In an article titled Basis of a revolution, Nandan Manohar Nilekani, the former chairman of Unique Identification Authority of India (UIDAI) contended that “no core biometric information can be shared is a principle without exception — people saying that core biometric information will be shared are wrong because Clause 29(1) is not overridden by Clause 33(2)” of Aadhaar legislation. His interpretation of the clauses is highly misleading because Clause 33(2) does not provide an exception to clause 29(1) (b).
Section 33(2) reads: Nothing contained in sub-section (2) or sub-section (5) of section 28 and clause (b) of sub-section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government.
Section 29(1) (b) reads: No core biometric information, collected or created under this Act, shall be — (b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.
A joint reading of both the sections reveals that the core biometric information, collected or created under the Aadhaar Act, can be used for purposes other than the generation of Aadhaar numbers and authentication “'made in the interest of national security”. It is noteworthy that “national security” is neither defined in the Aadhaar legislation nor in the General Clauses Act. As a consequence an individual's information can be disclosed based on the interpretation of a Joint Secretary. Notably, Section 33(2) permits disclosure of demographic and biometric on directions of the Joint Secretary in interest of national security. It further states that such disclosures will be for three months initially, and a fresh renewal can be granted for another three months, without a limitation on the number of such renewals. It germane to in the context of an advertisement released on Sunday, 10th June 2018, the central government whereby it has invited applications from “talented and motivated Indian nationals” for 10 Joint Secretary-level posts through lateral entry. This paves the way for private sector professionals to be hired as Joint Secretaries who could later be assigned the task of defining “national security”. The government has announced that 10 posts are available in departments such as commerce, revenue, financial services and economic affairs. These are the departments which are also steering the course of UID/Aadhaar given the fact that Aadhaar legislation is an e-commerce law which was introduced my minister of finance.
Unjust of the Aadhaar legislation can also be ascertained from Section 33(1) which does not permit disclosure of biometrics but it permits the disclosure of an individual's demographic information pursuant to an order by a District Judge. This Section states that the District Judge will not pass such order shall without giving an opportunity of hearing to the UIDAI. It maintains studied silence about whether or not the person whose personal sensitive information is being disclosed in the name of “national security” will be heard or not by the District Judge. It conclusively emerges that Nilekani misled the citizens about the provisions of Aadhaar legislation. This has been demonstrated in the Supreme Court as well during the final hearing on UID/Aadhaar
When asked about why India chose to go with the UID/Aadhaar model when several countries like France, Britain and Germany have disbanded such identification projects, Nandan Nilekani, a former chairman of Unique Identification Authority of India (UIDAI) replied, “Their purpose was not development, inclusion, saving government money or curbing corruption. How can you compare Aadhaar with the smart card project in some other country? Even I would have disbanded those”.
His reply is a classic case of outright fibbing, misrepresentation and sophistry. It represents a sample of all the replies UIDAI’s has provided to concerned Indians since its inception.
Take the case of Britain mentioned by Nilekani, a 15-page Wipro document, titled 'Does India need a Unique Identity Number?’ cited the example of the United Kingdom's Identity Cards Act, 2006, on page no. 6 to advance the argument for a biometric UID/Aadhaar number in India. If it was not comparable as Nilekani will have us believe, why did Wipro cite Britain’s identification project to make a case for UID/Aadhaar for Indians.
Wipro’s document is significant because UIDAI and UID/Aadhaar is a product of a 14-page long document titled 'Strategic Vision: Unique Identification of Residents' prepared by Wipro Ltd and submitted to the Processes Committee of the Planning Commission which was set up in July 2006. Its vision statement reads: 'Creating a unique identification system of all residents in the country for efficient, transparent, reliable and effective delivery of various welfare and private services to the common person.' The cover page of the document mentions the National Institute for Smart Government (NISG), Department of Information Technology (now named MeitY-Ministry of Electronics and Information Technology), and Wipro Consulting. Admittedly, Wipro was the consultant for the design phase and programme management phase of the pilot UIDAI project. The Hyderabad-based NISG is a not-for-profit company incorporated in 2002 by the Government of India and Nasscom. NISG aims to 'establish itself as an institution of excellence in e-governance and to leverage private sector resources through a public-private-partnership mode in establishing eIndia.'
