assurance about how safely this sensitive data is being stored, or the precautions being taken to prevent its misuse. Finally, Aadhaar was being freely issued to illegal immigrants which the SC expressed concerns about.
In yet another example of burdening bank customers, RBI has asked banks to deploy infrastructure at own cost for using UIDAI’s Aadhaar biometric authentication for KYC
Although the Supreme Court has ruled that Aadhaar number from Unique Identification Authority of India (UIDAI) is not necessary for essential services, several government agencies are enforcing it on helpless citizens. Going a step further the Reserve Bank of India (RBI) is asking banks to bear the cost for deploying electronic-know your customer (e-KYC) launched by UIDAI.
In a circular issued on 2 September 2013, the central bank has asked banks to accept on-line Aadhaar authentication as an ‘Officially Valid Document’ under Prevention of Money Laundering Act (PMLA), 2002.
"In this connection, it is advised that while using e-KYC service of UIDAI, the individual user has to authorize the UIDAI, by explicit consent, to release her or his identity/address through biometric authentication to the bank branches/business correspondents (BCs). The UIDAI then transfers the data of the individual comprising name, age, gender, and photograph of the individual, electronically to the bank/BCs, which may be accepted as valid process for KYC verification," the notification says.
RBI has also 'directed' banks to have proper infrastructure in place to enable biometric authentication for e-KYC.
Here is the operational procedure that banks are required to follow for e-KYC exercise...
The e-KYC service of the UIDAI is to be leveraged by banks through a secured network. Any bank willing to use the UIDAI e-KYC service is required to sign an agreement with the UIDAI. The process flow to be followed is as follows:
1. Sign KYC User Agency (KUA) agreement with UIDAI to enable the bank to specifically access e-KYC service.
2. Banks to deploy hardware and software for deployment of e-KYC service across various delivery channels. These should be Standardisation Testing and Quality Certification (STQC) Institute, Department of Electronics & Information Technology, Government of India certified biometric scanners at bank branches/ micro ATMs/ BC points as per UIDAI standards. The current list of certified biometric scanners is given in the link below:
3. Develop a software application to enable use of e-KYC across various Customer Service Points (CSP) (including bank branch, BCs etc.) as per UIDAI defined Application Programming Interface (API) protocols. For this purpose banks will have to develop their own software under the broad guidelines of UIDAI. Therefore, the software may differ from bank to bank.
4. Define a procedure for obtaining customer authorization to UIDAI for sharing e-KYC data with the bank. This authorization can be in physical (by way of a written explicit consent authorising UIDAI to share his/her Aadhaar data with the bank/BC for the purpose of opening bank account) /electronic form as defined by UIDAI from time to time.
5. Sample process flow would be as follows:
i The customer can open bank account subject to satisfying other account opening
Manifestoes of political parties must make their stand clear on scrapping of Aadhaar and its biometric identification ahead of elections while state governments should withdraw from their MoUs with UIDAI following decision by the apex court
Supreme Court has exposed the ulterior motives behind the ‘voluntary’ 12-digit biometric Aadhaar/ unique identification (UID) number for creating a Central Identities Data Registry (CIDR) of ‘usual residents’ of India and for ‘doing government process re-engineering’ through its order on 23rd September. The questionable intentions of Planning Commission’s Unique Identification Authority of India (UIDAI) face yet another legal and constitutional scrutiny. UIDAI has failed in the earlier examinations. The Indian National Congress (INC) and the opposition parties appear complicit in the unconstitutional, illegal and illegitimate exercise because they failed to demand its scrapping and, instead, maintained silence when in breach of trust. Congress-ruled states and centre attempted to make it mandatory.
It may be recollected that Punjab and Haryana High Court bench headed by Chief Justice AK Sikri passed an order on 2 March 2013, after hearing a matter challenging a circular making Aadhaar mandatory. The moment Court raised questions of laws the circular was withdrawn by the Central government. The decision underlined that UIDAI is legally assailable and indefensible.
UIDAI and related projects treats every Indian as a subject of surveillance, unlike UK which abandoned a similar project (that used to be cited by Wipro Ltd in promotion of UID) because it is ‘untested, unreliable and unsafe technology’ and the ‘possible risk to the safety and security of citizens’.
It was recorded by Parliamentary Standing Committee (PSC) on Finance that submitted a report to both the Houses of Parliament on, 13 December 2011, trashing the biometric identification project and the post facto legislation to legalise UIDAI and its acts of omission and commission since 28 January 2009 till the passage of the National Identification Authority of India Bill, 2010.
Notably, UK Home Secretary explained that they were abandoning the project because it would otherwise be 'intrusive bullying' by the State, and that the government intended to be the 'servant' of the people, and not their 'master'.
The silence of Wipro, which had prepared the ‘Strategic Vision on the UIDAI Project’ document and submitted to the processes committee of the Planning Commission set up in July 2006, is deafening. This document too seems to be missing from public domain.
