In your interest.
Online Personal Finance Magazine
No beating about the bush.
The Aadhaar project with its enormous potential of surveillance alters the relationship between citizen and state. It tilts the balance so steeply in favour of government that a citizen whose biometrics are controlled by the State is permanently condemned to submission
Before we get to the seductions of technology, let me talk about the seductions of literature specifically, children’s literature. Belonging to an ancient epoch for many in this audience (the pre-Amar Chitra Katha age) is a book series featuring Curious George, a supremely cute monkey who travels by ocean liner from his home in Africa to the East Coast of the United States to reside with his friend, the Man with the Yellow Hat. Some of you I hope have succumbed to the charms of Curious George, but for those who haven’t, one striking feature of his adventures is our hero’s interactions with technology – a space ship adventure in 1957, and more modestly--kites, bicycles, a water pump, hospital equipment – all tested and deployed in a rather unique simian way.
The author - illustrators, Hans and Margret Rey gently guide Curious George, the mischievous monkey, to a new-for-him contraption and what follows is a hilarious adventure. Now, what might Curious George conjure up with Aadhaar?
The harnessing of new resources and the employment of new technologies inevitably disrupts the prevailing legal regime. When railroads were first laid across farm lands, sparks from the friction of locomotive wheel and rail triggered fires that destroyed farms. Judges and legislatures were required to balance the economic gains from the new technology against the loss suffered by individuals. As you recall, in that case, technology prevailed and the liability of carriers was limited by law. But as we also know from our experience with the chemical industry, the law can and does muzzle technology.
We stand at important crossroads with respect to privacy. By ‘we’ I mean all of us collectively as a species, as a civilisation. There is little doubt that in order to harness the benefits of technology in the fields of health, public order, economic efficiency and a myriad other spheres, we will continue to voluntarily cede much of our autonomy and privacy for a notion of a better or more secure life. The real issue at this crossroads is whether in our anxiety to advance, we will surrender all of whatever little is left of the privacy we enjoy. A decade or two from now give or take a bit, will privacy be viewed as a quaint hangover of the 20th century or will it remain a core value to be fiercely protected? Much of what we do today, and now, in terms of reining in government and private enterprise, will decide the legitimate contours of invasive technologies and pervasive government. Tomorrow is too late.
The Aadhaar Case
The Supreme Court is currently hearing a set of public interest writ petitions challenging the Aadhaar project. The case is slated for final disposal and I must disclose my bias in that I appear for a set of petitioners. There is an interim direction by the Court that no person should suffer from not having an Aadhaar card and that it should not be given to illegal immigrants. There is little to suggest that after the interim direction on 23 September 2013, the Union government or the Unique Identification Authority of India (UIDAI) have taken any proactive steps to implement the interim directions in letter or spirit. It is business as usual.
What is Aadhaar?
The UIDAI is an administrative body created by a notification issued by the Planning Commission on 28 January 2009. UIDAI currently operates without any statutory backing, though the Government has a Bill ready to provide a statutory framework. Now that Parliament has adjourned on 18 December 2013 two days ahead of schedule, the law must wait until the next session unless an ordinance is promulgated.
Aadhaar is the UIDAI brand and logo. The Aadhaar Number is a random, unique 12 digit number issued to each person who successfully enrols. The project cost is in excess of Rs1.50 lakh crore and though there is no specific legislative or indeed even administrative notification that permits UIDAI to use ‘biometric information’, this is the foundation of the project.
Biometrics is distinctive measurable characteristics of a person that may be used to label and mark individuals. DNA and palm prints are an example.
The biometric information being collected by UIDAI comprises: (1) facial photographs of the individual; (2) All 10 fingerprints and (3) a scan of both iris. UIDAI seeks to create a vast data bank containing this personal information.
Biometric information of an individual is part of his or her body. Quoting Lord Goff, the Supreme Court recently recognised that every human being of adult years and sound mind has a right to determine what shall be done with his or her own body. This right to bodily integrity is so fundamental that we frequently take it for granted in the rush and tumble of big city living.
Procedure Adopted By UIDAI
The procedure adopted by UIDAI is so casual that it borders on irresponsible. Briefly, the entire process at the field level is in the hands of private enterprises known as enrollers who operate freely without any government supervision. The threshold qualifications for an enrolment agency are so low that not one of them is a recognisable name. They comprise an assortment of, trusts, societies, proprietary concerns, partnerships and what have you. The biometric information of each enrolee – that set of valuable parameters that we ought to most fiercely guard – is spirited out by filling out a form. The biometrics are initially stored and collected in private hands before it is transmitted to the UIDAI Central ID Repository (CIDR) via memory stick or courier or by direct uploading. The UIDAI has no privity with the enrolling agencies. The loose framework of relationships linking UIDAI to the collection of biometric data is through MOUs with state governments or departments known as registrars. It is these registrars who engage private sector enrolment agencies.
