- Vombatkere, S.G., “How Aadhaar Neglects Personal Privacy and National Security”; Mainstream, New Delhi, Vol LIV, No 13; March 19, 2016; pp.15-16.
Sunday, March 27, 2016
## 25 - “How Aadhaar Neglects Personal Privacy and National Security”; Mainstream, New Delhi, Vol LIV, No 13; March 19, 2016-Vombatkere, S.G.,
018 - “Privacy and National Security – Aadhaar Bill”; - Deccan Herald, Bengaluru, March 16, 2016 - Vombatkere, S.G.,
Vombatkere, S.G., “Privacy and National Security – Aadhaar Bill”;
Deccan Herald, Bengaluru, March 16, 2016, p.10.
Deccan Herald, Bengaluru, March 16, 2016, p.10.
Maj Gen S G Vombatkere (rtd) , March 16, 2016, DHNS
AADHAAR BILL
At present, there is no law on privacy, but in Rajagopal Vs State of Tamil Nadu (1994), the Supreme Court opined that privacy is inherent in an individual’s right to personal liberty. Also, Section 8(1)(j) of the RTI Act 2005, protects the private individual against unwarranted invasion of his/her privacy, proof enough that privacy is a right even if it is not a fundamental right.
On whether privacy is a fundamental right, the Government of India succeeded in convincing a 3-judge Supreme Court bench hearing a bunch of petitions challenging Aadhaar on multifarious grounds, that privacy is important enough an issue to warrant consideration by a Constitution bench.
There is little doubt that mass surveillance for suspicionless, untargeted snooping into people’s private spaces to identify a possible threat to security, is questionable. The privacy issue was brought to international attention in 2013, with the USA admitting that its National Security Agency had been clandestinely collecting billions of pieces of information worldwide including personal data and emails from computer networks and telephones. India was one of USA's many surveillance targets.
Today, the technical capability of shadowy agencies for mass surveillance to collect, sort and process enormous quantities of data or meta-data has multiplied enormously. Hacking into databases for data is not very difficult for a person with the necessary motivation, skills and time, and it is quipped that systems are hack-proof only until the first hack. Cyber security concerns in the face of clandestine, untargeted surveillance are not only about national security but also citizens’ right to privacy.
The Aadhaar system: Whether or not it succeeds in its declared primary aim of targeted welfare services for the poor, Aadhaar enables surveillance and tracking. Aadhaar promoters claim that access to its data base will not be permitted to any agency, and will be secure from intelligence agencies that spy on citizens.
This claim is questionable since, according to its website, the Unique Identification Authority of India (UIDAI) is contracted to receive technical support for biometric capture devices from L-1 Identity Solutions, Inc (now MorphoTrust USA), a US-based intelligence and surveillance corporation. According to the corporation's website, its top executives are acknowledged experts in the US intelligence community.
Other companies awarded contracts for key aspects of the Aadhaar project are Accenture Services Pvt Ltd (implementing biometric solution for UIDAI) which works with the US Homeland Security, and Ernst & Young (setting up of Central Identities Data Repository (CIDR) and Selection of Managed Service Provider (MSP)).
It is difficult to have confidence in the security of sensitive national information when the technical provider which creates, holds or manages the database is a business corporation with strong connections to foreign intelligence organisations. Furthermore, the US corporations are mandated by the US law to reveal to the US government, information obtained during their legitimate operations, when called upon to do so.
The extent to which India’s cyber security has already been invaded by surveillance is not even known, and when the security of the Aadhaar system is not water-tight, compromise of the Aadhaar system’s security will tantamount to compromise of national security.
When the cyber systems of high-security organisations like USA’s NASA or India’s DRDO have been repeatedly hacked, UIDAI’s self-certification of its database security rings hollow. As far as institutional cyber security in India is concerned, barring one database protected by an indigenously developed network security system, official databases in India, including Aadhaar’s Central ID Repository (CIDR), are protected by purchased commercial network security and cryptographic products.
Database vulnerability
There is little need to emphasise the vulnerability of the Aadhaar database to access by unauthorised persons/ agencies for data destruction, corruption or simply copying by surveillance or hacking. The effect on individual privacy is unquestionably adverse.
Intelligence agencies operate by conducting general surveillance on citizens in public places and linking this with personal information available in various databases maintained by banks, income tax offices, ration cards, electoral rolls, airline and railway ticketing, internet and telecom service providers etc.
Since the Aadhaar number is “seeded” in these various data bases, Aadhaar itself will inevitably be at the core of a system to enable profiling and tracking of any and every private individual. Therefore, Aadhaar is a prize target for intelligence agencies to hack or surveil to acquire data to invade individual privacy and compromise national security.
The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016, has two aspects: the Opposition objects to its being tabled as a “money bill” to avoid its being placed before the Rajya Sabha, and that there have been a host of objections – especially including those of privacy and security – to the Aadhaar scheme since its inception, with several petitions still pending before the Supreme Court.
The Aadhaar Bill fails to address the serious systemic issues of national security and individual privacy and indeed, the word “privacy” is absent from its text. However, concerning the security and confidentiality of information, the value of individual privacy is indirectly acknowledged in Section 33(2), by specifying that an individual’s Aadhaar number, and biometric and demographic information may be revealed in the interest of national security, only by a specially authorised officer not below the rank of Joint Secretary of the Government of India.
Genuine national interest may dictate that laws on data/ digital privacy protection and cyber security be urgently enacted and linked with the Aadhaar Bill, before it becomes law.
(The writer, who retired as Additional DG, Discipline & Vigilance in Army Headquarters, holds a PhD degree in Structural Dynamics from IIT, Madras)
On whether privacy is a fundamental right, the Government of India succeeded in convincing a 3-judge Supreme Court bench hearing a bunch of petitions challenging Aadhaar on multifarious grounds, that privacy is important enough an issue to warrant consideration by a Constitution bench.
There is little doubt that mass surveillance for suspicionless, untargeted snooping into people’s private spaces to identify a possible threat to security, is questionable. The privacy issue was brought to international attention in 2013, with the USA admitting that its National Security Agency had been clandestinely collecting billions of pieces of information worldwide including personal data and emails from computer networks and telephones. India was one of USA's many surveillance targets.
Today, the technical capability of shadowy agencies for mass surveillance to collect, sort and process enormous quantities of data or meta-data has multiplied enormously. Hacking into databases for data is not very difficult for a person with the necessary motivation, skills and time, and it is quipped that systems are hack-proof only until the first hack. Cyber security concerns in the face of clandestine, untargeted surveillance are not only about national security but also citizens’ right to privacy.
The Aadhaar system: Whether or not it succeeds in its declared primary aim of targeted welfare services for the poor, Aadhaar enables surveillance and tracking. Aadhaar promoters claim that access to its data base will not be permitted to any agency, and will be secure from intelligence agencies that spy on citizens.
This claim is questionable since, according to its website, the Unique Identification Authority of India (UIDAI) is contracted to receive technical support for biometric capture devices from L-1 Identity Solutions, Inc (now MorphoTrust USA), a US-based intelligence and surveillance corporation. According to the corporation's website, its top executives are acknowledged experts in the US intelligence community.
Other companies awarded contracts for key aspects of the Aadhaar project are Accenture Services Pvt Ltd (implementing biometric solution for UIDAI) which works with the US Homeland Security, and Ernst & Young (setting up of Central Identities Data Repository (CIDR) and Selection of Managed Service Provider (MSP)).
It is difficult to have confidence in the security of sensitive national information when the technical provider which creates, holds or manages the database is a business corporation with strong connections to foreign intelligence organisations. Furthermore, the US corporations are mandated by the US law to reveal to the US government, information obtained during their legitimate operations, when called upon to do so.
The extent to which India’s cyber security has already been invaded by surveillance is not even known, and when the security of the Aadhaar system is not water-tight, compromise of the Aadhaar system’s security will tantamount to compromise of national security.
