Leakages in social welfare, for instance, are already being tackled successfully through both technological and social means, and the convenience of easy shopping can be achieved through much less dangerous and locally valid means than the creation of a national database. This is the sixth part of a nine-part series on the unique identification number scheme
The Internet has grown from a loose and repairable interconnect between individual computers at inception to a vast interconnecting network of smaller networks, sprawling across the world and providing an incredibly wide range of communication options. Largely self-governed, it has resisted the growth of corporate dominance until now, when even governments have been suborned into finding ways to collaborate and turn over control to a shadowy group of transnational players who owe no allegiance to any political or social grouping or influence. Vickram Crishna looks at the implications for ordinary people in nations like India, where the penetration of pervasive control is both more rapid and more intense than has ever been experienced in the more advanced nations. The latest gambit is to force digitisation of personally identifiable information (seductively called 'Aadhaar', or foundation, signifying the basis for an enormous assault on personal liberty) upon poverty-stricken persons who cannot directly gain from the Internet's knowledge-enhancing benefits.
The Internet was born in the 1960s, with research from the UK being applied in the USA (through an academic collaboration), that resulted in the ability to allow computers to communicate with each other, connecting through self-healing networks. The real innovation was in the design of such networks, and the motivation for that probably lies in the fear psychosis of the Cold War, when nuclear strikes might disrupt traditional circuit-switched telecommunication networks.
However, self-healing networks are a facsimile of real-world organic networks, found in human bodies as well as most other living creatures, to varying degrees of sophistication. One of the serendipitous benefits of this new technology was that existing telecommunication networks could be used with far more efficiency. One characteristic of the new approach was that any circuit, even the smallest segment of a circuit, was used only for the precise amount of time that it was needed, leaving it free to be used as part of a different circuit at any other time. It was true of circuits that operated through physical wires as well as via electromagnetic radiation (typically radio, which had been developing in parallel with cable communication through most of the 1900s).
Needless to say, this facility was not welcomed with open arms by the telecommunication industry, which, at the time, was able to charge huge sums for the use of their exclusive networks. It hardly made any difference to the world as such computer networks were mainly used by a small number of highly specialised engineers, some of whom provided consulting services for academic researchers at universities.
In the late 1980s, one such researcher, Tim Berners-Lee, an academic working at the prestigious CERN laboratory in Europe, was keen to find a way to get around the need for anyone requesting a communication, particularly a document, presently residing on another computer, to know the complete and precise location and title of that document. Responding to the need to simplify this problem, he devised an elegant naming system involving a new kind of computer language, calling it the hypertext mark-up language, or HTML.
Documents created using HTML were in effect self locating, making it possible to request them easily from anywhere, without needing to route specifically to the actual storage point. It redefined the concept of a document as well, from the older 'page' basis to the new 'character' basis, where a transmitted communication might be a single character, or even a keystroke.
Display devices using the same technology could actually display the document independently, without the need to store it locally or to use the same computer program needed to create it, using freely distributed display applications following this standard, called browsers.
The two characteristics of the new communication technology were thus closely related, self-healing and self-locating. It opened up a new era of public communication, the World Wide Web. And it opened up a war.
This war is one that has operated behind the scenes from the early 1990s till today, when it has taken on new and increasingly unpleasant dimensions. This is no longer a war for control of land, or of hegemony over nations, as was the practice of most traditional wars fought with weapons of violence, or with fear and ignorance, as was the Cold War that came to an end just as the Web ushered in a new era of knowledge for all.
The present war, one fought as grimly as any war of violence, involves nothing less than hegemony over the mind, minds of ordinary people that are today, due to the liberating presence of easily accessible knowledge and information, better able to make decisions for themselves than at any previous time in recorded history. The soldiers in this new war are no longer skilled wielders of violence, but masters of the honeyed word and diplomacy, fighting to maintain the hegemony of corporatised entities over the essentials of trade and commerce worldwide.
The essence of the new communications is decentralisation. This represents the greatest threat to the accumulation of power since it first became possible, with the organisation of humans into tribes, millennia ago.
