Tuesday, November 8, 2011

http://aadhararticles.blogspot.com/2011/11/1770-aadhaar-how-n-t-i-o-n-i-s-deceived.html

http://aadhararticles.blogspot.com/2011/11/1770-aadhaar-how-n-t-i-o-n-i-s-deceived.html

1770 - 'AADHAAR' How a N a t i o n I s Deceived by Jijeesh P B

A BOOKLET on AADHAAR

'AADHAAR'
How
a  N a t i o n   I s
Deceived

jijeesh p b

Study
AADHAAR
How a Nation is Deceived
jijeesh p b


2011
First Edition
Rs. 100


Printed at
Sreyas, Muvattupuzha
Cover & Lay out
Aaziz kunnappilly

The views and contents of the book are solely of the organization GREENPEOPLE. © Rights Reserved.
No Part of this work may be reproduced or copied without prior written permission of the publisher


Published by
Kochi – 686674 –



The revenue from the sale of this book will be used for NO2AADHAAR campaign



Acknowledgements


         This book would not have been possible without the help and support of many individuals. I express my gratitude to all those who took personal interest and support in my Endeavour. Sri. Aziz Kunnappilly, President Greenpeople (the socio environmental organization I am associated with) who gave me the confidence to write this book, beloved Yousef Sir who guided me through each and every phase of writing, Kum. Sunija M Vijayan, who provideded me with valuable information on the subject, Sri. Kadathy Shaji, who introduced me to Greenpeople, Sri. Manoj S Nair, Basil Mathew, Hasan Master, Deepu A S, Shameer Perumatom, my dear wife, brother and finally my great mother who brought me up and made me what I am.



AADHAAR; How a Nation is Deceived


"You may say I am a pessimist. But I am not the only one; I hope someday you will join us"[1]


Foreword
Three words whirled around a room where the UID was being discussed in November 2009: unique, universal, ubiquitous. Mr Nandan Nilekani, Chairperson of the Unique Identification Authority of India, was promoting the idea of 12 digits that would help uniquely identify each of the 1.2 billion residents of India. It was to cover the entire population, making it universal. It was to become a number without which more and more can be transacted less and less, and this was to propel it towards ubiquity. The idea of a Unique ID was marketed as an antidote to the corruption and leakage that is endemic to our system of service delivery. Human beings are corrupt; technology is incorruptible. Demographic information can be inaccurately represented; biometrics is unique and certain. Government is inefficient; technology delivers, every time, and infallibly. These glib assumptions and judgments were offered as explanations for a project that was to be a `gamechanger'.
Why `glib'? In part, because this gargantuan project has begun to roll without a feasibility study which could speak to the possibilities, pitfalls and various consequences of the project. There has been no estimation of the budget required to implement the project. There has been no cost : benefit assessment; general statements about losses sustained in delivering services, such as in the Public Distribution System, have been thrown around as demonstration that the current system is bad and anything else would surely be better.     The idea of identity has been reduced to the use of the body as a marker – fingerprints especially – and, yet, the accuracy and uniqueness of biometrics has not been a subject for enquiry, but for propaganda. Even when J.T. D'Souza gives a demo of how easy it is to spoof and misuse fingerprints (http://www.youtube.com/watch?v=0a96L_SphR4), there is a studied refusal to acknowledge a problem. He repeated his performance at an official meeting on September 30, 2011, with a UIDAI official in attendance, one year after biometrics were first collected under the project; the response was an incredible bureaucratic phrase: "We will look into it"!
As the project was poised to take off, Mr Nilekani, who has been its chief spokesperson, repeatedly assured us that enrolment was voluntary. Other agencies may make it mandatory to have a UID, but not the UIDAI. It wasn't very long before Mr Nilekani and his team saw that voluntariness would not produce the universal enrolment, which is their most immediate and keenly pursued aim. The tactics have changed since. It has shifted from inducement to threat: that anyone without a UID would be left out of the system – no PDS, NREGA, public health, school, gas connection or even refill, bank account, passport ...
That is not the only assurance that has got lost along the way. In the early stages, we were told that the information that the UIDAI was collecting was very basic, just some minimal demographic information and biometric data including photograph, fingerprints and an iris scan. We now watch as the UIDAI and its Registrars – which include state government, oil companies, banks, insurance companies among others – are collecting all manner of information that can be `converged' and used in ways yet unknown. It had been said that the UIDAI would not be giving the information to anyone – all that they would say was to have been `yes' or `no' to an authentication request; yet, there is a column for `information sharing' that is in the form, which will allow the UIDAI to hand over details, including biometric details to various agencies!
All this is happening without the backing of law. Law is required not only to authorise the UIDAI to carry on with entering into various arrangements that allow for personal information to be collected and held and handled by various agencies. It is also needed to set out protocols in connection with protecting the data, fixing liability and defining what is lawful and what is not. The UIDAI's protests that the absence of a law is all right because it was set up by an executive notification is not just feeble; it is misleading, and attempts to deflect attention from the constitutional concerns that many of us have been raising.
The `panopticon state', and the state as `Big Brother', are images that capture the moment created by the UID project. That every resident should be transparent to the state is an anti-democratic idea, but the common reach of technology, and the corporatizing of public programming, has together lulled populations into an unsuspecting complaisance. Projects such as the NATGRID, the National Population Register, National Information Utilities as proposed in the TAG-Up report which could see itself expanding into wiser areas, the new and unbounded mandate set by the Collection of Statistics Act 2008, the Rules under the Information Technology Act on April 11, 2011 are akin to confessions by a state that it has a curiosity about our lives that it can compel us to satisfy. The UID project authorities will only speak about the avowed welfare potential that it claims is the logic of the project, and has been obdurately refusing to acknowledge the possibilities of surveillance, tracking, tagging, labelling, profiling and invasions of privacy that the project offers.
The UID has admitted that this is an experiment, naturally at the cost of the Indian tax payer. If it works, it could change the relationship of power between the state and the citizen. Social control, and the reining in of political dissent, which are likely to occur are not the only threats posed by this project. There are questions of personal security whether through identity theft or misuse of powers and of information, national security where the data is being gathered and then continued to be handled by agencies such as L-1 Identity Solutions and Accenture with their proximity to the CIA and Homeland Security. There is the question of exclusion, because people are unable to get on to the data base, their fingerprints do not work, they are dependent on `introducers' who don't even know them ...
The magnitude of this project, and the many implications which are being brushed aside without even attempting answers, should have cautioned us about what this project portends. At the very least, public discussion and explanation must surely precede the rolling out of such a project. It hasn't happened. Nowhere near enough.
Young Jijeesh's effort at taking on the UID project is of enormous importance. It is timely, and  if it breaks through the walls of silence that the Mr Nandan Nilekani have worked to erect, it will have done our democracy a good turn. There are many questions that many of us have been asking which lie unanswered in the cupboards of callousness and unresponsiveness that has become state practice. Jijeesh's is the voice of a concerned youth who is irked into independent speech by the arrogance of the project. More power to him.
A tailpiece: At the November 2009 meeting, Mr Nilekani stood up to make his presentation and his aides started setting up his powerpoint. We waited while they fiddled with the machine. A minute. Two. An apology. Then some more fiddling. Then, a panicked voice cried out `fire, fire'. The extension cord had caught fire. We went on with the day, without the powerpoint.  A portent, perhaps?