When the cyber systems of high-security organisations like USA’s NASA or India’s DRDO have been repeatedly hacked, UIDAI’s self-certification of its database security rings hollow. As far as institutional cyber security in India is concerned, barring one database protected by an indigenously developed network security system, official databases in India, including Aadhaar’s Central ID Repository (CIDR), are protected by purchased commercial network security and cryptographic products.
Database vulnerability
There is little need to emphasise the vulnerability of the Aadhaar database to access by unauthorised persons/ agencies for data destruction, corruption or simply copying by surveillance or hacking. The effect on individual privacy is unquestionably adverse.
Intelligence agencies operate by conducting general surveillance on citizens in public places and linking this with personal information available in various databases maintained by banks, income tax offices, ration cards, electoral rolls, airline and railway ticketing, internet and telecom service providers etc.
Since the Aadhaar number is “seeded” in these various data bases, Aadhaar itself will inevitably be at the core of a system to enable profiling and tracking of any and every private individual. Therefore, Aadhaar is a prize target for intelligence agencies to hack or surveil to acquire data to invade individual privacy and compromise national security.
The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016, has two aspects: the Opposition objects to its being tabled as a “money bill” to avoid its being placed before the Rajya Sabha, and that there have been a host of objections – especially including those of privacy and security – to the Aadhaar scheme since its inception, with several petitions still pending before the Supreme Court.
The Aadhaar Bill fails to address the serious systemic issues of national security and individual privacy and indeed, the word “privacy” is absent from its text. However, concerning the security and confidentiality of information, the value of individual privacy is indirectly acknowledged in Section 33(2), by specifying that an individual’s Aadhaar number, and biometric and demographic information may be revealed in the interest of national security, only by a specially authorised officer not below the rank of Joint Secretary of the Government of India.
Genuine national interest may dictate that laws on data/ digital privacy protection and cyber security be urgently enacted and linked with the Aadhaar Bill, before it becomes law.
(The writer, who retired as Additional DG, Discipline & Vigilance in Army Headquarters, holds a PhD degree in Structural Dynamics from IIT, Madras)
017 - “How Aadhaar Neglects Personal Privacy and National Security”- Countercurrents.org; March 13, 2016 - Vombatkere, S.G.,
Vombatkere, S.G., “How Aadhaar Neglects Personal Privacy and National Security”;
<http://www.countercurrents.org/vombatkere130316.htmdhaar>; Countercurrents.org; March 13, 2016.
<http://www.countercurrents.org/vombatkere130316.htmdhaar>; Countercurrents.org; March 13, 2016.
An Unfulfilled Dream: Mysuru's “Wish-List” Airport
By S.G.Vombatkere
24 November, 2015
Countercurrents.org
Countercurrents.org
Every city needs good internal communication and good connectivity to neighbouring and also more distant cities. This is required to sustain economic activity of movement of people and goods within and between urban and rural areas. Transportation is the key to the health of the economy, and needs to be planned for the correct mix of various modes of transportation, depending upon factors of capital and operating cost, load, speed, etc.
But when transportation planning is not based on facts obtained from an economic viability study, planning becomes ad hoc and essentially wish-list-based. Wish-list planning is based upon “it-would-be-nice-if” thoughts and ideas, which some might call dreaming. In this context, consider the dream of Mysuru's air connectivity with Bengaluru ... and why not with Goa, Mumbai, Chennai, Delhi ... ? Dreams involving public money, must be backed by careful planning and understanding of economic realities, with public transparency.
There is nothing wrong with having a wish-list; almost everybody has one. But converting items on a wish-list into agenda points involving public expenditures by using political influence is not the way forward in a cash-strapped economy with a skewed budget. There are better ways to budget and spend public money for fuel-efficient, rapid and cheap transportation of large numbers of people between Mysore and Bengaluru, than to cater for expensive air transportation for limited numbers of people.
Bharat Ratna Sir M.Visveswaraya, Master Planner and Engineer par excellence, whose name is legend especially in Mysore, might have questioned the way in which Mysore's airport has been planned in recent years. Sir M.V. would never have countenanced wish-list planning without economic analysis. Hard facts are often uncomfortable, but accepting hard facts is a sign of maturity, especially for planners and persons in positions of power.
Mandakalli's chequered history
Mysore's Mandakalli airstrip was built in 1948, and handled minimal Vayudoot feeder air traffic from and to Bangalore upto around 1985, when even this miminal traffic ceased. However, stakeholders who had Mysore's air connectivity on their wish-list played the Dasara & tourism card, and succeeded in talking Jet Airways and Kingfisher Airlines into showing interest in operating services between Bengaluru and Mysuru. This resulted in government investing Rs.82 crores to extend the runway to 1.85-km length, plus constructing a security boundary wall, a regular passenger terminal and ATC facility. The upgraded airport was inaugurated in May 2010 by Karnataka chief minister B.S.Yediyurappa. There is no evidence that any prior economic feasibility study was conducted to justify the investment.
It took till December 2010 to persuade Kingfisher Airlines to begin operating daily flights between Bengaluru and Mysuru; other carriers did not see it as commercially viable. But due to inadequate passenger load, the Kingfisher service ceased in November 2011. Renewed attempts to start-up again succeeded when Spice Jet service began 3-flights-a-week operations, starting January 2013. But this too ceased in October 2014, as Spice Jet was unable to sustain operations because of inadequate passenger demand.
Very soon thereafter, a newly-elected people's representative was persuaded to take up Mysore's air connectivity problem with the central government. His effort was rewarded by success, with Air Alliance (Air India's subsidiary) agreeing to operate the Mysuru-Bengaluru sector. An newspaper headline, “Mysuru back on the air map”, reported that on September 4, 2015, several influential politicians arrived at Mysuru by an Air Alliance flight.
Regular 6-days-a-week flights began in October 2015, but yet again, air traffic was “temporarily suspended” on November 17, 2015, reportedly due to “low passenger traffic”. However, the Mandakalli Airport Director assigned the suspension to “technical reasons”.
Innovatively encouraging loss
From the foregoing, one can easily deduce that Mandakalli Airport's start-stop-flip-flop air connectivity continues to be economically unviable due to inadequate passenger traffic. Successive private airlines on the Mysuru-Bengaluru sector have ceased operations because cash fares received from passengers did not cover operating costs and overheads. But Air Alliance being a public sector airline, it can be “persuaded” to operate the sector by subsidizing the loss by profits from another sector. However, if subsidy internal to the carrier is not possible, and government insists on its operating the loss-making sector, it has to provide the subsidy to cover the loss.
Tourism and Heavy Industries Minister R.V.Deshpande, who was on Air Alliance's inaugural flight on September 4, 2015, had declared: “To encourage the public flight carrier, the government will pay an incentive of Rs 9.5 lakh per month to Air India as a “viability gap funding” up to one year as per an agreement”. The subsidy, innovatively named viability gap funding (VGF), admits that the Mysuru-Bengaluru sector is not viable. This “incentive” is supposedly spent in the public interest. Besides such questionable budgetting and expenditure of public funds – albeit “only” Rs.1.2 crores per year – the larger question of which section of the public benefits from this could be politically embarrassing for a government which cannot find funds for drought relief, farmers, schools, health facilities, etc.
The proponents of air connectivity advance the argument that Mysuru is not attracting sufficient passengers because the existing 1.85-km runway is insufficient to permit operation of larger aircraft to and from destinations beyond Bengaluru. They demand extending its length to 2.4-km. The argument is not backed by any economic analysis, and is no different from the “wish-list-planning” which led to the previous investment.
The Rs.82 crores investment was made in BJP times, while the move to further extend the runway to 2.4-km for larger aircraft, calling for another huge investment, is under the present Congress dispensation. But the proponents of uneconomical air connectivity remain influential to push their “wish-list-planning” onto the budget and the works agenda, regardless of which party is in power.
An additional issue
Extension of Mandakalli runway to 2.4-km will interfere with NH-212. Widening of NH-212 to 15-m width by NHAI between Nanjangud and Mysore was held up near Mandakalli, because the proposed runway extension required realignment of a portion of NH-212. However, problems of time- and cost-overruns for NHAI due to land acquisition, resulted in shelving the runway extension and resuming NH-212 widening.