The Supreme Court order vindicates the Punjab and Haryana High Court order, PSC report and the Statement of Concern, dated 28 September 2010, issued by 17 eminent citizens including Justice VR Krishna Iyer, Prof Romila Thapar, SR Sankaran, Justice AP Shah, KG Kannabiran, Bezwada Wilson, Aruna Roy and Prof Upendra Baxi seeking halting of the project. The Parliamentary Standing Committee on Subordinate Legislation is also received compliants on “Subordinate Legislation for Biometric Identity Card NRIC and Aadhaar/UID is illegal and illegitimate and Constitutional, Legal, Historical & Technological Reasons Against UID/Aadhaar Scheme on 18.3.2013".
State governments, especially those ruled by non-Congress parties are so deaf that they do not seem to hear even when the verdict shouts, so to speak. In the aftermath of Supreme Court’s order, the State governments must withdraw from the memorandum of understanding (MoU) they signed with the UIDAI.
All the non-Congress ruled states are opposed to National Counter Terrorism Centre (NCTC) citing erosion of the State’s autonomy but quite strangely so far they have failed to see the link between CIDR, National Intelligence Grid (NATGRID), National Counter Terrorism Centre (NCTC) and Sam Pitroda’s Public Information Infrastructure and Innovations (PIII) which are part of the same political culture that leaves intelligence agencies beyond the ambit of legislative scrutiny.
The entire issue is quite grave because the genocidal idea of biometric identification is linked with the holocaust witnessed in Germany. Such identification exercises have rightly been abandoned in UK, Australia, China, US and France. Notably, Nandan Nilekani has admitted, "To answer the question about what is the biggest risk" of a centralised database of biometric identification, he said, "in some sense, you run the risk of creating a single point of failure also" during his talk at the World Bank in Washington on 24 April 2013. No one knows who will be held legally liable for such failures. Who is being held accountable for leakage of data from UIDAI at present?
Notably, World Bank’s president, who introduced Nilekani at the lecture, expressed his patronage for the project. It is not surprising given the fact that essentially it is part of its e-Transform Initiative launched in April 2010 for 14 developing countries in partnership with transnational companies like L1, IBM and governments of France and South Korea.
It is the inevitability failure to protect data led to the extermination of a large human population in Germany in the 1940s. In the case of CIDR and CIDR-linked initiatives, it is not the failure but the convergence of data, tracking, profiling, tagging and the violation of norms of privacy that is embedded in its design. Nilekani explained at his lecture at World Bank, "First of all, this is not an ID card project. There is no card. There is a number. It's a virtual number on the cloud, and we don't give a physical card. We do send you a physical letter with your number, which you keep in your pocket, but the real value of this is the number on the cloud".
The biometric number is an identifier, which is used to "authenticate" and verify whether or not the person is what the person claims to be. The ridiculous thing about the Congress, in general, and supporters of the project in particular is that they do not even know what Aadhaar is! On 31 January 2013, it came to light that the members of Union Cabinet were unaware whether it is a number or a card. Instead of facing the issue upfront, a Group of Ministers (GoM) was set up to resolve it but no one knows whether it has been resolved.
It also reflects how undemocratic Congress is. The decision to impose biometric Aadhaar number was autocratically and unilaterally decided without taking consent from even its own party members who are then expected to defend this indefensible project. Nilekani has misguided the party in this regard.
A tainted coalition of bankers, biometric technology companies and a section of mainstream media created an illusion among the uninformed citizenry, for five years, that an illegitimate and illegal biometric identifier will be able to do what the pre-existing 15 identity proofs could not do.
The advocates and supporters of biometric identification, who are part of the negative coalition that unconditionally and blindly supports linking of fish baits for trapping the poor in the biometric database, are game for turning the all the Indians into guinea pigs for an experiment that has resulted in incineration of human beings in the past.
The fact of this experimentation is revealed from what Nilekani said in his speech at the Centre for Global Development, Washington. He said, “Our view was that there was bound to be opposition. That is a given…we said in any case there is going to be a coalition of opponents. So is there a way to create a positive coalition of people who have a stake in its success? So, one of the big things here is that there is a huge coalition of, you know, organisations, governments, banks, companies, others who have a stake now in its future. So, create a positive coalition that has the power to overpower or deal with anyone who opposes it.”
Positive coalition of progressive political parties, peoples’ movements and informed citizens must expose the collaborators of undemocratic biometric technology companies, bankers and NGOs, and give a befitting reply. They lost in UK, Australia, China, France and USA; they will lose in India too.
Nilekani’s method of reasoning is a case study. On 23 April 2013, he said, "We came to the conclusion that if we take sufficient data, biometric data of an individual, then that person's biometric will be unique across a billion people. Now we have to find that out. We haven't done it yet. So we'll discover it as we go along". At his lecture at World Bank on 24 April 2013, he said, “nobody has done this before, so we are going to find out soon whether it will work or not.” No one can tell as to what his premise is, what the inference is, or how the inference is deduced.
