Briefing Paper
Aadhaar number database, a tool for electoral ‘surveillance’, remains a Weapon of Mass Destruction for citizens and a national security threat
Aadhaar Act is a mini-Constitution
States, opposition parties clueless even after four years of Section 57 of Aadhaar Act being declared unconstitutional
Five years after Supreme Court’s verdict, no right to privacy law in sight, audit of UIDAI & Aadhaar schemes by CAG reveals Aadhaar Act as Black law
26 September 2022: Disregarding the ten fathom deep burial of the notorious majority opinion of the Supreme Court Justices P. N. Bhagwati, A.N. Ray, M.H. Beg and Y.V. Chandrachud in ADM Jabalpur v. Shivkant Shukla (1976) case that had suspended a person's right to not be unlawfully detained by 9-Judge Constitution Bench in Justice Puttaswamy v. Union of India (2017), the majority opinion of Justices A. K. Sikri, Ashok Bhushan, A.M. Khanwilkar and D. Misra in Puttaswamy v. Union of India (2018) resurrected the notorious verdict by declaring Aadhaar Act to be partially constitutional on 26 September 2018. Court declared Section 57 of the Aadhaar Act which enabled body corporate and individual to seek authentication is held to be unconstitutional. Section 57 which was titled “Act not to prevent use of Aadhaar number for other purposes under law” has been “Omitted by the Aadhaar and Other Laws (Amendment) Act 2019”. Section 57 provided that “nothing contained in this Act (Aadhaar Act) shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose, whether by the State or any body corporate or person...” So far State governments have failed to rescind their MoUs with UIDAI in the light of the judicial and legislative decisions. Opposition parties are yet to factor in the “incomplete” audit of Unique Identification Authority of India (UIDAI) of CAG and the audit of Aadhaar based Direct Benefits Transfer that creates a compelling logic for repeal of Aadhaar Act as has been done with UK’s Nation ID scheme which was cited as an example for India to emulate.
UIDAI's Central Identities Data Repository (CIDR) of UID/Aadhaar Numbers and related sensitive information is akin to what Cathy O'Neil refers to as Weapons of Math Destruction while explaining the societal impact of the algorithm. It reveals how the use of big data and algorithms in a variety of fields, including education, and policing, insurance and advertising can lead to decisions that harm the poor, facilitate profiling for the minorities of all shades, reinforce racism, and amplifies inequality and creates a “toxic cocktail for democracy.” Her book won the Euler Book Prize of the Mathematical Association of America in 2019. Features used by UIDAI and its foreign technology solution providers are opaque, unregulated, and difficult to contest. They are also scalable, thereby amplifying any inherent biases to affect increasingly larger populations. These Weapons of Math Destruction are essentially Weapons of Mass Destruction.
Giorgio Agamben, the 74-year-old Italian philosopher who has been teaching at the University of Venice and New York University, predicted in 2004 that the ‘bio-political tattooing’ is the precursor to what would later turn into a normal identity registration of a good citizen. It provides a continuity between the world of the Nazi concentration camp and contemporary democracy. It paves the way for a genocidal liberal order. Biometrics ‘concerns the enrollment and filing away of the most private and incommunicable aspect of subjectivity,which results in the capture of the human body by the authorities for good. Till now such assault on the private human body was an exception, now it is becoming the norm. Surveillance has been used as a tool to shape the relationship between the citizen and the State. Both identification and surveillance have co-existed since time immemorial, but it is now assuming frightening architecture with the marriage of statistics of biological characteristics, and biometric technology with digital sculpture.
Aadhaar Act is aimed at making citizens entitlements like subsidies, benefits and service conditional on their identification based on “biometric information” such as “photograph, finger print, Iris scan, or such other biological attributes”. It suspends citizens’ right to not be denied their entitlements by their servant, the government although “Aadhaar number”is irrelevant for rights and entitlements of citizens.
Under Aadhaar Act “Aadhaar number” is an identification number issued to an individual who has resided in India for a period or periods amounting in all to one hundred and eighty-two days or more in the twelve months immediately preceding the date of application for enrolment.
Notably, before abandoning its ID project, the UK used to cite Estonia as an example. Estonia has a population of 13 lakh people. It has come to light that 750,000 ID and e-residency cards of Estonians posed a security threat because it allowed private keys to be inferred from public keys resulting in the vulnerability of all systems depending upon the privacy of such keys facilitating identity theft or spoofing. It compelled the Estonian government to suspend these IDs. ID card manufacturer Gemalto, a Dutuch company failed to inform the Estonian government about the vulnerability. It has also come to light that Gemalto and the Estonian government have reached a compromise agreement after the former agreed to pay 2.2 million EUR in compensation.