But the present renewed proposal visualizes construction of a 20-m wide road tunnel under the runway to overcome interference with NH-212, with funding from the airport project. Estimated at Rs.520 crores, it will add substantially to the investment necessary for Mandakalli airport, besides causing enormous inconvenience and hazard to already hazardous and congested road traffic on this stretch of NH-212 during contruction. And during normal operation it will require expensive security at the tunnel ends and cause drainage problems in the tunnel. This factor, just like the economic viability of air operations, has not been considered. The proposal for the road tunnel under the extended runway amounts to more “wish-list-planning” to spend more good money on an unviable project.
End note
At different times in Mandakalli's history, different airlines have found it economically unviable to operate air services on the Mysuru-Bengaluru sector. This would have become apparent if an economic feasibility study were conducted. But sadly, “wish-list-planning” continues to reign supreme.
The Rs.82 crore investment caused an increase in recurring maintenance cost of the airport due to salary costs of ATC, management and security staff, plus maintenance of permanent assets created. This on-going cost is already not recoverable from flight operations, and further upgradation of Mandakalli airport will increase the deficit due to increased maintenance costs for upkeep of an unviable airport.
There appears little justification for GoK to insist on operating – and perhaps also extending and upgrading at enormous cost – an airport which will become almost redundant when the doubled and electrified Bengaluru-Mysuru rail link can provide far better connectivity for passengers at Kempegowda Airport to and from Mysuru than Mandakalli can provide.
Major General S.G. Vombatkere, VSM, retired in 1996 as Additional DG Discipline & Vigilance in Army HQ AG's Branch. He holds a PhD degree in Structural Dynamics from I.I.T, Madras. With over 450 published papers in national and international journals and seminars, his current area of interest is strategic and development-related issues. E-mail: sg9kere@live.com
016 - “SC ruling exposes chinks in Aadhaar”; City Today, Mysore; September 25, 2013 - Vombatkere, S.G.,
Vombatkere, S.G., “SC ruling exposes chinks in Aadhaar”; City Today, Mysore; September 25, 2013, p.12.
015 - “Aadhaar stalled”; The Hindu; September 25, 2013 - Vombatkere, S.G.,
Vombatkere, S.G., “Aadhaar stalled”; The Hindu; ; September 25, 2013, Op-Ed Page, p.11.
September 25, 2013
The interim order on not issuing the cards to undocumented migrants will come in the way of enrolling the poor
The Supreme Court issued an interim order on September 23, 2013, on a public interest litigation challenging certain aspects of the UID Aadhaar project. As reported by the media, the interim order brings out two main points: (1) Aadhaar enrolment of immigrants living in India without proper papers should not be done, and (2) Central and State governments must not deny essential services and benefits solely on the basis of non-enrolment in the project.
The introducer
The first point concerns the Aadhaar system itself. An Aadhaar applicant needs to provide proof of identity (including age) and address using one of several approved documents, such as an electoral photo identity card or passport, before his/her biometrics are captured. But very poor people, for example pavement dwellers, may have no identity document with proof of age, and certainly no address. However, the Aadhaar system caters to such people with the Registrar (State government) notifying a trained introducer who, in effect, contacts the enrolment centre staff, vouching for the person who states that he is Mr. X of so-and-so address is indeed Mr. X of that address.
Thus, the biometrics captured are shown to belong to Mr. X with those details. In practice, the introducer may know only a fraction of the people without such documents who apply for the Aadhaar card by sight or acquaintance, and he/she could unwittingly introduce an immigrant without proper documentation. Even if the introducer knows Mr. X by sight or acquaintance, he has really no means to know whether he is a citizen or a legal resident. The apex court’s order that immigrants without proper documentation must not be enrolled effectively puts introducers “out-of-business,” and thus the poor who have no documents cannot be enrolled. Clearly, the Aadhaar project has not foreseen the risk of immigrants without proper documentation getting themselves enrolled, with attendant security risks.
Benefits
The second point concerns benefits, since the court has said “the Centre and State governments must not insist on Aadhar cards from citizens before providing them essential services.” Thus, for example, oil companies will need to supply LPG cylinders by receiving the subsidised cost at delivery for customers who are not Aadhaar-enrolled, and Public Distribution System ration shops will need to provide rations to entitled persons on the basis of valid ration cards.
The UIDAI may appeal against the apex court’s order especially since Rs.50,000 crore has been spent. Meanwhile, the interim order requires the Central and State governments to provide essential services and benefits to the public without insisting on Aadhaar enrolment.
(Major General S.G. Vombatkere, who retired as Additional Director General, Discipline & Vigilance in Army HQ, New Delhi, writes on strategic and development-related issues.)
“Aadhaar for Birth, Marriage and Death”; Mainstream, New Delhi, Vol LI No 16, April 6, 2013 - Vombatkere, S.G.,
Vombatkere, S.G., “Aadhaar for Birth, Marriage and Death”; Mainstream, New Delhi, Vol LI No 16, April 6, 2013, p.5.
014 - “UID-Aadhaar – A Critique”; National Seminar on Managerial Challenges in Implementing the Aadhaar Program in India; Amrita Vishwa Vidyapeetham, Mysore; April 26, 2013.-Vombatkere, S.G.,
Vombatkere, S.G., “UID-Aadhaar – A Critique”; National Seminar on Managerial Challenges in Implementing the Aadhaar Program in India; Amrita Vishwa Vidyapeetham, Mysore; April 26, 2013.
“Aadhaar for Birth, Marriage and Death”; Mainstream, New Delhi, Vol LI No 16, April 6, 2013 - Vombatkere, S.G.,
Vombatkere, S.G., “Aadhaar for Birth, Marriage and Death”; Mainstream, New Delhi, Vol LI No 16, April 6, 2013, p.5.
013 - “UID-Aadhaar – Extra-legal Coercion”; Frontier Weekly, Kolkata; March 24-30, 2013 - Vombatkere, S.G.,
Vombatkere, S.G., “UID-Aadhaar – Extra-legal Coercion”; Frontier Weekly, Kolkata; March 24-30, 2013; p.12-14.
“Aadhaar for Birth, Marriage and Death”; Star of Mysore; March 27, 2013- Vombatkere, S.G.,
Vombatkere, S.G., “Aadhaar for Birth, Marriage and Death”; Star of Mysore; March 27, 2013; p.12.
012 - “Aadhaar for Birth, Marriage and Death” - Countercurrents.org; March 25, 2013 - Vombatkere, S.G.,
- Vombatkere, S.G., “Aadhaar for Birth, Marriage and Death”; <http://www.countercurrents.org/vombatkere120325.htm>; Countercurrents.org; March 25, 2013.
010 - “UID - Some Questions to Mr. Nilekani“; - India Resists - Vombatkere, S.G.,
S. G. VOMBATKERE | The Hindu
EYES WIDE SHUT: Retaining biometric efficiency of data on a large scale does not seem to have been analysed while queries on privacy have not been addressed.
The architects of the unique identification scheme are yet to provide satisfactory answers to concerns about data security
The Aadhaar scheme of the Unique Identification Authority of India (UIDAI) is to provide Indias billion-plus people with a unique identification number. Enrolment is not mandatory, though it was mentioned that it would be difficult for people to access public services if not done. The scheme requires individuals to provide their photograph, fingerprints and iris scan along with documentary personal information for data capture by outsourced operators. It is meant to bypass the corrupt bureaucratic system and deliver government subsidies and grants to the poor, and bring them into the banking system. Sceptics argue that it is an effort to capture the funds of hundreds of millions of micro- and nano-investors who are today outside the banking system, to bring them into the credit economy.
The scheme was introduced as a pilot project in Karnatakas Mysore district. The poor and those who survive on daily wages were not enthusiastic about enrolment, because it meant losing four or five days wages, to stand in queues, to fill up forms, to produce documents, to provide biometrics, etc., and, later, to open bank accounts. The UIDAI overcame the initial reluctance by wide advertisement of the benefits of enrolment. When this too did not achieve the target set, the local administration informed the public that PDS ration and LPG supply would not be available without the Aadhaar number. This resulted in serpentine queues right through the day at enrolment centres, at the end of which the UIDAI could claim that 95 per cent of Mysore districts population had enrolled itself into the scheme.