Upon receiving the biometric information the process of de-duplication is undertaken to ensure that the same individual is not issued two UID numbers. The de-duplication exercise is carried out by: (i) Accenture; (ii) Mahindra Satyam & Morpho joint venture; and (iii) L1-identity Solutions. Your biometrics are handled by entities of alien origin with no particular affection for Indian Constitutional values.
The Aadhaar verification system works through the internet. The service provider – say a bank or LPG cylinder supplier reads your finger print on a small device. The biometric identification is confirmed against the data stored by the UIDAI in its central depository and a confirmation is issued in real time that this person, indeed, is he or she whom she claims to be. UIDAI expects that a forest of applications will rapidly develop which employ Aadhaar as the gatekeeper. There are scores of gates visible and invisible, that we walk through every day. A fingerprint confirmation to unlock the gate may include unlocking a mobile device; opening the front door to a flat, opening the front gate to the building, unlocking a car door, starting a motor car, withdrawing money from an ATM, paying a cab driver by an Aadhaar enabled debit to a bank account, entering an airport, boarding an aircraft, recognising a face at an airport, entering the University campus or a hostel -- to name just a few gate ways that I passed through this morning. This, again, is no longer the realm of science fiction but is so ‘yesterday’ for technology geeks. It is a matter of time before biometric verification invades every moment of our existence. Unless... We stop this invasion now.
The Itinerant Indian
To illustrate the impact of Aadhaar let me take a hypothetical individual-- manic in her travel habits and who, unlike the poor sod on the Clapham omnibus, is able to compress some of the more significant milestones in life into a relatively short frame.
Recently wedded, she presents herself to register her marriage at the Registration office at New Delhi. She is turned away since she doesn’t have an Aadhaar number, which the Delhi government has by an order made mandatory. Being a conscientious objector, rather than gift her biometrics to the Union government, she travels to Jharkhand to register her marriage. To her horror, she discovers that the state of Jharkhand too has made the Aadhaar number mandatory for the registration of marriages.
Returning to Delhi, she seeks to register a lease for her residential premises but discovers an unyielding sub-registrar who will not register her lease without Aadhaar.
She then applies for an LPG connection and a ration card on behalf of her parent, who resides in this magnificent city, Bangalore. The state of Karnakata will not grant an LPG connection or a ration card unless her parent parts with the biometrics and secures an Aadhaar number.
Moving to Kerala, she finds that she cannot secure admission for her children to a school or a college without them being finger printed and an Aadhaar number issued. Schools and colleges in Himachal Pradesh too insist on Aadhaar numbers before granting admission. Scholarships and fellowship are beyond the reach of her children because they must have an Aadhaar number according to the University Grants Commission (UGC).
Were our protagonist to teach in Maharashtra, she would have to have an Aadhaar number to draw salary and were she elevated as a Judge of the High Court at Bombay, she would discover on her desk a circular issued by the Prothonotary and Senior Master (quite possibly the grandest designation ever conceived for the job of Registrar). The Prothonotary directs that Judges will not receive salaries unless they have an Aadhaar number.
None of this is a gloomy imagination of tomorrow. It is the present. As we debate surveillance, the reality is that in several parts of the country you cannot get your child admitted in school or college, get your marriage registered, buy or lease a property, secure a scholarship, receive your salary, obtain subsidies for LPG or a scholarship unless you first gift your biometrics to the UIDAI.
For all intents and purposes, the creeping civil disabilities that visit an individual who does not surrender her biometrics are already so nasty that we live in what by some measures may qualify as a police state. We are certainly at the cusp of morphing into a police state (with thank God – only half decent policing.)
Extrapolating ever so slightly, the Union government is creating one huge data bank of every individual’s fingerprints, facial image and iris scan. As we speak, UIDAI is fingerprinting our future prime ministers, chief justices, leaders, decision-makers and far more sinister, each and every citizen and indeed resident of India.
Aadhaar is garrotting civil rights and civil liberties.
Heads of Challenge
To give you a flavour of the contest in the Supreme Court, here are some of the grounds on which the Aadhaar project is assailed:
(i) The UID project is destructive of limited government which is built into the Constitutional scheme and is part of the Basic Structure of the Constitution of India. Limited government is transgressed by breaching bounds of personal autonomy guaranteed to every person under the Constitution. There is no statute to back the impugned project but even if there were one, the statute would be ultra vires the Constitution.
(ii) The Constitution balances the functioning of the state against individual freedoms and rights. Whenever the state seeks to impinge upon fundamental rights, its actions must be backed by statute and not mere executive fiat. Here, the action under the impugned project of collecting personal biometric information without statutory backing is ultra vires even where an individual "voluntarily" agrees to part with biometric information.