The flip side of the coin of decentralisation is personal empowerment through knowledge. As anthropologists and linguists have noted, communication has always gravitated towards obscurity, in order to hoard knowledge in the grip of adepts. With modern communications technology using devices, this is less and less true or at least, less relevant. Information has never been so available, in theory as well as in practice, and with it, the seeds of knowledge.
Personal empowerment is the single most critical threat to the extreme agglomeration of power, itself a natural outcome of the organisation of human activity into corporatised entities, far more than the earlier creations of feudal empires.
The weapons of the new war are therefore personal, to reduce the ability of the individual to assert herself. This is accomplished through diminution of the individual herself, by intruding into her most private spaces, her body and her mind. And of course, her personal communications with others, that give strength to her knowledge through its sharing.
The tools of this war are called "intellectual property rights" and "freedom of individuality". Crafted to give the impression of empowerment, IPR actually facilitates the transfer of the freedom to create to paternalistic holding corporate entities. This abstraction is not just theoretical, it is highly functional, and results in the inability of the individual to exercise any control over personal creations. The institutions created for this purpose are almost laughable in the hollowness of their conception, but given the passage of close to 150 years since their formalisation, have gained enormous in influence.
Freedom of individuality has been traduced by paying lip service to the tradition of personal privacy, through mechanisms purportedly aimed at protecting that privilege, but in fact drawing borders around it and making it difficult to discover when it has been breached. This subtle destruction of the concept of personal identity, by the gross misuse of power, is state-sponsored to impose state-defined identification methods upon ordinary people, directly impacting and virtually destroying their freedom of expression. Rather than recognising and enshrining the intrinsic value of personal privacy, it is given an extrinsic value through the creation of
weak government-managed institutions (universal identity systems, privacy commissions, etc). These institutions are used to restrict the ability to exercise freedom of expression, and also to divide (and conquer) the communities of persons who organise themselves to safeguard these basic human values.
The latest salvo from the forces of power involves attacks on self-routing networks, a necessary advance in technology, forced by the extraordinary increase in pervasive surveillance and lack of respect for basic human values.
From the birth of electronic computing, involving huge machines shielded behind impenetrable layers of obscurity, communication technologies offering text, graphics, audio and video between individuals and groups as well are now available in handy devices at prices that make ubiquity almost possible, well beyond that of any earlier complex technology. In response, corporate entities have been handed extraordinary powers to survey and intrude upon users of these technologies.
In India, these powers have been given to the telecommunication companies that run most of the country's extensive circuit-switched networks, both wired, networks of which are majorly government owned, and wireless, the majority of which are privately held. Under the guise of simplifying operations, surveillance responsibilities are handled in practice by the companies, instead of by the state. Official requests for surveillance have crossed 10,000 in the past year, most of which have been without any form of oversight exercised, but there is no way of knowing the extent of unofficial surveillance.
For pure digital communications, such surveillance hardware is installed (again by mandate) on servers at all commercial network distribution points. It is difficult, if not impossible, to ascertain the extent to which surveillance takes place, as the law permits clandestine snooping without prior judicial oversight. Aside from surveillance of digital communications, control can be exercised by monitoring other aspects of civilised life - shopping, banking and availing of other public services. To facilitate this, the world's largest personal identification database is being built in India.
Technically, the organisation doing this is an arm of the government, set up as an authority under the Planning Commission, but in actuality, its operations, supervised by a former private corporate manager, are being handled directly by independent corporate entities, two of them foreign-registered. One of them is shamelessly the largest surveillance company in the world, started by former spy and security chiefs from the world's biggest security agencies (CIA, FBI, etc). The identification number is branded 'Aadhaar', meaning foundation, an almost risible expression of Newspeak, coined by visionary George Orwell, in his dystopian world of '1984'. In the real world, it is set to be the foundation of constant and ceaseless surveillance.
How will this happen? The identification number was blatantly launched as a voluntarily registered system to be used for the delivery of state-guaranteed goods and services (and, increasingly, this is being translated into cash and services, funnelling business to the banking sector) to persons direly in need of assistance. Today, there is an almost hysterical urgency to the rapidity with which it is being mandatory for government employees, teachers, people who need to buy petrol, cooking gas, use credit cards, telephones, maintain banking accounts, obtain driving licenses... the list is endless, and it is beginning to cover every conceivable transaction of urban civilised society dwellers. The pressure of getting the number is far more upon relatively affluent and less needy persons than upon the deeply poverty-stricken, uncountable percentages of who are excluded from the social net, but for whom the unique identity number will provide no relief.