Notably, the Strategy Overview document of the UIDAI said that "enrolment will not be mandated" but added, "This will not, however, preclude governments or registrars from mandating enrolment." It must be noted that Nilekani headed several committees whose recommendations made Aadhaar mandatory.
Tricked by the marketing blitzkrieg, some political parties are wary of taking a position that would appear to be against anti-poor. They may not realise that what may be the real beneficiary of this biometric identification is UIDAI, which wants to meet its target of enrolling 60 crore Indians by 2014.
Amidst leakage of files from the Prime Minister’s Office (PMO) and leakage of public money from scam after scams in the Congress-led government, the claim of attempting to reduce leakage in the system by using questionable plumbers like Nilekani does not inspire even an iota of confidence. Nilekani admitted at his lecture the Centre for Global Development in Washington in April 2013 that UIDAI has "created huge business opportunity for fingerprint scanners, iris readers."
The purchase of these machines is also a leakage that merits probe. Leakages can be plugged by rigorous implementation of Right to Information (RTI) Act and decentralisation of decision making, instead of adopting a centralisation approach and technological quick fixes.
The entire Indian and international media were taken for a ride regarding the so called turf-war between the Ministry of Home Affairs (MHA) and UIDAI. The media was made to understand that it was resolved by dividing the Indian population in two parts of 61 crore and 60 crore for coverage under National Population Register (NPR) which also generates Aadhaar number and UID. The fact is the terms of reference of the UIDAI mandated it "take necessary steps to ensure collation of National Population Register (NPR) with UID (as per approved strategy)", to "identify new partner/user agencies", to "issue necessary instructions to agencies that undertake creation of databases… (to) enable collation and correlation with UID and its partner databases" and UIDAI “shall own and operate the database". The executive notification dated 28 January 2009 that set up UIDAI mentions this. The entire episode appears to have been staged.
Nilekani has recommended Radio Frequency Identification (RFID) for the "unique identification" of vehicles. If the real motive is not surveillance then how that is UIDAI chairman wears several hats, like an intelligence person to undertake unauthorised and illegitimate tracking?
On 29 June 2013, Nilekani reportedly revealed that they were in preliminary discussions with embassies to use the UID number to “simplify visa application procedures”. Isn’t passport a sovereign document? Notably, Nilekani refers to Aadhaar as akin to internal passport. For passport, there is Passport Act, under what Act is this ‘internal passport’ being promoted?
The Supreme Court order must be looked at in the light of what of government of India’s approach paper on privacy states. The paper says, “Data privacy and the need to protect personal information is almost never a concern when data is stored in a decentralised manner. Data that is maintained in silos is largely useless outside that silo and consequently has a low likelihood of causing any damage. However, all this is likely to change with the implementation of the UID Project. One of the inevitable consequences of the UID Project will be that the UID Number will unify multiple databases. As more and more agencies of the government sign on to the UID Project, the UID number will become the common thread that links all those databases together. Over time, private enterprises could also adopt the UID Number as an identifier for the purposes of the delivery of their services or even for enrolment as a customer. Once this happens, the separation of data that currently exists between multiple databases will vanish.” On this ground alone, the UIDAI project should be abandoned as it concerns not only the present generation but future generations as well.
It is noteworthy that the Attorney General of India had submitted to the Parliamentary Committee that the UIDAI will function only till the passage of the UID Bill. The Bill was not passed. Now the UIDAI should cease to exist because it is legally invalid. How can a notification of Planning Commission be deemed legally valid when even the ordinance issued by the President of India become invalid if the Bill is not passed within six months.
Citizens Forum for Civil Liberties (CFCL) has been pursuing a campaign against the biometric based Unique Identification (UID) or Aadhaar Number, National Population Register (NPR), National Intelligence Grid (NATGRID), National Counter Terrorism Centre (NCTC), Radio Frequency Identification (RFID) and Direct Cash Transfer since 2010. It had appeared before the Parliamentary Standing Committee on Finance that trashed the UID Bill, on 13 December 2011, in its report to the Parliament. It was an applicant before the National Human Rights Commission (NHRC), which in an order on 27 December 2012 addressed to Secretary, Union Ministry of Home Affairs communicated human rights concerns regarding UID and RFID submitted to it by CFCL. CFCL is an applicant before the Parliamentary Standing Committee on Subordinate Legislation. CFCL is also an applicant before the Press Council of India on the complicity of some media organizations in the matter of enrolment for legally questionable biometric identification.
(Gopal Krishna is member of Citizens Forum for Civil Liberties (CFCL) and can be contacted at [email protected])
You may also want to read…
Is UID anti-people? 9-part series