Is UID anti-people?–Part 8: UID’s security is flawed

There is a distinct difference between identification and authentication. Worldwide, biometrics is mainly used for identification rather than authentication when the sample size is large. Yet, in India, the government and the UIDAI are trying hard to use the UID number for both identification and authentication

Given that the UID project—now branded as the Aadhaar project does not have legal sanction yet—the National Identification Authority (NIA) Bill was sent back by Parliament’s own standing committee, no cost benefit analysis yet, no feasibility study of any kind yet, it is interesting to look at the security issues of this project.


First of all, no expert worth his/her salt would believe that authentication using fingerprints works for a population anywhere close to this size. Worldwide, biometrics is mainly used for identification rather than authentication when the sample size is large. There is a distinct difference between identification and authentication which I would like to take some time to explain.


For instance, the US Federal Bureau of Investigation (FBI) has a biometric database of around 50 million or so people (note that this is not the biometric of American population which totals more than 250 million) which is checked against a fingerprint found in a crime site to see if a suspect is found among the people whose fingerprints are in the FBI database.


Matching of fingerprints for identification purposes requires careful, high resolution checks to see if two fingerprints are the same. Even with such a high resolution check, the FBI has made mistakes. In case of a terrorist incident in Spain a couple of years ago, it mistakenly nailed a lawyer from California based on fingerprint matching only to retract later. The FBI was later sued by the lawyer and it paid hefty compensation to the lawyer for its mistake.


Authentication is the process of checking only one fingerprint and at much lower resolution to see if the fingerprint in the database is the same as the one that is being produced for authentication.


Now how are the two different, you may ask?


To understand it, one needs to understand an important aspect, namely that this authentication at least as proposed by is done remotely and digitally. And herein lies the crucial difference. Thus, for instance if I have a digital image of your fingerprint, I can authenticate in your name. That is, I can impersonate you because I have the digital copy of your fingerprint. Now, it is not difficult to make a digital copy of your fingerprint. For instance, I can give you a glass of water to drink and when you touch that glass, your fingerprints will appear on that glass. By following a procedure—and instructions for such a procedure are available easily and even on the internet—I can then make a fake fingerprint made out of say ‘Fevicol’, wear it on my finger, and then use it for authentication. Thus, for all purposes, and as far as is concerned, I have impersonated you and I can now be eligible for the cash transfers that you are eligible for.


Please note that the above is possible in all circumstances—namely if authentication is to be done in automated fashion in say an ATM like machine or in a supervised condition where a supervisor picks up my fingerprint via a fingerprint scanner which he/she carries.


Now that the government is going to use UID for vast amounts of cash transfers, and given the proliferation of frauds in this country, one can imagine the windfall for fraudsters due to this. And add this to the fact that middle-men/agents who may carry this task in this country aren't exactly saints. They can lay their hands on fingerprints of a huge number of people either via digital copies or via making faking fingers and steal the entitlements of the people. Most people not knowing the technology behind all this would be clueless as to what is happening.


The above is by no means the only security issue with the UID project. There are many more serious security issues in this UID project. One of the other main ones is that of de-duplication. The whole UID project rests on the thesis that your identity, that is your biometrics—fingerprints and iris scans—are unique. Which means that each of the billion fingerprints in the database—assuming the database is say a billion strong—corresponding to the billion people are unique. That is, no two fingerprints corresponding to a particular finger in the database are the same. And how does ensure this? They claim to ensure this through a process which they call de-duplication.


Now what is de-duplication?


De-duplication is the following. Whenever a person’s biometrics—that is his/her fingerprints, and iris scans—are to be inserted in the database for the first time, there is a check made to ensure that these are not already present in the database, that is, they are not duplicated. That is, for each of the ten fingerprints of the person, a check is made against each and every fingerprint already present in the UID database corresponding to the particular finger to see if a similar fingerprint already exists in the database. Only if no similar fingerprint exists is the newly to be introduced fingerprint considered unique and introduced into the database. The UIDAI claims that this process is almost 100% accurate; that is, except for a small minute percentage, it will catch all the duplicates. And herein lies the problem. This claim is made by the UIDAI. However, there is no independent verification by any unbiased third party of this claim.


And this is the whole issue; should any sensible person believe the UIDAI’s claim when does not allow any independent third party access to verify its claim? Given that thousands of crores are at stake for and say finds that de-duplication is not working do you expect it to come out and say it?


There is no good reason to believe what UIDAI says is correct mainly because it has been completely non-transparent about the project, hasn't sincerely answered questions raised as part of RTI queries, as also has gone back on promised commitments to meet with independent experts who are part of civil society to discuss such issues.


I would not be surprised if de-duplication is not working and there are many persons out there, who have more than one UID allocated to them.


This is not all. There are other security issues as well. In any financial system based on authentication—and the UIDAI's system will deal with money worth thousands of crores to be doled out as cash transfers—there is a concept of a password. For instance, in case of internet banking or an ATM transaction, we have a PIN and we have different kinds of passwords such as login passwords or transaction passwords. No one in this world designs a system assuming 100% security. Perfect security does not exist and a good design while taking as much care on the security front has to always have a backup in case security is breached. That is the standard practice worldwide accepted among experts. Thus, for instance in case of a banking system, if my password is stolen, I call the bank, ask it to deactivate my current password and send me a new password. This basic principle is broken by because in the case of the system, the password is your biometric which cannot be changed. Thus, if you lose your biometric—and I have mentioned a way above by which your fingerprint image can be stolen—you are doomed. Because, you cannot get a new fingerprint, and your data will be lost forever to the person who stole your password. This is such a fundamental design flaw that it cannot be overemphasized. With how much ever care and how much ever security, there is a finite possibility that some people will lose their biometrics. In the current system, they will be shut down from the system for good.


In a way the above has already happened. In Mumbai, some fraudsters masquerading as official agents of for UID recruitment picked the biometrics of about 1,000 people. Now, these peoples’ identities are stolen for good; all the entitlements that they may be eligible for can be stolen by the fraudsters. The authorities, very stupidly, has asked these people to re-register for UID, something that is not going to help them because their biometrics is already lost and is with fraudsters and while re-registering them will pick the same biometrics from them again. Also, there has been a case where a laptop on which enrolment data was present was stolen.


Apart from all the other issues, there is always a possibility that the database itself is hacked into and stolen. Database could be a good target for terrorists. If I am not wrong, biometrics in this database is stored unencrypted, again a fatal mistake. Thus, if even part of this database is stolen, it is irreplaceable unlike a bank database where all that needs to be done is to deactivate the passwords and give new passwords to the customers. In the case, the only way out is to ask every Indian to undergo a surgery to change their fingerprints surgically, a practical impossibility not to mention other serious issues.


The UIDAI has no answers to the above questions, because there are none. The system’s security is flawed from the conception stage itself and it cannot be fixed so easily. It is indeed better to scrap this project and save taxpayers' money.