Media reports indicate that commencing January 1, 2013, MGNREGA, the Rajiv Gandhi Awas Yojana (RGAY), the Ashraya housing scheme, Bhagyalakshmi and the social security and pension scheme will be linked with Aadhaar in Mysore district. This linking, with rights like salary and pension, and important entitled benefits and services, has raised some hackles because enrolment is not mandatory.
It has led to questions on whether salary and pension rights, and benefits like PDS ration and LPG supply can be denied just because an individual does not possess a unique Aadhaar number. Today, teachers in Maharashtra and government employees in Jharkhand cannot draw their salaries. Apart from pro-poor projects like MGNREGA and RGAY, even jobs, housing, provident funds and registering a marriage now require enrolment. From being not mandatory, the poor-inclusive Aadhaar scheme appears to have quietly metamorphosed into becoming exclusionary and non-optional.
The UIDAIs own Biometrics Standards Committee stated that retaining biometric efficiency for a database of more than one billion people has not been adequately analysed and the problem of fingerprint quality in India has not been studied in depth. Thus the technological basis of the project remains doubtful.
Criticism from the top
However, the severest critic of the entire scheme has been the Parliamentary Standing Committee on Finance (PSCF), which deliberated that the Aadhaar scheme is full of uncertainty in technology as the complex scheme is built upon untested, unreliable technology and several assumptions. It found Aadhaar to be directionless and conceptualized with no clarity. But the UIDAI shelters under the Prime Ministers protective wing and continues to stonewall not only public queries and criticism, but also the unequivocal verdict of the PSCF.
Possibly even more serious is data security, and the consequent threat to privacy. The UIDAI claims that access to its database will be secure from intelligence agencies. This claim is hollow, because the Aadhaar project is contracted to receive technical support from L-1 Identity Solutions (now MorphoTrust USA), a well-known defence contractor. Contracts are also awarded to Accenture Services Pvt. Ltd., which works with the U.S. Homeland Security, and Ernst & Young to install the UIDAIs Central ID Data Repository. It is impossible to ensure database security when technical providers are American business corporations, and U.S. law requires them to provide information demanded of them, to U.S. Homeland Security. But the UIDAI is in denial.
If biometric data and other personal information fall into the hands of unauthorised agencies, privacy is unequivocally compromised. Compromising an individuals personal data affects only that person, but when the personal data of many millions of people is involved, there is potential for a national disaster. The fact that the UIDAI is silent on or evasive about these security concerns does not inspire confidence in the capability of the UIDAI or the Aadhaar system to maintain the right to personal privacy.
Though the Aadhaar project is not mandatory, enrolment by threat of exclusion from availing benefits and services, and threat of denial of rights like salary or pension makes it non-optional. This kind of deviousness is unbecoming of a democratically elected government. Coming on top of many huge scams, the present government may suffer electorally if it persists in using unethical, extra-legal coercion to impose the security-defective, technologically unproven, very expensive UID Aadhaar scheme on the public.
(Major General S.G. Vombatkere, who retired as Additional Director General, Discipline & Vigilance in Army HQ, New Delhi, writes on strategic and development-related issues.)
009 - “Questions for Mr. Nilekani“; The Hindu, OpEd; February 6, 2013 - Vombatkere, S.G.,
February 6, 2013
Updated: February 6, 2013 00:30 IST
The architects of the unique identification scheme are yet to provide satisfactory answers to concerns about data security
The Aadhaar scheme of the Unique Identification Authority of India (UIDAI) is to provide India’s billion-plus people with a unique identification number. Enrolment is not mandatory, though it was mentioned that it would be difficult for people to access public services if not done. The scheme requires individuals to provide their photograph, fingerprints and iris scan along with documentary personal information for data capture by outsourced operators. It is meant to bypass the corrupt bureaucratic system and deliver government subsidies and grants to the poor, and bring them into the banking system. Sceptics argue that it is an effort to capture the funds of hundreds of millions of micro- and nano-investors who are today outside the banking system, to bring them into the credit economy.
The scheme was introduced as a pilot project in Karnataka’s Mysore district. The poor and those who survive on daily wages were not enthusiastic about enrolment, because it meant losing four or five days wages, to stand in queues, to fill up forms, to produce documents, to provide biometrics, etc., and, later, to open bank accounts. The UIDAI overcame the initial reluctance by wide advertisement of the benefits of enrolment. When this too did not achieve the target set, the local administration informed the public that PDS ration and LPG supply would not be available without the Aadhaar number. This resulted in serpentine queues right through the day at enrolment centres, at the end of which the UIDAI could claim that 95 per cent of Mysore district’s population had enrolled itself into the scheme.
Media reports indicate that commencing January 1, 2013, MGNREGA, the Rajiv Gandhi Awas Yojana (RGAY), the Ashraya housing scheme, Bhagyalakshmi and the social security and pension scheme will be linked with Aadhaar in Mysore district. This linking, with rights like salary and pension, and important entitled benefits and services, has raised some hackles because enrolment is not mandatory.
It has led to questions on whether salary and pension rights, and benefits like PDS ration and LPG supply can be denied just because an individual does not possess a unique Aadhaar number. Today, teachers in Maharashtra and government employees in Jharkhand cannot draw their salaries. Apart from pro-poor projects like MGNREGA and RGAY, even jobs, housing, provident funds and registering a marriage now require enrolment. From being not mandatory, the “poor-inclusive” Aadhaar scheme appears to have quietly metamorphosed into becoming exclusionary and non-optional.
The UIDAI’s own Biometrics Standards Committee stated that retaining biometric efficiency for a database of more than one billion people “has not been adequately analysed” and the problem of fingerprint quality in India “has not been studied in depth.” Thus the technological basis of the project remains doubtful.
Criticism from the top
However, the severest critic of the entire scheme has been the Parliamentary Standing Committee on Finance (PSCF), which deliberated that the Aadhaar scheme is “full of uncertainty in technology as the complex scheme is built upon untested, unreliable technology and several assumptions.” It found Aadhaar to be “directionless” and “conceptualized with no clarity.” But the UIDAI shelters under the Prime Minister’s protective wing and continues to stonewall not only public queries and criticism, but also the unequivocal verdict of the PSCF.
Possibly even more serious is data security, and the consequent threat to privacy. The UIDAI claims that access to its database will be secure from intelligence agencies. This claim is hollow, because the Aadhaar project is contracted to receive technical support from L-1 Identity Solutions (now MorphoTrust USA), a well-known defence contractor. Contracts are also awarded to Accenture Services Pvt. Ltd., which works with the U.S. Homeland Security, and Ernst & Young to install the UIDAI’s Central ID Data Repository. It is impossible to ensure database security when technical providers are American business corporations, and U.S. law requires them to provide information demanded of them, to U.S. Homeland Security. But the UIDAI is in denial.
If biometric data and other personal information fall into the hands of unauthorised agencies, privacy is unequivocally compromised. Compromising an individual’s personal data affects only that person, but when the personal data of many millions of people is involved, there is potential for a national disaster. The fact that the UIDAI is silent on or evasive about these security concerns does not inspire confidence in the capability of the UIDAI or the Aadhaar system to maintain the right to personal privacy.
Though the Aadhaar project is “not mandatory,” enrolment by threat of exclusion from availing benefits and services, and threat of denial of rights like salary or pension makes it non-optional. This kind of deviousness is unbecoming of a democratically elected government. Coming on top of many huge scams, the present government may suffer electorally if it persists in using unethical, extra-legal coercion to impose the security-defective, technologically unproven, very expensive UID Aadhaar scheme on the public.
(Major General S.G. Vombatkere, who retired as Additional Director General, Discipline & Vigilance in Army HQ, New Delhi, writes on strategic and development-related issues.)