(iii) The project is also ultra vires because there is no statutory guidance (a) on who can collect biometric information; (b) on how the information is to be collected; (c) on how the biometric information is to be stored; (d) on how throughout the chain beginning with the acquisition of biometric data to its storage and usage, this data is to be protected; (e) on who can use the data; (f) on when the data can be used.
(iv) The project is also ultra vires because under the constitutional scheme any action by the State that could potentially impinge on an individual's freedom must be backed by statute.
(v) The procedure adopted by the Respondents is arbitrary and violative of Article 21 because:
(a) There is no informed consent;
(b) Individuals are not told about crucial aspects such as potential misuse of the information, the absence of any statutory protection, the commercial value of the information;
(c) Private parties collect biometric information without safeguards;
(d) The enrolment is based on a flawed introducer system and verifier system; and
(e) There is no government security of stored data;
(vi) The project as implemented coerces individuals to part with biometrics.
(vii) The project violates the right to privacy.
(viii) The project is arbitrary and illegal inasmuch as it allows private dominion over biometrics without governmental control thereby compromising personal security and national security.
(ix) Assuming the Constitution permits the state to collect and store biometric data of all residents, the Constitutional scheme requires that dominion over biometrics of Indian citizens and residents is a core, non delegable function of the state that cannot be privatised.
(x) The impugned project enables surveillance of individuals, and thereby violates Articles 14 and 21.
(xi) The impugned project as implemented violates the right to human dignity which is a facet of Article 21.
(xii) The impugned project compromises citizenship.
(xiii) The failure to provide an 'opt out' option violates individual autonomy and dignity guaranteed under Article 21.
(xiv) The foundation of the project i.e. biometrics is an unreliable and untested technology. Moreover, biometric exceptions severely erode reliability.
(xv) Public funds are being channelled to private enterprises without sufficient validation and study that biometric verification works.
There are plenty of governmental justifications. First, government claims that each of us has a right to an identity and this is all that the Aadhaar project does. Second, Aadhaar when linked to credits into a bank account will prevent the huge leakages that undermine social welfare spending. Third, UIDAI expects a range of applications and technologies to evolve about the Aadhaar platform that will dramatically improve our daily lives and be supremely convenient to both businesses and consumers. Aadhaar is ‘Post its’ + cell phones on steroids. A world without the joys and benefits of Aadhaar will be unimaginable just a few years from now.
Identification of Prisoner’s Act
Your biometrics is yours and yours alone. The government can have no claim over them, any more than it can claim your body. Of course, there are narrow exceptions.
Illustratively, the Identification of Prisoner’s Act, 1920 recognises the right of a person to protect his or her finger impressions. This short Act comprising 8 sections requires persons convicted of offences punishable with rigorous imprisonment for a term of one year or more to allow his measurements and photograph to be taken by a police officer. A measurement may also be taken when a person is arrested in connection with such an offence. A magistrate may order a person to give finger impressions or a photograph for the purposes of investigations.
Resistance is deemed to be an offence under Section 186 of the IPC (Obstructing a public servant in the discharge of his duty). Where a person is not a repeat offender, his photographs (negatives and copies) and all measurements are required to be destroyed when he is released without trial or discharged or acquitted.
This pre-constitutional regime, which gave limited rights to the state, is now being turned on its head with wholesale trawling of fingerprints through an administrative scheme with no statutory protection to individuals.
The Aadhaar project, in the absence of any statutory framework or privacy statute is a monstrous invasion of individual rights. It destroys the foundational principle of limited government which is a fundamental attribute of our written constitution. The constitution not only draws lines amongst different organs of the state but it also draws a line between what a state can legitimately do and what is beyond its sphere. Creating a vast data bank of biometrics that potentially can be used against an individual is an enormous and systemic invasion of privacy that appears to fall outside the legitimate sphere of limited government.
In an Aadhaar enabled world, the continuous verification at by the CIDR translates into real time tracking. By coercing individuals into parting with their biometrics at pain of withdrawing essential civil rights, willy-nilly, we usher in a police state. The Aadhaar project, in my view, destroys the social contract that underlies the Indian Constitution. If there is a moral theory on which our Constitution rests, it is the theory that there are limits to state power and there are certain boundaries that the state cannot transgress, no matter how great the perceived benefit. Indian citizens have moral rights against the state and against each other. The right to be left alone, the right to be silent, the right to be anonymous are aspects of individual liberty that are slip siding away due to technologies that most of us can barely comprehend.
The right to privacy, in my view, is a right that must be taken seriously and while a post Aadhaar world is not necessarily Dystopia, it is certainly a land where reclaiming a personal space where one can be completely alone, will be well nigh impossible.