This is eighth part of a nine part series on UID


(Dr Samir Kelekar has a B Tech from IIT Bombay and PhD from Columbia University, New York. He is a security professional and runs a consultancy firm Teknotrends Software Pvt Ltd. He is also a holder of a critical US patent in the area of network security. Dr Kelekar consults in the area of security with banks, telecom companies and others.)

Is UID anti-people?–Part7: Incarnation of new geo-strategic tools, NCTC, NATGRID, UID, RFID and NPR
Is UID anti-people?–Part 6: The foundation for incessant intrusion
Is UID anti-people?–Part 5: Why UID is impractical and flawed “Ab initio”
Is UID anti-people?-Part 4: Does the implementation smack of corruption and negligence?
Is UID anti-people?-Part 3: Tall claims and tomfoolery of UID
Is UID anti-people? –Part 2: A bundle of contradictions, misconceptions & mirages
Is UID anti-people? The database state –Part1

  • Like this story? Get our top stories by email.



    Ashok Kalbag

    7 years ago

    The arguement for identification and authentication seems flawed. Aadhar authentication (depending on the level - 3 levels available)is confirming the Aadhar number stated matches online with the biometric presented. Hence an instant authentication of the individual is feasible. Therefore identification of an individual from fingerprints (FBI case) is irrelevant here. UID cannot be used for this purpose.

    De-duplication is to ensure the uniqueness of the biometric data identified by a random 12 digit number. Hence, to commit a fraud one would need the UID number AND the biometric data to impersonate - to get the dole the government is giving to the underprivileged.

    Database available with the agents while collecting data is worthless without the Aadhar number for subsequent fraud after allocation of number directly to beneficiary.

    No system is fool-proof but the effort required to crack the system do not justify the ill-gotten gains for a good system.


    7 years ago

    It is good that Mr. Samir Kelkar is bring out the other side of the story in Adhar. But this is a negative approach to whole thing, why does he want to kill the whole project, and second thing just because it is not done anywhere in the world does not mean we cannot try anything new, The other way to deal with this is try and integrate all security measure which he as an expert would like to suggest
    Typical Indian mentality of pulling other down.


    Hemant Karandikar

    In Reply to AJIT KUMAR 7 years ago

    Criticism is not pulling other down. If the scheme has so many holes in it, why is the Cong pushing it? For electoral gains alone. For other problems in the schem read

    Hemant Karandikar

    7 years ago

    I agree. For a policy level critique of UID based cash transfer read

    Is UID anti-people?–Part7: Incarnation of new geo-strategic tools, NCTC, NATGRID, UID, RFID and NPR

    NPR, NATGRID, NCTC and UID are unfolding without any legal mandate. It appears UID was, and remains, an attention diversion exercise. The real work is being done by Home Ministry to establish the world’s biggest surveillance database regime, with the active assistance of other willing players

    "If everyone is thinking alike, someone isn't thinking" said George Patton who was a US General during World War II.


    National Counter Terrorism Centre (NCTC), like a number of other related initiatives such as National Intelligence Grid (NATGRID), Unique Identification Authority of India (UIDAI) and Registrar General of National Population Register (NPR) is being established through governmental notifications or subordinate legislations, rather than legislation passed in Parliament, in manifest contempt towards legislatures, States and citizens' democratic rights.


    Union Home Ministry, Government of India has notified the setting up of the anti-terror body called NCTC on 3 February 2012 through National Counter Terrorism Centre (Organisation functions Powers and Duties) Order 2012. NCTC is headquartered in New Delhi. It will have the power to carry out operations including arrest, search and seizure. It will draw its functional power of search and seizures under the provisions of the Unlawful Activities (Prevention) Act (UAPA), 1967 and amendments therein. It is supposed to work as an integral part of Intelligence Bureau (IB).


    The notification mandates the terror-fighting agencies to share their inputs with NCTC and it also appoints the director and his core team. Director of NCTC will have full functional autonomy and he will have the power to seek information on terror from National Investigation Agency (NIA), NATGRID, intelligence units of the Central Bureau of Investigation (CBI), National Technical Research Organisation (NTRO) and Directorate of Revenue Intelligence (DRI) in addition to all seven central armed police forces including National Security Guard (NSG). He will report to the IB chief and the home ministry. The notification was issued under the Article 73 of the Constitution of India.


    Expressing concern about the conspiracy of the non-state actors that disturbs the confidence of 'global investor', the 121-page 2009 report of the Task Force on National Security and Terrorism constituted by the undeclared undemocratic political party of pre-independence times - Federation of Indian Commerce and Industry (FICCI) - refers to assassination of Austrian Archduke Franz Ferdinand on 28 June 1914 by Gavrilo Princip, a Yugoslav nationalist, as a terrorist act that led to World War I. This war narrative runs all through the report that explicitly recommends the evolved framework of counter terrorism in the US, UK and Israel and commissioning of safe city plan by companies at page 96.


    The fact is that politically powerful members of the Serbian military armed and trained Princip and two other students as assassins and sent them into Austria-Hungary for the act. The reasons for the war goes deeper, involving national politics, cultures, economics, and a complex web of alliances and counterbalances that had developed between the various European powers since 1870 including previous economic and military rivalry in industry and trade.


    The FICCI report is quite shallow, and it deals with selective historical facts. It refers to possible targeting of Indian, Western and Jewish installations as retaliation against ongoing North Atlantic Treaty Organisation (NATO), a 28 nation military alliance led operations in Afghanistan. It contends that the link between Afghanistan and Jammu & Kashmir is permanent.


    At page 70, the FICCI report argues for a secure e-network for connecting all district headquarters and police stations NATGRID under National Counter Terrorism Agency and observes, "As Nandan Nilekani goes into operationalising the UIDAI, there is a case for factoring inclusion data, as part of the national grid to assist in counter terrorism." This is not the first time that NATGRID and UID link is underlined.


    Another joint report of the Associated Chambers of Commerce and Industry (ASSOCHAM), an undeclared political party of companies and KPMG, Swiss Consultancy titled "Homeland Security in India, 2010" had revealed it. ASSOCHAM's joint report of June 2011 with Aviotech, an initiative of the promoters of the Deccan Chronicle Group titled "Homeland Security Assessment India: Expansion and Growth" refers to the "The requirement in Biometrics for all the subsequent programs under the National Census will become significant." This shows where the NPR program which is linked to UID is headed.


    It is noteworthy that the origins of the Unique Identification (UID) and Radio-Frequency Identification (RFID) process within the US Department of Defense started under Michael Wynne, former Under Secretary of Defense for Acquisition, Technology and Logistics (AT&L) from 2003 till 2005 that started the UID and RFID industry. Within NATO, two documents deal so far with unique identification of items. The first one is standardization agreement which was ratified in 2010. The second one is a "How to "guide for NATO members willing to enter in the UID business. Is India a NATO member? It appears to be behaving like one.