008 - “Government forcing down Aadhaar by threatening exclusion from benefits & services?”; Money Life - Vombatkere, S.G.,
Moneylife; January 30, 2013.
Government forcing down Aadhaar by threatening exclusion from benefits, services?
MONEYLIFE DIGITAL TEAM | 29/01/2013 03:48 PM
007 - “UID Aadhaar Project is said to be not mandatory”- Asian Tribune; January 29, 2013 - Vombatkere, S.G.,
Vombatkere, S.G., “UID Aadhaar Project is said to be not mandatory”; <http://www.asiantribune.com/node/61397>; Asian Tribune; January 29, 2013.
Tue, 2013-01-29 01:40 — editor
Mysore, 29 January, (Asiantribune.com):
Though UID Aadhaar project is said to be “not mandatory”, it appears to be aimed squarely at being made non-optional, and is being forced on the public by using threat of exclusion from availing benefits and services, and threat of denial of rights like salary or pension, amounting to devious coercion unbecoming of a democratically elected government.
Maj Gen S.G.Vombatkere (Retd) in a letter addressed to President of India with copies to the Prime Minister of India, Governor of Karnataka and Chief Minister of Karnataka further pointed out in his letter that UID Aadhaar project is technically deficient (bio metrics unproven), a security risk, and invasive of privacy, besides directly going against the advice of the Parliamentary Standing Committee on Finance (PSCF), which has people's representatives from all political parties.
Given below the full text of the letter addressed to the President of India is given below:
The cause for this letter
1.1 I am a pensioner, having retired in 1996, living in Mysore, Karnataka. Mysore is one of the districts chosen for the first phase of implementation of the UID Aadhaar project, under which, according to Deccan Herald, Bangalore, newspaper dated September 24, 2012, UIDAI claims that about 95% of the population has enrolled into the scheme. The same newspaper report states that “the Mahatma Gandhi National Rural Employment Scheme (MGNREGS) and the Rajiv Gandhi Awaz Yojana, the Ashraya housing scheme, Bhagyalakshmi and the social security and pension scheme“ will be implemented as a pilot project in Mysore district commencing January 1, 2013.
1.2 I have been informally advised that I should enroll myself into the UID Aadhaar scheme to get myself a UID Aadhaar card and number, since I may be unable to draw my pension without it. However, I understand and believe that my pension is protected by extant law, and Article 21 of the Constitution of India which protects my personal liberty, and hence my pension cannot be denied to me on the basis of not enrolling myself into the UID Aadhaar scheme.
1.3 The reasons I object to enrolment in the UID Aadhaar scheme are that:
1.3.1 Even though enrolment is stated to be “not mandatory”, provision of civic services like LPG supply, and now disbursement of pension, are unfairly and coercively being made contingent upon enrollment in the UID Aadhaar scheme, in violation of my rights, and
1.3.2 My right to privacy will be compromised by providing my biometrics and other personal details to the UID system, whose data security is in doubt.
1.4 I apprehend that I will personally be confronted by this unethical, devious manner of forceful enrolment into the not-mandatory UID Aadhaar scheme, and be denied my pension. I am presenting my detailed arguments below, which I request you to peruse.
2.Arguments
2.1 UID Aadhaar scheme is not mandatory.
2.1.1 UIDAI has announced that enrolment in the UID Aadhaar scheme is not mandatory, but it also mentions that it will be difficult for people to access public services in the absence of enrollment. Far from offering inclusion, the UID Aadhaar scheme threatens exclusion from rights, benefits and services. Thus, obviously based upon instructions issued by functionaries of the central and state governments, citizens' rights or government benefits and services are being linked to the UID Aadhaar number.
2.1.2 The following few examples suffice to show the links over a variety of instances connected with the not-mandatory UID Aadhaar enrolment:
2.1.2.1 Registering a marriage at the Kapashera Sub-Magistrate's Office was not permitted without an Aadhaar number, even when other documents of identification were made available [“To register marriage, get Aadhaar first”; Indian Express, New Delhi, January 23, 2013;
].
2.1.2.2 The Employees Provident Fund scheme has become Aadhaar-linked [“Provident fund to be Aadhaar-based now“; Times of India, Nagpur; January 23, 2013]. This has been objected to, by trade unions and others.
2.1.2.3 Aadhaar number has been linked to jobs, housing and MNREGA in Karnataka [“Aadhaar to be linked to jobs, housing, pension schemes”; Deccan Herald, Bangalore, September 24, 2012], and people are protesting against the UID Aadhaar scheme. The Deccan Herald report goes on to state, “Despite wide protests against UID, the official believes its second phase will generate interest when it starts enrolments from October 20”, and “'Had it not been for large-scale protests, the UID?project would have covered at least 85 percent of the population across the State,'?he said”.
2.1.2.4 The Times of India, Ranchi, August 28, 2012, reported: “Several months after the Unique Identification Authority of India (UIDAI) started its project for enrolment and distribution of Aadhaar cards to citizens in Jharkhand, the state government has now decided to make it mandatory for payment of salary and pension to state employees. The move seems to have given the necessary impetus to the enrolment process which was, otherwise, slow during the second phase”.
2.1.2.5 Teachers in Thane, Maharashtra, were denied salaries in the absence of Aadhaar number [“No UID, no salary, Thane teachers told“; Times of India, Mumbai, August 26, 2011].
2.1.3 The foregoing few representative examples demonstrate how government functionaries or officials are using the threat of exclusion from authorized benefits and services, or actually denying the rights of salary or pension, to force enrolment. This appears to be a ploy to give impetus to the not-mandatory UID Aadhaar scheme which would otherwise not attract people. Indeed, after using such devious coercive means, UIDAI has announced that the UID Aadhaar scheme is popular among people because the enrolment is high. But since enrolment into the UID Aadhaar scheme is not mandatory, as a citizen of a democratic nation, I am opposed to being forced into it by such extra-legal, unethical, coercive methods.
2.2 Biometrics, data security and privacy.
2.2.1 It remains unclear, even doubtful, whether biometry-information technology – the technological cornerstone of the project – is capable of the gigantic task of de-duplication in a billion-plus population. This is true in view of UIDAI's Biometrics Standards Committee itself having noted that retaining biometric efficiency for a database of more than one billion persons “has not been adequately analysed” and the problem of fingerprint quality in India “has not been studied in depth”. Further, it is well established that fingerprints of people who do manual work are often worn out or even missing, as with rural agricultural workers or urban domestic workers. These people, who are in enormous numbers and declared beneficiaries of the UID Aadhaar scheme, will not be able to receive social and other benefits even if they succeed in enrolling into the UID Aadhaar scheme.
2.2.2 The Parliamentary Standing Committee on Finance (PSCF) had expressed concern on biometrics, stating that collection of biometric information and linking it with personal information is not within the ambit of the Citizenship Act 1955 and Citizenship Rules 2003, and hence “needs to be examined in detail by Parliament”. The PSCF urged government to “reconsider and review the UID scheme as also the proposals contained in the Bill in all its ramifications and bring forth a fresh legislation before Parliament”.
Further, the PSCF has opined that the UID Aadhaar scheme is “full of uncertainty in technology as the complex scheme is built upon untested, unreliable technology and several assumptions”. Indeed, the PSCF found the UID Aadhaar project to be “conceptualized with no clarity” and “directionless”. The reference is to biometrics technology, which has been found to be unreliable in several scientific studies. To neglect the opinion of Parliament and not even review the UID project amounts to contempt of Parliament, the supreme organ of our democracy. It is incumbent upon government to reveal the steps taken to protect the privacy of citizens before acquiring biometric information.
2.2.3 The security of biometric data and other information acquired by UIDAI is in question for the following reasons:
2.2.3.1 The UID Aadhaar system can provide the link between various data bases and it will inevitably be at the core of a system which will enable profiling and tracking any citizen, to serve the clandestine purposes of India's security or intelligence agencies, or to corporate business interests.
