In your interest.
Online Personal Finance Magazine
No beating about the bush.
The enthusiastic endorsement of illegal UIDAI and its inexplicable eagerness to merge electoral photo identity card -EPIC numbers and electoral database, with the Aadhaar biometric database that faces robust legal challenge, merits probe
“I have a file on you.”
- MK Narayanan’s routine threat to his adversaries as National Security Adviser (NSA) quoted in Sanjay Baru's book 'The Accidental Prime Minister: The Making and Unmaking of Manmohan Singh'
“One way to ensure that the unique identification (UID) number is used by all government and private agencies is by inserting it into the birth certificate of the infant. Since the birth certificate is the original identity document, it is likely that this number will then persist as the key identifier through the individual’s various life events, such as joining school, immunizations, voting etc.”
- A confidential document of UIDAI titled ‘Creating a unique identity number for every resident in India’, leaked by Wikileaks on 13 Nov 2009
The proponents of world's biggest citizen identification scheme aims to converge electoral photo identity card (EPIC) numbers of electoral database, the UID/Aadhaar number database called Central Identities Data Repository (CIDR) and the National Population Register (NPR). In their myopia, political parties in particular and citizens in general have failed to fathom its ramifications for voting by electors in a democracy.
A bizarre situation is emerging where citizens chose a government that was supposed to represent them but their government is undertaking the task of biometrically authenticating whether or not those it represents are indeed those who they claim to be.
In a letter dated 7 June 2011, the Director General and Mission Director of Unique Identification Authority of India (UIDAI) wrote to Chief Election Commissioner saying, “The Election Commission of India (ECI) may also like to leverage Aadhaar infrastructure in cleaning/ updating their existing electoral data base. Aadhaar numbers issued by the UIDAI can also be included in the list of valid proof of identity (POI) and proof of address (POA) documents of the Election Commission during the polls for identity verification.”
The file notings by ECI on the UIDAI’s letter reads: “How can Aadhaar number used as proof of address”. The reply from ECI dated 17 June 2011 on the letter from UIDAI sought following information before taking any further action:
• Whether UIDAI has the provision to update the address in the database, whenever there is a change in address, to use Aadhaar number as proof of address?
• Whether any process has been defined to use Aadhaar numbers on electoral roll database?
• Whether UIDAI can include EPIC numbers in Aadhaar database?
Responding to these question, in its letter dated 11 July 2011 UIDAI wrote, “Aadhaar has the provision to update the demographic or biometric information of the resident in CIDR from time to time to ensure that the CIDR data is up-to date and accurate all the time. The tool is currently under testing and should be widely available shortly.” The CIDR stands for Central Identities Data Repository of the Aadhaar numbers. Has the “tool” promised July 2011 available now? This reply is far from the truth.
It further wrote, Aadhaar numbers can be seeded into EPIC and electoral roll databases to clean those databases and also to bring standardisation and uniformity in the Election Commission’s databases across the country. UIDAI does provide necessary technical and financial support under its information and communications technology (ICT) infrastructure scheme for integration of Aadhaar number with database of concerned Ministries/ Departments to make them UID compliant. However, the process and schemes to use Aadhaar numbers for their applications are to be defined by the concerned Departments themselves.”
The notification of 28 January 2009 that set up UIDAI, provides the terms of reference (TOR) for its work. There is no reference to the collation of UID number database with electoral database in the TOR. But the TOR does refer to “collation and correlation with UID and its partner databases.” If this reference to ‘partner database’ included electoral database, the UID/ Aadhaar enrolment form never revealed it and took Indian residents for a ride.
Notably, UIDAI was constituted in pursuance of the fourth meeting of the Empowered Group of Ministers (EGoM) headed by the then External Affairs Minister, Pranab Mukherji held on 4 November 2008. Shivraj Patil, the then union home minister and A Raja, the then minister for IT and Communications, HR Bhardwaj, the then law minister and Mani Shankar Aiyar, the then panchayati raj minister, were members of the EGoM wherein Montek Singh Ahluwalia, deputy chairman of Planning Commission was an invitee.
