Aadhaar: Who owns the UID database? –Part II
Usha Ramanathan 30 April 2013

Those enrolling on the UID database have not been informed that their data is to yield profit for the UIDAI, Rs288.15 crore a year and its only investor, the government, does not even own the data. How many in the government are even aware of this investing of ownership in an entity that continues to remain deliberately undefined and opaque

The Unique Identification Authority of India (UIDAI) was set up by an executive notification dated 28 January 2009. As per the notification, the Planning Commission was to be the nodal agency “for providing logistics, planning and budgetary support” and to “provide initial office and IT infrastructure”. As part of its “role and responsibilities”, the UIDAI was to “issue necessary instructions to agencies that undertake creation of databases, to ensure standardisation of data elements that are collected and digitised and enable collation and correlation with UID and its partner databases”. It was to “take necessary steps to ensure collation of the National Population Register (NPR) with the UID”. And, the UIDAI “shall own and operate” the UID database.

 

In July 2009, Nandan Nilekani was appointed as the chairman of the UIDAI, representing a lateral entry of a person from the private sector into the government, with the rank of a Cabinet minister.

 

The UID project proceeded without a law, despite the seriousness of privacy and security concerns till, caving in to public pressure, a draft Bill was prepared by the UIDAI in June 2010; and it was not till December 2010, after the project had begun to collect resident data, that this Bill was introduced in Parliament. The Bill stayed close to the framework for corporate control over databases that was later enunciated in the report of Technology Advisory Group on Unique Projects (TAG-UP) of which Mr Nilekani was the chair, and which gave its report in January 2011.

 

The Bill to give statutory status to the UIDAI was roundly rejected by the Parliamentary Standing Committee on Finance in December 2011. The Parliamentary Committee recommended that both the Bill and the UID project be sent back to the drawing board. There has been no effort since to reintroduce the Bill. Every time the UIDAI is confronted with questions about the legality of its enterprise, its officers assert that the executive order of 28 January 2009 is the legal instrument from which they derive their authority; and that order makes them the ‘owner’ of the database.

 

In the context of the UID project:

Residents from whom the data is being collected have not been informed that the government is not the owner of the data, or of the database; nor what the legal status of the ownership by the UIDAI will mean for the citizen/resident;

the UIDAI set up a Biometrics Standards Committee in September 2009, which gave its report in December 2009. Its report reveals that the UIDAI intended to “create a platform to first collect identity details of residents, and subsequently perform identity authentication services that can be used by government and commercial service providers”;

the “UIDAI Strategy Overview”, in April 2010, estimated that it would generate Rs288.15 crore annual revenue through address and biometric authentication once it reaches steady state, where authentication services for new mobile connections, PAN cards, gas connections, passports, LIC policies, credit cards, bank accounts, airline check-in, would net this profit. Those enrolling on the UID database have not been informed that their data is to be yield profit for the UIDAI; they were perhaps expected to read up from the UIDAI website.

as set out in the TAG-UP report, the data we think we are giving to the government is to end up on the database of what will be in the nature of a private company once it reaches steady state. When it is still a start-up, and till it reaches steady state at least, it will be funded by the government. After that, the government, like other commercial service providers, will become the customer of the UIDAI;

with the UIDAI owning the database, the column in the UIDAI enrolment form for “information sharing consent” acquires a new significance. The UIDAI has all along been claiming that it will only be providing authentication by saying ‘yes’ or ‘no’, and nothing more. But, when the consent to share information is recorded on the database as having been given, the UIDAI may give all data on their database to any “service provider”, a term of wide and undefined import. That is, it is not only authentication services that the UIDAI will provide; through this consent, it is also assuming the authority to make money on the data that it holds, both demographic and biometric. This will provide it one more avenue to find customers, and one more product to market. Mr Nilekani often refers to the UID database as “open architecture”, and avows that a wide array of applications can be built on it;

the claim that enrolment is voluntary has rung hollow for some time now. For one thing, the UIDAI plainly has no authority to compel anyone to enrol or to use their service. However, the UIDAI has been hard at work urging governments, banks, oil companies and other institutions to adopt the UID, to re-engineer their databases to fit the UID and to seed all their systems with the UID. The push is for ubiquity. The UIDAI has been complicit in the coercion and bullying that is now part of the UID enrolment process, and its silent acquiescence while people are threatened with exclusion from services and benefits if they have not enrolled, for a UID is one dimension of complicity. It is easy to understand why this is happening, for, as critics have observed, the services, and the people, have little to gain from the UID, while the UIDAI finds compulsion an easy way to expand their database;