Aadhaar is wrong because it compromises the bodily integrity of each of us by snatching away an intimate aspect of our physical identity. It is wrong because it is no part of the business of the Government of India to create a vast data bank of biometrics that can be used and abused against Indians. The Aadhaar project with its enormous potential of surveillance alters the relationship between citizen and state. It tilts the balance so steeply in favour of government that a citizen whose biometrics is controlled by the state is permanently condemned to submission. Her tastes, her habits, her routines, her provocations are all known or can be known by the State. A central bank of biometric data robs individuals of dignity assured by the Preamble to the Constitution. It also gives an inordinate amount of power to those in government controlling the levers of power against every outsider. The Constitution of India has a morality (which occasionally our Justices fail to discern) but which I believe prohibits an Orwellian state.
Returning to Curious George -- what would Curious George do with Aadhaar? Given his mischievous streak, he would probably plant your finger prints at places you have never visited. And so, Rahul Gandhi may be shown to have visited an RSS shakha and another presumptive Prime Minister may have a trail of fingerprints proving daily visits to the neighbourhood mosque. Would Curious George have a blast? Not so. The real tragedy is that all of Curious George’s diversions and antics were played out at a time when he was magnificently alone and unsupervised. Unnoticed by the Man is the Yellow Hat, or the Zoo keeper, or the Museum attendant. Free to play his pranks. The space and the freedom to do mischief, to provoke, to instigate, or indeed to be idle will no longer remain. Not for Curious George and not for us. That is the price or Aadhaar.
This article is derived from a talk delivered by Adv Shyam Divan at the 7th NLSIR Symposium at National Law School, Bangalore on 21 December 2013
(Shyam Divan is a Senior Advocate, practicing in the Supreme Court of India)
Most of those who are in public life are in the ‘fifth column’ because of either their naivety or their seemingly apolitical tunnel vision for UIDAI’s Aadhaar project, which makes them act treacherously in a historical vacuum
It is said that once on a military campaign Napoleon Bonaparte, a military and political leader of France, stood outside his tent in the battlefield facing the most fortified castle of an European city and said, “Once this city is taken, nothing will stop my campaign, and I'll soon be Emperor of France" with my five army columns. Everybody knew about his four columns of army but not the fifth. When asked about his 5th column, Napoleon replied, "My fifth column is within the city itself!” Soon the gate keepers of the castle were clubbed to death, the huge gates swung open, and Napoleon's soldiers marched through. The "fifth columnists" told him about the barracks full of soldiers kept to defend the city. Napoleon woke them and asked them to join him or die. The city fell in no time and Napoleon did indeed go on to become Emperor of France with the help of the fifth columnists.
There is an unacknowledged relationship between the biometric Unique Identification (UID)/Aadhaar project and the US-based National Defense Industrial Association (NDIA). The latter was set up in 1919 to scale up the war effort during World War-I. Since then, it has been “promoting national security” of the US and 'institutionalising' Biometrics Enabled Identification based on Automatic Identification Technologies (AIT). The same National Defense Industrial Association-sponsored Unique Identification (UID) Industry Leadership Advisory Group (ILAG) that was organised “in March 2005 at the suggestion of the US Department of Defence (DoD) UID Program Manager to serve as a defense industry focal point for government-industry collaboration and coordination in developing UID implementation policy and procedures.”
Notably, Defence Procurement and acquisition policy office in the US DoD has a “Unique Identification” (UID) section for “in tracking and reporting the value of items the Government owns”, “Item Unique Identification (IUID) Standards for Tangible Personal Property” and “Unique Identification (UID) Standards for a Net-Centric Department of Defense” that cites “Department of Defense Chief Information Officer (CIO) Memorandum, “DoD Net-Centric Data Strategy”” dated 9 May 2003.
It is stated that IUID requirement does not apply to “software, manuals, etc.” and “commercial off-the-shelf (COTS) items” but it applies to “not-for-profit contracts such as research contracts with universities”, “classified items”, “foreign military sales”, “small businesses”, “government-furnished property”, “Defense Logistics Agency (DLA) requests” “models, prototypes, or development items delivered to DoD”.
US Department of Defence uses both Radio Frequency Identification (RFID) and Item Unique Identification (IUID). “Within IUID, the unique item identifier (UII) is a piece of data associated with an item that uniquely identifies it throughout its life. RFID is a vehicle for holding and sharing data. IUID of tangible items deals with physical markings applied directly (or indirectly via label, data plate, etc.) on items. IUID also requires data to be captured about the item and submitted electronically to a registry database. It is thought of as creating a birth certificate for the item. On a superficial level, IUID and RFID employ different technologies. IUID utilises an optically scannable 2-dimensional data matrix barcode to carry information whereas RFID utilises some form of integrated circuitry to encode information and produce radio waves which can be received and interpreted at a greater distance with a radio antenna and receiver.
