In an article titled Basis
of a revolution, Nandan Manohar Nilekani, the former chairman of Unique
Identification Authority of India (UIDAI) contended that “no core biometric
information can be shared is a principle without exception — people saying that
core biometric information will be shared are wrong because Clause 29(1) is not
overridden by Clause 33(2)” of Aadhaar legislation. His interpretation of the
clauses is highly misleading because Clause 33(2) does not provide an exception to
clause 29(1) (b).
Section 33(2) reads: Nothing contained in sub-section (2) or
sub-section (5) of section 28 and clause (b) of sub-section (1), sub-section
(2) or sub-section (3) of section 29 shall apply in respect of any disclosure
of information, including identity information or authentication records, made
in the interest of national security in pursuance of a direction of an officer
not below the rank of Joint Secretary to the Government of India specially
authorised in this behalf by an order of the Central Government.
Section 29(1) (b) reads: No core biometric information,
collected or created under this Act, shall be — (b) used for any purpose other
than generation of Aadhaar numbers and authentication under this Act.
A joint reading of both the sections reveals that the
core biometric information, collected or created under the Aadhaar Act, can be
used for purposes other than the generation of Aadhaar numbers and
authentication “'made in the interest of national security”. It is noteworthy
that “national security” is neither defined in the Aadhaar legislation nor in
the General Clauses Act. As a consequence an individual's information can be
disclosed based on the interpretation of a Joint Secretary. Notably, Section
33(2) permits disclosure of demographic and biometric on directions of the Joint
Secretary in interest of national security. It further states that such
disclosures will be for three months initially, and a fresh renewal can be
granted for another three months, without a limitation on the number of such
renewals. It germane to in the context of an advertisement released on Sunday, 10th
June 2018, the central government whereby it has invited applications from
“talented and motivated Indian nationals” for 10 Joint Secretary-level posts
through lateral entry. This paves the way for private sector professionals to
be hired as Joint Secretaries who could later be assigned the task of defining “national
security”. The government has announced that 10 posts are available in departments
such as commerce, revenue, financial services and economic affairs. These are
the departments which are also steering the course of UID/Aadhaar given the
fact that Aadhaar legislation is an e-commerce law which was introduced my
minister of finance.
Unjust of the Aadhaar legislation can also be ascertained
from Section 33(1) which does not permit disclosure of biometrics but it permits
the disclosure of an individual's demographic information pursuant to an order
by a District Judge. This Section states that the District Judge will not pass such
order shall without giving an opportunity of hearing to the UIDAI. It maintains
studied silence about whether or not the person whose personal sensitive information
is being disclosed in the name of “national security” will be heard or not by
the District Judge. It conclusively emerges that Nilekani misled the citizens
about the provisions of Aadhaar legislation. This has been demonstrated in the
Supreme Court as well during the final hearing on UID/Aadhaar
When asked about why India chose to go with the
UID/Aadhaar model when several countries like France, Britain and Germany have
disbanded such identification projects, Nandan Nilekani, a former chairman of
Unique Identification Authority of India (UIDAI) replied,
“Their purpose was not development, inclusion, saving government money or
curbing corruption. How can you compare Aadhaar with the smart card project in
some other country? Even I would have disbanded those”.
His reply is a classic case of outright fibbing,
misrepresentation and sophistry. It represents a sample of all the replies
UIDAI’s has provided to concerned Indians since its inception.
Take the case of Britain mentioned by Nilekani, a
15-page Wipro document, titled 'Does India need a Unique Identity Number?’
cited the example of the United Kingdom's Identity Cards Act, 2006, on page no.
6 to advance the argument for a biometric UID/Aadhaar number in India. If it
was not comparable as Nilekani will have us believe, why did Wipro cite
Britain’s identification project to make a case for UID/Aadhaar for Indians.
Wipro’s document is significant because UIDAI and
UID/Aadhaar is a product of a 14-page long document titled 'Strategic Vision:
Unique Identification of Residents' prepared by Wipro Ltd and submitted to the
Processes Committee of the Planning Commission which was set up in July 2006.