UIDAI argued, “Aadhaar database is restricted to the name, date of birth, gender, address, facial image, ten fingerprints and iris of the resident. The data fields are based on the recommendation of the Demographic and Data field Verification Committee headed by N Vittal, former chief vigilance commissioner (CVC). Since Aadhaar database contains absolute minimum information of a resident necessary to establish identity, it is not possible to include EPIC numbers in the Aadhaar database. However, the ECI should seed Aadhaar numbers in the electoral database as clarified above.”
Prior to this KM Chandrasekhar, cabinet secretary, Government of India (GoI) wrote a letter dated 25 April, 2011 addressed to VK Bhasin, secretary, legislative department stating, “Aadhaar can be treated as a valid Proof of Identity (PoI) and Proof of Address (PoA).”
The Election Commission in its letter dated 4 March 2013 to UIDAI on the subject of “Seeding of Aadhaar number in Electoral Database” wrote that “Commission feels that it would be better that EPIC no. is collected at the time of enrollment for Aadhaar and put in the Aadhaar database…ECI has already issued instructions that Aadhaar cards can be used as alternative identity documents at polling station…It may be mentioned here that Ministry of Home Affairs has also agreed to print EPIC no. on smart card as issued by Registrar General of India…Under the circumstances, it is once again requested that EPIC no. may be made mandatory for enrollment in Aadhaar.” In its letter dated 29 October 2012, the ECI had argued that “including EPIC no. as mandatory field in UIDAI database would enable better integration between UIDAI database and electoral database, which will make Aadhaar numbers more useful.”
This enthusiastic endorsement of illegal UIDAI’s database and its inexplicable eagerness to merge EPIC no. and electoral database with a database that faces robust legal challenge merits probe.
In a letter dated 16 April 2012, RK Singh, the then secretary, ministry of home affairs (MHA) wrote to Dr SY Quraishi, the then Chief Election Commissioner (CEC), with reference to latter’s letter dated 4 April 2012 “regarding inclusion of Electoral Photo Identity Card -EPIC number in the Aadhaar database.”
The secretary, MHA wrote, “The Office of the Registrar General and Census Commissioner, India is in the process of creating the National Population Register (NPR) in the country. The NPR, when completed will be a register of all usual residents of the country, which would have the Aadhaar number besides the demographic and biometric data. The Government is also considering a proposal to issue Resident Identity (smart) Cards to all usual residents above the age of 18 years. The scheme is already making good progress and is likely to be completed in the next two years.”
The combination of the office of Census Commissioner and RGI creates a legal conflict of interest that is required to be examined because Census Act requires that data of residents of India has to be kept confidential. But RGI created under Citizenship Act admittedly puts the data in public domain. Besides this MHA has also feigned ignorance about the illegality of biometric data collection under NPR, a fact pointed out by BJP’s Prime Ministerial candidate, Narendra Modi. The then secretary of MHA is now fighting parliamentary election on BJP’s ticket.
At that time, the secretary, MHA also wrote, “As a part of the process of creating the NPR, the EPIC number is also being collected. This would enable mapping of the Aadhaar number to the EPIC number right from the beginning…Once the mapping is completed, there could be a lot of synergy between the EPIC and NPR databases.”
He pointed out that “while the registration under the NPR is mandatory under the provisions of the Citizenship Act 1955, the production of EPIC Card during the NPR enrolment and capturing the EPIC number is being done on a voluntary basis from the residents. There are, therefore, gaps in the collection of the numbers. The gap can easily be bridged as the Authorities notified for the creation of the NPR are the same as those notified under the Electoral Law and if necessary instructions are issued by the Election Commission, they could easily ensure a complete coverage.”
It is intriguing as to how Election Commission has failed to comprehend the adverse consequences of such convergence. There is nothing in public domain to suggest that implications of such merger have been examined.
The then secretary, MHA informed the CEC that there is mutual agreement between the MHA’s RGI and ECI that “there is a considerable potential to synchronise the two databases and set up a unified platform for future updating of the same and sought CEC’s advice to take it forward. Does the Election Commission realize that synchronization of the two databases is happening as per the design of Wipro’s document and is beyond the mandate given to UIDAI and RGI?