2.2.3.2 UIDAI and UID Aadhaar promoters claim that access to its data base will not be permitted to any agency, and will be secure from intelligence agencies. However, this claim is hollow, because the Aadhaar project is contracted to receive technical support from L-1 Identity Solutions Inc., a US-based intelligence and surveillance corporation whose top executives are acknowledged experts in the US intelligence community, as revealed in the corporation's website. According to the UIDAI website, among other companies awarded contracts for collaboration in the Aadhaar project, are Accenture Services Pvt Ltd., which works with US Homeland Security, and Ernst & Young (which will set up UIDAI's Central ID Data Repository (CIDR)). Further, it is well known that US law requires all agencies to provide any information demanded of them to the US Homeland Security Agency, when asked. Thus, it is arguably impossible to ensure the security of sensitive national information when the technical provider or consultant is not a government body but a business corporation with strong connections to the intelligence organization of another country,K/u> and which may, according to law, be constrained to part with information that it may have legally or illegally acquired when it worked as UIDAI's contractor.
2.2.4 If biometric data and other information of people falls into the hands of unauthorized agencies, personal privacy is unequivocally compromised. The fact that UIDAI has no answer to the security hazards pointed out to it, and is silent or evasive on the subject, does not inspire confidence in the capability of UIDAI or the UID Aadhaar system to maintain personal privacy rights. This is quite apart from the plethora of scientific data available that shows how fingerprints are not reliable indicators of unique identity. In view of all the foregoing, I fear for violation of my personal right to privacy by enrolling into the UID Aadhaar scheme.
3. My earnest, urgent requests
3.1 I have argued above that the UID Aadhaar project is technically deficient (biometrics unproven), a security risk, and invasive of privacy, besides directly going against the advice of the Parliamentary Standing Committee on Finance (PSCF), which has people's representatives from all political parties. Though the UID Aadhaar project is said to be “not mandatory”, it appears to be aimed squarely at being made non-optional, and is being forced on the public by using threat of exclusion from availing benefits and services, and threat of denial of rights like salary or pension, amounting to devious coercion unbecoming of a democratically elected government.
3.2 Further, the UID Aadhaar project is unsupported by law. You would be aware that when the National Identification Authority of India Bill 2010 was presented to Parliament, the PSCF did not merely reject the Bill, but also stated that the UID Aadhaar project itself should be returned to the drawing board.
3.3 In view of the foregoing arguments, and since my pension is likely to be denied to me because of my not having an Aadhaar number, I urgently and earnestly request you to
3.3.1 Issue immediate, unambiguous orders to the concerned union ministries and state governments, that making UID Aadhaar enrolment necessary for receiving rightful entitlements like pension and salary, and food-and-water, health, education, civil supplies and other welfare benefits, be stopped with immediate effect.
3.3.2 Widely publicize the orders at central government and state government levels, so that people may make a personal choice whether or not to enrol into the UID Aadhaar scheme to obtain a UID Aadhaar number.
3.3.3 Monitor the implementation of these orders in the best interests of the freedom of Indian citizens.
Yours faithfully,
(Maj Gen S.G.Vombatkere (Retd))
- Asian Tribune -
“UID Aadhaar – As If People Matter”, The Colloquium; June 22, 2012.- Vombatkere, S.G.,
Vombatkere, S.G., “UID Aadhaar – As If People Matter”, The Colloquium; <http://thecolloquium.net/colloquium/index.php?option=com_content&view=article&id=247:uid-aadhaar-as-if-people-matter&catid=76:in-focus&Itemid=308>; June 22, 2012.
006 - “Rathnamma's Story: UID Aadhaar & LPG Supply”, Star Of Mysore; March 25, 2012 - Vombatkere, S.G.,
Vombatkere, S.G., “Rathnamma's Story: UID Aadhaar & LPG Supply”, Star Of Mysore; March 25, 2012; p.10.
- “The UID Aadhaar Project: System Design and Security Considerations”; Ground Report India, New Delhi, 15 Jan-14 Apr 2012 Vombatkere, S.G.,
Vombatkere, S.G., “The UID Aadhaar Project: System Design and Security Considerations”; Ground Report India, New Delhi, Vol 1, Issue 2, 15 Jan-14 Apr 2012; pp.82-86.
005 - “Letter to Nandan Nilekani”, Mainstream, New Delhi, Vol XLIX No 41, October 1, 2011.Vombatkere, S.G.,
Vombatkere, S.G., “Letter to Nandan Nilekani”, Mainstream, New Delhi, Vol XLIX No 41, October 1, 2011.
“UID Aadhaar As If People Matter”, Mainstream, New Delhi, Vol XLIX No 39, September 17, 2011 -Vombatkere, S.G.,
Vombatkere, S.G., “UID Aadhaar As If People Matter”, Mainstream, New Delhi, Vol XLIX No 39, September 17, 2011, p.7-9.
004 - UID Aadhaar As If People Matter By S.G.Vombatkere 08 August, 2011 Countercurrents.org
08 August, 2011
Countercurrents.org
Media reports
The UID Aadhaar project planning and system design shortcomings and security risks at the national (or macro) level have been discussed elsewhere [ Ref.1 ]. The present article views the Aadhaar project at the system operational level, with practical considerations based on observed and probable functioning at the service delivery end.
Consider the following report in a local daily “The Mysore Bugle”:
Food riots: PDS outlet vandalized
Mysore : August 2, 2015. The PDS outlet in Ashokpuram was vandalized by persons who were waiting in the queue for over four hours for ration. The equipment for verifying fingerprints and iris scan was damaged and the shopkeeper was beaten. The police came on the scene just in time to prevent the PDS outlet from being burned down. Police arrested four persons alleged to have started the violence, and cases have been registered against them for criminal assault and attempted arson. The reporter spoke with some of the people there. Manjula (name changed) aged 66, lamented, “Earlier we showed our ration card and that was sufficient for each person to be issued ration. Now fingerprints are to be checked and this takes a long time for each person. If the machine does not accept the fingerprint, the person is asked to wait until others are served. Today, after four hours waiting, only forty people were issued ration. People have to leave their homes and their work to stand in long queues, especially difficult in the monsoon. The Aadhaar scheme has made the problems of ration drawal worse. I am dissappointed.”
Enquiries from other PDS outlets revealed that authentication of fingerprints is time-consuming sometimes because of no electric power or system not responding or fingerprint machine accepting the fingerprint only after repeated trials. Similar delays and problems were reported in RTO Office and other government offices where Aadhaar identity had to be established. When this was brought to his notice, the Deputy Commissioner promised to approach the UID authorities to solve the problems.
Now consider another report in a national daily “Modern India”:
Secretary level official indicted by Lokayukta in Aadhaar scam
Bangalore : August 4, 2015. According to a leaked Lokayukta report, a senior state government official was indicted for procuring 56,000 allegedly sub-standard fingerprint and iris-scan machines at a cost of Rs.450 crores for two districts of Karnataka to enable the Aadhaar system to operate. Such large-scale procurement results from the need to provide all static outlets for food, banks, etc., and also mobile equipment as for example for LPG delivery men to authenticate the recipient of the LPG refill. Consumers have claimed that LPG delivery men are making them pay upto Rs.50 more because their “fingerprints do not match” the data stored on his portable machine. Whether this is due to machine defects or a means to extort money may be established when the results of tests on sample machines are received from a national laboratory.
Are these news reports unrealistic? Rewind to 2011. It is common knowledge that bank or ATM transactions sometimes take very long because the “system is not responding” due to system access overload or the “network is down” due to system or sub-system malfunction. This also happens at railway reservation counters and other places, but these offices never stop functioning due to power failure because they have standby battery-inverter power. However, Aadhaar systems at the service provider level e.g., PDS rations, NREGA payments, LPG delivery, public hospitals, etc., will be vulnerable to power failure besides local equipment malfunction, system shortcomings and authentication failure. Simultaneous access by many tens of thousands of service providers from all over India into the UID system for authentication of data can cause system overload because of insufficient bandwidth (system inadequacy) or sub-system (local, regional or state level) failure.