    In such a backdrop, the most recent proposal of both the Election Commission of India and the Unique Identification Authority of India (UIDAI) to Union Home Ministry "to merge the Election ID cards with UID" is an exercise in rewriting and engineering the electoral ecosystem, underlining that the use of biometric technology and Electronic Voting Machines (EVMs) is not as innocent and as politically neutral as it has been made out to be. This proposal makes a mockery of the recommendations of the Parliamentary Committee on Finance on UID Bill. It is noteworthy that all EVMs have a UID as well.


    Notably, Land Titling Bill makes a provision for linking land titles to UIDs of Indian residents. These acts of convergence will undermine the constitutional rights and change the meaning of democracy as we know it. It is an act of changing both the form and content of democracy and democratic rights in a new technology based regime where technologies and technology companies are beyond regulation because they are bigger than the government and legislatures.


    At page 92 of the FICCI report, it is acknowledged that Government of USA has made concerted efforts to leverage IT as a weapon against terror and has spent billions of dollars on IT related projects. These projects include common information exchange, systems for mining data from collection of unsorted documents and databases, biometric identity cards etc. Launched in April 2010, World Bank's e-Transform Initiative that is working to converge private, public and citizen sector with an explicit ulterior motive to transform governments beyond recognition fit into the scheme of the US IT efforts.


    The report seeks the role of the private sector in fighting terror. It underscores a "National Counter Terrorism Architecture". It recommends 'National Counter Terrorism Agency with all India jurisdictions as a central system for intelligence gathering, analysis and dissemination of information'. It approves of the 'formational of National Intelligence Grid as an integrated model of information sharing under the proposed National Counter Terrorism Agency' as 'an urgent imperative.'


    At page 49, the report refers to UN Security Council Resolution 1373 adopted in September 2001 for initiating action if tangible evidence exists. It recommends intense attack should a Mumbai style attack happen again, as a hard option, and joint military interaction and economic free trade zone as a soft option.


    It reveals that the subject of security has entered the corporate board room. Now they seek participation from non-governmental organisations (NGOs) for security education as part of corporate social responsibility (CSR) and private sector role in the national security and counter terrorism sector as well. It suggests amendments in the Private Security Agencies Act, 2005 to ensure licensing by a national regulator for those private security agencies which have an annual turnover of Rs100 crore or employing 10,000 or more guards and experience in security business to carry weapons. This appears to be the first step in the direction of privatization of national security sector and the second step being private sector participation in the NATGRID.


    A perusal of the report gives the impression that given the fact that objections of Chief Ministers and member of Parliaments (MPs) are not rooted in concerns for civil liberties, they are simply interested in getting the Home Ministry to stop the misuse of Intelligence Bureau (IB) which has also been recommended by the FICCI report.


    Concerns of citizens and progressive political parties are based on the grave threat potential of NCTC, NATGRID, NPR, UID/Aadhaar, Radio Frequency Identification (RFID) and DNA Profiling Bill for democratic rights which are under assault from both the central and state governments. What else can explain the studied silence of most of the Chief Ministers in the matter of biometric profiling through UID/Aadhaar and NPR that has been rejected by the Parliamentary Standing Committee on Finance. UID/Aadhaar, NPR and NATGRID and NCTC are two sides of the same coin. They are two ends of the same rope. They pose an unprecedented threat to constitutional rights and the federal structure of the country. Home Ministry's NCTC meets FICCI's demand and is obstinately reluctant to pay heed to the demands of citizens, Chief Ministers and opposition MPs and even MPs from United Progressive Alliance (UPA). 


    The Indian NCTC is a poor imitation of USA's National Counter Terrorism Centre (NCTC). US NCTC was formed in 2003. It is a governmental organization responsible for national and international counter terrorism efforts that advises government of US on terrorism. It works under US's Director of National Intelligence which operates on an annual budget of $49.8 billion and approximately 1,500 people. It draws experts from the CIA, FBI, the Pentagon, and other agencies who try to ensure that clues about potential attacks are not missed. Matthew G. Olsen was sworn as the Director of NCTC after his appointment was confirmed by the US Senate. He reports to the Director of National Intelligence and to the President of USA. In his earlier assignment, he has supervised the implementation of the Foreign Intelligence Surveillance Act.


    USA's NCTC is headquartered in McLean, Virginia. The precursor organization of NCTC, the Terrorist Threat Integration Centre established on 1 May 2003, was created by the President of USA by an Executive Order. It was established in response to recommendations by the National Commission on Terrorist Attacks Upon the United States that investigated the terrorist attacks on 11 September 2001. The Intelligence Reform and Terrorism Prevention Act of 2004 renamed Terrorist Threat Integration Centre to NCTC and placed it under the United States Director of National Intelligence. NCTC analyzes terrorism intelligence (except purely domestic terrorism), stores terrorism information, supports USA's counter terrorism activities using information technology, and plans counter-terrorism activities as directed by the President of the United States, the National Security Council, and the Homeland Security Council.


    India and USA Signed Counter Terrorism Cooperation Initiative on 23 July 2010. It was initiated on the sidelines of the visit of Dr Manmohan Singh to the US in November 2009. The then Union Home Secretary, GK Pillai signed for India whereas Ambassador Timothy J Roemer signed on behalf of the USA. Nirupama Rao, Indian Foreign Secretary was also present on the occasion.


    It seeks to further enhance the cooperation between two countries in Counter Terrorism as an important element of their bilateral strategic partnership. The initiative, inter alia, provides for strengthening capabilities to effectively combat terrorism; promotion of exchanges regarding modernization of techniques; sharing of best practices on issues of mutual interest; development of investigative skills; promotion of cooperation between forensic science laboratories; establishment of procedures to provide mutual investigative assistance; enhancing capabilities to act against money laundering, counterfeit currency and financing of terrorism; exchanging best practices on mass transit and rail security; increasing exchanges between Coast Guards and Navy on maritime security; exchanging experience and expertise on port and border security; enhancing liaison and training between specialist Counter Terrorism Units including National Security Guard with their US counter parts.


    Within India, NCTC traces its genesis, objectives, structure and powers of the proposed NCTC in the recommendations of a Group of Ministers in 2001 that reviewed the internal security system in the aftermath of the Kargil conflict that made a case for the establishment of a Multi Agency Centre (MAC), a permanent Joint Task Force on Intelligence and an Inter State Intelligence Support System, which were broadly accepted by the NDA Government. It seeks justification from the 2008 report of the Second Administrative Reforms Commission that recommended a Multi Agency Centre should be converted into a National Centre for Counter Terrorism with personnel drawn from different intelligence and security agencies.