This means that the number, and with it, the biometric capture and recapture, will be fed into low cost point-of-sale devices across every level of transaction, even relatively high value items that have zero impact upon the subsidy systems whose cleansing is said to be the point of having such a unique identification system in the first place. The first pilot service, conducted with great fanfare a few months back, conceived portable devices to be carried by cooking gas cylinder delivery people.
It was a signal failure, which has not, for some reason deterred the people behind the scheme from proceeding.
The daily poverty line figure was recently set at around Rs28/32 for rural/urban dwellers. This adds up over a month to under Rs1,000, thus it is clear that such persons cannot buy unsubsidised cooking gas, which is going to be priced above Rs900 per cylinder. Thus the cooking gas scheme is clearly aimed at 'solving' a problem that does not concern the massively poor.
When low-cost devices are used for biometric capture and transmission of that data across public data networks, the scope for illicit tampering with identity becomes significant. Even though it is likely that such data might be encrypted before transmission, the machine itself might be tampered with (there will be hundreds of thousands, perhaps millions, of such machines, and it will be impossible to guard all of them, once they are out in the field). Even from non-tampered machines, data can be stolen by inserting data diverters in the network. Of course, this data will be encrypted, but it will be fairly straightforward to break the encryption given enough time.
Over time, many sets of digital fingerprints (and perhaps iris scans, although these have not at present been authorised for authentication) will be stolen, and matching such data to real names is possible with established data mining techniques. It becomes reasonably possible then to use falsified data to spuriously obtain a positive response from the authentication system, thus nullifying any advantage gained from a so-called unique identification system.
It also becomes possible to monitor and track the transactions of registered individuals, whether this involves making a purchase or of using public markets. Worse, it enables such transactions to be followed geographically, thus allowing surveillers to accurately track individuals' movements.
Note that the linked security services (for which UID data will be immediately and directly available) are not, therefore, the only monitors. Illicit and predatory third parties will also have the ability to surveil individuals, something that is exceedingly difficult nowadays, unless the private and personal data is stolen by some other means, and all consumer services are interlinked for some other reason, not yet implemented.
Against this, how are individuals going to maintain their privacy and assure themselves the freedom necessary to express themselves without fear? With extreme difficulty, it appears.
Recent cases in the US reveal that even the most private email communications are liable to be surveilled by the government (with a total of 1.3 million official surveillance requests this year), and there is no guarantee that information privy to even investigations pertaining to the highest national security is freely leaked to the media, despite the fact that it involves private citizens who have committed no offense.
The Indian identification authority is openly discussing and planning how to rapidly carry out (well before the data-gathering exercise is even halfway completed) data synchronisation linking banking, shopping and government exchange transactions to the individual, leaving very little private, since communications by telephone and computer (including smartphones) are already monitored closely. And a recent move by The Netherlands seeks to legally enable cross-border computer surveillance (including the ability to destroy and even disable the computing device, without warrant or permission from local authorities). This move takes place as the European Union officially pressurises other nations (including India) to concede to data sharing agreements before agreeing to allow lucrative data processing contracts to be concluded.
The Dutch move is specifically aimed at disrupting technology designed to protect the privacy of individuals by obscuring network markers that might otherwise identify their computing devices.
Needless to say, this all forms part of an attack based on the external imposition of markers of identity, ignoring and oftentimes denying community-driven identity systems that have evolved over time. Since the late 1800s, the practice of 'recognised' identity numbers became commonplace, with the gradual introduction of national passports and related identity systems. These numbers have replaced names as critical identifiers, and one of the most egregious examples of how such systems can be misused dates back to the gigantic conflict commonly called World War II, when some six million of the tens of millions of casualties were civilians, incarcerated in "concentration camps", and systematically murdered in cold blood. As a crucial part of this exercise, each of these persons was dehumanised first by tattooing a number on the arm.