Its vision statement reads: 'Creating a unique identification system of all
residents in the country for efficient, transparent, reliable and effective
delivery of various welfare and private services to the common person.' The
cover page of the document mentions the National Institute for Smart Government
(NISG), Department of Information Technology (now named MeitY-Ministry of
Electronics and Information Technology), and Wipro Consulting. Admittedly,
Wipro was the consultant for the design phase and programme management phase of
the pilot UIDAI project. The Hyderabad-based NISG is a not-for-profit company
incorporated in 2002 by the Government of India and Nasscom. NISG aims to
'establish itself as an institution of excellence in e-governance and to
leverage private sector resources through a public-private-partnership mode in
establishing eIndia.'
But when the UK government stopped its biometric National
Identity Cards Scheme neither Wipro nor its donors and promoters in the government
examined as to why the UK did so and why this decision too is relevant to
India. The decision was announced in the British parliament, the same
legislature which passed the India Independence Act, 1947.
It must be recalled that under Nilekani’s tenure UIDAI
extended “undue favour” to Wipro Ltd. As a consequence UIDAI incurred an
avoidable expenditure of Rs.4.92 crore on an annual maintenance contract,
according to the report of the Comptroller and Auditor General (CAG) of India
presented to the Parliament. UIDAI also incurred a loss of Rs.1.41 crore by not
routing advertisements through the Directorate of Advertising and Visual
Publicity. Unmindful of manifest conflict of interest UIDAI had entered into a
contract with Wipro in May 2011 for supply, installation and commissioning of
servers, storage systems, security systems and accessories with incidental
services in the data centres of the authority in Bengaluru and Delhi/NCR at a
cost of Rs.134.28 crore.
This is not the only case of irregularity and corruption
by UIDAI. It awarded projects to several companies without issuing tenders. In
a RTI reply UIDAI itself disclosed that total project contracts worth
Rs.13,663.22 crore were awarded without any tenders of which an amount of
Rs.6,563 crore has been already spent on issuing 90.3 crore Aadhar cards till
May 2015. It also informed that a total 25 companies were awarded different
responsibilities for the massive project and their empanelment was done under
the process guidelines of Request For Empanelment dated May 19, 2014. The
companies which have been awarded more than one project works include: Tata
Consultancy Service, Mac Associates, Wipro, HCL, HP India Sales Pvt. Ltd.,
National Informatics Centre, Sagem Morpho Securities Pvt. Ltd (French Safran
Group), Satyam Computer Services Ltd, L1 Identity Solutions (earlier US company
now part of Safran Group), Totem International Ltd., Linkwel Telesystems Pvt.
Ltd. Sai Infosystems India Ltd, Geodesic Ltd, ID Solutions, NISG, SQTC,
Telesima Communications Pvt. Ltd. The companies that were awarded a single
contract include: Reliance Communication, Tata Communications, Aircel, Bharati
Airtel, BSNL and Railtel Corporation of India Ltd. Notably, companies like
Accenture (USA), L1 and Ernst & Young has been given access to sensitive
data of present and future Indians.