    NCTC's mandate is to draw up plans and coordinate action for counter terrorism. Its duties and functions are confined to counter terrorism. The Office Memorandum dated 3 February 2012 provides for a Standing Council consisting of the Director, NCTC, the three Joint Directors, NCTC and the Heads of the Anti-Terrorist Organisation or Force in each State. The Standing Council shall meet as often as necessary and may also meet through video conference. The Standing Council shall ensure that NCTC is the single and effective point of control and coordination of all counter terrorism measures. It is proposed to subsume the Multi Agency Centre in the NCTC. Home Minister has argued that the location of the NCTC, the Cabinet Committee on Security decided to place it within the Intelligence Bureau (IB) as per the guidance by the recommendations of the Group of Ministers made in 2001 that IB shall be "the nodal intelligence agency for counter intelligence and counter terrorism within the country."


    It appears that there is complicity between Indian National Congress (Congress) and Bhartiya Janata Party (BJP). The latter appears more concerned about the form rather than the undemocratic and regressive nature of the proposals. Not surprisingly, in his key note address at the FICCI conference on national security and terror, former National Security Advisor Brajesh Mishra opined that at least the political leadership of Congress and BJP should unite and should not allow electoral politics to defeat in National Interest.


    He advocated Federal Counter Terrorism Agency even if requires constitutional amendments terming States right to the subject of law and order as a mere political excuse but revealed that IB is involved in the business of political intelligence. In such a situation, his recommendation for NCTC like agency which operates under IB is quite inconsistent.


    In the case of the USA, the 9/11 Committee recommended, "The NCTC should perform joint planning. The plans would assign operational responsibilities to lead agencies, such as State, the CIA, the FBI, Defense and its combatant commands, Homeland Security, and other agencies. The NCTC should not direct the actual execution of these operations, leaving that job to the agencies. The NCTC would then track implementation; it would look across the foreign-domestic divide and across agency boundaries, updating plans to follow through on cases."


    It has been observed that legal experts who have analysed both US and Indian versions of NCTC that empowering an intelligence agency with executive action poses gravest threat to democracy and civil rights. At best NCTC is supposed to make information sharing better. Indian Home Ministry cannot do a cut and paste of selective USA's legislative provisions without a national anti-terrorism law being in place and without explicitly safeguarding civil liberties.


    In any case in the US, the NCTC is a legal institution set up through legislation after bipartisan consultations, without legal powers to arrest, detain, interrogate, search, etc. The Indian NCTC has been set up by executive notification under the Unlawful Activities Prevention Act of 1967. This act of subordinate legislation does not have legislative mandate.


    Parliamentarians and senior lawyers have been contended that IB is used for harassing political opponents. IB is supposed to undertake clandestine intelligence collection. However, it is strange that while giving powers of search and arrest to the NCTC is unwarranted at the centre such arbitrary powers are uncalled for even for states.


    Several Chief Ministers have expressed persistent opposition. They were not consulted before the notification of the NCTC. It violates the federal structure of the country. The potential of misuse of NCTC by the IB is immense can create Emergency like situation. In his reply to the discussion on the President's Address and as part of motion of thanks on the President's address, the Prime Minister on 20 March 2012 told the Parliament, "Concerns have been raised that the Central Government is trying to encroach upon the jurisdiction of State Governments, and it has been suggested that they should be taken into confidence before this Centre becomes operational. The question of setting up the National Counter Terrorism Centre has been discussed at various fora since the report of the Group of Ministers, appointed by the previous Government, and the recommendations of the Second Administrative Reforms Commission, were submitted. Multi-agency Centre that was established in 2001 was a precursor to the NCTC and the need for a single and effective point of coordination for counter terrorism has been discussed in meetings on Internal Security of Chief Ministers in the last couple of years."


    He further said, "As has been pointed out by some Members, a number of CMs have expressed their concern after the Order was issued and I have replied to them that there will be consultations before the next steps are taken. The consultation was held on 12 March 2012 with the Chief Secretaries and the DGPs from different State Governments… Therefore, adequate and full consultations will take place before the next steps are taken to operationalise the National Counter Terrorism Centre."


    Prime Minister added, "I think that the idea of an NCTC and the manner in which the NCTC will function are two separate issues. The idea of National Counter Terrorism Centre, you have all agreed, is unexceptional. On the manner in which the NCTC will function, there may be differences of opinion, but I am confident that through discussions and dialogues, these differences can be narrowed down and a broad-based consensus can be arrived. That will be our effort, and, therefore, this House has the assurance that nothing will be done which will, in any way, infringe with the federal imperatives of our constitutional set-up."


    Prime Minister's reply on NCTC failed to convince the MPs in the Parliament. It was stated by the Chairman, Parliamentary Standing Committee on Home Affairs in the Parliament in March 2012 that central government did not consult with the Chief Ministers of the States in constituting the National Intelligence Grid (NATGRID) and the National Counter Terrorism Centre (NCTC). He said, "These bodies encroach upon the federal structure of the country and dilute the rights of the States."


    There was an unprecedented voting on this issue wherein President's Address mentioned it. About 82 votes were against the government's current proposal and 105 votes in favour. It is clear that there is massive opposition within the Parliament and outside it.


    It has been argued in the Parliament that "in USA and the United Kingdom, there are Oversight Parliamentary Committees to look into the activities of the Intelligence Bureau, which is not here in India."


    The opaque manner of Ministry of Home Affairs (MHA) merited strong objection because it has chosen not seek the consent of legislatures, states and citizens. The IB has no legal basis for its existence nor legal charter to do any operations work.


    It is noteworthy that a 20 page Private Members' Bill titled "The Intelligence Services (Powers and Regulation) Bill, 2011" has been introduced the Lok Sabha by Manish Tewari (at present he is Union Minister of for Information and Broadcasting) "to regulate the manner of the functioning and exercise of powers of Indian Intelligence Agencies within and beyond the territory of India and to provide for the coordination, control and oversight of such agencies..”


    Bills' Statement of Objects and Reasons reads: "Intelligence agencies are responsible for maintaining internal security and combating external threats to the sovereignty and integrity of the nation. These responsibilities range from counter-terrorism measures tackling separatist movements to critical infrastructure protection. These agencies are operating without an appropriate statutory basis delineating their functioning and operations. This tends to, among other things, compromise operational efficiency and weakens the professional fabric of these agencies. It also results in intelligence officers not having due protection when performing their duties. Assessments and gathering of information by intelligence agencies are catalysts for law enforcement units to act, necessitating that these be reliable, accurate and in accordance with law. This kind of efficiency has been hindered by obscured responsibilities that have plagued the functioning of the agencies."


    It further reads: "Article 21 of the Constitution provides that no person shall be deprived of his life and personal liberty except according to the procedure established by law. The Supreme Court of India has carved a right to privacy from the right to life and personal liberty. Such rights to privacy are compromised when agencies undertake surveillance operations. In Re: Peoples Union of Civil Liberties v/s Union of India, the Supreme Court issued detailed guidelines regarding telephone tapping. A proper legal framework is required to regulate surveillance of the forms, using different technologies, as well. There is an urgent need to balance the demands of security and privacy of individuals, by ensuring safeguards against the misuse of surveillance powers of intelligence agencies. Therefore, legislation is imperative to regulate the possible infringement of privacy of citizens, while giving credence to security concerns."