Notably, RFID has been recommended in India for installation vehicles and libraries. A briefing paper of Government of India observed that “Information or an opinion about an individual” is personal sensitive information.
Functionally, IUID’s purpose within the (US) DoD is “to uniquely identify individual items”. The purpose of RFID within the (US) DoD is “to identify cases, pallets, or packages which contain items”. UID Policy Office of US DoD has a number of working groups to support the development and implementation of the UID policy. These include Working Groups on: Logistics IUID Task Force, Industry Leadership Advisory Group (ILAG), Wide Area Work Flow (WAWF)/UID/RFID Users Group, Property Management, Joint Aeronautical Commanders, Government Furnished Property Industry, Federal Acquisition Regulation, Business Rules, Standards, Implementation, Technical Interface and IUID Quality Assurance.
Biometrics technology companies like Raytheon Company who were awarded by National Defense Industrial Association in 2009 participated in the ILAG. They have created an artificial need to sell their surveillance products in India unmindful of its dehumanising ramifications. It is these entities which are behind the biometric UID/Aadhaar project and the Bill to sell their products.
The preamble of The National Identification Authority (NIDAI) Bill, 2010 which was rejected by the Parliamentary Standing Committee on Finance reveals that it is meant “for the purpose of issuing identification numbers to individuals residing in India and to certain other classes of individuals”. There are two parts to the phrase “individuals residing in India and to certain other classes of individuals”.
The first part refers to “resident” as an individual usually residing in a village or rural area or town or ward or demarcated area (demarcated by the Registrar of Citizen Registration) within a ward in a town or urban area in India.” This motivated definition of the term resident in the Section 2 (q) of the NIDAI Bill accords wide scope to the Bill. It leaves the definition vague about the Indians who are residing abroad temporarily, non-resident Indians (NRIs), persons of Indian origin (PIOs) and refugees. By now, Indians know that there are NRIs and PIOs of all ilk and shades whose role merits rigorous attention. The second part of the phrase is “certain other classes of individuals”. The first part is defined but the second part has not been defined.
The National Identification Authority (NIDAI) Bill, 2013 which was re-approved by the Union Cabinet on 8 October 2013 was listed for introduction in the winter session of the Parliament between 5th to 18 December 2013, but it could not be introduced. In the new version, “certain other classes of individuals” have been substituted with “certain other categories of individuals to enable establishing the identity.”
In the NIDAI Bill 2010, Section 4(3) reads, “An Aadhaar number shall, subject to authentication, be accepted as proof of identity of the Aadhaar number holder.”
In the NIDAI Bill, 2013, Section 4 (3) reads, “An Aadhaar number in physical or electronic form, subject to authentication and other conditions as may be specified by regulations, shall be accepted as proof of identity and proof of address.” Along with it is added an “Explanation—For the purposes of this sub-section, the expression “electronic form” shall have the same meaning as assigned to it in clause (r) of sub-section (1) of section 2 of the Information Technology Act, 2000.”
Section 9 of the Bill reads: “The Authority shall not require any individual to give information pertaining to his race, religion, caste, tribe, ethnicity, language, income or health.” The issue here is once someone has been biometrically profiled and identified ‘Prohibition on requiring certain information’ becomes irrelevant. But the question is how biometric information is less sensitive than information regarding race, religion, caste, tribe, ethnicity, language, income or health collection of which is prohibited?
Section 10 of the Bill reads: The Authority shall take special measures to issue Aadhaar number to women, children, senior citizens, persons with disability, migrant unskilled and un-organised workers, nomadic tribes or to such other persons who do not have any permanent dwelling house and such other categories of individuals as may be specified by regulations.” It does not reveal or define the “special measures” being deployed to trap these categories of people in the database.
The Bill makes a specific distinction between the “identity information” in respect of an individual means biometric information, demographic information and Aadhaar number of such individuals” and “demographic information” that includes information relating to the name, age, gender and address of an individual (other than race, religion, caste, tribe, ethnicity, language, income or health), and such other information as may be specified in the regulations for the purpose of issuing an Aadhaar number. It refers to “biometric information” as “a set of such biological attributes of an individual as may be specified by regulations.” It is important to note that although Planning Commission or Ministry of Home Affairs does not have the legal mandate to collect biometric data instead of seeking that mandate under the NIDAI Bill, there is once again an effort being made to do it through sub-ordinate legislation.
The Bill defines “Central Identities Data Repository” (CIDR) as “a centralised database in one or more locations containing all Aadhaar numbers issued to Aadhaar number holders along with the corresponding demographic information and biometric information of such individuals and other information related thereto.” It is not made clear as to why CIDR will be at “one or more locations.”
