April 9, 2012

Why Our Citizens Should Say NO to UID Aadhaar

The Unique Identification (UID) project, also known as Aadhaar, has been pushed into implementation by creation of a UID Authority of India (UIDAI) in 2009. It is slated to spend Rs 45,000 to 1,50,000 crores. 

Security considerations concern not only national security but also citizens' constitutional liberties, including the right to privacy. After the reprehensible September 9, 2001, Al-Qaeda attack on the WTC and Pentagon in USA, there were attempts in all countries to tighten security. In USA, the Homeland Security Act and the Patriot Act were passed, marking formal commencement of public surveillance in USA. Similarly in 2003 Government of India modified the Citizenship Act, later called the National Population Register (NPR), to authorise the Registrar General of India to hold personal including biometric information of all citizens. That this was primarily a security consideration was affirmed by Nandan Nilekani in response to the question "Isn't the main purpose security?" concerning the Aadhaar project. True, also affirmed that government's initiative for a unique ID was also for developmental purposes and that UIDAI came out of that initiative. While there may be no reason to doubt Mr.Nilekani on this score, the fact remains that there was an initiative to create a data base for national security, and the Aadhaar data base would be eminently suited for that purpose. It is noteworthy that Aadhaar is apparently linked with the National Intelligence Grid (Natgrid) and the National Population Register (NPR).

Nobody objects to national security measures. But these cannot be at the cost of surveillance of law abiding citizens, restricting their freedoms or infringing on their privacy. This is reportedly happening in USA following implementation of the Homeland Security Act and the Patriot Act. In intelligence practice, national security is enhanced by maintaining surveillance on citizens in public places and linking this with personal information available in various data bases maintained by banks, income tax offices, airline and railway reservation offices, internet service providers, etc. Aadhaar can provide the link between various data bases and will inevitably be at the core of a system which will enable profiling and tracking any citizen useful to any of India's 11 security or intelligence agencies.

Linked with surveillance in public places and with all people registered with the Aadhaar system, tracking every activity of any or every citizen will be merely a matter of money and technology. This will irreversibly change the relationship between the State and its people, confirming the State as the master when the Constitution of India envisages precisely the opposite.

Thus, Aadhaar will enable and support surveillance and tracking whether or not it succeeds in its declared primary aim of enabling services for the poor. Aadhaar promoters claim that access to its data base will not be permitted to any agency, and will be secure from intelligence agencies that spy on citizens. However, this is vitiated since the Aadhaar project is contracted to receive technical support, presently for biometric capture devices, from L-1 Identity Solutions, Inc., a US-based intelligence and surveillance corporation whose top executives are acknowledged experts in the US intelligence community, as revealed in the corporation's website. According to UIDAI website, among other companies awarded contracts for collaboration in the Aadhaar project, are Accenture Services Pvt Ltd which works with US Homeland Security (for implementation of Biometric Solution for UIDAI) and Ernst & Young (for setting up of Central ID Data Repository (CIDR) and Selection of Managed Service Provider (MSP)). It is difficult to imagine the security of sensitive national information when the technical provider or consultant is not a government body but a business corporation with strong connections to the intelligence organization of another country.

The risks are highlighted by the fact that a "retinue of US security and intelligence officials "accompanied US Secretary of State, Hillary Clinton, to India in July 2011. According to the same source, India has a "gaping appetite for homeland security expertise and technology". India is racing ahead with a proposed Commercial, Homeland Security and Fire Technology Exhibition at Pragati Maidan, New Delhi in December 2011. It is big business that Natgrid is sure to buy into. Indeed, a document of ASSOCHAM titled "Homeland Security in India "states," Given its increasing focus on Homeland security, the Government of India has initiated several steps...(one such) significant initiative is the ongoing drive to provide UID Number to all Indian citizens which is also aligned to the wider cause of intelligently networking the Indian ecosystem." There appears to be a designed "homeland security" link with Aadhaar, and statements like "The UIDAI will not share resident data" could even be deliberately misleading. India is understood to be opposing CISMOA (Communications and Security Memorandum of Agreement) that USA has proposed for better military interoperability, but the supposed need to acquire technology may accept the cost of allowing inspection (end use monitoring) by US intelligence agencies, and thus compromise national security. All these issues including the fact that since 2009, the Aadhaar project has been operating without legal sanction (including entering into contracts involving millions of dollars of public funds), only compounds doubts and apprehensions.

The recent case of the Indian Institute of Science (IISc), Bangalore, signing an agreement to set up a telecom laboratory with Huawei Technologies which has links with the Chinese government has been objected to by the Indian intelligence community, which had expressed prior disapproval. That the Indian intelligence community has tamely accepted business links with Accenture Services, Ernst & Young and L-1 Identity Solutions for national security may indicate the unabashed subservience of those who control the intelligence entities like IB, RAW, MoD, MHA, DoT, etc, to the policies of a particular foreign country.

It is accepted that hacking into a system is most effectively done by paying, co-opting or honey-trapping individuals who have access to critical information. The recent instance of Union Finance Minister Pranab Mukherjee's office being bugged, shows how a device can be placed by gaining physical access to a high security office. Natgrid (which seeks to integrate 21 data bases) or some foreign intelligence agency could obtain access to the Aadhaar data base notwithstanding pious statements of UIDAI. (Incidentally, Capt Raghu Raman, CEO of Natgrid, was also CEO of Mahindra Special Services Group, a security services company. One view of this side-stepping is that he would bring to Natgrid his wealth of background experience but, without casting doubt on his personal integrity, the possible convergence of interests between his corporate background and national information security are undeniable). Obtaining a brief, one-time entry to the Aadhaar data base to permanently compromise its security would pose no serious problem to any efficient intelligence agency that has sufficient influence or funds to obtain that access. Even if Aadhaar can enable provision of services to the poor (which has been cogently argued elsewhere as unworkable) possibility of loss or breach of security of a national data base does not appear to have been examined.

Without in any manner casting aspersions on Mr Nilekani's integrity, it should be noted that his Union Cabinet minister status as Chairman of UIDAI is without having taken formal oath of secrecy and abiding by the Constitution of India. He is free to take any measures that he deems fit with no accountability to the people or the Government of India; the multi-million-dollar contracts entered into bear witness.

The claims made by the UIDAI to make social benefits available or accessible to the poor sections of Indian society have been questioned elsewhere, but the Aadhaar scheme itself has been formulated without due technical or administrative planning process. Thus, from system design and security considerations, the Aadhaar scheme deserves to be blocked with immediate effect and reviewed from scratch in the national best interest. (By SG Vombatkere, Countercurrents.org)

1 comment:

Anonymous said...

We dont want surveillance by americans and neither by indians