Usha Ramanathan
New Delhi
27 October 2011


Dr. Usha Ramanathan: renowned scholar and independent reasearcher injurisprudence of law, poverty and rights. She is the South Asia Editor of the Law, Environment and Development Journal (LEAD Journal), an internationally reviewed academic journal published jointly by International Environmental Law Research Centre (IELRC) and School of Oriental and African Studies(SOAS), University of London. She is a member of Amnesty International's Advisory Panel on Economic, Social and Cultural Rights and has been called upon by the World Health Organisation as a expert on mental health on various occasions. She teaches environmental law, labour law and consumer law at the Indian Law Institute and is a guest faculty at various institutes around the world.

Preface
This is a critical analysis of one of the most ambitious projects undertaken by independent India, perhaps the 1st one of this scale in the world, pet named Aadhaar. The project is envisaged to issue Unique Identification Number (UID) to each and every residents of India. "The name Aadhaar communicates the fundamental role of the number issued by the UIDAI the number as a universal identity infrastructure, a foundation over which public and private agencies can build services and applications that benefit residents across India." Notes, Mr. Nandan Nilekani, Chairman of the UIDAI. Aadhaar's guarantee of unique and centralised online identity verification would be the basis of building these multiple services and applications and facilitating greater connectivity to market.
In short, Aadhaar represents a new dawn. Yet there has been no real public discourse on the subject but for some promotional documents issued by the government. It is surprising that no studies were conducted before launching the programme.  Contrary to the claims by the government, The Scenario Test by the Unique Identification Authority of India (UIDAI) and The Proof of the concept Report that followed proves almost nothing in its favour. And to this day no bill has been passed by the Indian Parliament in this regard. These bizarre facts should saw seeds of doubt in anybody's mind. This book intends to look into those doubt and help readers formulate an opinion on a project, that if implemented would make revolutionary changes in the way we live.
The first section of the book will provide an overview of the project Aadhaar. The government's claims about the project, its nature, and information collected details of data storage and about statutes which govern Unique Identification Authority of India (UIDAI) are discussed in this section. In the second section we will critically analyse the claims and official stands of the government and UIDAI. The issues of conflict include question on individual privacy and Civil Liberty, Possibilities of data theft, misuse and risks involved therein. We will also look into the reliability of biometrics based on scientific studies and experiences elsewhere. Later chapters discuss the social and economic impacts of the projects.  A chapter is dedicated to analyse the international Experiences with respect to national ID card systems. And in the final section we will list out the reasons why Aadhaar should be opposed.