During his tenure at UIDAI, Parliamentary Standing
Committee on Finance its Sixty-Ninth Report on the ‘Demands for Grants
(2013-14)’ observed, “A provision of Rs. 2,620 crore has been allocated in
Budget Estimate (2013-14) for Unique Identification Authority of India (UIDAI)
and a major part of the budget provision for Rs. 1,040 crore is earmarked for
‘Enrolment Authentication and Updation’, out of which an amount of Rs. 1,000
crore has been earmarked under the head ‘other charges’.” The total budgetary
allocations made for UIDAI since its inception upto 31 March 2014 was Rs
5440.30 crores. For the year 2009-10, it was Rs 120 crores. For 2010-11, it was
Rs 1,900 crores. For 2011-12, it was Rs 1,470 crores 1,200. For 2012-13, it was
1,758 crores and for 2013-14, it was Rs 2,620.00 crores. For the year 2014-15,
the budget estimate was Rs 2,039. The budget estimate of expenditure on the
project being implemented by UIDAI was Rs 2,000 crore in 20015-16. For the year
2016-17, the budget estimate was Rs 990 crores (that included 190 crore first
supplementary). As of February 2017, UIDAI has incurred a total cumulative
expenditure of Rs 8,536.83 crores. This includes undefined “other charges”
pointed out by the Parliamentary Committee. Shouldn’t UIDAI provide the details
of the expenses incurred under “other charges”? Take the case of the year
2009-10 when the budget estimate was Rs 120 crores. The final expenditure was
Rs 26.21 crores. In the year 2015-16 the budget estimate was Rs 2,000 crores
but the final expenditure was Rs 1679 crores. In 2016-17, when budget estimate
was Rs 990 crores, the final expenditure was Rs 877.16 crore up to February
2017. The budget estimate for 2017-18 was Rs 900 crore. The revised estimate
was Rs 1150 crore. The expenditure was Rs 1148.32 crore. The budget estimate
for 2018-19 is Rs 1375 crore. So far the expenditure has been Rs 130.81 crore
during this period. UIDAI’s final expenditure as of June 2018 is Rs 8,793.90
crore. It is high time the full break up of this expenditure is put in public
domain because sunlight is the best disinfectant.
The Parliamentary Committee on Finance has wondered in its report as to why inflated targets were consistently being given. It observed, “the total budgetary allocations made for UIDAI since its inception upto 2013-14 budget estimate is Rs 5440.30 crore, out of which Rs. 2820.30 crore has been utilized upto 31.03.2013 and the remaining amount of Rs. 2620 has been allocated in budget estimate is 2013-14. The Ministry has informed that the average cost per card is estimated to range from Rs 100 to Rs 157. Taking the average cost per card to be Rs. 130, the total expenditure for issue of 60 crore cards is estimated to about Rs 7800 crore. Thus, the expected requirement of funds during 2013-14 is Rs. 4979.70 crores, whereas only Rs. 2620 crore has been kept for budget estimate during 2013-14, which is thus grossly inadequate.” It is apparent that there is more to it than meets the eye.
When Nilekani was asked about “concerns that the Aadhaar
could be used in surveys such as the Socio-economic Caste Census (SECC) for
racial profiling, or be linked to EVMs to determine voting patterns”, he gave
an evasive reply saying, “The SECC or EVM machines have nothing to do with
Aadhaar.”
Notably Aadhaar is a brand name of Unique Identification (UID)
Number. The UID project was renamed the Aadhaar project after the UIDAI
avowedly had a nationwide competition to find a logo and a brand name.
Curiously, Aadhaar name echoes the name of Bangalore based Adhar Trust that Nilekani and Rohini Nilekani set
up to fund their initiatives into a government function.
Election Commission of India on its website has provided answer to a question about the “system of
numbering EVMs”, it states “Each Control Unit has a unique ID Number (UID),
which is painted on each unit with a permanent marker. This ID Number will be
allowed to be noted by the Polling Agents and will also be recorded in a
Register maintained for the purpose by the Returning Officer. The address tag
attached to the Control Unit also will indicate this ID Number.” A careful
perusal of UIDAI documents reveals that it is linked to the electoral database
too. A confidential document of UIDAI titled ‘Creating a unique identity number
for every resident in India’, leaked by Wikileaks on 13 Nov 2009 reads: “One
way to ensure that the unique identification (UID) number is used by all
government and private agencies is by inserting it into the birth certificate
of the infant. Since the birth certificate is the original identity document,
it is likely that this number will then persist as the key identifier through
the individual’s various life events, such as joining school, immunizations,
voting etc.”
The proponents of world's biggest citizen identification
scheme aim to converge electoral photo identity card (EPIC) numbers of
electoral database, the UID/Aadhaar number database called Central Identities
Data Repository (CIDR). In their myopia, political parties in particular and
citizens in general have failed to fathom its ramifications for voting by
electors in a democracy.
In a letter dated 7 June 2011, the Director General and
Mission Director of Unique Identification Authority of India (UIDAI) wrote to
Chief Election Commissioner saying, “The Election Commission of India (ECI) may
also like to leverage Aadhaar infrastructure in cleaning/ updating their existing
electoral data base. Aadhaar numbers issued by the UIDAI can also be included
in the list of valid proof of identity (POI) and proof of address (POA)
documents of the Election Commission during the polls for identity
verification.”