But when the UK government stopped its biometric National Identity Cards Scheme neither Wipro nor its donors and promoters in the government examined as to why the UK did so and why this decision too is relevant to India. The decision was announced in the British parliament, the same legislature which passed the India Independence Act, 1947.
It must be recalled that under Nilekani’s tenure UIDAI extended “undue favour” to Wipro Ltd. As a consequence UIDAI incurred an avoidable expenditure of Rs.4.92 crore on an annual maintenance contract, according to the report of the Comptroller and Auditor General (CAG) of India presented to the Parliament. UIDAI also incurred a loss of Rs.1.41 crore by not routing advertisements through the Directorate of Advertising and Visual Publicity. Unmindful of manifest conflict of interest UIDAI had entered into a contract with Wipro in May 2011 for supply, installation and commissioning of servers, storage systems, security systems and accessories with incidental services in the data centres of the authority in Bengaluru and Delhi/NCR at a cost of Rs.134.28 crore.
This is not the only case of irregularity and corruption by UIDAI. It awarded projects to several companies without issuing tenders. In a RTI reply UIDAI itself disclosed that total project contracts worth Rs.13,663.22 crore were awarded without any tenders of which an amount of Rs.6,563 crore has been already spent on issuing 90.3 crore Aadhar cards till May 2015. It also informed that a total 25 companies were awarded different responsibilities for the massive project and their empanelment was done under the process guidelines of Request For Empanelment dated May 19, 2014. The companies which have been awarded more than one project works include: Tata Consultancy Service, Mac Associates, Wipro, HCL, HP India Sales Pvt. Ltd., National Informatics Centre, Sagem Morpho Securities Pvt. Ltd (French Safran Group), Satyam Computer Services Ltd, L1 Identity Solutions (earlier US company now part of Safran Group), Totem International Ltd., Linkwel Telesystems Pvt. Ltd. Sai Infosystems India Ltd, Geodesic Ltd, ID Solutions, NISG, SQTC, Telesima Communications Pvt. Ltd. The companies that were awarded a single contract include: Reliance Communication, Tata Communications, Aircel, Bharati Airtel, BSNL and Railtel Corporation of India Ltd. Notably, companies like Accenture (USA), L1 and Ernst & Young has been given access to sensitive data of present and future Indians.
During his tenure at UIDAI, Parliamentary Standing Committee on Finance its Sixty-Ninth Report on the ‘Demands for Grants (2013-14)’ observed, “A provision of Rs. 2,620 crore has been allocated in Budget Estimate (2013-14) for Unique Identification Authority of India (UIDAI) and a major part of the budget provision for Rs. 1,040 crore is earmarked for ‘Enrolment Authentication and Updation’, out of which an amount of Rs. 1,000 crore has been earmarked under the head ‘other charges’.” The total budgetary allocations made for UIDAI since its inception upto 31 March 2014 was Rs 5440.30 crores. For the year 2009-10, it was Rs 120 crores. For 2010-11, it was Rs 1,900 crores. For 2011-12, it was Rs 1,470 crores 1,200. For 2012-13, it was 1,758 crores and for 2013-14, it was Rs 2,620.00 crores. For the year 2014-15, the budget estimate was Rs 2,039. The budget estimate of expenditure on the project being implemented by UIDAI was Rs 2,000 crore in 20015-16. For the year 2016-17, the budget estimate was Rs 990 crores (that included 190 crore first supplementary). As of February 2017, UIDAI has incurred a total cumulative expenditure of Rs 8,536.83 crores. This includes undefined “other charges” pointed out by the Parliamentary Committee. Shouldn’t UIDAI provide the details of the expenses incurred under “other charges”? Take the case of the year 2009-10 when the budget estimate was Rs 120 crores. The final expenditure was Rs 26.21 crores. In the year 2015-16 the budget estimate was Rs 2,000 crores but the final expenditure was Rs 1679 crores. In 2016-17, when budget estimate was Rs 990 crores, the final expenditure was Rs 877.16 crore up to February 2017. The budget estimate for 2017-18 was Rs 900 crore. The revised estimate was Rs 1150 crore. The expenditure was Rs 1148.32 crore. The budget estimate for 2018-19 is Rs 1375 crore. So far the expenditure has been Rs 130.81 crore during this period. UIDAI’s final expenditure as of June 2018 is Rs 8,793.90 crore. It is high time the full break up of this expenditure is put in public domain because sunlight is the best disinfectant.