    It states, "In view of the reasons stated, the Bill seeks to enact a legislation pursuant to Entry 8 of List I of the Seventh Schedule of the Constitution of India to provide

    a) A legislative and regulatory framework for the Intelligence Bureau, the Research and Analysis Wing and the National Technical Research Organisation;

    (b) Designated Authority regarding authorization procedure and system of warrants for operations by these agencies;

    (c) A National Intelligence Tribunal for the investigation of complaints against these agencies;

    (d) A National Intelligence and Security Oversight Committee for an effective oversight mechanism of these agencies; and

    (e) An Intelligence Ombudsman for efficient functioning of the agencies and for matters connected therewith. The Bill seeks to achieve the aforesaid objectives."


    This Bill merits attention of MPs of all political parties so that it can be improved further. It needs to be examined by a High Powered Parliamentary Committee whose recommendations are mandatory. There is a need for a law and a Commission for Parliamentary Scrutiny and Audit of Intelligence Operations. This is glaringly illustrated by a private member's bill seeking to bring intelligence agencies under Parliamentary scrutiny introduced by the national spokesperson of Indian National Congress.


    For sure, somewhere lack of accountability of these agencies pinches even the MPs of the ruling party. What can be more irrational than creating institutions like NATGRID and NCTC without the passage of the above Bill?


    It is noteworthy that US version of NCTC too has a legal basis. UK "Joint Terrorism Analyses Centre" (JTAC), which is under the MI-5 (UK intelligence agency) too have legal basis under the Security Service Act, 1989. It has also been codified. JTAC is bound "by the provisions of the Intelligence Services Act, 1994. It is subject to the oversight of the Parliament's Intelligence & Security Committee". But the proposed NCTC in India does not have any legislative mandate. IB is "not accountable to Parliament".


    In democracies like UK, British intelligence agencies and police record the proceedings which are inspected by UK Parliament's Intelligence & Security Committee. In India, Home Ministry appears to be resisting legislative scrutiny and undermining the federal structure of the country. Following strong disapproval of NCTC by states and human rights groups, Union Home Minister wrote to 10 non- Congress Chief Ministers.


    NCTC is contrary to numerous constitutional, legal and administrative provisions. States rightly consider establishment of NCTC as an encroachment upon their law and enforcement powers and federalism features of Indian constitution. Citizens are deeply concerned about enforcement of civil rights by agencies like Home Ministry's NCTC, Registrar General of National Population Register (NPR) and Capt Raghu Raman headed NATGRID, Crime and Criminal Tracking Network and System (CCTNS) for automating police stations across the country, Sam Pitroda headed Public Information Infrastructure and Innovations and Planning Commission's Nandan Manohar Nilekani headed Unique Identification Authority of India (UIDAI) and surveillance and biometric technologies like Radio Frequency Identification (RFID). The legislative proposals like DNA Profiling Bill, 2012 also fall in this category.


    There is an immediate need for parliamentary scrutiny of the pre-existing intelligence agencies and mandatory legislative consent for the creation of security, surveillance and database agencies besides the agreement of the States and the citizens. At present there is no transparency and accountability of the working of intelligence agencies and in the creation of the proposed agencies. At a time when the constitutionality of the National Investigation Agency (NIA) Act, 2008 itself is in question and found unacceptable by the States, the NCTC proposal was fated to meet stiff and bitter opposition from all.


    It is noteworthy that Central Bureau of Investigation (CBI), National Investigation Agency (NIA) and NATGRID are exempted from the applicability of Right to Information Act, 2005, the only transparency law of India. This exemption for CBI and NATGRID which are not governed by any law at all is quite bizarre. Also exemption of NIA whose existential legality has been contested is questionable.


    Such exemptions are unacceptable given the fact that central monitoring system (CMS), a centralised mechanism that is meant to assist in lawful interception of communications from landline, mobile and Internet without any lawful interception law in India.


    India does not have any legal and constitutionally sound phone tapping and e-surveillance law. The birth of NCTC itself is illegitimate. The fact that it will rely on the databases of agencies which are themselves working without any legislative and democratic mandate is quite unnerving.


    P Chidambaram's letter on NCTC to 10 Chief Ministers of Bihar, Gujarat, Himachal Pradesh, Jharkhand, Karnataka, Madhya Pradesh, Odisha, Tamil Nadu, Tripura and West Bengal failed to persuade the CMs. By now it is clear that the Home Minister's letter and Prime Minister's assurance has failed to convince the MPs, MLA, MLCs or Chief Ministers. Concerns of citizens about inbuilt threats to democratic rights from the NCTC and related proposals also merit the attention of both the states' legislatures and the Parliament.


    While States and citizens are concerned about their rights and are resisting efforts to turn them into subjects of centralized powers, the emergence of a regressive convergence economy based on databases and unregulated surveillance, biometric and electoral technologies remains largely unnoticed and unchallenged. Political clout of technology based companies seems to be creating a property based rights regime through financial surveillance making national boundaries redundant.


    NPR, NATGRID, NCTC and UID are unfolding without any legal mandate. It appears UID was, and remains, an attention diversion exercise. The real work is being done by the Home Ministry.


    Even Parliamentary Committee on Finance erred in accepting Ministry's NPR initiative by implication in its recommendations while denouncing the illegality of biometric data collection. What is happening is the same Home Ministry will have Census data, NPR data, NATGRID data and the NCTC-their integration is creating world's most powerful database since mankind came into existence.


    Non-Congress governments in states are acting like unthinking obedient boys in the matter of NPR, NATGRID and UID. Mere opposition to NCTC is hardly sufficient because with NPR, NATGRID and UID alone they can do what the central government wants without NCTC. NCTC is proposed to obey an illegal UN Security Council Resolution of 28 September 2001. India's cooperation has already been co-opted by entrusting Ambassador Hardeep Singh Puri, Permanent Representative of India to the UN. Thus, Manmohan Singh (head of Cabinet Committee on UID related issues including NPR), Montek Singh (head of UID as its under Planning Commission) and Hardeep Singh (head of UN Security Council's Counter Terrorism Committee) are working in tandem without any legislative oversight.


    It's a case of three Sardarjis working to establish world biggest surveillance database regime with the active assistance of other willing players. They may have got some assurance the way British signed a peace-treaty with Maharaja Ranjit Singh in 1809 that was broken as soon as Maharaja died in 1839. Maharaja's son Duleep Singh remained at the mercy of the British Government in UK. The new players also appear to be at the mercy of US government and NATO.


    National Intelligence Grid (NATGRID), Backbone of NCTC


    National Intelligence Grid (NATGRID), established under Ministry of Home Affairs of the Government of India, aims to consolidate data gathered by various agencies, both private and public, and to make the same available to law enforcement agencies of India. NATGRID functions with a budget of Rs2,800 crore and a staff of 300.