The file notings by ECI on the UIDAI’s letter reads: “How
can Aadhaar number used as proof of address”. The reply from ECI dated 17 June
2011 on the letter from UIDAI. It further wrote, Aadhaar numbers can be seeded
into EPIC and electoral roll databases to clean those databases and also to
bring standardisation and uniformity in the Election Commission’s databases
across the country. UIDAI does provide necessary technical and financial
support under its information and communications technology (ICT)
infrastructure scheme for integration of Aadhaar number with database of
concerned Ministries/ Departments to make them UID compliant. However, the
process and schemes to use Aadhaar numbers for their applications are to be
defined by the concerned Departments themselves.”
The notification of 28 January 2009 that set up UIDAI,
provides the terms of reference (TOR) for its work. There is no reference to
the collation of UID number database with electoral database in the TOR. But
the TOR does refer to “collation and correlation with UID and its partner
databases.” If this reference to ‘partner database’ included electoral
database, the UID/ Aadhaar enrolment form never revealed it and took Indian
residents for a ride.
Notably, UIDAI was constituted in pursuance of the fourth
meeting of the Empowered Group of Ministers (EGoM) headed by the then External
Affairs Minister, Pranab Mukherji held on 4 November 2008. Shivraj Patil, the
then union home minister and A Raja, the then minister for IT and
Communications, HR Bhardwaj, the then law minister and Mani Shankar Aiyar, the
then panchayati raj minister, were members of the EGoM wherein Montek Singh
Ahluwalia, deputy chairman of Planning Commission was an invitee.
UIDAI argued, “Aadhaar database is restricted to the
name, date of birth, gender, address, facial image, ten fingerprints and iris
of the resident. The data fields are based on the recommendation of the
Demographic and Data field Verification Committee headed by N Vittal, former
chief vigilance commissioner (CVC). Since Aadhaar database contains absolute
minimum information of a resident necessary to establish identity, it is not
possible to include EPIC numbers in the Aadhaar database. However, the ECI
should seed Aadhaar numbers in the electoral database as clarified above.”
Prior to this KM Chandrasekhar, as cabinet secretary,
Government of India (GoI) wrote a letter dated 25 April, 2011 addressed to VK
Bhasin, secretary, legislative department stating, “Aadhaar can be treated as a
valid Proof of Identity (PoI) and Proof of Address
(PoA).”
The Election Commission in its letter dated 4 March 2013
to UIDAI on the subject of “Seeding of Aadhaar number in Electoral Database”
wrote that “Commission feels that it would be better that EPIC no. is collected
at the time of enrollment for Aadhaar and put in the Aadhaar database…ECI
has already issued instructions that Aadhaar cards can be used as alternative
identity documents at polling station…It may be mentioned here that Ministry of
Home Affairs has also agreed to print EPIC no. on smart card as issued by
Registrar General of India…Under the circumstances, it is once again requested
that EPIC no. may be made mandatory for enrollment in Aadhaar.” In its
letter dated 29 October 2012, the ECI had argued that “including EPIC no. as
mandatory field in UIDAI database would enable better integration between UIDAI
database and electoral database, which will make Aadhaar numbers more
useful.” This enthusiastic endorsement of illegal UIDAI’s database and its
inexplicable eagerness to merge EPIC no. and electoral database with a database
that faces robust legal challenge merits rigorous
scrutiny.
In a letter dated 16 April 2012, RK Singh, the then
secretary, ministry of home affairs (MHA), wrote to Dr SY Quraishi, the then
Chief Election Commissioner (CEC), with reference to latter’s letter dated 4
April 2012 “regarding inclusion of Electoral Photo Identity Card -EPIC number
in the Aadhaar database.” Singh is currently MP from BJP and minister of
new and renewable energy. As secretary, MHA he wrote, “The Office of the
Registrar General and Census Commissioner, India is in the process of creating
the National Population Register (NPR) in the country. The NPR, when completed
will be a register of all usual residents of the country, which would have the
Aadhaar number besides the demographic and biometric data. The Government is
also considering a proposal to issue Resident Identity (smart) Cards to all
usual residents above the age of 18 years. The scheme is already making good
progress and is likely to be completed in the next two years.”