It may be recalled that Gemalto is part of World Bank’s eTransform Initiative launched in partnership with Microsoft, Safran, Pfizer, IBM, France and South Korea. India’s UID/Aadhaar scheme is part of biometric experiments underway in 14 developing countries. As a Member of Parliament from Bihar, K.C. Tyagi had raised the issue of threat from “Use of Aadhaar Cards as proof of address for procuring new SIM cards” manufactured by Gemalto, world biggest Sim card manufacturer on 13 March, 2015 in the RajyaSabha and referred to “I.B. red flag over ADHAR based SIM card”. Drawing the attention towards reported hacking into the data of this SIM card manufacturer by US and British intelligence agencies posing a national security threat as the majority of phones in India may have SIMs of that company. Raising the issue during Zero Hour, K C Tyagi, the Janata Dal-United MP said American and British spy agencies have hacked into the database of Dutch company Gemalto. Gemalto's SIM cards are widely used in India including by bureaucrats and the defence establishment. He added that the government's decision to link Aadhaar data base with SIM cards could potentially compromise strategic information. It poses a major national security threat. Sukhendu Sekhar Roy, the Trinamool Congress MP from West Bengal associated himself “with the concern expressed by Shri K. C. Tyagi.” Notably, the West Bengal assembly has passed a unanimous resolution against Aadhaar.
Examination of the official documents indicates that the Indian UID/Aadhaar project was pushed by an ID cartel as a reaction to scrapping the National ID project of the UK. The technology solution providers like i. IBM, ii. Microsoft, iii. Oracle, iv. Computer Associates, v. Novell, vi. Honeywell, vii. HP, viii. Red Hat, ix. ILANTUS Technologies, x. MPhasis and xi. PwC were part of the 35 member task force constituted by the union government for identity management in 2006.
The concerns over the breach of citizens’ data has prompted several state governments to halt the ongoing data collection process for a National Population Register (NPR). The fear is that the information sought under NPR is much wider in scope and could potentially be used to target a section of the society.
What the anti-NPR advocates do not realise is that there are more solid reasons to fear the NPR because it is not just a census exercise, but a larger data convergence project that can result in the government putting its citizens under surveillance, that is unwarranted and dangerous to the secular and constitutional credentials of the country. NPR's linkage with Aadhaar number plays a central role here.
In fact, MHA's NPR and MEITY's UIDAI's CIDR of UID/Aadhaar numbers are aimed at creating an architecture for indiscriminate mass surveillance of the present and future voters who are being structurally coerced to give their consent to the immoral and illegitimate exercise of their profiling for countless times.
It has turned every newborn into a suspect. There is a file being created to track and profile him for good. Like Indian NSA's threat to his adversaries about having a file on them, having a UID/Aadhaar number and NPR automatically creates a file of the Indian residents in question. Even infants are not spared in this cruel scheme of things.
In a country where no intelligence chief or official has held accountable for the assassination of two of its Prime Ministers and for betraying nation's secrets, can it be hoped that all those who compromised India's data security will be made liable for their treacherous acts of transferring the sensitive data of present and future citizens including ministers, soldiers, judges and ministers?
There is a compelling logic for setting up a High Powered Commission of Inquiry to probe the ongoing bartering of citizen's databases and transfer of national data assets to foreign entities.
The States should un-sign the MoUs they have signed with UIDAI and discontinue both UID/Aadhaar and NPR exercise to resist the emergence of an unlimited government, unlimited by the Constitution of India and Constitutionalism.
Here are some reasons for repealing Aadhaar Act:
1. The majority order of the Supreme Court's 5-Judge Constitution Bench on September 26, 2018, has pointed out that the UID/Aadhaar Number project and NPR project are part of the one database convergence scheme. NPR has been mentioned at least on eight occasions in the order to underline the same. A centralized database is the most vulnerable entity in the digital world. The leakage of the database of UK’s children has revealed the old maxim, “If you have nothing to hide, you have nothing to fear, has been given a very public burial”. This has been thoroughly debunked. This maxim is attributed to Nazi propaganda minister Joseph Goebbels. Database State, a report from the UK, states: ‘In October 2007, Her Majesty’s Revenue and Customs (Department) lost two discs containing a copy of the entire child benefit database.’ Only blind faith in a Utopian State can persuade people to think that they have nothing to fear after trusting their personal sensitive information to a Database State and non-State actors like Safran, Ernst & Young and Accenture.
2. One of the earliest documents that refer to UIDAI, a 14-page document titled 'Strategic Vision: Unique Identification of Residents' prepared by Wipro Ltd for the government envisaged the close linkage that the UIDAI's Aadhaar would have with the electoral database. The use of the electoral database mentioned in Wipro's document remains on the agenda of the proponents of UID/Aadhaar.