People in the system
People in the Aadhaar system range from highly qualified high-income people at government and corporate level who plan and design, to unlettered “infra-poor” BPL people, with variously qualified middle class people in between to do the implementation, operation and run-and-fetch jobs.
Thus, even if the entire hardware-software system from UID central data repository to the service provider at the consumer end is fully functional, system design is incomplete if it does not take people and society (“skinware” in systems language would include recipients and governmental and non-governmental providers of public benefits) into account. It has been argued that the UID Aadhaar system at the macro level has been inadequately planned and designed [ Ref.1 ]. But further, it has not considered the people whom it is expected to benefit and the people who will dispense those benefits. Skinware is very much a part of the system, and the manner in which people will avail of benefits that the system may provide should be considered when designing the overall system. This suggestion is not something new or revolutionary; it is simply part of well-established methods of system study, analysis and design. Let us therefore consider on-the-ground situations.
Practical considerations
Experience when registering identity for obtaining the Aadhaar card is that it takes each individual around five minutes to place his/her fingers on the machine repeatedly until the system accepts the fingerprints and also carry out the iris scan. Although this time is large considering the population to be registered, it may still be justified as it is a one-time process. This writer's personal experience for medical treatment at an ECHS Polyclinic, is that the system often requires several applications of the thumb on the machine, taking 3 to 4 minutes to match one thumb print before medical treatment can be availed. [The operator knows the identity of this writer and hence asks for repeated pressing of the thumb if it does not work the first time, while others in the small queue wait their turn]. In a dozens-long queue of common people for NREGA payment or at a ration shop or public hospital, such delays will not be treated with patience. It will surely take similar time for each person's 10 fingerprints to be recorded and electronically compared with the local record or master record in the central UID data repository [ Note 1 ]. With scores of people in queue, a mismatch will have people in line shouting for their turn and can well create a law and order situation. And the “mismatched” person would possibly get her turn again after hours or be asked to “come tomorrow”. (Of course, there is the time-tested way out of such problems – for a consideration the ration shop owner could “admit” the matching at his discretion). Even without accounting for power failure or machine malfunction or system slowdown, how much time would be taken to match fingerprints of one person on an average at a ration shop or on a LPG delivery man's portable machine, are anybody's guess. These glitches will inevitably provide avenues of opportunity for corrupt providers who may or may not be government servants. All this would be a part of overall system performance, and affect the delivery of benefits that are the stated basis of the Aadhaar scheme. Only a system study of such conditions will indicate whether the Aadhaar scheme will be more efficient or public-friendly than the current systems that deliver public benefits.
Aadhaar beneficiaries
The foregoing is not to deny the assured benefits of the Aadhaar project. It will surely provide enormous but really enormous IT hardware and software business opportunity for manufacture, operation and servicing of base station and mobile instruments and accessories in their many millions for fingerprint and iris matching. Such business will also generate low-paid jobs at the operational levels. Resorting to more technological solutions to overcome technical problems (like providing battery-inverters to ration shops) will merely raise the capital and operational costs without addressing the “people” end of the problem. Moreover, they will not solve or even address the food security problem of the “infra-poor”, most of whom will likely not benefit by the Aadhaar system in terms of better access to food or other targetted BPL benefits. Since Aadhaar is a national scheme, the capital and running expenditures will fall on the public exchequer, and the cash benefits will flow to the IT sector.
Taking an overall systems view of the Aadhaar project at BPL beneficiary levels, it would appear that public expenditure in creating, operating and maintaining the scheme would far exceed the gains. This is apart from the social downside of delay, non-delivery or denial of essential services and benefits to the BPL infra-poor, who are the stated Aadhaar beneficiaries.
References
1. Vombatkere, S.G., “ The UID Aadhaar Project will make Constitution of India a dead document ”,http://www.countercurrents.org/vombatkere280711.htm; Countercurrents.org; July 28, 2011.
Note 1 . The reliability of fingerprints for foolproof matching has not been proved. Further, the fingerprints of dirty hands or sweaty hands (as BPL persons are apt to have) are not easily accepted by the hardware or can lead to mismatch and consequent delay or denial of service.
S.G.Vombatkere retired as major general after 35 years in the Indian military. He is engaged in voluntary social work, and is member of the National Alliance of People's Movements (NAPM) and People's Union for Civil Liberties (PUCL). As Adjunct Associate Professor of the University of Iowa, USA, he coordinates and lectures a course on Science, Technology and Sustainable Development for under-graduate students from USA and Canada. He holds a master of engineering degree in structural engineering from the University of Poona and a PhD in civil structural dynamics from I.I.T, Madras..
E-mail:sg9kere@live.com
003 - Aadhaar needs to be transparent- by Vombatkere, S.G. - New Age Weekly
By S.G.Vombatkere**
The Unique Identification (UID) project, also known as Aadhaar, has been pushed into implementation by creation of a UID Authority of India (UIDAI) in 2009. It is slated to spend Rs.45,000 to 1,50,000 crores with a sanctioned budget of Rs.3,000 crores without approval of Parliament. Nandan M. Nilekani has been nominated to head the UIDAI and accorded cabinet minister rank.
This is not unconnected with the publication of his book Imagining India in 2009, and his former position as CEO of Infosys Technologies, India’s software leader. The Aadhaar project has been cogently criticised with doubts raised on several counts including its legality that have neither been addressed in the information put out by UIDAI, nor in Nilekani’s public interactions in various fora. The result is that public skepticism is deepening into mistrust. When Aadhaar has thus been imposed upon the public, there is need for genuine transparency to dispel public doubts regarding compromise of fundamental rights and freedoms. This is especially so because obtaining the Aadhaar number is stated to be not mandatory whereas various government entities are insisting upon it. However, a National Identification Authority of India (NIAI) Bill that seeks to regularize UIDAI is scheduled to be tabled in Parliament soon.
According to declared policy of the Union government, growth is meant to be inclusive and Aadhaar is meant primarily to reach benefits to the poor.
The planning process for national projects
Briefly, a systematic planning process at the national level should (1) define the aim and the terms of reference, (2) list out all possible or available options to achieve the aim, (3) remove the implausible or politically undesirable options, and (4) subject the remaining options to analysis using previously identified and weighted social, technical and economic criteria. This analysis will provide an inter se priority among the options considered, forming the basis for the final (political) decision of which option to implement. Such a transparent process would obviate political sniping, accusations and inquiries at a later date. It appears that a national project of magnitude, gravity and long-term national consequences like Aadhaar has been arbitrarily chosen without considering alternatives.
Existing identification systems. There are several existing photo-identification systems co-existing in India, each having its own scope and limitations, that have been created by huge expenditure of public money and physical effort over decades. Below are four of the important ones:
(1) Personal Account Number (PAN) of the Income Tax Department – not all citizens are tax payers,
(2) the Ration Card – not all people hold Ration Cards and these are not transportable across states,
(3) Bank Account Number – not all citizens have bank accounts, and
(4) the Elector’s Photo Identity Card (EPIC) – not issued to persons ineligible to vote for reasons of age or citizenship, but accepted as proof of identity and address across the country.
The UID Aadhaar project has been started up without considering existing systems that already provide unique identity to people, though sectorally. The existing EPIC provides proof of citizenship, and includes photograph, full name, full address, sex, date of birth, father’s/mother’s/husband’s name and a unique 10-character alphanumeric string. The personal details are verified by local government authority before preparing the EPIC. Though an EPIC does not make the holder eligible to vote in another constituency, it still provides a unique identity with several details.
Alternatively, using selected features of the four existing identification systems mentioned above (there could be more since this list is not comprehensive but only demonstrative), an option that may be suggested to provide the cardholder with a unique identity could be the EPIC re-issued (to obviate fresh data-entry errors) with additional fields for ration entitlement, reservation entitlement (SC/ST or not), income tax number (if an IT assessee), bank account number(s), citizenship category (resident Indian citizen or NRI or foreigner), biometric information and any other information parameters considered necessary, plus blank fields for more data if considered essential at a later date, and integrating the data of different states. The existing EPICs could be used without interruption for voting, and as and when re-issued with the additional data, would also serve the purpose of unique identification. The system would still allow extension by utilizing the blank fields.