It may recalled that one of the earliest documents that refer UIDAI is a 14-page long document titled ‘Strategic Vision: Unique Identification of Residents’ prepared by Wipro Ltd for the Planning Commission envisaged the close linkage that the UIDAI’s Aadhaar would have with the electoral database. The use of electoral database mentioned in Wipro’s document remains on the agenda of the proponents of Aadhaar.
The reply of the Prime Minister’s Office (PMO) dated 1 April 2014 transferring the right to information (RTI) application to Election Commission seems to indicate that linkage of UIDAI with the Commission has already been established.
In such a backdrop, PMO’s reluctance to share all the file documents and correspondence relating to Nandan Nilekani and right up to his resignation appears quite sensitive and deserves scrutiny. The attempt to undertake convergence of all the sensitive databases of Indians and Nilekani’s confidence in the irreversibility of these efforts has thrown as yet an unmet open political challenge to the opposition parties.
Is it irrelevant to observe that the letterhead of the UIDAI’s Director General reveals his personal email ID as [email protected]. The question is who authorized the UIDAI’s Director General to use Google’s email account? UIDAI does have its own email account. After relinquishing his post to join as chief secretary, government of Jharkhand, did Mr Sharma surrender his email ID to UIDAI? This email must be investigated to ascertain all the locations around the world from which it has been accessed.
The fact that one of the senior most official of UIDAI chose to receive such sensitive information on the server of Google, a private company, is a threat to national security and privacy of Indians. This company is regulated by US laws and has been working in collusion with foreign intelligence agencies. The authorities in the US, where Gmail is headquartered, can legally access the information on the server of Google without a court warrant and without any civil and criminal liability. The Indian government will remain in dark about it. In fact US’ Cyber Intelligence Sharing and Protection Act (CISPA) make the exchange of electronic information between Internet Service Providers and the government of US possible. The use of Gmail account demonstrates the lack of professionalism of UIDAI, which has been given the task of handling the database of the personal sensitive information of Indians. This act of omission and commission merits attention. Such gullibility of ministers and IAS officers in particular and officials in general is inexcusable.
In the absence of Parliamentary scrutiny institutional accountability for defections by intelligence officials like Major Rabinder Singh, a joint secretary in Research and Analysis Wing (R&AW) who seem to have formally defected to US on 14 May 2004 with the help of the US Embassy in Kathmandu despite being under surveillance by R&AW’s Counter-Intelligence & Security Division (CI&S) for three months during the tenure of CD Sahay, who was the Head of R&AW, has not been fixed. The Manmohan Singh government that assumed office on 22 May 2004, dismissed Major Rabinder Singh from service under Article 311 (2) ( c ) of the Constitution of India on 5 June 2004. Indian intelligence agencies have consistently been poached by foreign intelligence agencies.
A former special secretary of the R&AW and author of “Escape to Nowhere: Story of an Espionage Agent”, Amar Bhushan says, “It’s the charter of every intelligence organisation to infiltrate and subvert other intelligence agencies.” It has now been revealed that Major Rabinder Singh could not be caught red handed because he had been transmitting the information and documents using voice over internet protocol (VoIP) meant for the delivery of voice communications and multimedia sessions over IPl networks through his laptops, which had imprints of 23,100 files. Thus, a database of 23, 100 files of R&AW has been transferred to US agencies without putting any remedial mechanism in place. Are our intelligence agencies really so naïve that they did not know that data can be transferred with VoIP? Can these agencies be trusted with the data of Indians?
Hasn’t all the data collected by Census, UIDAI, RGI and ECI been transmitted to foreign countries through companies L1 Identity Solutions, Accenture and Mongo DB?
It has now come to light from Sanjay Baru's book 'The Accidental Prime Minister: The Making and Unmaking of Manmohan Singh' that the Prime Minister declined “to take a daily briefing from chiefs of both the Intelligence Bureau and the Research and Analysis Wing (R&AW) who were told to report to the National Security Advisor (NSA)”. MK Narayanan, as NSA, claimed that he had a file on his adversaries but he and his ilk does not seem to realize that National Security Agency of US and its Five Eyes Alliance have a file on them too. It appears that the Prime Minister accepted the fait accompli of all the Indians including him being subjected to surveillance by imperial powers with collaborators giving a field day.