the non-existence of a law that says where the liability will lie in the event of identity fraud, or failure of the system of authentication resulting in denial of services, for instance, places the burden on the individual with no responsibility on the UIDAI for the consequences of the failures of fraud;

while ubiquity of the UID would be a recipe for tracking, profiling, tagging, converging of databases and result in violations of privacy in which ways that could threaten personal security, this would become a mere incidence of the business, leaving the resident/citizen unprotected;

the 2009 notification that set up the UIDAI says that the UIDAI is to “take necessary steps to ensure collation of the NPR (National Population Register) with the UID”. Registering in the NPR is compulsory under the Citizenship Act and the Citizenship Rules of 2003. Although biometrics is not within the mandate of the NPR, they have also been collected in the process of building up the NPR database. Therefore, the data mandated to be given to the NPR is being handed over to the UIDAI to be ‘owned’ by the UIDAI!

 

I wonder how many in government are even aware of this investing of ownership in an entity that continues to remain deliberately undefined and opaque.

 

References

  • Notification No. A-43011/02/2009-Admn.I dated 28 January, 2009 published in Part I, section 2 of the Gazette of India
  • UIDAI Strategy Overview: Creating a Unique Identity Number for Every Resident in India, UIDAI, Planning Commission, GoI, April 2010
  • Standing Committee on Finance (2011-12), National Identification Authority of India Bill 2010, Forty-second Report, Lok Sabha Secretariat, December 2011
  • Report of the Technology Advisory Group for Unique Projects, Ministry of Finance, January 31, 2011
  • Biometrics Design Standards for UID Applications, prepared by the UIDAI Committee on Biometrics, December 2009.

    Read Part I of the series over here:Aadhaar: Private ownership of UID data- Part I

 

(Dr Usha Ramanathan is an independent law researcher and has been critically following the policy and practices of the UIDAI since 2009)
 

Comments
lite
6 years ago
Terrorist!
CA PRADEEP AGARWAL
8 years ago
Mr Nayak, How will we tackle corruption, it is anybody's guess, because it has gone to the veins and lifeline of all, when I say all, it means all? Please comment
Naresh Nayak
8 years ago
Collection of data of private citizens by the Government is a violation of our constitutional rights. Based on this data we will lose our right to SOCIAL EQUALITY because the Government will discriminate as a result of the data. I'm sure this violates several other rights. No wonder the UK discarded the project.


