say no to fingerprint and iris based unique identity uid aadhaar and npr - part 1 Created:Sat, April 2, 2011 Last Update: Mon, April 11, 2011 @ 04:10 hrs IST
Too many unanswered questions on UID: expert - Hindu, Saturday, December 18, 2010 Photo by M.A. Sriram
http://www.hindu.com/2010/12/18/stories/2010121854080700.htm
National Interest vs People's Interest Eight reasons why you or we should oppose the UID - An appeal to all citizens South Asia Citizens Wire Saturday, October 09, 2010
http://www.sacw.net/article1607.html
Why the UID number project must be scrapped: Rediff.com India News - Human right activist Gopal Krishna - Member of the Citizens Forum for Civil Liberties
http://news.rediff.com/column/2010/jun/02/why-the-uid-number-project-must-be-scrapped.htm
Human right activist Gopal Krishna makes a case that the Unique Identification Number project is a gross violation of fundamental human rights and points out that a similar project/law in Britain was repealed in June 2010.
Proposal to put Indian residents under surveillance forever: Besides UID Number Bill, several other related Bills on the horizon
http://www.thepetitionsite.com/1/ban-online-electoral-rolls-voter-lists/ 
The National Identification Authority of India (NIAI) Bill approved by the Indian Union Cabinet on Friday, October 09, 2010 has sidestepped critical privacy aspects relating to profiling and function creep - a term used to describe the way in which information is collected for one limited purpose but gradually gets used for other purposes.

Here are some reasons why we oppose this Bill
1. False claims
Exclusion and leakages in public expenditure are not caused by the inability to prove identity but are caused by the deliberate manipulation of the system by those who have the power to control the flow of benefits.

2. Violation of privacy and civil liberties
The UID scheme violates the right to privacy. International law and India's domestic law have set clear standards to protect an individual's privacy from unlawful invasion. Under the International Covenant on Civil and Political Rights (ICCPR), ratified by India, an individual's right to privacy is protected from arbitrary or unlawful interference by the state. The Supreme Court has also held the right to privacy to be implicit under article 21 of the Indian Constitution (Rajagopal v. State of Tamil Nadu, 1994 and PUCL v. Union of India, 1996).

India has enacted a number of laws that provide some protection for privacy. For example the Hindu Marriage Act, the Copyright Act, Juvenile Justice (Care and Protection of Children) Act, 2000, the Indian Contract Act and the Code of Criminal Procedure all place restrictions on the release of personal information.

Section 33 of the draft bill empowers NIDAI to disclose personal data on an order of a court or in case of "national security" on directions of an officer not below the rank of joint secretary. This is a dilution of existing provisions for protection of privacy under Supreme Court judgements (PUCL versus Union of India) and the IT and Telegraph Acts, all three of which state that such orders can be passed only by the Union or State Home Secretary. There is a high likelihood of this provision being misused by persons in power to access private / personal details for use in ways that may pose a risk to the life or security of the person concerned.

Personal and household data was collected through the Census 2010/2011 with a view to establishing a National Population Register (NPR). It is proposed to make this information available to the UIDAI. This is in contravention of Section 15 of the Census Act which categorically states that information given for the Census is "not open to inspection nor admissible in evidence".

Moreover, although participation in the UID scheme is supposed to be voluntary and optional, Census respondents are being told that it is mandatory to submit personal information for the National Population Register (NPR).

3. "Functionality creep" and misuse of data
The centralised database where personal data will be stored can easily be linked with other databases maintained by the police and intelligence agencies. This raises the risk of "functionality creep", as for instance the use of the UID database for policing and surveillance.

There is a serious concern that the biometric information (iris scans and fingerprints) collected as part of the UID project would be used for policing purposes.

The proposed Bill does not contain any mechanisms for credible and independent oversight of the UIDAI. This increases the risk of 'functionality creep' - the government may add features and additional data to the database without informing or taking the consent of citizens and without re-evaluating the effects on privacy in each instance.

There is no guarantee that the personal data collected and stored in a centralised database will not be misused for purposes other than mere confirmation of identity. The several instances of the involvement of the state in mass carnage (as in Delhi in 1984 and Gujarat in 2002), and the Government's alleged support to and defence of the widespread use of "encounter killings" and other extra-constitutional methods by the police and armed forces, has already created an enabling environment for abuse of the UID database to serve undemocratic, illegal and unethical purposes.

The Bill does not have any provisions to penalise misuse of data by authorised persons (eg UIDAI officials), and therefore has an in-built potential for use of personal data to identify and eliminate "maoists", "terrorists", "habitual offenders", political opponents and others who are perceived as threats by those in power.

4. Inappropriate and unproven technology

5. Database security not assured
India does not have a robust legal framework or infrastructure for cybersecurity and has weak capabilities in this area - several of our high-security databases have been hacked in the recent past. The huge amounts of personal information collected in the UID database will most likely not be adequately protected and will be vulnerable to hackers and identity thieves. Indeed, hacker networks have already assessed the security levels of the proposed UID database and pronounced it easy to crack.

No country or organisation has successfully deployed a database (biometric or otherwise) of the size envisioned for the UID project, and no technical or corporate body in the world has the experience necessary to ensure its security.