The combination of the office of Census Commissioner and
RGI creates a legal conflict of interest that is required to be examined
because Census Act requires that data of residents of India has to be kept
confidential. But RGI created under Citizenship Act admittedly puts the data in
public domain.
Secretary, MHA also wrote, “As a part of the process of
creating the NPR, the EPIC number is also being collected. This would enable
mapping of the Aadhaar number to the EPIC number right from the beginning…Once
the mapping is completed, there could be a lot of synergy between the EPIC and
NPR databases.” He pointed out that “while the registration under the NPR
is mandatory under the provisions of the Citizenship Act 1955, the production
of EPIC Card during the NPR enrolment and capturing the EPIC number is being
done on a voluntary basis from the residents. There are, therefore, gaps in the
collection of the numbers. The gap can easily be bridged as the Authorities
notified for the creation of the NPR are the same as those notified under the
Electoral Law and if necessary instructions are issued by the Election
Commission, they could easily ensure a complete coverage.”
It is intriguing as to how Election Commission has failed
to comprehend the adverse consequences of such convergence. There is nothing in
public domain to suggest that implications of such merger have been
examined.
The then secretary, MHA informed the CEC that there is
mutual agreement between the MHA’s RGI and ECI that “there is a considerable
potential to synchronise the two databases and set up a unified platform for
future updating of the same and sought CEC’s advice to take it forward. Does
the Election Commission realize that synchronization of the two databases is
happening as per the design of Wipro’s document and is beyond the mandate given
to UIDAI and RGI?
It may recalled that one of the earliest documents that
refer UIDAI is a 14-page long document titled ‘Strategic Vision: Unique
Identification of Residents’ prepared by Wipro Ltd for the Planning Commission
envisaged the close linkage that the UIDAI’s Aadhaar would have with the electoral
database. The use of electoral database mentioned in Wipro’s document remains
on the agenda of the proponents of Aadhaar.
The reply of the Prime Minister’s Office (PMO) dated 1
April 2014 transferring the right to information (RTI) application to Election
Commission seems to indicate that linkage of UIDAI with the Commission has
already been established.
In such a backdrop, PMO’s reluctance to share all the
file documents and correspondence relating to Nilekani and right up to his
resignation appears quite sensitive and deserves scrutiny.
Nilekani referred to the current “three-member UIDAI
Committee under J Satyanarayana, the former IT secretary”. Satyanarayana is
currently a part time Chairman of UIDAI since September 6, 2016. He has been on
Board of NISG. Notably, Satyanarayana has been the member of the Task Force for
preparation of Policy Document on Identity and Access Management under
National e-Governance Programme (NeGP). This Task Force was constituted by
Office Memorandum dated 31 October, 2006, which was supposed to submit its
report by 25 December 2006. Coincidentally, the Processes Committee of
the Planning Commission which was set up in July 2006 commissioned the task of
preparing “Strategic Vision: Unique Identification of Residents” to Wipro Ltd
during the same period. The other members of the Task Force included 34 members
besides the Chairman, Dr S.I. Ahson, Professor & Head, Department of
Computer Science, Jamila Milia Islamia and the Member Secretary, Ms Pratibha
Lokhande, Scientist, National Informatics Centre. The members included 11
Technology Solutions Providers namely, IBM, Microsoft, Oracle, Computer
Associates, Novell, Honeywell, HP, Red Hat, ILANTUS Technologies, MPhasis and
PricewaterhouseCoopers (PwC). The Task Force submitted version 7 of its 65 page
long report in April 2007.