The Parliamentary Committee on Finance has wondered in its report as to why inflated targets were consistently being given. It observed, “the total budgetary allocations made for UIDAI since its inception upto 2013-14 budget estimate is Rs 5440.30 crore, out of which Rs. 2820.30 crore has been utilized upto 31.03.2013 and the remaining amount of Rs. 2620 has been allocated in budget estimate is 2013-14. The Ministry has informed that the average cost per card is estimated to range from Rs 100 to Rs 157. Taking the average cost per card to be Rs. 130, the total expenditure for issue of 60 crore cards is estimated to about Rs 7800 crore. Thus, the expected requirement of funds during 2013-14 is Rs. 4979.70 crores, whereas only Rs. 2620 crore has been kept for budget estimate during 2013-14, which is thus grossly inadequate.” It is apparent that there is more to it than meets the eye.
When Nilekani was asked about “concerns that the Aadhaar could be used in surveys such as the Socio-economic Caste Census (SECC) for racial profiling, or be linked to EVMs to determine voting patterns”, he gave an evasive reply saying, “The SECC or EVM machines have nothing to do with Aadhaar.”
Notably Aadhaar is a brand name of Unique Identification (UID) Number. The UID project was renamed the Aadhaar project after the UIDAI avowedly had a nationwide competition to find a logo and a brand name. Curiously, Aadhaar name echoes the name of Bangalore based Adhar Trust that Nilekani and Rohini Nilekani set up to fund their initiatives into a government function.
Election Commission of India on its website has provided answer to a question about the “system of numbering EVMs”, it states “Each Control Unit has a unique ID Number (UID), which is painted on each unit with a permanent marker. This ID Number will be allowed to be noted by the Polling Agents and will also be recorded in a Register maintained for the purpose by the Returning Officer. The address tag attached to the Control Unit also will indicate this ID Number.” A careful perusal of UIDAI documents reveals that it is linked to the electoral database too. A confidential document of UIDAI titled ‘Creating a unique identity number for every resident in India’, leaked by Wikileaks on 13 Nov 2009 reads: “One way to ensure that the unique identification (UID) number is used by all government and private agencies is by inserting it into the birth certificate of the infant. Since the birth certificate is the original identity document, it is likely that this number will then persist as the key identifier through the individual’s various life events, such as joining school, immunizations, voting etc.”
The proponents of world's biggest citizen identification scheme aim to converge electoral photo identity card (EPIC) numbers of electoral database, the UID/Aadhaar number database called Central Identities Data Repository (CIDR). In their myopia, political parties in particular and citizens in general have failed to fathom its ramifications for voting by electors in a democracy.
In a letter dated 7 June 2011, the Director General and Mission Director of Unique Identification Authority of India (UIDAI) wrote to Chief Election Commissioner saying, “The Election Commission of India (ECI) may also like to leverage Aadhaar infrastructure in cleaning/ updating their existing electoral data base. Aadhaar numbers issued by the UIDAI can also be included in the list of valid proof of identity (POI) and proof of address (POA) documents of the Election Commission during the polls for identity verification.”