The possibility of corruption and exploitation of data is far greater in a centralised database than when the information is dispersed across different databases. There is also a high risk of errors in the collection of information, recording of inaccurate data, corruption of data and unauthorised access.

Other countries with national identification systems have tried and failed to eliminate the risks of trading and selling of information.

The US - arguably the most surveillance-prone society in the world - passed a Federal law (the REAL ID Act, 2005) requiring the States to allow the Federal Department of Homeland Security to access State databases such as drivers' licences and motor vehicle registration. As of 2008, not a single State has ratified this Act, and 25 States have passed legislations to exclude themselves from its purview.

Ironically, a confidential working paper titled "Creating a Unique Identity Number for Every Resident in India" was recently posted on the transparency website Wikileaks. The leaked document admits that "the UID database will be susceptible to attacks and leaks at various levels".

If they cannot protect their own confidential documents, we cannot trust the UIDAI to protect the data they propose to collect from the Indian citizens.

6. Unjustifiable costs
The UID project has been launched without a feasibility study or cost-benefit analysis.

The total costs of placing fingerprint readers (USD 50 or $50) in each PDS (public distribution system outlet) or ration shop or Fair Price Shop (FPS) and in each of India's 600,000 villages have not been taken into account in official cost calculations.

7. Bypassing of Parliament and democratic processes
The UID Authority has been set up with considerable powers and resources, without any approval from Parliament or discussion in the public domain about the necessity of such a scheme. In the absence of a Constitutional provision or legal framework (such as that set out in the proposed Bill), all the actions of the UIDAI are technically unconstitutional and illegal. There is no transparency either on decisions or on expenditure, no oversight and no mechanisms for accountability in the functioning of the UIDAI.

Despite the continuing debate on public platforms, and being repeatedly questioned about the risks, costs and benefits of the UID scheme, the Government of India has remained silent on the contested aspects of the scheme.

8 Lessons from other countries
Several countries (including the USA, the UK, Australia, China, Canada and Germany) have tried such projects and have given these up as impractical, unjustified and dangerous.

One of the first acts of the new government in UK after tasking office in June 2010, was to scrap the UID project in that country. According to Theresa May, the UK Home Secretary, "The national identity card scheme represents the worst of government. It is intrusive and bullying. It is ineffective and expensive. It is an assault on individual liberty that does not promise a great good. The government will destroy all information held on the national identity register, effectively dismantling it. The role of the identity commissioner, created in an effort to prevent data blunders and leaks, will be terminated."

The reasons cited by the UK government for rejection of the UID scheme - higher costs, impracticality and ungovernable breaches of privacy and civil liberties - are all valid in the Indian case as well. In view of this, it is fair to expect UIDAI to present a comprehensive argument to justify why what was rejected in the UK is good enough for India.

It seems clear that the public pronouncements on the UID scheme being a step towards good governance and inclusive growth are red herrings to divert the attention of the public from the real purpose of NIDAI - to strengthen India's e-surveillance capabilities.

The passage of the IT Act, 2008, was the first step to making India a country where "Big Brother" is watching everyone, all the time - the NIDAI Act will be another great leap forward in this direction.

The collection of such data is a classic case of gross violation of fundamental human rights.

We strongly oppose the potential tracking and profiling based techno-governance tools such as the UID number.

We request the Government of India to take prompt lessons from the UK government's decision to scrap its National ID project and desist from taking the path paved by IBM for the Holocaust and abandon its UID/Aadhar project.

India's UID And The Fantasy Of Dataveillance By Binu Karunakaran
India's UID And The Fantasy Of Dataveillance By Binu Karunakaran
According to one estimate Rs. 1,50,000 Crore (US$ 30.9 bn) of taxpayers' money will flow out into the gargantuan task of making our lives similar to that of aquarium fish and no less secure. Imagine that kind of money and political will power going into healthcare and sanitation or basic education and poverty alleviation.

India's UID And The Fantasy Of Dataveillance By Binu Karunakaran - Monday, August 24, 2009
http://www.countercurrents.org/karun240809.htm 
The Unique Identity Development Authority of India (UIDAI) is a body created blatantly bypassing the authority of parliament. This project's irrevocable implications on data security and privacy of individuals.

Show me/us your UID?
Will the government be the only authority which can use or request the UID? What information in those databases will be linked explicitly to other databases? Who has the authority to create this linkages and who all can access this information? Would the people who use the UID for various transactions be informed of the algorithms used to analyse their data? Will the data collected stored forever? Article 20, clause 3 of the Indian constitution states that " No person accused of any offence shall be compelled to be a witness against himself. Will data records generated by the UID be used against the accused in a court of law? There is not much clarity on this as the confidentiality level of data elements (open to all, open only to security agencies/NGOs) are yet to be finalised.

Oxford dictionary defines Function Creep as the way in which information that has been collected for one limited purpose, is gradually allowed to be used for other purposes which people may not approve of: The Social Security Numbers (SSNs) in the US, initially designed as only for administering social security benefits are now a common element in public and private sector databases, allowing for easy sharing and correlation of disparate records.

How personal is our mobile number?
There're plans to convert the Unique Identity Number (UID) into our very personal mobile number.

Digital sovereignty
The UID project itself deals with digital sovereignty of India and the privacy and dignity of its citizens.