                                                                  jijeesh p b




The Project

                                                                  
              
  The details included in this section will give the reader an overview of the Unique Identification Project or Aadhaar. We will discuss the background that necessitated such a project, the official documents released by the UIDAI, its benefits, scope, processes involved in its implementation etc.

Background
The concluding decades of the 20th century witnessed the emergence of Technology as the new face of governance. E-governance and many modernization government programmes were introduced to improve the quality of governance especially in the field of national security. In the post 9/11 era when the 'war against terror' and related paranoia ruled the world possibilities of national biometric identity cards were proposed with haste in various countries. In the 1980s efforts were there in Australia to issue national identity cards. Similar attempts were, made in Canada, Newzealand, Philippines, China and the United Kingdom. The Real ID project of the Bush administration in the US also attracted attention worldwide.
         In India steps in this direction began with " Kargil Review Committee Report" submitted in January 2000. The committee recommended that ID cards be issued immediately to people in border districts to prevent infiltration and find out illegal immigrants. Based on this a Group of Ministers in a report titled "Reforming the national Security System" noted:

"
All citizens should be given a Multi-purpose National Identity Card (MNIC) and non-citizens should be issued identity cards of a different colour and design."11
Acting upon the report Government of India initiated a process for the creation of a National Register of Citizens in 2003.  The official website of the UIDAI says:
"Strategic Vision on the UIDAI Project" was prepared and submitted to this Committee by M/S Wipro Ltd (Consultant for the design phase and program management phase of the Pilot UIDAI project). It envisaged the close linkage that the UIDAI would have to the electoral database. The Committee also appreciated the need of a UIDAI Authority to be created by an executive order under the aegis of the Planning Commission to ensure a pan-departmental and neutral identity for the authority and at the same time enable a focused approach to attaining the goals set for the XI Plan. The Seventh Meeting of the Process Committee on 30 August 2007 decided to furnish to the Planning commission a detailed proposal based on the resource model for seeking its "in principle" approval [2]
The present UPA Government soon after assuming power formed Unique Identification Authority of India (UIDAI) in 2009. The programme named Aadhaar was inaugurated in 29th September 2009 by Prime Minister Dr. Manmohan Singh. The first resident to receive Aadhaar was Ranjana Sadashiv Sonavane of Tembhili village in Maharashtra.

What is Aadhaar?
Adhaar is the brand name of Unique Identification Number (UID) that the Unique Identification Authority of India (UIDAI) will issue to every resident of India. The 12 digit number is linked to the resident's demographic and biometric information, which they can use to identify them anywhere in India, and to access a host of benefits and services. Each number relates to a set of information stored in centralised data base that provides for real-time verification.

Who is UIDAI?

Unique Identification Authority of India (UIDAI) is the government agency responsible for the implementation of Aadhaar.

"UIDAI was set up through notification number A-43011/02/2009 Admin.1 dated 28/01/2009 as an attached office of the Planning Commission. As per the notification UIDAI has been assigned the responsibility of laying down the plan and policies to implement the UIDAI Scheme, Own and operate UIDAI database including its updation and maintenance on an ongoing basis. The implementation of the scheme entails, inter-alia, the responsibilities to generate and assign UID number to residents and define sage and applicability of UID for delivery of various services."2

Mr. Nandan Nilekani, a former co-chairman of Infosys was appointed as the Chairman of UIDAI (with cabinet rank). R. S. Sharma is the Director General and Mission Director of UIDAI.

What are the details collected?

The data stored in the Central ID repository (CIDR) include basic biometric and demographic information of every individual in India. Photograph, Ten fingerprints and the Iris Scans are the biometric information collected. Details collected are listed below:

1.   Name
2.   Gender
3.   Date of Birth
4.   Father's/ Husband's/ Guardian's Name and   ………Aadhaar number
5.    Mother's/ wife's/ Guardian's Name and   ………Aadhar Number
6.   Educational Qualification
7.   Address
8.   Voter's ID number
9.   PAN
10.                 Ration Card number
11.                 Driving License Number
12.                 Details of Gas Connection
13.                 Introducer's Name and Aadhaar number in   ………case of lack of documents
14.                 Ten finger prints
15.                 Iris Scans
16.                 Photograph
17.                 NREGS number
(These details are collected through Akshaya e-centres in Kerala)[3]. Various state governments and enrolling agencies are incorporating whoknows-what-all details in the forms.