Now, if one looks at the definition of “authentication” in the Bill which is defined as “the process wherein, Aadhaar number along with other attributes (including biometrics) are submitted to the Central Identities Data Repository for its verification and such Repository verifies the correctness thereof on the basis of information or data or documents available with it,” it implies that authentication using CIDR of an “Aadhaar number holder”, an individual who has been issued an Aadhaar number, will be done at “one or more locations.”
It is quite apparent that these locations can be private companies. In effect, a private company of Indian or/and foreign origin will authenticate whether a resident of India is definitely the same person as he/she claims to be. As an implication identity of an Indian citizen is going to be decided by a company, which can be a National Information Utility (NIU), a private company with a public purpose with a profit making as the motive but not maximising profit.
Most of those who are in public life are in the fifth column because of either their naivety or their seemingly apolitical tunnel vision which makes them act treacherously in a historical vacuum. It is evident that in India, knowingly or unknowingly many institutions and individuals are acting like this column, a party that is acting with the foreign and corporate entities to subvert the very idea of India and Indian civilisation under the influence of their supervisors.
Do Indians need to ponder over—who all are in the fifth column, which institutions are acting like this column and isn’t there a need to know the identity of those in the column in question?
You may also want to read…
(Gopal Krishna is member of Citizens Forum for Civil Liberties (CFCL), which is campaigning against surveillance technologies since 2010)
The Devyani Khobragade row appears to be a motivated act ahead of a verdict of the US District Court pointing out the unconstitutionality of NSA program of indiscriminately collecting electronic data
In the context of the current row between governments of the US and India, did our President and the Prime Minister wonder as to how US companies like Accenture which have been awarded contract for so called de-duplication of ‘big data’ of Indians by Unique Identification Authority of India (UIDAI) can use the data to the disadvantage of Indians? It is reliably learnt that Ministry of External Affairs (MEA) had raised concerns against biometric UID project as well.
Responding to a question on what should a journalist choose when there is a conflict between truth and national interest, without pausing even for a moment one Professor of journalism from a university in US who visited Indian Institute of Mass Communication (IIMC) in 1999-2000 said, journalists should choose national interest. Clearly, truth is a casualty not only in war but also in journalism.
One has repeatedly heard it said that most of US media in general are an extension of the foreign policy of government of US as they consistently indulge in jingoistic reporting. One is witnessing the same in the current row in US-India relations. Indian media is doing the same.
What media in US, India and elsewhere in general seems to be failing to see through is that it is an engineered rift to create a miasma wherein the new disclosures about the 5-Eyes alliance of five English-speaking countries (US, UK, Australia, Canada and New Zealand) for the purpose of sharing intelligence does not occupy centre stage. These disclosures of classified information were made by Edward Snowden, a former contractor at US’ National Security Agency (NSA). The row might be aimed at taking this expose off the public memory. It is information warfare of sort. This alliance is directed against countries like India. Under the agreement among the alliance members interception, collection, acquisition, analysis, and decryption is conducted by each of them for an automatic sharing of intelligence.
This alliance comprises of the US National Security Agency (NSA), the United Kingdom’s Government Communications Headquarters (GCHQ), Canada’s Communications Security Establishment Canada (CSEC), the Australian Signals Directorate (ASD), and New Zealand’s Government Communications Security Bureau (GCSB). The intelligence partnership was formed in the aftermath of the Second World War ahead of transfer of power to India by UK. These “eyes” did not need to infiltrate India’s intelligence system because they were embedded there from the outset. Given such a backdrop, the entry of cyber Trojan horses in modern communications systems deployed by these Indian agencies cannot be ruled out because there is nothing in public domain to suggest that it was debugged. Not surprisingly, officials of Indian intelligence agencies have been seceding to join the alliance of these “eyes” with remarkable ease. In view of the same, the conception of converging “the entire country into one single communication entity” introduced in 1975 with the help of a UN agency whose complicity with these “five eyes” stands exposed needs to be revisited.
Besides the Five Eyes with the addition of Denmark, France, the Netherlands and Norway, it becomes a 9-Eyes alliance for conducting espionage. The role of the media houses like BBC, Reuters, Associated Press etc from these countries which form part of the alliances merits rigorous content analysis to examine whether or not the alliance of their native countries influences their reporting or not.
The Devyani Khobragade row appear to be a motivated act ahead of the verdict of the US District Court for the District of Columbia pointing out the unconstitutionality of NSA program of indiscriminately collecting electronic data to take the public attention away from this verdict. It has been revealed that our prime minister, president and almost all the ministers have all been under the surveillance of NSA.