The file notings by ECI on the UIDAI’s letter reads: “How can Aadhaar number used as proof of address”. The reply from ECI dated 17 June 2011 on the letter from UIDAI. It further wrote, Aadhaar numbers can be seeded into EPIC and electoral roll databases to clean those databases and also to bring standardisation and uniformity in the Election Commission’s databases across the country. UIDAI does provide necessary technical and financial support under its information and communications technology (ICT) infrastructure scheme for integration of Aadhaar number with database of concerned Ministries/ Departments to make them UID compliant. However, the process and schemes to use Aadhaar numbers for their applications are to be defined by the concerned Departments themselves.”
The notification of 28 January 2009 that set up UIDAI, provides the terms of reference (TOR) for its work. There is no reference to the collation of UID number database with electoral database in the TOR. But the TOR does refer to “collation and correlation with UID and its partner databases.” If this reference to ‘partner database’ included electoral database, the UID/ Aadhaar enrolment form never revealed it and took Indian residents for a ride.
Notably, UIDAI was constituted in pursuance of the fourth meeting of the Empowered Group of Ministers (EGoM) headed by the then External Affairs Minister, Pranab Mukherji held on 4 November 2008. Shivraj Patil, the then union home minister and A Raja, the then minister for IT and Communications, HR Bhardwaj, the then law minister and Mani Shankar Aiyar, the then panchayati raj minister, were members of the EGoM wherein Montek Singh Ahluwalia, deputy chairman of Planning Commission was an invitee.
UIDAI argued, “Aadhaar database is restricted to the name, date of birth, gender, address, facial image, ten fingerprints and iris of the resident. The data fields are based on the recommendation of the Demographic and Data field Verification Committee headed by N Vittal, former chief vigilance commissioner (CVC). Since Aadhaar database contains absolute minimum information of a resident necessary to establish identity, it is not possible to include EPIC numbers in the Aadhaar database. However, the ECI should seed Aadhaar numbers in the electoral database as clarified above.”
Prior to this KM Chandrasekhar, as cabinet secretary, Government of India (GoI) wrote a letter dated 25 April, 2011 addressed to VK Bhasin, secretary, legislative department stating, “Aadhaar can be treated as a valid Proof of Identity (PoI) and Proof of Address (PoA).”
The Election Commission in its letter dated 4 March 2013 to UIDAI on the subject of “Seeding of Aadhaar number in Electoral Database” wrote that “Commission feels that it would be better that EPIC no. is collected at the time of enrollment for Aadhaar and put in the Aadhaar database…ECI has already issued instructions that Aadhaar cards can be used as alternative identity documents at polling station…It may be mentioned here that Ministry of Home Affairs has also agreed to print EPIC no. on smart card as issued by Registrar General of India…Under the circumstances, it is once again requested that EPIC no. may be made mandatory for enrollment in Aadhaar.” In its letter dated 29 October 2012, the ECI had argued that “including EPIC no. as mandatory field in UIDAI database would enable better integration between UIDAI database and electoral database, which will make Aadhaar numbers more useful.” This enthusiastic endorsement of illegal UIDAI’s database and its inexplicable eagerness to merge EPIC no. and electoral database with a database that faces robust legal challenge merits rigorous scrutiny.
In a letter dated 16 April 2012, RK Singh, the then secretary, ministry of home affairs (MHA), wrote to Dr SY Quraishi, the then Chief Election Commissioner (CEC), with reference to latter’s letter dated 4 April 2012 “regarding inclusion of Electoral Photo Identity Card -EPIC number in the Aadhaar database.” Singh is currently MP from BJP and minister of new and renewable energy. As secretary, MHA he wrote, “The Office of the Registrar General and Census Commissioner, India is in the process of creating the National Population Register (NPR) in the country. The NPR, when completed will be a register of all usual residents of the country, which would have the Aadhaar number besides the demographic and biometric data. The Government is also considering a proposal to issue Resident Identity (smart) Cards to all usual residents above the age of 18 years. The scheme is already making good progress and is likely to be completed in the next two years.”