This report talked about “Citizen Identities” and “Owner
of identities”. This report states, “The Identity Information is stored by
multiple agencies in multiple documents like Ration card, Driving License,
Passport, Voter’s card, Birth Certificate etc. The purpose of the Project
unique ID (UID) initiated by the Planning Commission is to create a central
database of resident information and assign a Unique Identification number to
each such resident (Citizens and Persons of Indian Origin) in the country….The
appropriate Identity Aggregations and Synchronization should be used to
integrate systems to share their identity information.” This April 2007 report
reveals that “National UID Project: This project has been initiated, with Voter
ID Numbers and BPL households in the first instance.” It is evident that long
before the arrival of Nilekani in July 2009 as Chairman of UIDAI, the
UID/Aadhaar project was already unfolding. He just came and dishonestly claimed
credit for it. This report also discloses that each registered judicial court
has a unique identification (UID) number at Sub ordinate Courts, High Court and
Supreme Court. This effort seems to be part of profiling and surveillance of
judicial institutions.
Notably, this report appears to be making one of the
earliest references to “Biometric authentication” in India as “any process that
validates the identity of a user who wishes to sign into a system by measuring
some intrinsic characteristic of that user. Biometric samples include
fingerprints, retina scans, face recognition, voiceprints, and even typing
patterns. Biometric authentication depends on measurement of some unique
attribute of the user. They presume that these user characteristics are unique,
that they may not be recorded and reproductions provided later, and that the
sampling device is tamper-proof.”
It defines biometrics as “A measure of an Attribute of a
Natural Person’s physical self, or of their physical behavior. In principle at
least, a Biometric can be used: to validate an entity (where the entity is a
Natural Person); as an Authenticator for an Assertion involving an Entity; and
as a means of restricting the use of a personalised Token to the appropriate
Natural Person. Examples include: fingerprint, voiceprint, and iris-scan.
Biometrics is generally, “the study of measurable biological characteristics.
In computer security, biometrics refers to authentication techniques that rely
on measurable physical characteristics that can be automatically checked. There
are several types of biometric identification schemes: Face: the analysis of
facial characteristics; Fingerprint: the analysis of an individual's unique
fingerprints; Hand geometry: the analysis of the shape of the hand and the
length of the fingers; Retina: the analysis of the capillary vessels located at
the back of the eye; Iris: the analysis of the colored ring that surrounds the
eye's pupil; Signature: the analysis of the way a person signs his name; Vein:
the analysis of pattern of veins in the back if the hand and the wrist; Voice:
the analysis of the tone, pitch, cadence, and frequency of a person's voice.”
This report defines “Identification” as “The process
whereby data is associated with a particular Identity. It is performed through
the acquisition of data that constitutes an Identifier for that identity.” It
also defines “Identifier” as “One or more data-items concerning an Identity
that are sufficient to distinguish it from other Identities, and that are used
to signify that Identity. Identifiers include names. A natural person may use
more than one name, and variants of each name. Identifiers also include ‘id
numbers’ or ‘id codes’ issued by other Entities that the Entity interacts with.
An Entity may be assigned many such numbers and codes. A legal person may have
many names (e.g. associated with business units, divisions, branches, trading
names, trademarks and brand names), and multiple ‘id numbers’ and ‘id codes’
assigned by other Entities that the Entity interacts with. Identifier Unique
pointer, within a certain context (namespace) to an identity.” These
definitions are significant because they underline that UID/Aadhaar is an
identifier and not a conventional identity proof.
Satyanarayana who was the member of the Task Force that
authored the above mentioned report finds mention at page no. 46-47 of the
report Parliamentary Standing Committee on Information Technology that examined
the work of Department of Electronics and Information Technology (DeitY),
Ministry of Communications and Information Technology, asked about the
surveillance by National Security Agency (NSA) of the US. It states that in the
context of privacy of data, the Committee desired to know the Department’s
stand on the issue of surveillance by US and interception of data sent through
e-mails. To this, Satyanarayana, as Secretary, DeitY, responded during the
evidence as under:-“Sir, about the US surveillance issue, there has been a
debate, as you are aware, this morning in the Rajya Sabha itself and the hon.