Such a card would call for easily achievable inter-system communication and system integration between the various data bases holding information, such as the Food and Civil Supplies Departments, Urban Local Bodies and Panchayats, IT Department, banks, and Passport Offices.
It is not necessary for the present article to go into more detail since that is the task of planning bodies such as the Planning Commission. The above suggestion is only indicative of one available option for consideration at the preliminary planning stage.
Planning methodology
A rational approach to planning national mega-projects such as the Aadhaar project even while there are existing identification systems in place (howsoever inadequate in different ways), would need planners to consider
(1) adapting one or more of the options mentioned in the previous section,
(2) an upgraded or re-worked combination of the best features of two or more of them,
(3)the proposed Aadhaar project, and perhaps,
(4) some out-of-the-box proposal(s).
Each of the options would be examined against pre-defined and weighted social, economic and technical criteria in a comparative study, and the options arranged in order of priority. If the Aadhaar project turns up as priority number one, then the political choice of adopting it would be unquestionable. But if the Aadhaar project turns up as number two or three, the political chief executive would still have the option of exercising his personal and political discretion to choose the Aadhaar project for adoption with full responsibility.
However, the present choice of the Aadhaar project is without system rationale.
The public is acutely aware of the recent frequently surfacing huge scams, and cannot be faulted if there is scepticism or suspicion regarding motives that have led to the
The public is acutely aware of the recent frequently surfacing huge scams, and cannot be faulted if there is scepticism or suspicion regarding motives that have led to the
Aadhaar project being chosen in spite of arguments, objections and protests on various counts.
So far as national security measures are concerned, there cannot be any objection. But these cannot be at the cost of surveillance of law abiding citizens, restricting their freedoms or infringing on their privacy. In intelligence practice, national security is enhanced by maintaining surveillance on citizens in public places and linking this with personal information available in various data bases maintained by banks, income tax offices, airline and railway reservation offices, internet service providers, etc. Aadhaar can provide the link between various data bases and will inevitably be at the core of a system which will enable profiling and tracking any citizen useful to any of India’s 11 security or intelligence agencies.
Linked with surveillance in public places and with all people registered with the Aadhaar system, tracking every activity of any or every citizen will be merely a matter of money and technology. This will irreversibly change the relationship between the state and its people, confirming the state as the master when the Constitution of India envisages precisely the opposite.
Thus, Aadhaar will enable and support surveillance and tracking whether or not it succeeds in its declared primary aim of enabling services for the poor. Aadhaar promoters claim that access to its data base will not be permitted to any agency, and will be secure from intelligence agencies that spy on citizens. However, this is vitiated since the Aadhaar project is contracted to receive technical support, presently for biometric capture devices, from L-1 Identity Solutions, Inc., a US-based intelligence and surveillance corporation whose top executives are acknowledged experts in the US intelligence community, as revealed in the corporation’s website.
According to UIDAI website, among other companies awarded contracts for collaboration in the Aadhaar project, are Accenture Services Pvt Ltd which works with US Homeland Security ( for implementation of Biometric Solution for UIDAI) and Ernst & Young (for setting up of Central ID Data Repository (CIDR) and Selection of Managed Service Provider (MSP)). It is difficult to imagine the security of sensitive national information when the technical provider or consultant is not a government body but a business corporation with strong connections to the intelligence organization of another country.
The risks are highlighted by the fact that a “ retinue of U.S security and intelligence officials ” accompanied US Secretary of State, Hillary Clinton, to India in July 2011. According to the same source, India has a “ gaping appetite for homeland security expertise and technology ”. India is racing ahead with a proposed Commercial, Homeland Security and Fire Technology Exhibition at Pragati Maidan, New Delhi in December 2011. It is big business that Natgrid is sure to buy into.
Indeed, a document of ASSOCHAM titled “ Homeland Security in India ” states, “Given its increasing focus on Homeland security, the Government of India has initiated several steps...(one such) significant initiative is the ongoing drive to provide UID Number to all Indian citizens which is also aligned to the wider cause of intelligently networking the Indian ecosystem.” There appears to be a designed “homeland security” link with Aadhaar, and statements like “ The UIDAI will not share resident data ” could even be deliberately misleading. India is understood to be opposing CISMOA (Communications and Security Memorandum of Agreement) that USA has proposed for better military interoperability, but the supposed need to acquire technology may accept the cost of allowing inspection (end use monitoring) by US intelligence agencies, and thus compromise national security.
All these issues including the fact that since 2009, the Aadhaar project has been operating without legal sanction (including entering into contracts involving millions of dollars of public funds), only compounds doubts and apprehensions.
The recent case of the Indian Institute of Science (IISc), Bangalore, signing an agreement to set up a telecom laboratory with Huawei Technologies which has links with the Chinese government has been objected to by the Indian intelligence community, which had expressed prior disapproval. That the Indian intelligence community has tamely accepted business links with Accenture Services, Ernst & Young and L-1 Identity Solutions for national security may indicate the unabashed subservience of those who control the intelligence entities like IB, RAW, MoD, MHA, DoT, etc, to the policies of a particular foreign country.
The larger implications and ramifications of Aadhaar are best expressed in Usha Ramanathan’s words: “[Data collection for the National Population Register] is set amidst NATGRID (National Intelligence Grid), the UID (the Unique Identification project), and a still-hazy-but-waiting-in-the-wings DNA Bank. Each of these has been given spurs by the Union home ministry, with security as the logic for surveillance and tracking by the state and its agencies. The benign promise of targeted welfare services is held out to legitimise this exercise ”.
It is accepted that hacking into a system is most effectively done by paying, co-opting or honey-trapping individuals who have access to critical information. The recent instance of Union finance minister Pranab Mukherjee’s office being bugged, shows how a device can be placed by gaining physical access to a high security office.
Natgrid (which seeks to integrate 21 data bases) or some foreign intelligence agency could obtain access to the Aadhaar data base notwithstanding pious statements of UIDAI.
(Incidentally, Capt Raghu Raman, CEO of Natgrid, was also CEO of Mahindra
(Incidentally, Capt Raghu Raman, CEO of Natgrid, was also CEO of Mahindra
Special Services Group, a security services company. One view of this side-stepping is that he would bring to Natgrid his wealth of background experience but, without casting doubt on his personal integrity, the possible convergence of interests between his corporate background and national information security are undeniable). Obtaining a brief, one-time entry to the Aadhaar data base to permanently compromise its security would pose no serious problem to any efficient intelligence agency that has sufficient influence or funds to obtain that access. Even if Aadhaar can enable provision of services to the poor (which has been cogently argued elsewhere as unworkable) possibility of loss or breach of security of a national data base does not appear to have been examined.
It may be noted here that the chairman of the UIDAI with his Union Cabinet minister status has not taken formal oath of secrecy. He is free to take any measures that he deems fit with no accountability to the people or the government of India; the multi-million-dollar contracts entered into bear witness.
Aadhaar project deserves review The NIAI Bill is scheduled to be tabled in Parliament in the 2011 monsoon session.
The Bill has several infirmities that have been pointed out to government, but it appears that no cognizance has been taken.
The UIDAI functions with only token transparency. Obtaining an Aadhaar number is stated to be not mandatory, but various government departments are insisting upon the Aadhaar number, causing skepticism and mistrust among the public. The Aadhaar project is an unconscionably expensive, unaccountable and virtually secret program that can hold the key to a total-surveillance-State, making the Constitution of India a dead document.
The claims made by the UIDAI to make social benefits available or accessible to the poor sections of Indian society have been questioned elsewhere, but the Aadhaar scheme itself has been formulated without due technical or administrative planning process. Thus, from system design and security considerations, the Aadhaar scheme deserves to be blocked with immediate effect and reviewed from scratch in the national best interest.n
** S.G.Vombatkere retired as major general after 35 years in the Indian military. He is engaged in voluntary social work.
Posted 5th August 2011 by New Age
Subscribe to:
Posts (Atom)