In your interest.
Online Personal Finance Magazine
No beating about the bush.
You may also want to read…
(Gopal Krishna is member of Citizens Forum for Civil Liberties (CFCL), which is campaigning against surveillance technologies since 2010)
When asked how Nilekani-led UIDAI could let foreign companies get their hands on the data, we are told that they had no means of knowing that they are foreign companies! Why, then, are there those who mourn the disintegrating and, hopefully, the demise of this project?
Here is a question for those who retain their faith in the unique identification (UID) project: what is it about the project that has them believe that it should, somehow, be salvaged?
In December 2011, the parliamentary Standing Committee on Finance (SCoF) returned the National Identification Authority of India Bill 2010, and recommended that the UID project be sent back to the drawing board. On 23 September 2013 the Supreme Court directed that no one may be denied any service only because they do not have a UID number; and, when the order was deliberately disregarded, the Court ordered the government to withdraw the instructions that made the UID mandatory. That was on 24 March 2014. On 21 February 2014, the Petroleum Ministry delinked the UID from LPG subsidy. That is, all three organs of state – the Parliament, the judiciary and the executive - have been remarkably unenthusiastic about this project.
The project was marketed as an innocuous game changer. It would provide an identity to every person, especially the poor; and that would lead to plugging leakages and curbing corruption. The touching innocence of this claim has not managed to keep off questions about the consequences of databasing an entire citizenry, the implications of not having a law that covers the project, privacy and personal security, surveillance, data security, flawed processes, unrestrained outsourcing, the unseemly ambitions it provokes in police agencies to get the data into their hands ….. the list keeps growing.
By now it is plain that the Unique Identification Authority of India (UIDAI) has had little patience with either process or law. Here are some illustrations:
The UIDAI was not established to create a database of its own. It was “to limit its activities to creation of the initial database from the Electoral Roll/ EPIC data and verification and validation of the same through BPL and PDS data and updation of electoral rolls.” This was the decision of the EGoM, which met on 4 November 2008 to decide what would be in the notification dated 28 January 2009 that set up the UIDAI. There are multiple databases within the government that carry identity information, and the UIDAI was to work at building a cleaned up identity database from existing databases. The EGoM was categorical: that the “UIDAI may not directly undertake creation of any additional database….”
Yet, once Nandan Nilekani had been appointed Chairperson of the UIDAI in July 2009, a Cabinet Committee on the UID was formed with the Prime Minister as the Chairperson, which gave him the go ahead to create his own data base, independent of other governmental data bases. First, it was allowed 100 million enrolments; then 200 million. Then in an inexplicable, and still unexplained, twist after the Home Minister had found their process faulty and unreliable, it was extended to 600 million. In the first four years, any time that either Mr Nilakeni or RS Sharma, the UIDAI’s first Director General, was asked where they got the legal authority to take the personal data of people, they would point to the 2011 notification as the source of legality for this exercise. This was, of course, not true at all. They were in fact breaching the boundaries the notification had set for them. It is also interesting that Mr Nilekani had started proclaiming, very early in the exercise, even before he had been given the mandate, that the UIDAI would enroll 600 million people by 2014.
Mr Nilekani was a man in a hurry. What resulted was rampant outsourcing, untested processes (including the introducer system), brushing aside concerns about the possibilities and improbabilities of biometrics across a population and across time, and doing away with the imperative of legality. He says he has got his 600 million people. May be. And, again, maybe not. But should such callous discarding of the process and law not matter because it was Nandan Nilekani? Should corporate icons not be restricted by law or process? These are not just rhetorical questions, but arise from the extraordinary treatment given to a collateral entrant into government.
Nandan Nilakeni used three terms to describe the UID project – unique, universal, ubiquitous. Uniqueness was dependent on biometrics. The decision to use fingerprints and iris was made before the UIDAI had any means of knowing whether biometrics could work in India. This is what they said in the “notice inviting applications for hiring of biometrics consultant” in January/ February 2010 after they had decided on fingerprints and iris: “While the National Institute of Standards and Technology (NIST) documents the fact that the accuracy of biometric matching is extremely dependent on demographics and environmental conditions, there is a lack of a sound study that documents the accuracy achievable on Indian demographics (i.e., larger percentage of rural population) and in Indian environmental conditions (i.e., extremely hot and humid climates and facilities without air-conditioning).” In fact, it went on, “we could not find any credible study assessing the achievable accuracy in any of the developing countries.”