Database state and the right to Information Self-determination
The Personal Data Protection Bill, 2006 was an attempt to engage some of the dangers posed by the modern database state. One of the sections of the Bill read: The personal data of any person collected by an organization whether government or private, shall not be disclosed to any other organization for the purposes of direct marketing or for any commercial gain. The personal data could be disclosed to voluntary or charity organizations only after obtaining prior consent of the person.

The bill talks about the right of an individual to decide on what information about self should be communicated to others and under what circumstances. The right of Informational Self-determination is considered crucial with regard to the protection of privacy of an individual in the age of internet and real-time updated computer databases which makes total surveillance possible.

Leaked UID plan fuels data theft fears Max Martin India Today Bangalore, November 14, 2009
http://indiatoday.intoday.in/site/Story/70825/LATEST%20HEADLINES/Leaked%20UID%20plan%20on%20Net%20fuels%20data%20theft%20fears.html
A confidential document of the Unique Identification Authority of India (UIDAI) got leaked on the Internet. The report acknowledges potential data vulnerabilities of the ambitious project.

http://www.cis-india.org/news/uid-is-an-invasion-of-privacy-experts
http://www.cis-india.org/news/uid-is-an-invasion-of-privacy-experts/image/image_view_fullscreen
UID is an invasion of privacy: Experts Deccan Chronicle Saturday, April 17, 2010
www.deccanchronicle.com/node/127908/print
The idea of concentrating so much power in one authority frightening. One of the panelists Usha Ramanathan of the Centre for the Study of Developing Societies said that in two or three years people would not be able to travel without carrying their identity numbers on them. "The logic behind this is that if you don't have a number, you don't exist. Our personal information will be fed into the systems of various agencies with a certain set of people handling that data. Allowing so much power in the guise of security is handing too much control to the State," Ms Ramanathan said.

UID bill skips vital privacy issues Swaraj Thapa Monday, September 27, 2010
http://www.indianexpress.com/news/uid-bill-skips-vital-privacy-issues/688614/0
After underlining its significance in its draft note to the cabinet committee earlier, the National Identification Authority of India Bill approved by the Union Cabinet on Friday has sidestepped critical privacy aspects relating to profiling and function creep - a term used to describe the way in which information is collected for one limited purpose but gradually gets used for other purposes.

According to sources, the draft Bill approved by the cabinet does not adequately address issues related to profiling.

"The UIDAI law will need to contain restrictions against profiling," the draft note for the cabinet committee had earlier said. It had also contended that mechanisms would have to be put in place to discourage function creep and misuse of the database.

The draft note had maintained that privacy concerns would have to be addressed at various levels.

The draft Bill approved by the cabinet on Friday, September 24, 2010 however, says provisions of the legislation will not apply to disclosure of information made "in the interest of national security in pursuance of a direction to that effect issued by an officer or officers not below the rank of joint secretary or equivalent in the central government specially authorised in this behalf by an order of the central government".

Civil liberties activists have opposed the Bill, contending that it infringes upon an individual's right to privacy and that it is a national security project in the garb of a social policy initiative. On Saturday, September 23, 2010 they said the draft Bill provisions left enough scope for misuse, especially by political parties who would have access to the database when in government.

"The Bill does not have enough provisions to ensure that profiling of minorities and dalits do not happen. The mechanism for foolproof collection of data including fingerprints and iris scan is not there. Can it be said with absolute certainty that your fingerprints will not one day appear at a terror attack site?" said Wilfred Dcosta, alliances convenor of the Indian Social Action Forum (INSAF).

PRIVACY: Campaign for no UID flags privacy concerns Hindu Business Line, Wednesday, September 29, 2010 Campaign for no UID flags privacy concerns
http://www.thehindubusinessline.com/2010/09/29/stories/2010092952980400.htm
http://www.thehindubusinessline.in/2010/09/29/stories/2010092952980400.htm
Academics, jurists, activists urge caution; want more debate.

The campaigners are demanding the project be halted for now, a feasibility study undertaken, constitutional aspects debated.

With barely 24 hours to go before the first set of 'Aadhaar numbers'  were handed out in Maharashtra, a group of academics, jurists, activists and film makers had raised their voices against the UID project.

They are flagging concerns on issues of privacy, potential for misuse of information, and "limited public discussion on implications and fall-out" of the UID project.

The campaigners are demanding the project be halted for now, a feasibility study undertaken, constitutional aspects debated, and a cost-benefit analysis conducted for the mega project. "The law on privacy needs to be worked on, urgently. A project with such a wide implication cannot be undertaken without a debate in Parliament and civil society," Mr Justice A.P. Shah, Retired Chief Justice of High Court of Delhi said at a conference.

Other signatories to 'Campaign for no UID' are Mr Justice V. R. Krishna Iyer, (Retired Judge, Supreme Court of India), Prof Romila Thapar (Historian), Mr K.G. Kannabiran (Senior Civil Liberties Lawyer), Ms Kavita Srivastava (People's Union of Civil Liberties and Right to Food Campaign), Ms Aruna Roy and Mr Nikhil Dey (Mazdoor Kisan Shakti Sangathan, Rajasthan), Mr Upendra Baxi (Jurist and ex-Vice Chancellor of Universities of Surat and Delhi), Ms Uma Chakravarthi (Historian), Ms Shohini Ghosh (Teacher and Film Maker) and Mr Amar Kanwar (Film Maker), among others.