What are the processes included?

The project is being implemented in two phases:

Phase I: It comprises of setting up of necessary infrastructure at the Head Quarters and Regional Offices, testing facilities, putting the man power and process to kick-start the program.

Phase II: It involves enrolling of people in the scheme through some enrolling agencies. ( In Kerala it is Akshaya e-centres). Then, the process of de-duplication. (De-duplicartion is the process by which data collected through enrollment process is subjected to verification by the UIDAI by biometric matching to ensure that no duplication has occurred.) And the process of data updation by which any change in the biometric or demographic data is recorded in time.

Under what Law does UIDAI function?

         The UIDAI as such is presently functional in terms of the executive order said above.

Who would store the data?

         The data collected during enrollment process which include demographic and biometric information would be stored in Central I D Repository (CIDR) maintained by the UIDAI. The scheme has a multi registrar approach. The registrar General of India having the responsibility of preparing the National Population Register (NPR) under the citizenship Rule 2003 is one the main registrars of UIDAI. This multi registrar approach would reduce the risks associated with  data security, says the UIDAI.

Who can access the data?

         The data stored in the CIDR is used for the verification of identity of the residents who has a UID number. A real time verification system will be made available to all service providers who prefer to make use of Aadhaar. These might include various social welfare schemes of the government like PDS and NREGS and financial institutions like Banks. The UIDAI also contemplates expanding the use of Aadhaar to various other applications in private and public sectors. UIDAI says it would provide only identity verification no personal information would be made available to other agencies whether government or private.

What is the cost of the Project?

         The exact figure on the total cost of the project surprisingly is missing in all official documents. Unofficial estimates varies sharply, one estimate pegs the cost at Rs.1,50,000 crore. The chairman of the UIDAI is reported to have said that the project would cost 10,000 crores. Anyway cabinet committee has approved Rs.3170.32 crores for Phase-I and Phase-II for providing UID numbers (not cards) to 10crore residents. [4]

Who are the non-Indian players involved in the Project?

         The UIDAI has entered into contract with a number of service providers for the procurement of equipments. But doesn't have any information regarding the source of procurement by all of them. But provides a few in responses to a question asked under RTI Act 2005:
"M/s HCL Infosystems which will provide 'Internet & Knowledge Management Portal'
services will be procuring equipment from companies of Non-Indian origin. The details are as under :-
Equipment                 Company
Microsoftsharepoint   Microsoft, USA Hardware                 HP, USA
         It is known that L1 Identity Solutions, an American company, which has been supplying similar equipment to the U.S. Department for Homeland Security is supplying biometric readers for the project.

                              
What are the Benefits of  UID?

         All promotional materials released by the UIDAI lays emphasis on the point that Aadhaar will facilitate the proper working of Social Welfare Schemes such as Public Distribution System (PDS) and National Rural Employment Guarantee Scheme (NREGS). "The project pegs its legitimacy on what it will do for the poor. It promises that it will give the poor an identity, with which they may become visible to the state" writes Dr. Usha Ramanathan.[5] The UID is expected to plug leakages in PDS and ease payments to be made under the NREGS. It would also help foul proof implementation of right to education and food Security Acts says the government.

"        Each Aadhaar number will be unique to an individual and will remain valid for life. Aadhaar number will help you provide access to services like banking, mobile phone connections and other Govt and Non-Govt services in due course.
Unique and robust enough to eliminate the large number of duplicate and fake identities in government and private databases

Aadhaar can for example, provide the identity infrastructure for ensuring financial inclusion across the country – banks can link the unique number to a bank account for every resident, and use the online identity authentication to allow residents to access the account from anywhere in the country

Aadhaar would also be a foundation for the effective enforcement of individual rights. A clear registration and recognition of the individual's identity with the state is necessary to implement their rights –to employment, education, food, etc. The number, by ensuring such registration and recognition of individuals, would help the state deliver these rights."[6]

Says the official website of Aahaar.

         Adhaar is projected as the symbol of modern India, or what high-tech India can do for the betterment of its people.