    When asked about the qualification of CEO of NATGRID, the process for appointment of CEO, names and headquarters of the companies and Government entities from which the data would be uploaded in the NATGRID and the names of the various Government agencies which would have an access with NATGRID database under RTI Act, the Home Ministry on 30 June 2011 replied, "NATGRID/MHA is out of purview of RTI Act, 2005 under Gazette Notification No306 dated 9.6.2011".


    Capt P Raghu Raman says, "…the NATGRID is not an organisation, but a tool". It simply routes "information from 21 data sources to 10 user agencies ... it is like a Google of such data sources."


    NATGRID will function as a central facilitation centre, to "data sources" such as banks and airlines, they are the Research and Analysis Wing (RAW), the Intelligence Bureau, Central Bureau of Investigation, Financial Intelligence Unit, Central Board of Direct Taxes, Directorate of Revenue Intelligence, Enforcement Directorate, Narcotics Control Bureau, Central Board of Excise and Customs and the Directorate General of Central Excise Intelligence. These agencies will get access to information from NATGRID. Security agencies can seek the details from NATGRID database. Data from Airline companies, Telecom Companies, etc. would be uploaded to NATGRID database. All the Security agencies will have an access to NATGRID.


    Capt Raman, a former CEO of Mahindra Special Services Group wrote a paper "A National of Numb People", wherein he advises 'commercial czars' to create 'private territorial armies' to safeguard their empires. When in Indian Army, Raman wrote that India followed the NATO war policy with cheap "Warsaw equipment" ridiculing the Warsaw war doctrines. He argues that the latter relies on low-cost-arms-using Warsaw line-up that lets enemy forces advance until the time was ripe for them to strike back. NATO is equipped with state-of-the-art weapons that do not "cede an inch". Explicit and implicit eulogies for NATO appears pregnant with meaning and is consistent with NATO's new strategic concept that seeks to expand its sphere of influence and ever greater military spending, invest in new weapons and in their worldwide network of military bases. The regime that is unfolding using identification technologies and mega databases fits into the scheme of NATO.


    (Gopal Krishna, a member of Citizens Forum for Civil Liberties (CFCL), is also an environmental and civil rights activist)

    Is UID anti-people?–Part 6: The foundation for incessant intrusion
    Is UID anti-people?–Part 5: Why UID is impractical and flawed “Ab initio”
    Is UID anti-people?-Part 4: Does the implementation smack of corruption and negligence?
    Is UID anti-people?-Part 3: Tall claims and tomfoolery of UID
    Is UID anti-people? –Part 2: A bundle of contradictions, misconceptions & mirages
    Is UID anti-people? The database state –Part1

  • Like this story? Get our top stories by email.




    7 years ago

    The writer is well researched on the topic. Congrats for giving much detailed information. Our democratic state going to a state dictatorship where citizen freedom of expression, right,liberties all are at danger. State organs making us a democratic slave and a bonded labour where free thinking is limited. Right and liberty, justice comes at a heavier price. Our natural resources looted for a section of people. We see the danger ahead. The choice of the people is limited now, state dictating us either you are with us or against us, this is what state want to say to its people.

    sivaraman anant narayan

    7 years ago

    Very well researched article, presenting the clear, but subtle undertones of danger to our democratic values and way of life. Technology may well be the harbinger of destruction of democratic societies!

    Is UID anti-people?–Part 6: The foundation for incessant intrusion

    Leakages in social welfare, for instance, are already being tackled successfully through both technological and social means, and the convenience of easy shopping can be achieved through much less dangerous and locally valid means than the creation of a national database. This is the sixth part of a nine-part series on the unique identification number scheme