One of the main grouse of the campaigners is the privacy aspect - the signatories contend that the information which is today scattered across diverse databases can now be linked to the UID number, and potentially thus lead to convergence of all kinds of personal details including medical and financial information. The database, they fear, could be hacked into and misused.

"What if the information lands up in wrong hand. There is clearly a need for a wide debate on the protection of privacy. Besides, the information can lead to profiling and tracking of residents by the State," Ms Ghosh said.

However, the campaigners are not yet exploring legal options. Approaching the courts would be the last resort for them and the focus currently is on raising a debate on the issue, they say.

The dissent note came just a day before the Prime Minister, Dr Manmohan Singh, and the UPA Chairperson, Ms Sonia Gandhi, were slated to issue the first set of UID numbers in Nandurbar district of Maharashtra, The stated objectives of the project include establishing a ubiquitous authentication infrastructure to easily verify identities of residents online and in real-time.

The Government believes that the UID project would enable state agencies and service providers to clean out duplicates and fakes from their databases, and, in turn, improve the efficiency of the public delivery systems.

Will UID compromise privacy of citizens? Samir Sachdeva Governance Now, Thursday, September 30, 2010
http://www.governancenow.com/views/days-debate/will-uid-compromise-privacy-citizens
Samir Sachdeva has over ten years of experience with organizations like TCS, GOI, HCL, NISG , EY. He is working as assistant editor with Governance Now.

The civil society has flagged the unique identity project citing concerns of privacy violations. They have, infact, launched a campaign against it - 'No UID'. The unhappy with UID include include eminent people like Justice V R Krishna Iyer, Aruna Roy, Justice A P Shah and others.

The activists say that the project will lead to multiple concerns on civil liberties and the state may misuse the information. The key concern is that the UID numbers may be used to develop NatGrid, a centralized database for intelligence gathering and profiling of people.

They also claim that linking UID to census, national population register (NPR), key benefit schemes like PDS and NREGA will make it mandatory for citizens to get the number even while the Act claims that applying for the number is voluntary. The draft national identification authority bill also highlights that the identity information as collected can be disclosed in interest of national security.

The activists point out that linking of UID number in various other key e-governance projects like CCTNS (e-police), e-courts, passport, income tax etc will lead to data consolidation leading to risks of profiling and invasion of privacy by the state.

What the UID conceals Opinion - Leader Page Articles R. Ramakumar The Hindu Thursday, October 21, 2010
http://www.hindu.com/2010/10/21/stories/2010102153251200.htm
One can summarise the criticisms of the UID project under four heads.

The project would necessarily entail the violation of privacy and civil liberties of people.
Third, there has been no cost-benefit analysis or feasibility report for the project till now. The project is fundamentally linked to "national security" concerns rather than "developmental" concerns.

Clauses related to individual privacy in the Citizenship Act of 1955 were weakened through an amendment in 2003.

There is a related concern: police and security forces, if allowed access to the biometric database, could extensively use it for regular surveillance and investigative purposes by treating each applicant as a potential criminal.

The UID project is part of a larger effort to dismantle the PDS in India to complete the state's withdrawal from the sphere of food procurement and distribution.

AADHAAR as just NIRAADHAAR.

Unique facility, or recipe for trouble? Opinion - News Analysis Jean Dreze, The Hindu, Thursday, November 25, 2010
http://www.hindu.com/2010/11/25/stories/2010112563151300.htm
Many questions remain about the Unique Identity Number system that is being rolled out by the Central government.

It is quite likely that a few weeks from now someone will be knocking at Indian citizens' doors and asking for their fingerprints. If they agree, their fingerprints will enter a national database, along with personal characteristics (age, sex, occupation, and so on) that have already been collected.

The purpose of this exercise is to build the National Population Register (NPR). In due course, their UID (Unique Identity Number, or "Aadhaar") will be added to it. This will make it possible to link the NPR with other Aadhaar-enabled databases, from tax returns to bank records and SIM (subscriber identity module) registers. This includes the Home Ministry's National Intelligence Grid (NATGRID), smoothly linking 21 national databases.

For the intelligence agencies, this will be a dream-come-true. Imagine, everyone's fingerprints at the click of a mouse, that too with demographic information and all the rest. Should any suspicious person book a flight, or use a cybercafe, or any of the services that will soon require an Aadhaar number, she will be on their radar. If, say, Arundhati Roy makes another trip to Dantewada, she will be picked up on arrival like a ripe plum. Fantastic!

A half-truth
So, when the Unique Identification Authority of India (UIDAI) tells that the UID data (the "Central Identities Data Repository") will be safe and confidential, it is a half-truth. The confidentiality of the Repository itself is not a minor issue, considering that UIDAI can authorise "any entity" to maintain it, and that it can be accessed not only by intelligence agencies but also by any Ministry. But more important, the UID will help integrate vast amounts of personal data, that are available to government agencies with few restrictions.

Confidentiality is not the only half-truth propagated by UIDAI. Another one is that Aadhaar is not compulsory - it is just a voluntary "facility." UIDAI's concept note stresses that "enrolment will not be mandated." But there is a catch: "... benefits and services that are linked to the UID will ensure demand for the number." This is like selling bottled water in a village after poisoning the well, and claiming that people are buying water voluntarily. The next sentence is also ominous: "This will not, however, preclude governments or Registrars from mandating enrolment."