The verdict was passed on 16 December 2013. The verdict attempts to safeguard the interests of citizens of USA. This is not applicable to non-US citizens because US laws do not recognize the rights of privacy of non-US citizens to be sacrosanct. This implies that rights of privacy of Indian citizens do not have protection either under the Indian laws, US laws or any international law at present.
It must be noted that companies like Ernst & Young (E&Y), UK and Safran Group (of France) who have got contract from UIDAI are from the countries which are part of this alliance. The core question is that if our President and Prime Minister appear seemingly unperturbed in the face of glaring evidence of they having been subject of surveillance, how they can be trusted for safeguarding the right to privacy of citizens? Had it not been an election year, it is quite likely that they would not have protested against the arrest and body cavity search of Devyani Khobragade, India’s Deputy Counsel General in New York. Had this not been the case the concerned authorities and ruling parties would have reacted similarly in the incidents concerning Dr. A. P. J. Abdul Kalam, George Fernandes, Hardeep Singh, and Shah Rukh Khan to name a few.
It is evident that India’s geostrategic position in relation to the US in particular and all its alliance members in general have been compromised by politicians who have kept personal interest above national interest. Proceedings of Indian Parliament bear witness to the prevarications of the politicians of the ruling party in the matter of the arrest, release and extradition of Warren Anderson, former chief executive (CEO) of Union Carbide Corp (UCC), of US who faces criminal case in India for having caused industrial genocide in Bhopal and who is currently an absconder under Indian laws. There is documentary evidence accessed through Right to Information (RTI) that reveals that several of the serving ministers including an industrialist have wrongly argued that UCC’s inheritor, Dow Chemicals Co, US does not have any liability for the Bhopal genocide. Even the current leader of the opposition and a member of Parliament (MP) from Bharatiya Janata Party (BJP) and party’s spokesperson gave a written legal opinion along with Congress MP and spokesperson of the party to this effect. In the aftermath of Devyani Khobragade episode one wonders that had Indian politicians sought Anderson’s extradition and fixed the liability of UCC without resorting to uncalled for quid pro quo, such incidents of taking Indians and Indian officials for granted would not have happened.
Once again the sincerity of the statements made by political leaders across parties faces a litmus test as to whether it is an empty posturing meant only for public consumption when the election campaigns are underway or they are honestly concerned about safeguarding the prestige of the country and its national interest.
In a seemingly unrelated but relevant development, on 5 December 2013 Economic Times reported that India’s Intelligence Bureau (IB) has questioned issuing of UID/Aadhaar number to the foreigners and refugees from other countries. Notably, it is not clear as to how many citizens of the nine countries of the intelligence gathering alliance are currently residing in India. IB raised these objections on 6 November 2013 at a meeting of senior officials of the investigative agency, the home ministry and UIDAI. The UIDAI has argued that any non-resident Indian (NRI) or foreign citizen living in India can apply for Aadhaar since it is only meant for establishing identity and not citizenship.
This submission of UIDAI is an exercise in sophistry. The fact is that UIDAI is working with Election Commission of India to merge the electoral database with the Centralized Identity Data Repository (CIDR) of UID/Aadhaar numbers. Relying on prime minister’s patronage UIDAI appears to be taking even IB for a ride. Ministry of Home Affairs (MHA) is rightly arguing that since ultimately both CIDR of UIDAI and National Population Register (NPR) data of MHA is going to be collated the issue of citizenship is likely to get confounded. What is apparent is that this confusion is part of the design and not a product of default. IB is right in seeking background checks of private players involved with the UIDAI. It must be done before it is too late or before it becomes structurally subservient to foreign agencies due to the unfolding ‘solutions architecture’.
In the verdict of US District Court, Judge Richard Leon rules, “I cannot imagine a more "indiscriminate" and "arbitrary invasion" than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval. Surely such a program infringes on "that degree of privacy" that the founders enshrined in the Fourth Amendment. Indeed I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware of "the abridgement of freedom of the people by gradual and silent encroachments by those in power," would be aghast.” Madison, the fourth President of USA is considered the father of US Constitution. The 68-page verdict is attached.
This verdict is readily applicable to the “indiscriminate” biometric and demographic databases being created in India by the Planning Commission’s UIDAI and MHA’s Registrar General & Census Commissioner for NPR besides National Intelligence Grid (NATGRID), the Indian incarnation of NSA. Framers of Constitution of India too would be “aghast” at such “systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval.” Indeed these initiatives along with the bitterly opposed proposal of National Counter Terrorism Centre (NCTC) and Goods and Services Tax (GST) Network constitutes “abridgement of freedom of the people by gradual and silent encroachments by those in power” in our country.