In the 41 page long Wikileaked document titled ‘Creating a unique identity number for every resident in India’ that declared itself to be a ‘Confidential- property of UIDAI’ states, “The Unique ID or UID will be a numeric that is unique across all 1.2 billion residents in India. The UID number will not contain intelligence. In older identity systems, it was customary to load the ID number with information related to the date of birth, as well as the location of the person. However, this makes the number susceptible to fraud and theft, and migration of the resident quickly makes location details out of date. The UID will be a random number.”
While the Election Commission, cabinet secretary, home secretary and UIDAI have accepted UID/Aadhaar as “proof of address”, this Wikileaked document reveals that making it a proof of location was not part of its conceptual design. It is a puzzle as how agencies after agencies started accepting biometric Aadhaar as proof of address?
In fact each new born infant is a suspect. There is a file being created to track and profile him for good.
Like Indian NSA’s threat to his adversaries about having a file on them, having a UID/Aadhaar number automatically creates a file of the Indian residents in question. Even infants are not spared in this scheme of things.
The confidential document reveals that from day one the Prime Minister wanted to create a file on each of “1.2 billion residents”, the division of work between MHA’s NPR and UIDAI was merely an attention diversion tactics to outwit political scrutiny. The merger of the electoral database with UID/number debunks UIDAI’s claim that UID number “will not contain intelligence” and “the location of the person.”
From these disclosures, it appears that PMO has adopted an adversarial role vis-à-vis Indians and acting beyond their legal mandate to pander to the interests of the commercial czars, non-state actors and foreign intelligence companies.
Why is India’s officialdom and political class blind to subversion of national interest by unelected officials of PMO under the leadership of Nero like Prime Minister through bartering of citizen’s databases?
In a country where, no intelligence chief or official has held accountable for the assassination of two of its Prime Ministers and for betraying nation’s secrets, can it be hoped that all those who compromised India’s data security will made liable for their treacherous acts?
Is it the case that the database scam is bigger than all the scams of Indian National Congress led Government? There is no reason for the PMO to deny information under RTI, which it admittedly is in possession of.
Post election, there is a compelling logic for setting up a High Powered Commission of Inquiry to probe the goings in the PMO and intelligence agencies that engineered and bulldozed the database project by compelling various government departments and States including Election Commission to comply with the dictates of illegal UIDAI.
You may also want to read…
(Gopal Krishna is member of Citizens Forum for Civil Liberties (CFCL), which is campaigning against surveillance technologies since 2010)
You may also want to read…
(Gopal Krishna is member of Citizens Forum for Civil Liberties (CFCL), which is campaigning against surveillance technologies since 2010)
When asked how Nilekani-led UIDAI could let foreign companies get their hands on the data, we are told that they had no means of knowing that they are foreign companies! Why, then, are there those who mourn the disintegrating and, hopefully, the demise of this project?
Here is a question for those who retain their faith in the unique identification (UID) project: what is it about the project that has them believe that it should, somehow, be salvaged?
In December 2011, the parliamentary Standing Committee on Finance (SCoF) returned the National Identification Authority of India Bill 2010, and recommended that the UID project be sent back to the drawing board. On 23 September 2013 the Supreme Court directed that no one may be denied any service only because they do not have a UID number; and, when the order was deliberately disregarded, the Court ordered the government to withdraw the instructions that made the UID mandatory. That was on 24 March 2014. On 21 February 2014, the Petroleum Ministry delinked the UID from LPG subsidy. That is, all three organs of state – the Parliament, the judiciary and the executive - have been remarkably unenthusiastic about this project.
The project was marketed as an innocuous game changer. It would provide an identity to every person, especially the poor; and that would lead to plugging leakages and curbing corruption. The touching innocence of this claim has not managed to keep off questions about the consequences of databasing an entire citizenry, the implications of not having a law that covers the project, privacy and personal security, surveillance, data security, flawed processes, unrestrained outsourcing, the unseemly ambitions it provokes in police agencies to get the data into their hands ….. the list keeps growing.