That UID is, in effect, going to be compulsory is clear from many other documents. For instance, the Planning Commission's proposal for the National Food Security Act argues for "mandatory use of UID numbers which are expected to become operational by the end of 2010" (note the optimistic time-frame). No UID, no food. Similarly, UIDAI's concept note on the National Rural Employment Guarantee Act (NREGA) assumes that "each citizen needs to provide his UID before claiming employment." Thus, Aadhaar will also be a condition for the right to work - so much for its voluntary nature.

Now, if the UID is compulsory, then everyone should have a right to free, convenient and reliable enrolment. The enrolment process, however, is all set to be a hit-or-miss affair, with no guarantee of timely and hassle-free inclusion. UIDAI hopes to enrol 600 million people in the next four years. That is about half of India's population in the next four years. What about the other half?

Nor is there any guarantee of reliability. Anyone familiar with the way things work in rural India would expect the UID database to be full of errors. There is a sobering lesson here from the Below Poverty Line (BPL) Census. A recent World Bank study found rampant anomalies in the BPL list: "A common problem was erroneous information entered for household members. In one district of Rajasthan, more than 50 per cent of the household members were listed as sisters-in-law."

If the backroom boys have their way, India's public services as we know them will soon be history, and every citizen will just have a Smart Card %u2014 food stamps, health insurance, school vouchers, conditional maternity entitlements and all that rolled into one. This approach may or may not work (that is incidental), but business at least will prosper.

The danger
The biggest danger of UID, however, lies in a restriction of civil liberties. As one observer aptly put it, Aadhaar is creating "the infrastructure of authoritarianism" - an unprecedented degree of state surveillance (and potential control) of citizens. This infrastructure may or may not be used for sinister designs. But can we take a chance, in a country where state agencies have such an awful record of arbitrariness, brutality and impunity?

In fact, we suspect that the drive towards permanent state surveillance of all residents has already begun. UIDAI is no Big Brother, but could others be on the job? Take for instance Captain Raghu Raman (of the Mahindra Special Services Group), who is quietly building NATGRID on behalf of the Home Ministry. His columns in the business media make for chilling reading. Captain Raman believes that growing inequality is a "powder keg waiting for a spark," and advocates corporate takeover of internal security (including a "private territorial army"), to enable the "commercial czars" to "protect their empires." The Maoists sound like choir boys in comparison.

So, is UID a facility or a calamity? It depends for whom. For the intelligence agencies, bank managers, the corporate sector, and NIDAI, it will be a facility and a blessing. For ordinary citizens, especially the poor and marginalised, it could well be a calamity.

Moneylife Life Public Interest Right to privacy and biometrics of the UID Friday, December 03, 2010 - Moneylife Digital Team http://www.moneylife.in/article/78/11862.html
Industrialist Ratan Tata has the capacity to challenge a breach of his privacy in the Supreme Court. But what about the nearly 60 crore Indian residents who don't know what will become of the biometric data being collected by UIDAI?

The leak of the Niira Radia tapes in India and thousands of US classified documents on WikiLeaks, has stirred up again the debate on privacy. The Tata group chairman Ratan Tata has petitioned the Supreme Court to order the government to restrict the use of conversations contained in the tapes, on the grounds that making them public was a breach of his privacy. The WikiLeaks disclosures have exposed many decisions and processes in the US government that have become a serious embarrassment for its leaders. Some of these leaders are talking about punishing those responsible for the leaks.

It's all well for such influential business and political figures to argue in defence of their privacy. But do these standards apply to the common citizen anywhere, and more specifically in India? Many of such common people may not even be aware of this thing called 'privacy', leave the 'right to privacy'. Take the unique identification programme being conducted in India today.

In fact, according to some of the diplomatic files published by WikiLeaks, it is now known that some US officials had been trying to collect biometric and such other sensitive identification information about politicians and bureaucrats from the United Nations and some countries like South Korea, China, Egypt, Indonesia, Malaysia, Syria and even India.

In Mumbai in November 2010, the US Consulate had asked for proof of identity and other details even from the Maharashtra chief minister and state deputy chief minister to be allowed to attend a programme with the US president during his visit to India. Of course, when the state government protested and threatened that the leaders would not attend the programme, the US authorities buckled down.

But that's a story about the powerful and famous. Besides, it's highly unlikely that the more than 60 crore Indians being targeted by the identification programme would refuse to be part of it, particularly if they were told that they stood to 'gain' from it. This is the tragedy of the unique identification (UID) number of the Unique Identification Authority of India (UIDAI), headed by Infosys boss Nandan Nilekani.

This ambitious and expensive project uses biometric information like fingerprints, IRIS scans and face photos to create a UID number. The authority is roping in fat-profit organisations as its partners, which will very likely result in the database being used for targeted marketing. (Read: Fat profit institutions continue to board UID bandwagon http://www.moneylife.in/article/78/11136.html) In addition, many registrars have been roped in by UIDAI to undertake this enrolment. These agents are believed to be adding their own parameters while creating their own databases for business use. (Read: Is the UIDAI database vulnerable? http://www.moneylife.in/article/78/9594.html)

Normally this should have rung an alarm bell. But it seems there has been not reaction, let alone any action from UIDAI or the government. So, what is the control over these databases and what is there to prevent any unauthorised use of this data? There is a lighter side to this. An IT expert, who requested anonymity, suggested that it may not be long before the information collected in these databases comes out into the public domain, like in the case of the Radia tapes. "The interesting part is that once the fingerprints, pictures of irises and the DNA record of people become widely available, they will automatically lose their value for purposes of evidence or as a means of uniquely identifying anybody," he explained.