Minister has addressed this issue. He also emphasised that as far as the
Government data and Government mails are concerned, the policy, the copy of
which I have given to the Committee earlier, is going to address a large part
of it. Hopefully, by the end of this year, if it is implemented, the things
will be absolutely safe and secure…x.x.x.x…In the reply, the Hon. Minister also
said that we have expressed our serious concern about the reported leakages and
in the name of surveillance, the data that has been secured from various
private sources, internet resources by the US Government. We have expressed it
formally to the Government of the US and also during the Secretary of State’s
visit a few weeks ago in India, this has been reinforced on a person to person
basis.”
He added, “We have been assured that whatever data has
been gathered by them for surveillance relates only to the metadata. It has
been reiterated and stated at the highest level of the US President that that
only the metadata has been accessed, which is, the origin of the message and
the receiving point, the destination and the route through which it has gone,
but not the actual content itself. This has been reiterated by them, but we
expressed that any incursion into the content will not be tolerated and is not
tolerable from Indian stand and point of view. That has been mentioned very
clearly and firmly by our Government.”
In effect, the Government of India has formally
communicated to Government US that India has no problem if they conduct
surveillance for metadata in fact it is acceptable and tolerable but “incursion
into the content will not be tolerated and is not tolerable.”
The Parliamentary Committee observes, “While taking note
of the Department’s stand on the recent instances of surveillance and
interception of data (though only meta-data) by other countries, that incursion
into the content of the country’s data will not be tolerated, the Committee is
of the strong opinion that the Department should have exercised enough caution
so that such a situation was not allowed to occur at the first instance.
Further, the Committee feels that the Department should be extremely vigilant
and cautious in terms of safety as well as in terms of policy with different
countries so as to avoid such leakage and interception of sensitive data in the
name of surveillance. The Committee, therefore, strongly recommends the
Department to take remedial measures and come out with a policy which should be
implemented stringently so as to obviate recurrence of such instances.” MeitY
which has been formed by giving the status of ministry to the Department of
Electronics and Information Technology (DeitY) has been misleading the State
Governments, media and the citizens. It must be remembered that the idea of UID
was incubated in this very Department. It is evident that Satyanarayana and
this Department has no problem in sharing meta data of Indians to foreign
agencies.
Nilekani refers to Vijay Madan who was the UIDAI CEO.
Notably, Madan made false claims in a presentation titled “Digital ID for
Benefit and Service Delivery to Billion Plus People” in the ‘Special Session on
National ID Programs’ at the International Joint Conference on Biometrics held
during 29th September – 2nd October 2014 at Clearwater, Florida, USA. He
claimed that “Security and Privacy of personal information ensured” by UIDAI in
its implementation of UID/Adhaar project. This claim is an exercise in
misrepresentation. Given the fact that some 91,000 of USA’s classified pages
reached the website of Wikileaks in August 2010 reveals that such claims of
security and privacy are mere empty claims with no privacy law in the country.
The Ministry of Planning, the nodal ministry for UID/aadhaar informed the
Parliamentary Standing Committee that concerns sharing of data, surveillance
and profiling is being addressed by a proposed legislation on privacy. The
committee observed that the enactment of such data protection law is a
“pre-requisite for any law that deals with large-scale collection of
information from individuals and its linkages across separate databases.” This
promised law has not been enacted till date. Notably, till date there is no
data protection and privacy protection law in the country. Thus, the claim of
UIDAI and Nilekani remains a bogus claim.
Nilekani forgot mention the name of his first Mission
Director. It is relevant to observe that the letterhead of the UIDAI’s Director
General under Nilekani, Ram Sewak Sharma revealed his personal email ID as rssharma3@gmail.com. The question is who authorized the UIDAI’s Director
General to use Google’s email account? Is it the case that UIDAI does have its
own email account? After relinquishing his post at UIDAI to join as Chief
Secretary, Government of Jharkhand, did Sharma surrender his email ID to UIDAI?