By now it is plain that the Unique Identification Authority of India (UIDAI) has had little patience with either process or law. Here are some illustrations:
The UIDAI was not established to create a database of its own. It was “to limit its activities to creation of the initial database from the Electoral Roll/ EPIC data and verification and validation of the same through BPL and PDS data and updation of electoral rolls.” This was the decision of the EGoM, which met on 4 November 2008 to decide what would be in the notification dated 28 January 2009 that set up the UIDAI. There are multiple databases within the government that carry identity information, and the UIDAI was to work at building a cleaned up identity database from existing databases. The EGoM was categorical: that the “UIDAI may not directly undertake creation of any additional database….”
Yet, once Nandan Nilekani had been appointed Chairperson of the UIDAI in July 2009, a Cabinet Committee on the UID was formed with the Prime Minister as the Chairperson, which gave him the go ahead to create his own data base, independent of other governmental data bases. First, it was allowed 100 million enrolments; then 200 million. Then in an inexplicable, and still unexplained, twist after the Home Minister had found their process faulty and unreliable, it was extended to 600 million. In the first four years, any time that either Mr Nilakeni or RS Sharma, the UIDAI’s first Director General, was asked where they got the legal authority to take the personal data of people, they would point to the 2011 notification as the source of legality for this exercise. This was, of course, not true at all. They were in fact breaching the boundaries the notification had set for them. It is also interesting that Mr Nilekani had started proclaiming, very early in the exercise, even before he had been given the mandate, that the UIDAI would enroll 600 million people by 2014.
Mr Nilekani was a man in a hurry. What resulted was rampant outsourcing, untested processes (including the introducer system), brushing aside concerns about the possibilities and improbabilities of biometrics across a population and across time, and doing away with the imperative of legality. He says he has got his 600 million people. May be. And, again, maybe not. But should such callous discarding of the process and law not matter because it was Nandan Nilekani? Should corporate icons not be restricted by law or process? These are not just rhetorical questions, but arise from the extraordinary treatment given to a collateral entrant into government.
Nandan Nilakeni used three terms to describe the UID project – unique, universal, ubiquitous. Uniqueness was dependent on biometrics. The decision to use fingerprints and iris was made before the UIDAI had any means of knowing whether biometrics could work in India. This is what they said in the “notice inviting applications for hiring of biometrics consultant” in January/ February 2010 after they had decided on fingerprints and iris: “While the National Institute of Standards and Technology (NIST) documents the fact that the accuracy of biometric matching is extremely dependent on demographics and environmental conditions, there is a lack of a sound study that documents the accuracy achievable on Indian demographics (i.e., larger percentage of rural population) and in Indian environmental conditions (i.e., extremely hot and humid climates and facilities without air-conditioning).” In fact, it went on, “we could not find any credible study assessing the achievable accuracy in any of the developing countries.”
Two years later, Mr Nilekani was to say, in his talk at the World Bank in April 2013: “nobody has done this before, so we are going to find out soon whether it will work or not”.
But Brutus is an honourable man.
If the UID number will be on a range of databases, and it can act as a bridge between different silos of information, what does it do about intrusive curiosity? This is how Nandan Nilakeni thinks the UID number should be deployed. In a conversation with Vinod Khosla, and as reported on the NASSCOM website, he said: “There can be an entire Aadhaar- based reputation system in the country”, adding that “besides a credit history, the UID number could also help build health or skills records of Indians”. And this is just the beginning.
The UIDAI says enrolment is `voluntary’ while working to make it mandatory – that will swell its data base, fast. It has gone to the Court in the cases that challenge the project and iterated and reiterated the claim that it is voluntary; but, when the Court said, okay, then we will just say that it is voluntary, the UIDAI pleaded with the Court that agencies be allowed to `insist’ on the UID.
The UIDAI sounds like it will be providing a service, but it is openly pursuing a revenue model which will profit from our data. There is talk of security of data; but the data is handed over to be managed by companies that are close to the CIA, Homeland Security and the French government. And, when asked how they could let foreign companies of such provenance get their hands on the data, we are told that they had no means of knowing that they are foreign companies!
Why, then, are there those who mourn the disintegrating and, hopefully, the demise of this project?
You may also want to read…
(Dr Usha Ramanathan is an independent law researcher and has been critically following the policy and practices of the UIDAI since 2009)