Aadhaar;   A Critical Analysis

[7]
        
Aadhaar as we understood in the previous section has the potential to change the history of India in many ways. "Aadhaar is symbolic of the new and 'modern' India" says the Prime Minister. So we have every right to understand what that 'modern' India means for its citizens. It should be a matter of concern that there has been no informed public debate on the issues concerned with the implementation of Aadhaar, but for the promotional literature issued by the UIDAI. There seldom had any discussion in the mainstream media, especially in the visual media and regional dailies, about the project and about its social implication. This book intends to spark off a debate on the issue by bringing legal, ethical, economic and scientific skepticism that engulf ID card projects worldwide into the public domain. Before that we would reproduce a table from the UIDAI website just to recollect their claims on what Aadhaar is and what it is not.


Is Aadhaar Mandatory?

         The answer for for sure is 'No' says the UIDAI. But as R. Ramakumar, Associate Professor with Tata institute of social Sciences, Mumbai pointed out " Aadhaar has stealthily being made mandatory" [9] By linking UID to National Population Register  the UIDAI has made Aadhaar, de facto  compulsory for every citizen. "There are no penal consequences if a person does not chose to get an Aadhaar number" says R S Sharma, Director General and Mission Director of UIDAI[10] this is utter nonsense! For the Citizenship Rules 2003 requires every Indian citizen to compulsorily register with the Local Registrar of Citizen Registration and provide correct individual particulars. Rule 17 explicitly provides for penal consequences if a person fails to comply.  It is admitted by UIDAI that data collected for National Population Register (NPR) will be fed into the UIDAI database and NPR would issue a card bearing the UID number. The case is crystal clear that Aadhaar is Mandatory.

         But why doesn't the UIDAI admit this? Why should a government hide facts from its people? Why can't they put it straightforward that 'every Indian should obtain a National Idenity Number? The answer is not as simple as the questions asked, we will see that in the coming section where we will discuss the social implications of Aadhaar.


Questions on Privacy and Civil Liberty

         Globally, public debate about national ID card projects has revolved around the questions on Privacy and Civil Liberties. The problem is that a mammoth project envisaged to form a centralized repository of individual profiles would risk the basic rights of the people enrolled in the scheme. There are possibilities of infringement into individual privacy, data theft, corruption, market intrusion etc.

         Here I quote a dark joke that appeared in The Economic and Political Weekly [11] :

Operator: Thank you for calling Pizza Plaza. May I have your…

Customer: May I place an order?

Operator: Can I have your multipurpose ID card number, sir?

Customer: It is, hold on … 2135610204999845-54610

Operator: Welcome back from Japan,  Mr Singh.

Customer: May I order your Seafood Pizza…

Operator: That's not a good idea, sir.

Customer: Why would you say that?

Operator: According to your medical records, sir, you have high blood pressure and even higher cholesterol level.

Customer: What? … What do you recommend then?

Operator: Try our Low Fat Pizza. You'll like it.

Customer: How would you know that?

Operator: You borrowed a book titled ­Popular­ Dishes from the National Library last week, sir.

Customer: Oh … Have three family size  delivered. How much would that cost?

Operator: That should be enough for your family of 5, sir. That will be Rs 500.

Customer: Do you accept payment by credit card?

Operator: I'm afraid you have to pay us cash, sir. Your credit card is over the limit and you owe your bank Rs 23,000 since October last year. And that's not including the late payment charges on your housing loan.

Customer: I guess I have to run to the neighbourhood ATM and withdraw some cash before your guy arrives.

Operator: Oh, no, sir. Your records show that you've reached your daily limit on machine withdrawal today.

Customer: Never mind, just send the pizzas, I'll have the cash ready. How long will that take?

Operator: About 45 minutes, sir, but if you can't wait you can always come and collect it in your Nano. Will there be anything else, sir?

Customer: No… By the way… make sure you send the 3 free bottles of cola as advertised.

Operator: But, sir, your health records say you're a diabetic…....

Customer: #$$^%&$@$% ^

Operator: Please watch your language, sir. Remember on 15 July you were convicted     of using abusive language at a policeman…?[12]

I agree that this is an exaggeration, but our personal information is not at all safe with the UIDAI – neither legally nor technically. The Apollo hospitals have requested to the UIDAI and knowledge Commission to link the Health records of individuals with the UID. It has invested in a company called "Health Super Highway". The hospital group conceived the project to share health records of individuals across the country.


State Surveilance, Market Intrusion and the Database State.

         Every citizen under international and domestic laws has the right to privacy. The International Covenant on Civil and Political Rights (CCPR) ratified by the Government of India requires that the right to privacy of every individual be protected from arbitrary or unlawful interference by the state. As upheld by the Apex Court right to privacy is explicit under article 21 of the Constitution of India.[13] As per Article 13(2) "The State shall not make any law which takes away or abridges the rights conferred by this Part and any law made in contravention of this clause shall, to the extent of the contravention, be void". In addition The Hindu Marriage Act, The Copy Right Act, Code of Criminal Procedure, Juvenile justice Act (Care and Protection) act, 2000 and the Census Act, 1948 provides for the protection of privacy of an Individual. A notable case is Census Act, 1948 which in many ways is related to collecting information from individual. Under section 15 of the Act, "the information that is collected by Census Agency is neither open to inspection nor admissible in evidence." This ensures the confidentiality of personal information of individuals while allowing the state to have a profile of the population as a whole.