The combination of the office of Census Commissioner and RGI creates a legal conflict of interest that is required to be examined because Census Act requires that data of residents of India has to be kept confidential. But RGI created under Citizenship Act admittedly puts the data in public domain.
Secretary, MHA also wrote, “As a part of the process of creating the NPR, the EPIC number is also being collected. This would enable mapping of the Aadhaar number to the EPIC number right from the beginning…Once the mapping is completed, there could be a lot of synergy between the EPIC and NPR databases.” He pointed out that “while the registration under the NPR is mandatory under the provisions of the Citizenship Act 1955, the production of EPIC Card during the NPR enrolment and capturing the EPIC number is being done on a voluntary basis from the residents. There are, therefore, gaps in the collection of the numbers. The gap can easily be bridged as the Authorities notified for the creation of the NPR are the same as those notified under the Electoral Law and if necessary instructions are issued by the Election Commission, they could easily ensure a complete coverage.”
It is intriguing as to how Election Commission has failed to comprehend the adverse consequences of such convergence. There is nothing in public domain to suggest that implications of such merger have been examined.
The then secretary, MHA informed the CEC that there is mutual agreement between the MHA’s RGI and ECI that “there is a considerable potential to synchronise the two databases and set up a unified platform for future updating of the same and sought CEC’s advice to take it forward. Does the Election Commission realize that synchronization of the two databases is happening as per the design of Wipro’s document and is beyond the mandate given to UIDAI and RGI?
It may recalled that one of the earliest documents that refer UIDAI is a 14-page long document titled ‘Strategic Vision: Unique Identification of Residents’ prepared by Wipro Ltd for the Planning Commission envisaged the close linkage that the UIDAI’s Aadhaar would have with the electoral database. The use of electoral database mentioned in Wipro’s document remains on the agenda of the proponents of Aadhaar.
The reply of the Prime Minister’s Office (PMO) dated 1 April 2014 transferring the right to information (RTI) application to Election Commission seems to indicate that linkage of UIDAI with the Commission has already been established.
In such a backdrop, PMO’s reluctance to share all the file documents and correspondence relating to Nilekani and right up to his resignation appears quite sensitive and deserves scrutiny.
Nilekani referred to the current “three-member UIDAI Committee under J Satyanarayana, the former IT secretary”. Satyanarayana is currently a part time Chairman of UIDAI since September 6, 2016. He has been on Board of NISG. Notably, Satyanarayana has been the member of the Task Force for preparation of Policy Document on Identity and Access Management under National e-Governance Programme (NeGP). This Task Force was constituted by Office Memorandum dated 31 October, 2006, which was supposed to submit its report by 25 December 2006. Coincidentally, the Processes Committee of the Planning Commission which was set up in July 2006 commissioned the task of preparing “Strategic Vision: Unique Identification of Residents” to Wipro Ltd during the same period. The other members of the Task Force included 34 members besides the Chairman, Dr S.I. Ahson, Professor & Head, Department of Computer Science, Jamila Milia Islamia and the Member Secretary, Ms Pratibha Lokhande, Scientist, National Informatics Centre. The members included 11 Technology Solutions Providers namely, IBM, Microsoft, Oracle, Computer Associates, Novell, Honeywell, HP, Red Hat, ILANTUS Technologies, MPhasis and PricewaterhouseCoopers (PwC). The Task Force submitted version 7 of its 65 page long report in April 2007.