Currently, Sharma is the Chairman, Telecom Regulatory Authority of India
(TRAI). Prior to this assignment, he worked as the Secretary, Department of
Electronics and Information Technology after his tenure as Chief Secretary,
Government of Jharkhand where is promoted UID/Aadhaar project enthusiastically
using the same Google’s email account. UIDAI officials, Nilekani and Sharma
were/are privy to massive trove of communications about the inner workings of
the world’s biggest biometric database project aimed at creating a Centralized
Identities Data Repository (CIDR) of all the UID/Aadhaar Numbers and related
aspects of nation’s diplomacy, national security and personal sensitive
information of present and future Indians. The email accounts of Nilekani and
Sharma must be investigated to ascertain all the locations around the world
from which it has been accessed especially in the light of disclosures about
the controversy surrounding use of private email account by Hillary Clinton who
began using it as “a matter of a convenience" disregarding the advice of
tech experts who didn’t allow personal email accounts to be installed on
government-issued devices. Her official communications included thousands of
emails that would retroactively be marked classified by the US State
Department. This issue was raised vociferously by Donald Trump, the President
of USA because it compromised USA’s national security.
The fact that one of the senior most official of UIDAI
chose to receive such sensitive information on the server of Google, a private
company, is a threat to national security and privacy of Indians. This company
is regulated by US laws and has been working in collusion with foreign
intelligence agencies. The authorities in the US, where Gmail is headquartered,
can legally access the information on the server of Google without a court
warrant and without any civil and criminal liability. The Indian government
will remain in dark about it. In fact US’ Cyber Intelligence Sharing and
Protection Act (CISPA) make the exchange of electronic information between
Internet Service Providers and the government of US possible. The use of Gmail
account demonstrates the lack of professionalism of UIDAI, which has been given
the task of handling the database of the personal sensitive information of
Indians. This act of omission and commission merits attention. Such gullibility
of ministers, Secretaries and Chief Secretaries besides other IAS and IPS
officers in particular and officials in general is inexcusable. This merits
high level probe.
Nilekani also refers to Ajay Bhushan Pandey, the current
CEO of UIDAI. Pandey claimed that “At least from the UIDAI side, we have not
said it shall be mandatory.” If it indeed true that UID/Aadhaar is not being
made mandatory by UIDAI then MeitY should have withdrawn the letter to
Secretary Department of Defence Production and other departments, agencies and
State Governments. Given the fact that he has not done so demonstrates that
articulations of UIDAI are equivocal and questionable. It has compromised
national security and the personal sensitive information of present and future
Presidents, Prime Ministers, judges, legislators and officials handling
sensitive assignments besides all the Indians.
Contrary to the claims of the promoters of biometric Unique Identification (UID)/Aadhaar like Nandan Nilekani that “Millions of people without any ID, now have an ID”, the fact is that of all the Aadhaar numbers issued to Indian residents till date – 99.97 per cent had pre-existing identification (ID) documents. This has been revealed in a reply to an application under Right to Information (RTI) Act by Unique Identification Authority of India (UIDAI), Union Ministry of Electronics and Information Technology (MeitY). The enclosed reply revealed that out of the 83.5 crore UID/Aadhaar numbers issued till then, only 2.19 lakh residents (0.03 per cent) have been given numbers based on the introduction by the introducer system because they did not have a pre-existing ID. This proves that that ‘an inability to prove identity” has not a major barrier to access benefits and subsidies.
A bizarre situation is emerging where citizens chose a
government that was supposed to represent them but their government is
undertaking the task of ascertaining whether or not
those it represents are indeed those who they claim to be through coercive biometric authentication. It ends up breaking
the sacrosanct social contract between the citizen and the State in an
unprecedented act of breach of trust. The attempt to undertake convergence of
all the sensitive databases of Indians and the confidence of promoters of
UID/Aadhaar in the irreversibility of their efforts has thrown as yet an unmet
open political challenge to the opposition parties, informed citizens and the judiciary.
Dr Gopal Krishna
The author had appeared before
the Parliamentary Standing Committee on Finance that examined the Aadhaar Bill
and the Parliamentary Standing Committee on Food, Consumer Affairs and Public
Distribution that examined the Consumer Protection Bill. He is editor of www.toxicswatch.org and is the
convener of Citizens Forum for Civil Liberties which has been working on
UID/Aadhaar issue since 2010.
Post a Comment