Another expert said, "Governments cannot be trusted with personal information. I think India will be better off with no ID cards as the whole world is becoming one seamless entity with just local governments focusing on local services. IDs are an intrusion into one's privacy. India should remain as it has been."

In an essay published at Forbes.com, security technologist and author Bruce Schneier, says, "As long as privacy isn't salient, and as long as companies are allowed to forcibly change social norms by limiting options, people will increasingly get used to less and less privacy. There is no malice on anyone's part here; it is just market forces in action. If we believe privacy is a social good, something necessary for democracy, liberty and human dignity, then we cannot rely on market forces to maintain it. Broad legislation protecting personal privacy by giving people control over their personal data is the only solution."

This means that unless the biometric data of the nearly 60 crore residents being collected by UIDAI is kept safe and the privacy of individuals' records is protected, the Aadhaar project could turn into a tool for Big Brother, the government.

The Supreme Court has issued notices to the union government as well as the two magazines on the Radia tapes asking for a reply by December 12 or 13, 2010. While matter of the tapes is not connected in any way to the UID issue, the outcome on the subject of privacy will be relevant. Repeated questions to UIDAI by email have remained unanswered.

http://www.cis-india.org/advocacy/igov/privacy-india/privacy_callforpapers
Privacy India

Proposal to put Indian residents under surveillance forever: Besides UID Number Bill, several other related Bills on the horizon - Asian Tribune - Wednesday, December 15, 2010
http://www.asiantribune.com/news/2010/12/14/proposal-put-indian-residents-under-surveillance-forever-besides-uid-number-bill-sev
By Gopal Krishna - Member, Citizens Forum for Civil Liberties
Neither the Prime Minister nor the Planning Commission has taken cognizance of abandonment of such UID Number scheme in countries like the US, Australia and now in the UK.

In the UK, their Home Secretary abandoned the project because it considered it 'intrusive bullying' by the state, and that the government intended to be the 'servant' of the people, and not their master. In the late 1990s, the Supreme Court of Philippines struck down the President's Executive Order A.O 308 which instituted a biometric based national ID system calling it unconstitutional on two grounds - the overreach of the executive over the legislative powers of the congress and invasion of privacy. The same is applicable in India.

NIA is entering into contracts with corporations predominantly from the technology and biometric industry including those with close links with intelligence agencies in other countries.

The UID entails tracking and profiling residents electronically through some 53 departments of the Government of India, 35 State/UT Secretariats and 603 District collectorates. NIC was formed in 1975.

While UIDAI has been misleading the citizens and the media about the UID Number scheme being voluntary, the 'Legal Framework For Mandatory Electronic Delivery of Services' of Union Ministry of Communication and Information Technology, refers to "UIDAI  - UID based authentication for services" as an enabler, thus making it compulsory.

This proposed NIAI Bill must be looked at along with other Bills in the offing such as Draft Land Titling Bill, 2010, Draft Paper on Privacy Bill, 2010, Draft DNA Profiling Act, 2007 and Public Information Infrastructure and Innovations (PIII) for a National Knowledge Network.

Besides this National Intelligence Grid (Natgrid), meant to integrate existing 21 databases with Central and state government agencies and other organizations, and National Population Register (which is quite different from Census) will end up undertaking surveillance, reconnaissance and targeting of Indian residents.

Notably, the Land Titling Bill makes a provision for "Unique property identification number", linking UID Number with property.

This is an attempt to convert a resident into a number, Indian population into a market and then citizens into subjects.

Too many unanswered questions on UID: expert The Hindu Saturday, December 18, 2010
http://www.hindu.com/2010/12/18/stories/2010121854080700.htm
No debate on its potential for tracking individuals, institutions
UID Authority is not answering any questions
Data gathering of UID has potential to destroy democracy

Doubts arise:The UID project is being pushed without Parliament's nod or a privacy bill policy in place.

While the Unique Identification (UID) project is being pushed on the plank of ensuring better delivery of services to the poor, the potential it holds for tracking, profiling and tagging individuals and institutions is not even being publicly debated, warned Usha Ramanathan, law researcher who works on the jurisprudence of law, poverty and rights.

Speaking on the implications of the UID project, organised by 'Say no to UID Campaign' in Bangalore on Fridau, Dec 17, 2010 she said that the exercise would eventually allow convergence of data from various agencies - such as National Intelligence Grid, Public Information Infrastructure Project and the National Population Register - making it a huge data pool of information with no clarity on the logic and objective of such a mammoth exercise.

No groundwork
The project was being pushed without Parliament's nod, a feasibility study on collection of biometric data on such a large scale or even a privacy bill policy in place, she said, adding that UID Authority was systematically blocking information by refusing to answer any questions.

Ms. Ramanathan said that the field of information collection was being increased clandestinely, and there was no limit to the area of inquiry. Mobile phone numbers and email ids were being sought in some places as "voluntary information", but people were often not told that they were not voluntary, she said.