Possibly in macabre jest, the chairman of the UIDAI responsible for issue of similar numbers in India, Nandan Nilekani, also suggested that illiterate persons in India could tattoo themselves with the number his organisation has imposed upon them in order to remember their new identities. Somehow, this does not quite match the humour of comedians like Spike Milligan (Hitler: My Part In His Downfall) or Mel Brooks (History of the World Part 1), but then those two actually earned intellectual credentials in the course of their long and illustrious careers, rather than accumulate money through stock market valuations of outsource businesses.
Research by major world-recognised academics has established that the use of biometrics to underpin universal identification systems is fraught with danger. This arises principally from two distinct areas: risk of change of biometric indicators over time (aging) and risk of theft. The risk of aging has been established by large-scale testing by other national agencies researching the use of biometrics for this purpose. South Korea studied 50,000 individuals over two years, and concluded that the risk of biometric indicators changing in that period was too high to make a biometric identification system cost-effective (as so many people would need to get their identifiers repeatedly updated). The only pilot study conducted in India, a few months ago, examining authentication, concluded that it would fail for about 1 million Indians, a fact that was concealed by quoting percentages, naturally a very small-looking number in the context of the gigantic Indian population.
The risk of theft is far more subtle. A well-cited study by academic Paul Ohm (Broken Promises of Privacy) reveals that it is becoming increasingly trivial to analyse large data stores in order to extract personally identifiable information. The process of large-scale authentication of individuals, on the other hand, necessary for the use of universal identifiers in all kinds of transactions, such as delivery of social benefits, regular banking, shopping, lends itself strongly to illicit digital data gathering, which can then be decrypted at leisure. This process is much simplified when data is arranged in known patterns, as will inevitably happen at cash machines, card swipe devices, point-of- sale devices and so on. Such large-scale theft has already been noted from similar machines, which are rarely checked once installed (since both users and operators are barely aware that the devices are computer peripherals).
Once digital identifiers can be illicitly linked to known persons, it becomes a relatively trivial exercise to scam the system by assigning such identifiers to fraudulent persons, or even to non-persons. This is only trivial in the sense that it has already been done, and systems to accomplish it are sold in black markets created for the purpose. From the point of view of the thief, one identity thus misused may yield a small sum before being discarded (and the operation repeated many times over to earn huge sums), but for the individual who's identity is stolen, it is a nightmare. This person must now re-establish the link between the digital biometric markers (which incidentally may have changed since the last time of recording) and the self, which has already been subsumed into a compromised universal identification system.
To counter this, nothing less than the ceaseless vigilance of individuals is needed, to protect themselves from falling into traps of convenience to give away priceless information. Information that can be used to identify them, to sell them goods and services, conditioning them as surely as Aldous Huxley envisioned the genetically engineered humans of his brave new world. The first step is to resist the blandishment of illusory returns from universal identification systems, to ask those who seek to impose such systems to come back to first principles, and reveal why such universal identification is of universal benefit.
Leakages in social welfare, for instance, are already being tackled successfully through both technological and social means, and the convenience of easy shopping can be achieved through much less dangerous and locally valid means than the creation of a national database. Such a system (a local personal identifier) has been tried, for instance, by the Pune Municipal Corporation, working in tandem with local banks and other entities, but this successful exercise was completely and deliberately ignored by UIDAI while designing its own controversial 'universal' solution. Local personal identifiers (such as library and club cards) are also useful for many ordinary purposes, but lack of 'official' recognition, which itself is clearly part of the problem.
As Albert Einstein famously said, no problem can be solved using the same kind of thinking that created it. It is time we began thinking for ourselves, instead of outsourcing our thinking to the kind of government that creates problems by serving the narrow interests of business.
(Vickram Crishna is an engineer with nearly forty years of experience in industry, the media and independent consulting with grassroots organisations in India and elsewhere to provide communication-related technology solutions for everyday independent living. He writes and edits on subjects ranging from the use of technology in everyday sustainable living to the natural sciences, and works with children with special abilities in order to find ways to evolve equitable and inclusive ways of learning to live independently in the modern world).