This report talked about “Citizen Identities” and “Owner of identities”. This report states, “The Identity Information is stored by multiple agencies in multiple documents like Ration card, Driving License, Passport, Voter’s card, Birth Certificate etc. The purpose of the Project unique ID (UID) initiated by the Planning Commission is to create a central database of resident information and assign a Unique Identification number to each such resident (Citizens and Persons of Indian Origin) in the country….The appropriate Identity Aggregations and Synchronization should be used to integrate systems to share their identity information.” This April 2007 report reveals that “National UID Project: This project has been initiated, with Voter ID Numbers and BPL households in the first instance.” It is evident that long before the arrival of Nilekani in July 2009 as Chairman of UIDAI, the UID/Aadhaar project was already unfolding. He just came and dishonestly claimed credit for it. This report also discloses that each registered judicial court has a unique identification (UID) number at Sub ordinate Courts, High Court and Supreme Court. This effort seems to be part of profiling and surveillance of judicial institutions.
Notably, this report appears to be making one of the earliest references to “Biometric authentication” in India as “any process that validates the identity of a user who wishes to sign into a system by measuring some intrinsic characteristic of that user. Biometric samples include fingerprints, retina scans, face recognition, voiceprints, and even typing patterns. Biometric authentication depends on measurement of some unique attribute of the user. They presume that these user characteristics are unique, that they may not be recorded and reproductions provided later, and that the sampling device is tamper-proof.”
It defines biometrics as “A measure of an Attribute of a Natural Person’s physical self, or of their physical behavior. In principle at least, a Biometric can be used: to validate an entity (where the entity is a Natural Person); as an Authenticator for an Assertion involving an Entity; and as a means of restricting the use of a personalised Token to the appropriate Natural Person. Examples include: fingerprint, voiceprint, and iris-scan. Biometrics is generally, “the study of measurable biological characteristics. In computer security, biometrics refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked. There are several types of biometric identification schemes: Face: the analysis of facial characteristics; Fingerprint: the analysis of an individual's unique fingerprints; Hand geometry: the analysis of the shape of the hand and the length of the fingers; Retina: the analysis of the capillary vessels located at the back of the eye; Iris: the analysis of the colored ring that surrounds the eye's pupil; Signature: the analysis of the way a person signs his name; Vein: the analysis of pattern of veins in the back if the hand and the wrist; Voice: the analysis of the tone, pitch, cadence, and frequency of a person's voice.”
This report defines “Identification” as “The process whereby data is associated with a particular Identity. It is performed through the acquisition of data that constitutes an Identifier for that identity.” It also defines “Identifier” as “One or more data-items concerning an Identity that are sufficient to distinguish it from other Identities, and that are used to signify that Identity. Identifiers include names. A natural person may use more than one name, and variants of each name. Identifiers also include ‘id numbers’ or ‘id codes’ issued by other Entities that the Entity interacts with. An Entity may be assigned many such numbers and codes. A legal person may have many names (e.g. associated with business units, divisions, branches, trading names, trademarks and brand names), and multiple ‘id numbers’ and ‘id codes’ assigned by other Entities that the Entity interacts with. Identifier Unique pointer, within a certain context (namespace) to an identity.” These definitions are significant because they underline that UID/Aadhaar is an identifier and not a conventional identity proof.
Satyanarayana who was the member of the Task Force that authored the above mentioned report finds mention at page no. 46-47 of the report Parliamentary Standing Committee on Information Technology that examined the work of Department of Electronics and Information Technology (DeitY), Ministry of Communications and Information Technology, asked about the surveillance by National Security Agency (NSA) of the US. It states that in the context of privacy of data, the Committee desired to know the Department’s stand on the issue of surveillance by US and interception of data sent through e-mails. To this, Satyanarayana, as Secretary, DeitY, responded during the evidence as under:-“Sir, about the US surveillance issue, there has been a debate, as you are aware, this morning in the Rajya Sabha itself and the hon. Minister has addressed this issue. He also emphasised that as far as the Government data and Government mails are concerned, the policy, the copy of which I have given to the Committee earlier, is going to address a large part of it. Hopefully, by the end of this year, if it is implemented, the things will be absolutely safe and secure…x.x.x.x…In the reply, the Hon. Minister also said that we have expressed our serious concern about the reported leakages and in the name of surveillance, the data that has been secured from various private sources, internet resources by the US Government. We have expressed it formally to the Government of the US and also during the Secretary of State’s visit a few weeks ago in India, this has been reinforced on a person to person basis.”