Corporate interest
The exercise, she said, was also providing a great opportunity to the corporate sector, especially the biometric industry.

Some of the companies being brought in for information collection were of highly questionable credentials, she added.

The data gathering through the UID project had the potential "to destroy democracy as we know it now" and "change the equation between the people and the state," said Ms. Ramanathan.

Why the UID number project must be scrapped: Rediff.com India News - Monday June 07, 2010
Human right activist Gopal Krishna - Member of the Citizens Forum for Civil Liberties
http://news.rediff.com/column/2010/jun/02/why-the-uid-number-project-must-be-scrapped.htm 
Human right activist Gopal Krishna makes a case that the Unique Identification Number project is a gross violation of fundamental human rights and points out that a similar project/law in Britain is going to be repealed.

This is with reference to a privacy invasion project which is relevant to India and all the democratic countries of the world. The very first bill that is to be presented by the UK's new coalition government in the British Parliament is to repeal its Identity Cards Act 2006 even as Government of India has chosen to give approval to Unique Identification Number project that threatens citizens' privacy. Clearly, what is poisonous for civil liberties in the UK cannot become non-poisonous in India.

If one takes cognisance of the claim that the 'UID system is a civilian application of biometrics' and compares it with current practices, one finds that such a claim is quite misplaced.

In the report there is reference to a study commissioned by the US Department of Homeland Security to International Biometrics Group. Will someone explain how manifest reference to such a study constitutes civilian application?

In India, it is rarely noticed as to when the concept of massively organised information quietly emerged to become a means of social control, a weapon of war, and for the victimisation of ethnic groups. Nandan Nilekani, co-founder and former chief executive of Infosys Technologies Ltd, India's second largest software company, has misled the Government of India into making it believe that in a country with 48 percent illiteracy, a 16-digit card would be helpful in reaching the poorest of the poor.

The Unique Identification Number/Aadhar project that emerged from the constitution of Unique Identification Authority of India in January 2009 reminds one of what happened from the period preceding Adolf Hitler's arrival to January 1933 when he occupied power, to Second World War and since then. The way International Business Machines, the world's largest technology company and the second most valuable global brand, colluded with the Nazis to identify Jews for targeted asset confiscation, ghettoisation, deportation, and ultimately extermination to help Hitler with its punch card and card sorting system -- a precursor to the computer -- made the automation of human destruction possible is a matter of historical fact.

Unmindful of the lessons from Germany in particular and Europe in general, advancing the argument of targeting, it has been claimed on the floor of Parliament by the finance minister while presenting the 2010-11 Union Budget that the UID project 'would provide an effective platform for financial inclusion and targeted subsidy payments,' the same targeting measures can be used with vindictive motives against citizens of certain religion, caste and ethnicity or region or towards a section of society due to economic resentment.

Curiously, the finance minister and the head of UID/Aadhar project refer to financial inclusion and not about economic inclusion of the poor. Exclusion of certain sections of society for political reasons had led to the targeted massacre of 1947, 1984 and 2002 in India. If an exhaustive trans-disciplinary study is conducted it would reveal how privacy is closely connected to data protection and the same was readily available to perpetrators of riots, massacres and genocide in India.

The UID project is going to do almost exactly the same thing which the predecessors of Hitler did, else how is it that Germany always had the lists of Jewish names even prior to the arrival of the Nazis? The Nazis got these lists with the help of IBM which was in the 'census' business that included racial census that entailed not only count the Jews but also identifying them. At the United States Holocaust Museum in Washington, DC, there is an exhibit of an IBM Hollerith D-11 card sorting machine that was responsible for organising the census of 1933 that first identified the Jews.

The Government of India cannot guarantee that in future, when the Nazis or some such sort come to power in India, they would not have access to UID for vindictive measures against certain sections of the citizenry. This is evidently the journey of 'identification' efforts from January 1933 to January 2009, when the UID Authority was announced.

The UID and National Population Register is all set to do what IBM did in Germany, Romania and in Europe and elsewhere through 'solutions' ranging from the census to providing list of names of Jews to Nazis. The UID has nothing to do with citizenship, it is merely an identification exercise.

Against such a backdrop, as concerned citizens, we welcome the progressive step by the new coalition government in the UK to scrap its controversial national identity card scheme in order to safeguard citizens' privacy and act against intrusions. The scrapping of the UK's ID project is planned to be done in the next 3-4 months. Besides repealing the Identity Cards Act 2006 and outlawing the finger-printing of children at school, the UK government would stop its National Identity Register and the next generation of biometric passports, the Contact Point database and end storage of Internet and email records.

But unlike the UK, the Government of India through a Press Information Bureau release dated May 18, 2010 has stated that 'the Cabinet Committee on Unique Identification Authority of India related issues today approved in principle the adoption of the approach outlined by UIDAI for collection of demographic and biometric attributes of residents (face, all ten fingerprints and iris) for the UID project. It was also decided to include data of the iris for children in the age group of 5 to 15 years. The same standards and processes would be adhered to by the Registrar General of India for the NPR exercise and all other registrars in the UID system.'