nareshnayak.wordpress.com
CA PRADEEP AGARWAL
Replied to Naresh Nayak comment 8 years ago
Who will fight for our rights?
Further who will listen that our rights are being crushed with impunity and nobody to look after, everybody is a silent spectator. Will India Discard the project....?
Naresh Nayak
Replied to CA PRADEEP AGARWAL comment 8 years ago
You can't. The only thing you can do is prepare to flee to a foreign land where the laws are different. Countries respect foreigners if you especially bring dollars to the economy. Another way is to keep your head down when things get aggressive from the Government.
CA PRADEEP AGARWAL
Replied to Naresh Nayak comment 8 years ago
Mr Nayak is the ruling dispensation least concerned about your or anybody's rights or are concerned with cornering money means hardly matters? or their slipping vote bank, please be frank enough to answer, I have read your articles on the web?
Naresh Nayak
Replied to CA PRADEEP AGARWAL comment 8 years ago
Austrian Economics says that people act out of self interest and so did Adam Smith say the same thing. Governments are after all people who will act in their own self interest and will use all powers available at their disposal to preserve their self interest at the expense of the nation. This is why it is important we have independent institutions such as the Judiciary to balance the abuse of power.
CA PRADEEP AGARWAL
Replied to Naresh Nayak comment 8 years ago
Only due to Judiciary we are able to see life in our country, but as per my knowledge goes no one was better ruler in India than ABV.
CA PRADEEP AGARWAL
Replied to CA PRADEEP AGARWAL comment 8 years ago
AND NOW I feel if Narendra Modi is given a chance he might equal or surpass ABV.
CA PRADEEP AGARWAL
8 years ago
It is really shameful that NON GOVERNANCE has occupied such a high stage--whereas today only it was said that (in an International report that)GOVERNANCE was required in India
Naresh Nayak
Replied to CA PRADEEP AGARWAL comment 8 years ago
Narendra Modi is our only chance left. He may want to break out of the BJP and start a US presidential style campaign himself. The BJP is also corrupt since they have tasted power. Before that they were considered rulers. ABV has had his shortfalls. Today an ABV would be considered a toothless PM. We need a hands on PM like Narendra Modi.
CA PRADEEP AGARWAL
Replied to Naresh Nayak comment 8 years ago
I 100% agree, not only as PM, but the same person in PRESIDENTIAL form if possible but our rules and regulations plus our CONSTITUTION.
sohan modak
8 years ago
I think that it is shameful that government has cheated by way of privatising UID data without prior information and consent of the people. This is and insult to the constitutional guaranteee of personal freedom and the government should be taken to the court through a massive PIL.
CA PRADEEP AGARWAL
Replied to sohan modak comment 8 years ago
My Dear Sir, who are people in their eyes they are simply insects. When did not pass Jan Lok Pal Bill inspite of such protests, whom do you think they will hear---only and only STRONG NON CORRUPTIBLE media can bring them to their knees.
rollitup
8 years ago
As soon as this project is complete, they'd soon bring a law like CISPA in place, so that data sharing amongst departments does not require court permissions. We're just imitating the west.
CA PRADEEP AGARWAL
Replied to rollitup comment 8 years ago
No doubt they will try to bring the law but at present does not seem practicable because if CONGRESS does not come to power it might be the end of UID................?
CA PRADEEP AGARWAL
8 years ago
MLF should keep up with the good work they are doing? Congrats to the team and especially Mr Basu, Ms Dalal.
CA PRADEEP AGARWAL
8 years ago
MLF should keep up with the good work they are doing? Congrats to the team and especially Mr Basu, Ms Dalal.
suresh dash
8 years ago
very useful and good news we are getting.thanks
Chitra Raman
8 years ago
Usha, if I had to characterize your writing in one word, it would be "Integrity." I admire your clarity of perception as well as your unflinching gaze. It is ironic indeed that those intent upon harvesting and stockpiling personal data on millions of Indians should hold themselves so supremely above all accountability to those very millions! In fact, that gives me an idea -- why not start a Unique Determination of Accountability Initiative of India (UDAII ) spearheaded by citizen's groups and directed at the leadership -- affectionately code named "KHABARDAAR" ??? best, Chitra
Raj
8 years ago
Would Moneylife & Sucheta Dalal send a public invite to Nandan and ask him to clear all our misgivings about Aadhaar. If he refuses to participate then he will be confirming our worst fears.
Sucheta Dalal
Replied to Raj comment 8 years ago

Well, when he no longer replies to emails (which he did earlier), what is the chance he would come to a public meeting?

Forget about us, even very senior technology gurus, who knew Nandan Nilekani who have served on top technology committees with him get vague replies, that too occasionally.
CA PRADEEP AGARWAL
Replied to Sucheta Dalal comment 8 years ago
I HAVE HEARD THAT THERE IS UNOFFICIAL HO at Infosys Bangalore. Is it right.
Avinash Murkute
Replied to Sucheta Dalal comment 8 years ago
Even the emails sent at official UIDAI are not replied. This is the peculiar characteristics of so called transparency. By now we should understand that the word Transparency was USP for selling some one's business in seminars and next day Fragile Publicity.
MSH
Replied to Sucheta Dalal comment 8 years ago
Absolutely right, Forget technology heads or gurus,when the PSC itself has said that the project has to go back to drawing boards, it is an indication that there is something critically wrong with the project.. Unfortunately like all the unfolding other things with this government, UIDAI also does not seem to respect the parliament and seem to draw its power from some other sources :)
Udit C
8 years ago
I don't know if we the people are unique in our ignorance or if the administration that allows functioning of a non-valiodated body is unique in allowing such sensitive data to be collected and managed by private/autonomous NIUs.

But certainly the Authority is as unique in its own identity as are so many of us in allowing all this tamasha at our cost!
pravsemilo
8 years ago
The so called "open architecture" is a mockery. It is infact a walled garden (http://en.wikipedia.org/wiki/Walled_gard..., just like the iOS.

Just like we have apps for iOS our tech czar is trying to emulate the same.

The similarity to iOS should have been evident from the hackathon conducted by the Planning Commission recently.
pravsemilo
Replied to pravsemilo comment 8 years ago
The link seems to be broken due to the "...".

Here is the complete link.

http://en.wikipedia.org/wiki/Walled_gard...
jtd
8 years ago
Hope the fanbois of the UIDAI are able to digest how the whole country is being taken for a jolly ride.
Mathew Thomas
8 years ago
Congratulations to Usha for bringing out ant important aspect of the whole obnoxious UID scheme. Sorry, the word should be 'scam' not 'scheme'.
Free Helpline
Legal Credit
Feedback