    The Internet has grown from a loose and repairable interconnect between individual computers at inception to a vast interconnecting network of smaller networks, sprawling across the world and providing an incredibly wide range of communication options. Largely self-governed, it has resisted the growth of corporate dominance until now, when even governments have been suborned into finding ways to collaborate and turn over control to a shadowy group of transnational players who owe no allegiance to any political or social grouping or influence.  Vickram Crishna looks at the implications for ordinary people in nations like India, where the penetration of pervasive control is both more rapid and more intense than has ever been experienced in the more advanced nations. The latest gambit is to force digitisation of personally identifiable information (seductively called 'Aadhaar', or foundation, signifying the basis for an enormous assault on personal liberty) upon poverty-stricken persons who cannot directly gain from the Internet's knowledge-enhancing benefits.
    The Internet was born in the 1960s, with research from the UK being applied in the USA (through an academic collaboration), that resulted in the ability to allow computers to communicate with each other, connecting through self-healing networks. The real innovation was in the design of such networks, and the motivation for that probably lies in the fear psychosis of the Cold War, when nuclear strikes might disrupt traditional circuit-switched telecommunication networks.
    However, self-healing networks are a facsimile of real-world organic networks, found in human bodies as well as most other living creatures, to varying degrees of sophistication. One of the serendipitous benefits of this new technology was that existing telecommunication networks could be used with far more efficiency. One characteristic of the new approach was that any circuit, even the smallest segment of a circuit, was used only for the precise amount of time that it was needed, leaving it free to be used as part of a different circuit at any other time. It was true of circuits that operated through physical wires as well as via electromagnetic radiation (typically radio, which had been developing in parallel with cable communication through most of the 1900s).
    Needless to say, this facility was not welcomed with open arms by the telecommunication industry, which, at the time, was able to charge huge sums for the use of their exclusive networks. It hardly made any difference to the world as such computer networks were mainly used by a small number of highly specialised engineers, some of whom provided consulting services for academic researchers at universities.
    In the late 1980s, one such researcher, Tim Berners-Lee, an academic working at the prestigious CERN laboratory in Europe, was keen to find a way to get around the need for anyone requesting a communication, particularly a document, presently residing on another computer, to know the complete and precise location and title of that document. Responding to the need to simplify this problem, he devised an elegant naming system involving a new kind of computer language, calling it the hypertext mark-up language, or HTML.
    Documents created using HTML were in effect self locating, making it possible to request them easily from anywhere, without needing to route specifically to the actual storage point. It redefined the concept of a document as well, from the older 'page' basis to the new 'character' basis, where a transmitted communication might be a single character, or even a keystroke. 
    Display devices using the same technology could actually display the document independently, without the need to store it locally or to use the same computer program needed to create it, using freely distributed display applications following this standard, called browsers.
    The two characteristics of the new communication technology were thus closely related, self-healing and self-locating. It opened up a new era of public communication, the World Wide Web. And it opened up a war.
    This war is one that has operated behind the scenes from the early 1990s till today, when it has taken on new and increasingly unpleasant dimensions. This is no longer a war for control of land, or of hegemony over nations, as was the practice of most traditional wars fought with weapons of violence, or with fear and ignorance, as was the Cold War that came to an end just as the Web ushered in a new era of knowledge for all.
    The present war, one fought as grimly as any war of violence, involves nothing less than hegemony over the mind, minds of ordinary people that are today, due to the liberating presence of easily accessible knowledge and information, better able to make decisions for themselves than at any previous time in recorded history. The soldiers in this new war are no longer skilled wielders of violence, but masters of the honeyed word and diplomacy, fighting to maintain the hegemony of corporatised entities over the essentials of trade and commerce worldwide.
    The essence of the new communications is decentralisation. This represents the greatest threat to the accumulation of power since it first became possible, with the organisation of humans into tribes, millennia ago.
    The flip side of the coin of decentralisation is personal empowerment through knowledge. As anthropologists and linguists have noted, communication has always gravitated towards obscurity, in order to hoard knowledge in the grip of adepts. With modern communications technology using devices, this is less and less true or at least, less relevant. Information has never been so available, in theory as well as in practice, and with it, the seeds of knowledge. 
    Personal empowerment is the single most critical threat to the extreme agglomeration of power, itself a natural outcome of the organisation of human activity into corporatised entities, far more than the earlier creations of feudal empires.
    The weapons of the new war are therefore personal, to reduce the ability of the individual to assert herself. This is accomplished through diminution of the individual herself, by intruding into her most private spaces, her body and her mind. And of course, her personal communications with others, that give strength to her knowledge through its sharing.
    The tools of this war are called "intellectual property rights" and "freedom of individuality". Crafted to give the impression of empowerment, IPR actually facilitates the transfer of the freedom to create to paternalistic holding corporate entities. This abstraction is not just theoretical, it is highly functional, and results in the inability of the individual to exercise any control over personal creations. The institutions created for this purpose are almost laughable in the hollowness of their conception, but given the passage of close to 150 years since their formalisation, have gained enormous in influence.
    Freedom of individuality has been traduced by paying lip service to the tradition of personal privacy, through mechanisms purportedly aimed at protecting that privilege, but in fact drawing borders around it and making it difficult to discover when it has been breached. This subtle destruction of the concept of personal identity, by the gross misuse of power, is state-sponsored to impose state-defined identification methods upon ordinary people, directly impacting and virtually destroying their freedom of expression. Rather than recognising and enshrining the intrinsic value of personal privacy, it is given an extrinsic value through the creation of 
    weak government-managed institutions (universal identity systems, privacy commissions, etc). These institutions are used to restrict the ability to exercise freedom of expression, and also to divide (and conquer) the communities of persons who organise themselves to safeguard these basic human values.
    The latest salvo from the forces of power involves attacks on self-routing networks, a necessary advance in technology, forced by the extraordinary increase in pervasive surveillance and lack of respect for basic human values.
    From the birth of electronic computing, involving huge machines shielded behind impenetrable layers of obscurity, communication technologies offering text, graphics, audio and video between individuals and groups as well are now available in handy devices at prices that make ubiquity almost possible, well beyond that of any earlier complex technology. In response, corporate entities have been handed extraordinary powers to survey and intrude upon users of these technologies.
    In India, these powers have been given to the telecommunication companies that run most of the country's extensive circuit-switched networks, both wired, networks of which are majorly government owned, and wireless, the majority of which are privately held. Under the guise of simplifying operations, surveillance responsibilities are handled in practice by the companies, instead of by the state. Official requests for surveillance have crossed 10,000 in the past year, most of which have been without any form of oversight exercised, but there is no way of knowing the extent of unofficial surveillance.
    For pure digital communications, such surveillance hardware is installed (again by mandate) on servers at all commercial network distribution points. It is difficult, if not impossible, to ascertain the extent to which surveillance takes place, as the law permits clandestine snooping without prior judicial oversight. Aside from surveillance of digital communications, control can be exercised by monitoring other aspects of civilised life - shopping, banking and availing of other public services. To facilitate this, the world's largest personal identification database is being built in India. 
    Technically, the organisation doing this is an arm of the government, set up as an authority under the Planning Commission, but in actuality, its operations, supervised by a former private corporate manager, are being handled directly by independent corporate entities, two of them foreign-registered. One of them is shamelessly the largest surveillance company in the world, started by former spy and security chiefs from the world's biggest security agencies (CIA, FBI, etc). The identification number is branded 'Aadhaar', meaning foundation, an almost risible expression of Newspeak, coined by visionary George Orwell, in his dystopian world of '1984'. In the real world, it is set to be the foundation of constant and ceaseless surveillance.
    How will this happen? The identification number was blatantly launched as a voluntarily registered system to be used for the delivery of state-guaranteed goods and services (and, increasingly, this is being translated into cash and services, funnelling business to the banking sector) to persons direly in need of assistance. Today, there is an almost hysterical urgency to the rapidity with which it is being mandatory for government employees, teachers, people who need to buy petrol, cooking gas, use credit cards, telephones, maintain banking accounts, obtain driving licenses... the list is endless, and it is beginning to cover every conceivable transaction of urban civilised society dwellers. The pressure of getting the number is far more upon relatively affluent and less needy persons than upon the deeply poverty-stricken, uncountable percentages of who are excluded from the social net, but for whom the unique identity number will provide no relief.