Not surprisingly, the government is feigning ignorance about the democratic movement against such efforts. In India too, there is a robust case against rejecting what has been rejected in the UK. The UID project is a blatant case of infringement of civil liberties. The government's identification exercise follows the path of the Information Technology Act 2000 that was enacted in the absence of no data or privacy protection legislation.

As is the case with the UID project, in the UK too the scheme has been vacillating from one claimed purpose to another. The project is being bulldozed in the name of poor by saying, 'Identity becomes a bottleneck if one wants to have a ration card, driving licence, passport, bank account or a mobile connection. It will enable poor residents to access multiple resources including education, health and financial services.'

Following the footprints of the UK's discredited project, it is being said that 'the identity number will help get a child admission in school.' Perhaps fearing abandonment of the project, in the aftermath of the UK government's decision, it is being now said that the Unique Identification Number is optional, not mandatory.

How is it that two democracies deal with the issue of ungovernable breaches of privacy differently? While the UK government is proactive in protecting the privacy of its citizens, the Government of India is ridiculing the very idea of privacy and civil liberties.

It is highly disturbing that at almost the same time, India's minority coalition government plans to do just the contrary with astounding disregard to citizens' privacy by stamping them with an UID number based on their biometric data. Such a 'surveillance' effort through the world's largest citizen identity project for 'creating a Unique Identity Number for every resident in India' undermines Indian democracy beyond repair.

Related to the UID number project is the NPR project. This is for the first time that the NPR is being prepared. The database will be built by the Registrar General of India. It is noteworthy that the census and NPR are different. The census is the biggest source of data on demography, literacy and education, housing and household amenities, economic activity, urbanisation, fertility, mortality, language, religion and migration. It serves as the primary data for planning and the implementation of policies of the central and state governments.

The NPR involves the creation of a comprehensive identity database for the country. It will include items of information such as the name of the person, father's name, mother's name, spouse's name, sex, date of birth, place of birth, current marital status, education, nationality as declared, occupation, present address of usual resident and permanent residential address. The database will also contain photograph and finger biometry of persons above the age of 15.

After the NPR database is finalised, the next task would be assigning every individual a UID. This number will be added to the NPR database. It is proposed to issue identity cards which will be a smart card with UID number printed on it and include basic details like name, mother's/father's name, sex, date and place of birth, photograph. Complete details will be stored in the chip.

Like in the UK, in India too there is a need for a similar measure to stop the efforts underway through the UIDAI to issue a UID number to every resident in the country. Issuing unique identity numbers to the 1.2 billion residents of India based on biometric data is fraught with hitherto unimaginable dangers of human rights violations. It has emerged that it all started rolling in the aftermath of a meeting of the empowered group of ministers on November 4, 2008, and a meeting of the prime minister's council of the UID Authority on August 12, 2009, wherein it was decided that there was a 'need for a legislative framework' akin to the UK's Identity Cards Act 2006 which is now being scrapped.

The 13th Finance Commission has made a provision for an incentive of Rs 100 per person (Rs 400-500 per family) to bribe citizens below the poverty line to register for the UID and has recommended a grant of Rs 2,989.10 crore to be given to the state governments for the same. The three states Karnataka, Madhya Pradesh and Andhra Pradesh who have signed an MoU on their part have set up state-level committees to work as UIDAI registrars for collecting biometric samples like thumb impression or cornea configuration of each individual resident. Has there been any debate so far in the legislatures about the ramifications of a project which is all set to be scrapped in the UK?

As per the Authority's Office Memorandum signed by director general, UIDAI, dated September 29, 2009, 'The main objective is to improve benefits service delivery, especially to the poor and the marginalised sections of the society. To deliver its mandate, the UIDAI proposes to create a platform to first collect the identity details and then to perform authentication that can be used by several government and private service providers.'

The reference to private service providers is inexplicable, for the work is meant to be an exercise for public purpose and for the poor and the marginalised. The promise of service delivery to the poor and the marginalised hides how it will enable access to profit for the IT industry and the biometrics industry. Such claims are quite insincere, misleading and factually incorrect. It reminds one of the pledges in the Preamble of the Constitution of India, it will have us believe that the UID Authority would fulfil the constitutional promise of economic equality. Such objectives are bad sophistry at best.

This authority in turn set up a Biometrics Standards Committee in order 'to review existing standards and modify/extend/enhance them so as to achieve the goals and purpose for de-duplications and authentication' through framing biometrics standards for fingerprints, face and iris.

The authority defines biometrics as 'the science of establishing the identity of an individual based on the physical, chemical or behavioural attributes of the person.' Besides, photos of the face are commonly used in various types of identification cards, it is undertaking the use of fingerprints for identification and recording the iris, the annular region of the eye, bounded by the pupil and sclera on either side which is considered the most accurate biometric parameter.

The committee reveals that 'the biometrics will be captured for authentication by government departments and commercial organisations at the time of service delivery.' The commercial organisation mentioned herein is not defined.

The Biometrics Standards Committee refers to previous experiences of the US and Europe with biometrics. A technical sub-group was also formed that collected over 250,000 fingerprint images from 25,000 persons sourced from districts of Delhi, UP, Bihar and Orissa for analysing Indian fingerprints. It may do the same for the iris and face as well to form a database size of 1.2 billion. It has been recommended that the 'biometrics data are national assets and must be preserved in their original quality.' The committee refers to citiz

Sponsor

Links