         The National Identification Authority Bill, 2010 on the other hand empowers the government to access the data in the CIDR which constitutes the National Population Register. Many of us may not be aware of the fact that NPR was not an exercise done under the Census Act, 1948. The NPR is under Citizenship (Registration of Citizens and Issue of National Identity Cards) Rules 2003 which came as an amendment to citizenship Act 1955. This was done to bye-pass the confidentiality enshrined in the Census Act, 1948. Also the act makes a national identity number compulsory.[14] :  " it shall be the responsibility of every citizen to once register with the Local  Registrar of Citizen registration and to provide correct individual particulars" and the onus of getting enrolled in the NPR has been placed on the resident. The law further states: "Any violation of rules 5,7,8,10,11 and 14 shall be punishable with fine which may extend to rupees thousand." By linking UIDAI with NPR Aadhaar is made mandatory.  Thus the state or UIDAI would have the individual profile of every resident.
         The table reproduced above from the UIDAI website says "Aadhaar will give only 'YES' or 'NO' response to any Identification Authentication queries and UIDAI information will not be made available to any public or private agencies". But see what the proposed NIAI Bill, 2010 has in section 33:
33. Nothing contained in the sub-section (3) of section 30 shall apply in respect of –
(a) any disclosure of information (including identity information or details of   authentication) made pursuant to an order of a competent court; or
(b) any disclosure of information (including identity information) made in the interests of national security in pursuance of a direction to that effect issued by an officer not below the rank of Joint Secretary or equivalent in the Central Government after obtaining approval of the Minister in charge.

         A clear case for the state's intrusion into the privacy of its citizen. Reading this alongside the words of Home Minister, Sri. P Chidambaram that "under the National Intelligence Grid (NATGRID), 21 sets of database will be networked to achieve quick, seamless and secure access to desired information for intelligence and enforcement agencies to detect patterns, trace sources for money and support, track travelers and identify those who must be watched, investigated, disabled  and neutralized"[15]should rise alarm. India has launched many similar projects like Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc. , all without proper legal framework or approval of the parliament.

         The deeds of intelligence agencies we all know are not subject to any judicial overview. With the NIAI Bill, 2010 giving little concern for privacy and liberties the chances of misuse of data is extremely highIn a world driven by corporate interests the poor are always seen as a threat to those who are not poor. With individual profile of every citizen in hand the government can obtain whatever information they need by cross references with various databases. This Convergence of Data can lead to state surveillance.  Even mass protests and gatherings like the one we seen with the anticorruption movement lead by Anna Hazare could be monitored.  There is possibility that all those who dissent with the government would be neutralized. The consequences will be disastrous for the very existence of our democracy. (We know how our government handled our citizen during the Emergency).  This might turn our nation into aData Base State where even the policy formulations are based on the data base. This could expose religious, linguistic, ethnic and cultural minorities to unforeseen risks.

 Moreover the Planning Commission thinks that the data "This could also form the basis of a public-private-partnership wherein unique ID based data can be outsourced to other users, who would, in turn, build up their smart card based applications… 
 …In the context of the unique ID, part of this data base could be shared with even purely private smart card initiatives such as private banking/financial services on a pay-as-you-use principle….
These agencies [private utility services providers or financial and other institutions] can 'borrow' unique ID and related information from the managers of these data bases and load further applications in making specific smart-cards. While the original sources of data can be updated by the data managers, the updating of supplementary parts will remain the responsibility of the service providers.[16]