Two years later, Mr Nilekani was to say, in his talk at the World Bank in April 2013: “nobody has done this before, so we are going to find out soon whether it will work or not”.
But Brutus is an honourable man.
If the UID number will be on a range of databases, and it can act as a bridge between different silos of information, what does it do about intrusive curiosity? This is how Nandan Nilakeni thinks the UID number should be deployed. In a conversation with Vinod Khosla, and as reported on the NASSCOM website, he said: “There can be an entire Aadhaar- based reputation system in the country”, adding that “besides a credit history, the UID number could also help build health or skills records of Indians”. And this is just the beginning.
The UIDAI says enrolment is `voluntary’ while working to make it mandatory – that will swell its data base, fast. It has gone to the Court in the cases that challenge the project and iterated and reiterated the claim that it is voluntary; but, when the Court said, okay, then we will just say that it is voluntary, the UIDAI pleaded with the Court that agencies be allowed to `insist’ on the UID.
The UIDAI sounds like it will be providing a service, but it is openly pursuing a revenue model which will profit from our data. There is talk of security of data; but the data is handed over to be managed by companies that are close to the CIA, Homeland Security and the French government. And, when asked how they could let foreign companies of such provenance get their hands on the data, we are told that they had no means of knowing that they are foreign companies!
Why, then, are there those who mourn the disintegrating and, hopefully, the demise of this project?
You may also want to read…
(Dr Usha Ramanathan is an independent law researcher and has been critically following the policy and practices of the UIDAI since 2009)
Finally, real truth about lack of data privacy is exposed
On 24th March, in one fell swoop, the Supreme Court of India (SC) defanged the Congress-led government’s most expensive and most controversial Unique Identification Authority of India (UIDAI) programme. The government was asked to withdraw all orders making the Aadhaar number mandatory and told that UIDAI cannot share Aadhaar details with any agency without a person’s concurrence.
Strangely, the deathblow came from UIDAI’s own petition. UIDAI had appealed against a lower court’s order asking it to share biometric data with the police for a criminal investigation. UIDAI did not want to share data or allow its competence or capability to be tested, as ordered by the high court. It was then that it admitted that its technology was not foolproof as touted and the 0.057% error rate could lead to lakhs of false identification possibilities in criminal cases, if applied to 57 crore Indians whose biometrics (fingerprints and iris scan) are captured by UIDAI.
The UIDAI has always maintained that Aadhaar was not mandatory and that the data could not be shared without a person’s consent. However, in the absence of a clear statute and non-transparent functioning, privacy activists had filed petitions raising several key concerns about UIDAI’s backdoor strategy of making Aadhaar mandatory for payment of salaries to government employees, LPG subsidies, birth and death registrations, admissions to schools and colleges, etc. Nandan Nilekani, a founder of Infosys and the high-profile technocrat behind this programme, personally lobbied with Reserve Bank of India (RBI), individual banks and the capital market regulator to try and make it mandatory even for those with multiple identities.
Ironically, the massive spending on Aadhaar was sanctioned on the grounds that it would provide identity to millions of poor and disenfranchised Indians and allow them to get the benefits of government schemes and subsidies. In making these claims, Aadhaar hid many crucial facts.
These were: biometrics are not fool proof; finger prints change, have to be revalidated every few years and can be cloned easily; and the sub-contracted data collection process was flawed. People have multiple Aadhaar numbers and Aadhaar numbers have been issued to chairs and tables and, as a sting operation confirmed, Aadhaar was easily issued to foreigners for a price and a letter from a politician.
On 26th March, CJ Karira, an activist, won an appeal against the UIDAI’s reluctance to respond to Right to Information (RTI) queries and obtained answers to some crucial questions. First, that oil companies are not using Aadhaar to ‘authenticate’ the identity, but only to ‘match’ the number for themselves. There is no way to delete biometric data if a person wants to ‘opt’ out of Aadhaar—there is no exit. The most stunning revelation was that UIDAI does not maintain any record of who the Aadhaar data is shared with or when.
All this only exposes the dubious role played by the United Progressive Alliance (UPA) government on a project that admits to have spent Rs4,000 crore already to enrol 57 crore Indians and has been sanctioned a huge budget for further spending without a parliamentary nod.