In an RTI reply dated 5 December 2013, UIDAI shared the contract agreement it signed on behalf of the President of India acting through Director General of UIDAI, Planning Commission, Government of India (which is the employer) on 17 March 2010 with the consortium consisting of Ernst & Young Pvt Ltd and Netmagic Solutions Pvt Ltd wherein ‘M/s Ernst & Young Pvt Ltd’ is the lead partner and Consultant. Both the RTI applications were filed by Qaneez-e-Fathemah Sukhrani, an urban affairs researcher. The contract agreement has page numbers only till page no. 26 but the rest of the pages which are appendices including description of services, clarifications of RFP dated 4 January 210 related to RFP, description of methodology, reporting requirements, total cost of services duties of the employer, teaming agreements with consortium partner/individual experts, RFP of UID CIDR Consultant issued by the employer and the pre-qualification, technical and commercial proposal submitted by the Consultant are not numbered.
The description of approach and methodology given the Appendix A: Part C dealing with Contract –UID CIDR Consultant contract agreement with Ernst & Young, a company based in UK, one of the alliance members of Five Eyes interestingly begins with the talisman of Mahatma Gandhi about pondering over how the poorest can get “control over his life and destiny” restored and will have us believe that this is its inspiration to participate in this initiative.
In an earlier RTI reply dated 25 October 2013, UIDAI shared that Ernst & Young order date was 26 February 2010 wherein the value of the contract was mentioned as Rs7.05 crore. The contract agreement with Ernst & Young states that “the Unique ID will be a random 12-digit number with the basis for establishing uniqueness of identity being biometrics”. It announces that “we will provide a Unique Identity to over 113.9 crore people.” This is evidently a fraudulent announcement because UIDAI with which the agreement has been signed has mandate to provide Unique Identity to only 60 crore residents of India and not to 113.9 crore people. The agreement states that it proposes to adopt political, economic, social, technology, legal and environment (PESTLE) framework to cover all key dimensions of the UID program. This framework merits attention for it tantamount to rewriting the political geography of the country with hitherto unknown consequences for political rights.
Most startling disclosure from the contract agreement is its admission that “biometric systems are not 100 % accurate”. It admits that “uniqueness of the biometrics is still a postulate.” In an admission that pulverizes the very edifice on which UID/Aadhaar and the NPR rests, it writes, “The loss in information due to limitations of the capture setup or physical conditions of the body, and due (to) the feature representation, there is a non-zero probability that two finger prints or IRIS prints coming from different individuals can be called a match.” The contract agreement underlines it in bold letters. There appears to be an attempt at verbal gymnastics to hide the key message here. In simple words, “non-zero probability that two finger prints or IRIS prints” turning out to be a match means that there is a probability that biometric data of two different individuals can be identical.
With this admission which is rooted in scientific evidence articulated earlier as part of this series, there emerges a compelling logic to abandon the exercise of creating database of biometric data for identification in favour of pre-existing 15 identity proofs on which Election Commission of India relies for elections and which has been giving legality and legitimacy to the Parliament and the Government of India.
It has been reported based on disclosures of Snowden that US and UK intelligence forces have hacked and planted spyware on more than 50,000 computer networks worldwide and their number is expected to reach over 85,000 by the end of 2013.
In view of the same, in place of counting the numbers of those residents of India enrolled/imprisoned under biometric Aadhaar and NPR at their own cost, national energy ought to focus on questions which have huge ramifications like:
Does the Parliament and State Assemblies know as to how many citizens of UK, US, Canada, Australia, New Zealand, Denmark, France, the Netherlands and Norway are currently residing in India at present? How many of them are non-traceable?
How many of them are within the country on a valid visa and a valid passport?
How many companies from UK, US, Canada, Australia and New Zealand are currently operating in India at present?
Are Indian agencies and citizens aware that the Five Eyes have “focused cooperation” on mining of computer networks with other countries like Belgium, Italy, South Korea, Turkey and others?
This alliance has the capability to directly access internet companies’ data, tapping international fibre optic cables, sabotaging encryption standards and standards bodies, hacking the routers, switches and firewalls that connect the internet together. The facts about their tentacles being present in these countries have been brought to light after the disclosures by Snowden.
Does the conduct of these countries and their companies serve India’s national interest?
Do the interests of these countries and companies converge with our interests?
In such a backdrop, instead of continuing with imperial initiatives like biometric Aadhaar and NPR that relies on the companies based in the countries who comprise five eyes alliance, government of India, Indian citizens and political parties need to deal with the attention diversion tactics of this alliance in a deeper and non-conventional manner to undo the harm done by their cyber and non-cyber Trojan horses. The verdict of US District Court against NSA merits the attention of Supreme Court of India when it hears the case against biometric identification based UID/Aadhaar.
You may also want to read…
(Gopal Krishna is member of Citizens Forum for Civil Liberties (CFCL), which is campaigning against surveillance technologies since 2010)