    This means that the number, and with it, the biometric capture and recapture, will be fed into low cost point-of-sale devices across every level of transaction, even relatively high value items that have zero impact upon the subsidy systems whose cleansing is said to be the point of having such a unique identification system in the first place. The first pilot service, conducted with great fanfare a few months back, conceived portable devices to be carried by cooking gas cylinder delivery people.
    It was a signal failure, which has not, for some reason deterred the people behind the scheme from proceeding.
    The daily poverty line figure was recently set at around Rs28/32 for rural/urban dwellers. This adds up over a month to under Rs1,000, thus it is clear that such persons cannot buy unsubsidised cooking gas, which is going to be priced above Rs900 per cylinder. Thus the cooking gas scheme is clearly aimed at 'solving' a problem that does not concern the massively poor.
    When low-cost devices are used for biometric capture and transmission of that data across public data networks, the scope for illicit tampering with identity becomes significant. Even though it is likely that such data might be encrypted before transmission, the machine itself might be tampered with (there will be hundreds of thousands, perhaps millions, of such machines, and it will be impossible to guard all of them, once they are out in the field). Even from non-tampered machines, data can be stolen by inserting data diverters in the network. Of course, this data will be encrypted, but it will be fairly straightforward to break the encryption given enough time.
    Over time, many sets of digital fingerprints (and perhaps iris scans, although these have not at present been authorised for authentication) will be stolen, and matching such data to real names is possible with established data mining techniques. It becomes reasonably possible then to use falsified data to spuriously obtain a positive response from the authentication system, thus nullifying any advantage gained from a so-called unique identification system. 
    It also becomes possible to monitor and track the transactions of registered individuals, whether this involves making a purchase or of using public markets. Worse, it enables such transactions to be followed geographically, thus allowing surveillers to accurately track individuals' movements.
    Note that the linked security services (for which UID data will be immediately and directly available) are not, therefore, the only monitors. Illicit and predatory third parties will also have the ability to surveil individuals, something that is exceedingly difficult nowadays, unless the private and personal data is stolen by some other means, and all consumer services are interlinked for some other reason, not yet implemented.
    Against this, how are individuals going to maintain their privacy and assure themselves the freedom necessary to express themselves without fear? With extreme difficulty, it appears.
    Recent cases in the US reveal that even the most private email communications are liable to be surveilled by the government (with a total of 1.3 million official surveillance requests this year), and there is no guarantee that information privy to even investigations pertaining to the highest national security is freely leaked to the media, despite the fact that it involves private citizens who have committed no offense. 
    The Indian identification authority is openly discussing and planning how to rapidly carry out (well before the data-gathering exercise is even halfway completed) data synchronisation linking banking, shopping and government exchange transactions to the individual, leaving very little private, since communications by telephone and computer (including smartphones) are already monitored closely. And a recent move by The Netherlands seeks to legally enable cross-border computer surveillance (including the ability to destroy and even disable the computing device, without warrant or permission from local authorities). This move takes place as the European Union officially pressurises other nations (including India) to concede to data sharing agreements before agreeing to allow lucrative data processing contracts to be concluded. 
    The Dutch move is specifically aimed at disrupting technology designed to protect the privacy of individuals by obscuring network markers that might otherwise identify their computing devices.
    Needless to say, this all forms part of an attack based on the external imposition of markers of identity, ignoring and oftentimes denying community-driven identity systems that have evolved over time. Since the late 1800s, the practice of 'recognised' identity numbers became commonplace, with the gradual introduction of national passports and related identity systems. These numbers have replaced names as critical identifiers, and one of the most egregious examples of how such systems can be misused dates back to the gigantic conflict commonly called World War II, when some six million of the tens of millions of casualties were civilians, incarcerated in "concentration camps", and systematically murdered in cold blood. As a crucial part of this exercise, each of these persons was dehumanised first by tattooing a number on the arm.
    Possibly in macabre jest, the chairman of the UIDAI responsible for issue of similar numbers in India, Nandan Nilekani, also suggested that illiterate persons in India could tattoo themselves with the number his organisation has imposed upon them in order to remember their new identities. Somehow, this does not quite match the humour of comedians like Spike Milligan (Hitler: My Part In His Downfall) or Mel Brooks (History of the World Part 1), but then those two actually earned intellectual credentials in the course of their long and illustrious careers, rather than accumulate money through stock market valuations of outsource businesses.
    Research by major world-recognised academics has established that the use of biometrics to underpin universal identification systems is fraught with danger. This arises principally from two distinct areas: risk of change of biometric indicators over time (aging) and risk of theft. The risk of aging has been established by large-scale testing by other national agencies researching the use of biometrics for this purpose. South Korea studied 50,000 individuals over two years, and concluded that the risk of biometric indicators changing in that period was too high to make a biometric identification system cost-effective (as so many people would need to get their identifiers repeatedly updated). The only pilot study conducted in India, a few months ago, examining authentication, concluded that it would fail for about 1 million Indians, a fact that was concealed by quoting percentages, naturally a very small-looking number in the context of the gigantic Indian population.
    The risk of theft is far more subtle. A well-cited study by academic Paul Ohm (Broken Promises of Privacy) reveals that it is becoming increasingly trivial to analyse large data stores in order to extract personally identifiable information. The process of large-scale authentication of individuals, on the other hand, necessary for the use of universal identifiers in all kinds of transactions, such as delivery of social benefits, regular banking, shopping, lends itself strongly to illicit digital data gathering, which can then be decrypted at leisure. This process is much simplified when data is arranged in known patterns, as will inevitably happen at cash machines, card swipe devices, point-of- sale devices and so on. Such large-scale theft has already been noted from similar machines, which are rarely checked once installed (since both users and operators are barely aware that the devices are computer peripherals).
    Once digital identifiers can be illicitly linked to known persons, it becomes a relatively trivial exercise to scam the system by assigning such identifiers to fraudulent persons, or even to non-persons. This is only trivial in the sense that it has already been done, and systems to accomplish it are sold in black markets created for the purpose. From the point of view of the thief, one identity thus misused may yield a small sum before being discarded (and the operation repeated many times over to earn huge sums), but for the individual who's identity is stolen, it is a nightmare. This person must now re-establish the link between the digital biometric markers (which incidentally may have changed since the last time of recording) and the self, which has already been subsumed into a compromised universal identification system.
    To counter this, nothing less than the ceaseless vigilance of individuals is needed, to protect themselves from falling into traps of convenience to give away priceless information. Information that can be used to identify them, to sell them goods and services, conditioning them as surely as Aldous Huxley envisioned the genetically engineered humans of his brave new world. The first step is to resist the blandishment of illusory returns from universal identification systems, to ask those who seek to impose such systems to come back to first principles, and reveal why such universal identification is of universal benefit.
    Leakages in social welfare, for instance, are already being tackled successfully through both technological and social means, and the convenience of easy shopping can be achieved through much less dangerous and locally valid means than the creation of a national database. Such a system (a local personal identifier) has been tried, for instance, by the Pune Municipal Corporation, working in tandem with local banks and other entities, but this successful exercise was completely and deliberately ignored by UIDAI while designing its own controversial 'universal' solution. Local personal identifiers (such as library and club cards) are also useful for many ordinary purposes, but lack of 'official' recognition, which itself is clearly part of the problem.
    As Albert Einstein famously said, no problem can be solved using the same kind of thinking that created it. It is time we began thinking for ourselves, instead of outsourcing our thinking to the kind of government that creates problems by serving the narrow interests of business.
    (Vickram Crishna is an engineer with nearly forty years of experience in industry, the media and independent consulting with grassroots organisations in India and elsewhere to provide communication-related technology solutions for everyday independent living. He writes and edits on subjects ranging from the use of technology in everyday sustainable living to the natural sciences, and works with children with special abilities in order to find ways to evolve equitable and inclusive ways of learning to live independently in the modern world).
  • Like this story? Get our top stories by email.


    We are listening!

    Solve the equation and enter in the Captcha field.

    To continue

    Sign Up or Sign In


    To continue

    Sign Up or Sign In



    online financial advisory
    Pathbreakers 1 & Pathbreakers 2 contain deep insights, unknown facts and captivating events in the life of 51 top achievers, in their own words.
    online financia advisory
    The Scam
    24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
    Moneylife Online Magazine
    Fiercely independent and pro-consumer information on personal finance
    financial magazines online
    Stockletters in 3 Flavours
    Outstanding research that beats mutual funds year after year
    financial magazines in india
    MAS: Complete Online Financial Advisory
    (Includes Moneylife Online Magazine)
    FREE: Your Complete Family Record Book
    Keep all the Personal and Financial Details of You & Your Family. In One Place So That`s Its Easy for Anyone to Find Anytime
    We promise not to share your email id with anyone