         If things are to go the way the working group of the planning commission thinks the unique   ID project can raise only more problems than it solves. In the neo-liberal era far greater chances are there for private players to exploit the personal information than anyone would imagine. The private players involved in data collection and storage includeL1 Identity Solutions, a company that provides similar services to CIA and FBI of the US and Accenture. L1 Identity solutions has many ex-CIA personnel on their staff and board. None of these companies can refuse handing over data to the US if they ask for.  Do we need to hand over our information to foreign intelligence agencies? Possibilities of data theft, corruption and leakages are very high. As illustrated live on TV by Chaos Computer Club in Germany, hacker attacks on the CIDR are a real danger. With no specific laws like US Federal Privacy Statute or the European Directive on Data Protection we could be in huge trouble. The stolen data can be used for many unforeseen purposes. It will make hackers easier for accessing our bank accounts. Thieves have amazing knowledge of technology and their schemes and imaginations are mind-boggling. On October 7 2011, an American court indicted 111 men in one of the worst cases of data theft in world history when identities of thousands of people were stolen and their bank accounts were emptied through forged American Express, Discover, MasterCard, and Visa cards with the stolen credit-card numbers. "These weren't holdups at gunpoint, but the impact on victims was the same," New York Police Commissioner Raymond Kelly said. "They were robbed." Proposals for using UID and biometric verification for accessing banking services run greater risks for data once hacked cannot be changed. If a credit card number is stolen we can stop the harm by disposing off with the service (if we come to now it has been hacked), if our ID card is stolen, we can get a duplicate ID card or new one after cancelling the former, but we cannot do that with our UID number as our finger prints or iris scans cannot be changed at will. That is even if we come to know that our data has been stolen we will be left with no option but to suffer the consequences.

         The global experiences on national ID card schemes should have guided the policies of our government, especially in an era of globalization. But it seems our government has turned a blind eye towards experiences abroad. All national ID card schemes across the world have faced stiff resistance from Civil Liberty Groups. In 1985 Australia came out with proposal to issue national ID card called 'Australia Card'. After rigorous opposition and fierce protests the proposal was withdrawn in 1987. The experiences in the United States, United Kingdom, Canada, Newzealnd and Philippines were similar.

        
         In countries where there is voluntary security numbers have founded it difficult to deal with the problems of data theft and misuse. That is why the U S President's Strategic Plan in 2007 aims to reduce and eliminate the use of Social Security Number (SSN) to identify individuals.

         We will come back to the experiences of various countries in the world in the chapter 'The Global Experience'.



Social Costs of the Project Aadhaar



[17]




Questions about Claims on Financial Inclusion

         "Aadhaar can provide the identity infrastructure for ensuring financial inclusion across the country – banks can link the unique number to a bank account for every resident, and use the online identity authentication to allow residents to access the account from anywhere in the country" claims Mr. Nandan Nilekani, Chairman of UIDAI[18] The promotional literature on Aadhaar is full of pro-poor rhetoric and claims about financial inclusion. But a closer look at the project would make it clear that but for the rhetoric, the project guarantees only more troubles for the poor.

         The government of India intends to use UID for various welfare schemes like NREGS, Food Security Act, PDS etc. And UIDAI says while it won't make UID mandatory but service providers could do the same. The service providers mean various government agencies and private players.  'UID will become the source of identity verification for every Indian when they need to open a bank account or obtain a driving license or passport". According to UIDAI Aadhaar can act as an identity proof in rural areas where the poor are out of Banking Networks for lack of a nationally valid and reliable proof of identity. Thus Aadhaar would lead to Financial Inclusion through deeper penetration of banks.  

The UIDAI is lying!


         Just see the enrollment form for Aadhaar distributed. The residents who want to enroll require submitting the copy of valid proof s of identity like Voter's ID, Ration Card and Driving License. Other ways, there has to an 'approved' introducer. That means those who cannot obtain Bank Accounts for lack of ID proofs cannot obtain a UID either. Even other ways how can the poor manage a bank account (for what?) when they cannot even buy 35kg of rice a month as they are not able to find Rs.105 required?

         The point is clear UID cannot and will not lead to financial inclusion. There are chances that people who have not been able to obtain a UID or chose not to have one will be out of the network of social benefits of the state and the private sector.

         Many commentators were seen comparing the UID with Social Security Number (SSN) in the US, but forget Privacy Act of 1974 which states that "it shall be unlawful for any government agency to deny to any individual any right, benefit, or privilege provided by law because of such individuals refusal to disclose his Social Security number". But nowhere in the proposed NIAI Bill, 2010, can we see such a clause.

There are so many classes of people who might find it difficult to get enrolled in Aadhaar. The physically handicapped, the third sex and migrant workers are all in this vulnerable section.  For example there is a flow of unskilled labourers from West Bengal and many northern states to Kerala, such people will find it difficult to get UID and run the risk of exclusion.



UID would pave way for financial exclusion rather than financial inclusion.

         In a country like India which is home to one third of the world's poor, there are more meaningful things to do other than implementing national ID numbers. According to World Bank figures 45.6crore Indians live in poverty. That is 41.6% of the population are poor. 42.5% of India's children are malnourished. The nation is ranked 134 in the Human Development Index by the United Nations Organisation. (That is below Bhutan and Srilanka).[19] According to NS Saxena Committee appointed by the Government of India the percentage of poor in India is 50%.  Another study conducted by National Institute for enterprises says 77% of Indians earn less than Rs.20 a day. The figures were listed just to show the condition of 'modern' India. The Planning Commission of India has kept the criteria for BPL status unchanged for decades to "decrease" the number of BPL persons so that they can cut short the poverty alleviation programmes as per neo liberal prescriptions. Aadhaar when implemented would compliment this process by ensuring that more people are excluded from social welfare schemes.