3. The 41-page Wikileaked document titled 'Creating a unique identity number for every resident in India' that declared itself to be a 'Confidential- property of UIDAI' states, "The Unique ID or UID will be a numeric that is unique across all 1.2 billion residents in India. The UID number will not contain intelligence. In older identity systems, it was customary to load the ID number with information related to the date of birth, as well as the location of the person."
This document reveals that from day one the Prime Minister wanted to create a file on each of "1.2 billion residents", the division of work between Ministry of Home Affairs (MHA)'s NPR and Ministry of Electronics and Information Technology (MEITY)'s UID/Aadhaar was/is merely an attention diversion tactics to outwit citizen's scrutiny.
The ongoing merger of the electoral database with UID/number debunks UIDAI's claim that UID/Aadhaar number "will not contain intelligence" and "the location of the person."From these disclosures, it seems that the government has adopted an adversarial role vis-a-vis Indians and acting beyond its constitutional mandate in order to pander to the interests of the commercial czars, non-state actors and foreign intelligence companies.
4. In an RTI reply dated October 25, 2013, UIDAI shared a truncated contract agreement with Ernst & Young. The contract agreement states that "the Unique ID will be a random 12-digit number with the basis for establishing uniqueness of identity being biometrics". It announces that "we will provide a Unique Identity to over 113.9 crore people."
This is evidently a fraudulent announcement because UIDAI with which the agreement has been signed had the mandate to provide Unique Identity to only 60 crore residents of India, and not to 113.9 crore people.
It is evident that while the government kept Ernst & Young informed about its motive, it kept states, citizens, the parliament and the Supreme Court in the dark. The contract agreement reveals that "biometric systems are not 100 % accurate" and "uniqueness of the biometrics is still a postulate." This admission pulverizes the deceptive edifice on which MEITY's UID/Aadhaar and MHA's NPR rests.
5. Section 57 of un-amended Aadhaar Act, 2016 stated that "Nothing contained in this Act shall prevent the use of Aadhaar number for establishing the identity of an individual for any purpose, whether by the State or any body corporate or person, pursuant to any law, for the time being in force, or any contract to this effect".
It implies that UID/Aadhaar of "over 113.9 crore people" has been shared with foreign private body corporates like Ernst & Young. It is only after the horse had escaped the barn that the door was closed through Section 25 of Aadhaar and Other Laws (Amendment) Act, 2019 in compliance with the Court's order dated September 26, 2018.
Section 25 of the Amendment Act 2019 states that Section 57 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 has been omitted with effect from July 24, 2019.
6. At paragraph 8 of the majority order authored by Justice A K Sikri, it is recorded that "a Processes Committee was set up on July 03, 2006, to suggest the process for updation, modification, addition and deletion of data and fields from the core database to be created under the Unique Identification for BPL Families project.
This Committee, on November 26, 2006, prepared a paper known as 'Strategic Vision Unique Identification of Residents'. Based thereupon, the Empowered Group of Ministers (EGoM) was set up on December 04, 2006, to collate the National Population Register under the Citizenship Act, 1955 and the Unique Identification Number project of the Department "of Information Technology.
Subsequently, "a Committee of Secretaries was formed. The said Committee gave its recommendations which were discussed by EGoM. After approving the Aadhaar Scheme in principle, it instructed the Cabinet Secretary to convene a meeting to finalise the detailed organisational structure of the UID.
After considering the recommendation of the Cabinet Secretary, Notification No. A-43011/02/2009-Admn.I was issued on January 28, 2009, by the Government of India which constituted and notified the UIDAI." Annexure 1 of this notification that constituted UIDAI deals with the Role and Responsibilities of UIDAI. The fourth point in this notification reads: "implementation of UID scheme will entail" taking "necessary steps to ensure collation of NPR with UID (as per. approved strategy)".
7. The minutes of a meeting of the Committee of Secretaries held under Chairmanship of Cabinet Secretary November 23, 2015 talks of "integrating the twin approaches under NPR and Aadhaar."
The "integrating the twin approaches under NPR and Aadhaar" which is referred here is the same as taking "necessary steps to ensure collation of NPR with UID (as per. approved strategy)" underlined in the notification mentioned in the Aadhaar Act.
8. A Ministry of Home Affairs communication dated July 19, 2019 states that "The National Population Register (NPR) thus prepared, was seeded with Aadhaar number during its updation exercise in 2015 along with a collection of demographic details of new household members. Approx. 60 crores Aadhaar numbers have been seeded in NPR Database."