He added, “We have been assured that whatever data has been gathered by them for surveillance relates only to the metadata. It has been reiterated and stated at the highest level of the US President that that only the metadata has been accessed, which is, the origin of the message and the receiving point, the destination and the route through which it has gone, but not the actual content itself. This has been reiterated by them, but we expressed that any incursion into the content will not be tolerated and is not tolerable from Indian stand and point of view. That has been mentioned very clearly and firmly by our Government.”
In effect, the Government of India has formally communicated to Government US that India has no problem if they conduct surveillance for metadata in fact it is acceptable and tolerable but “incursion into the content will not be tolerated and is not tolerable.”
The Parliamentary Committee observes, “While taking note of the Department’s stand on the recent instances of surveillance and interception of data (though only meta-data) by other countries, that incursion into the content of the country’s data will not be tolerated, the Committee is of the strong opinion that the Department should have exercised enough caution so that such a situation was not allowed to occur at the first instance. Further, the Committee feels that the Department should be extremely vigilant and cautious in terms of safety as well as in terms of policy with different countries so as to avoid such leakage and interception of sensitive data in the name of surveillance. The Committee, therefore, strongly recommends the Department to take remedial measures and come out with a policy which should be implemented stringently so as to obviate recurrence of such instances.” MeitY which has been formed by giving the status of ministry to the Department of Electronics and Information Technology (DeitY) has been misleading the State Governments, media and the citizens. It must be remembered that the idea of UID was incubated in this very Department. It is evident that Satyanarayana and this Department has no problem in sharing meta data of Indians to foreign agencies.
Nilekani refers to Vijay Madan who was the UIDAI CEO. Notably, Madan made false claims in a presentation titled “Digital ID for Benefit and Service Delivery to Billion Plus People” in the ‘Special Session on National ID Programs’ at the International Joint Conference on Biometrics held during 29th September – 2nd October 2014 at Clearwater, Florida, USA. He claimed that “Security and Privacy of personal information ensured” by UIDAI in its implementation of UID/Adhaar project. This claim is an exercise in misrepresentation. Given the fact that some 91,000 of USA’s classified pages reached the website of Wikileaks in August 2010 reveals that such claims of security and privacy are mere empty claims with no privacy law in the country. The Ministry of Planning, the nodal ministry for UID/aadhaar informed the Parliamentary Standing Committee that concerns sharing of data, surveillance and profiling is being addressed by a proposed legislation on privacy. The committee observed that the enactment of such data protection law is a “pre-requisite for any law that deals with large-scale collection of information from individuals and its linkages across separate databases.” This promised law has not been enacted till date. Notably, till date there is no data protection and privacy protection law in the country. Thus, the claim of UIDAI and Nilekani remains a bogus claim.
Nilekani forgot mention the name of his first Mission Director. It is relevant to observe that the letterhead of the UIDAI’s Director General under Nilekani, Ram Sewak Sharma revealed his personal email ID as firstname.lastname@example.org. The question is who authorized the UIDAI’s Director General to use Google’s email account? Is it the case that UIDAI does have its own email account? After relinquishing his post at UIDAI to join as Chief Secretary, Government of Jharkhand, did Sharma surrender his email ID to UIDAI? Currently, Sharma is the Chairman, Telecom Regulatory Authority of India (TRAI). Prior to this assignment, he worked as the Secretary, Department of Electronics and Information Technology after his tenure as Chief Secretary, Government of Jharkhand where is promoted UID/Aadhaar project enthusiastically using the same Google’s email account. UIDAI officials, Nilekani and Sharma were/are privy to massive trove of communications about the inner workings of the world’s biggest biometric database project aimed at creating a Centralized Identities Data Repository (CIDR) of all the UID/Aadhaar Numbers and related aspects of nation’s diplomacy, national security and personal sensitive information of present and future Indians. The email accounts of Nilekani and Sharma must be investigated to ascertain all the locations around the world from which it has been accessed especially in the light of disclosures about the controversy surrounding use of private email account by Hillary Clinton who began using it as “a matter of a convenience" disregarding the advice of tech experts who didn’t allow personal email accounts to be installed on government-issued devices. Her official communications included thousands of emails that would retroactively be marked classified by the US State Department. This issue was raised vociferously by Donald Trump, the President of USA because it compromised USA’s national security.
The fact that one of the senior most official of UIDAI chose to receive such sensitive information on the server of Google, a private company, is a threat to national security and privacy of Indians. This company is regulated by US laws and has been working in collusion with foreign intelligence agencies. The authorities in the US, where Gmail is headquartered, can legally access the information on the server of Google without a court warrant and without any civil and criminal liability. The Indian government will remain in dark about it. In fact US’ Cyber Intelligence Sharing and Protection Act (CISPA) make the exchange of electronic information between Internet Service Providers and the government of US possible. The use of Gmail account demonstrates the lack of professionalism of UIDAI, which has been given the task of handling the database of the personal sensitive information of Indians. This act of omission and commission merits attention. Such gullibility of ministers, Secretaries and Chief Secretaries besides other IAS and IPS officers in particular and officials in general is inexcusable. This merits high level probe.
Nilekani also refers to Ajay Bhushan Pandey, the current CEO of UIDAI. Pandey claimed that “At least from the UIDAI side, we have not said it shall be mandatory.” If it indeed true that UID/Aadhaar is not being made mandatory by UIDAI then MeitY should have withdrawn the letter to Secretary Department of Defence Production and other departments, agencies and State Governments. Given the fact that he has not done so demonstrates that articulations of UIDAI are equivocal and questionable. It has compromised national security and the personal sensitive information of present and future Presidents, Prime Ministers, judges, legislators and officials handling sensitive assignments besides all the Indians.
Contrary to the claims of the promoters of biometric Unique Identification (UID)/Aadhaar like Nandan Nilekani that “Millions of people without any ID, now have an ID”, the fact is that of all the Aadhaar numbers issued to Indian residents till date – 99.97 per cent had pre-existing identification (ID) documents. This has been revealed in a reply to an application under Right to Information (RTI) Act by Unique Identification Authority of India (UIDAI), Union Ministry of Electronics and Information Technology (MeitY). The enclosed reply revealed that out of the 83.5 crore UID/Aadhaar numbers issued till then, only 2.19 lakh residents (0.03 per cent) have been given numbers based on the introduction by the introducer system because they did not have a pre-existing ID. This proves that that ‘an inability to prove identity” has not a major barrier to access benefits and subsidies.
A bizarre situation is emerging where citizens chose a government that was supposed to represent them but their government is undertaking the task of ascertaining whether or not those it represents are indeed those who they claim to be through coercive biometric authentication. It ends up breaking the sacrosanct social contract between the citizen and the State in an unprecedented act of breach of trust. The attempt to undertake convergence of all the sensitive databases of Indians and the confidence of promoters of UID/Aadhaar in the irreversibility of their efforts has thrown as yet an unmet open political challenge to the opposition parties, informed citizens and the judiciary.
Dr Gopal Krishna
The author had appeared before the Parliamentary Standing Committee on Finance that examined the Aadhaar Bill and the Parliamentary Standing Committee on Food, Consumer Affairs and Public Distribution that examined the Consumer Protection Bill. He is editor of www.toxicswatch.org and is the convener of Citizens Forum for Civil Liberties which has been working on UID/Aadhaar issue since 2010.