This communication discloses that "It has now been decided by the Ministry of Home Affairs to update the existing NPR database during April 2020 - September 2020 along with House listing & Housing Census phase of Census 2021. While updating the NPR, the Aadhaar number of all the individuals whose Aadhaar number is not available in the NPR Database will also be collected along with various other items. Necessary notification for updating NPR in 2020 will be issued shortly."
9. The Court's order reveals that "A core group was set up to advise and further the work related to UIDAI...The core group, inter alia, decided that it was better to start with the electoral roll database of 2009 for undertaking the UIDAI project." If an UID/Aadhaar-enabled Biometric Attendance System is indeed a ‘digital equivalent’ of an ‘age-old attendance register,’ why did the National Human Rights Commission object to a radio collar which can also be argued by sophists to be a ‘digital equivalent’? It may be recalled that the Union ministry of external affairs had agreed with the NHRC’s assessment. The Union minister of external affairs informed Parliament that some 18 students were detained and released in the US with radio monitoring devices on their ankles, pending completion of investigations for possible involvement in irregularities. ``We have also strongly protested the radio collars as unacceptable, which should be removed immediately.’ If the ‘digital equivalent’ means biometric equivalent as well, then radio collar and DNA-based identity and attendance will also be deemed equivalent to ‘age-old attendance register.’ It is quite evident that such claims are deeply misleading.
10. The reference to ‘such other biological attributes’ in Section 2 (g) of Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, and the definition of ‘biometrics’ under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 under section 87 read with section 43A of Information Technology Act, 2000 underlines that it includes ‘the technologies that measure and analyse human body characteristics, such as “fingerprints”, “eye retinas and irises”, “voice patterns”, “facial patterns”, “hand measurements” and “DNA” for authentication purposes.’ It is abundantly clear that the plan of UID/Aadhaar-based surveillance does not end with the collection of fingerprints and iris scan, it goes quite beyond it. If surveillance is not a big deal, why is Edward Snowden in Moscow since June 23, 2013? Why is Australian journalist Julian Assange one of the 675 prisoners in Belmarsh, a category A prison, in London since April 2019 and why was he in the Ecuadorian embassy in London since July 19, 2012? If surveillance is indeed such an innocent act, then why are the entire US and European establishments paranoid about surveillance including electoral surveillance from Russia?
A confidential document of UIDAI titled 'Creating a unique identity number for every resident in India', leaked by Wikileaks on 13 November 2009 reveals that "One way to ensure that the unique identification (UID) number is used by all government and private agencies is by inserting it into the birth certificate of the infant. Since the birth certificate is the original identity document, it is likely that this number will then persist as the key identifier through the individual's various life events, such as joining school, immunizations, voting etc." There was never an occasion wherein there was an all-party meeting to seek the consent of all the political parties with regard to merger of UID/Aadhaar database with "electoral roll database". The amendment to Section 182 of the Companies Act, 2013 has taken away the restriction that contribution can be made only to the extent of 7.5% of net average profit of three preceding financial years, enabling even newly incorporated companies to donate via electoral bonds. "This opens up the possibility of shell companies being set up for the sole purpose of making donations to political parties, with no other business consequence of having disbursable profits", according to the Election Commission of India. The amendment to Section 182(3) abolished the provision that companies should declare their political contributions in their profit and loss accounts. This requirement is diluted to only showing the total expenditure under the head. This would "compromise transparency" and pave the way for the "increased use of black money for political funding through shell companies". It is evident that the provision of Electoral Bonds in the Companies Act and the merger of Voter-ID Number and Aadhaar Number through amendment in Aadhaar Act is an exercise in merger of electoral database and Aadhaar database that will lead to total control of the extinguish political and civil rights of present and future generations by such rewriting of the political geography of the country with hitherto unknown adverse consequences.
According to the Concise Oxford Dictionary, surveillance means ‘close observation, especially of a suspected person’. So far the Supreme Court has not had the occasion to examine the most glaring aspect of unlimited-cyber biometric surveillance, which entails close observation of all the present and future Indians indiscriminately as suspects. The yet to be constituted 7-Judge Constitution Bench will have the opportunity to pronounce the verdict on the constitutionality of
biometric-electoral surveillance through UID/Aadhaar database. Like UK’s opposition parties India’s opposition parties have the last opportunity to promise repeal of Aadhaar Act, a mini-Constitution emulating the example of 44th Constitutional Amendment Act, 1978 because in the name of biometric identification, civil death of citizens is being normalised and naturalised as if Article 21 of the Constitution has been abrogated.
For Details: Gopal Krishna, Citizens Forum for Civil Liberties (CFCL), Mb: 9818089660, E-mail: krishnagreen@gmail.com, Web: www.toxicswatch.org
Post a Comment