The UIDAI working papers about eliminating problems with NREGS, PDS, Public Health Schemes and education using UID numbers reveals the real lack of seriousness that plague the whole project. The 'working paper on education' and the 'working paper on Health are just 2-page documents, the working paper on NREGS is 4 paged; combining all there are just 8 pages (only 6 ½ pages if merged).[20] The working paper on PDS has 14 pages. Can you believe just 20 ½ pages of high-school-standard-essay to analyse the points which are projected as the main benefits of the project! All these papers are flooded with details about Aadhaar and UID enabled services nowhere in them can we find out the figures about the leakages in the schemes. The nebulous documents provide no data about the estimated leakages in PDS through bogus ration cards, no real data on loss due to fake identities in education schemes or in NREGS, so that a cost-benefit analysis could be done.   Consider PDS for example, most of the leakages and corruption in PDS occur not through fake ration cards but many other structural and administrative malpractices. Let's suppose that 10% of the leakages in PDS are through fake ration cards considering the total budget provision for PDS that cannot be over Rs.1000 crores. How can we justify a project of over Rs.1,50,000 crores to prevent the loss of a mere 1000crore?

The neoliberal argument for targeted programmes is that the benefits are taken away by the upper class and the needy seldom get them. This argument has resulted in Targeted Public Distribution System (TPDS). There is no evidence to the effect that TPDS has served the purpose of poverty alleviation better than Universal Public distribution System (PDS).  A high level committee appointed by the central government in 2002 remarked that "narrow targeting of the PDS based on absolute income-poverty is likely to have excluded a large part of the nutritionally vulnerable population from the PDS". [21]The leakages and inefficiencies of PDS result not from lack of identity proofs but rather from other structural and administrative inadequacies. Problems with NREGS as identified in the UIDAI working paper on NREGS can be reduced by better social auditing and administrative measures. Even other ways how can UID prevent the leakages in PDS and NREGS when the UIDAI uses the PDS and NREGS databases and ID documents for issuing Aadhaar? If the government is serious about the plight of the poor, they should show the guts to implement land-reforms and other measures as demanded by various agricultural organizations for decades.

         The UID will not ensure that every Indian would get a national identity. Besides it will not eradicate fraud and imposters as de-duplication as envisaged by the UIDAI is not possible (that is my next argument against Aadhaar included in the coming chapter). Moreover if identification through UID is to be implemented all points of service provisions will have to be equipped with the necessary machineries and the staff should have the technological knowledge. In a country where  there are vast areas with no access to electricity, telephone or schools or hospitals for that matter, think of installing finger print testing and iris scan facilities at all ration shops, fair-price shops, hospitals, schools, government offices and other points of access – that is just insanity!





Direct Cash Transfer Schemes

         Reading the above facts alongside the government's plans to replace the existing poverty alleviation schemes with direct cash transfer schemes should be disturbing. Indisputably for the rural poor, food entitlements serve better for they are inflation proof. The experiences of countries like, Egypt, Yemen, Jordan and Tunisia are there for us all to see. Despite two and half decades of Direct Cash Transfer Schemes, these countries have earned nothing other than the raising graph of inflation and political unrest that shook governments across the world. The UIDAI have not devised a strategy to prevent leakages in direct cash transfer schemes for there is no way to make sure that Mr. X or Y is farmer. Moreover how will the government make sure that the cash transferred is used for the intended purpose?  All they say is that by tracking UID they can trace how the money is spend at what shop. If that is the case the dark joke I mentioned earlier in the book is no more a joke. By office memorandum number S 1012/S(l)/Bank/Ref.care/2010/RBD/2056-2135 dated 07.03.2011 of Department of Expenditure, Ministry of Finance, Government of India allowed the autonomous and statutory bodies to avail the services of private sector banks (HDFC, ICICI, Axis bank), considering request from HDFC bank. The plans of financial inclusion and penetration of banking services attains a new meaning now with chances for the private sector to play with the government money. The "financially included" rural populace will now get monetary benefits from the government through private sector banks.  Recently the Planning Commission of India stated in the Supreme Court that those who earn above Rs.25 a day in rural areas and Rs.33 a day in urban areas are above poverty line (APL). With a mandatory UID the government if it wants can even trace the daily cash transaction of any individual just to establish that there is a fewer people Below Poverty Line(BPL). 

The Working Paper of the UIDAI which starts with a claim that UID will help the poor access various services ends with a caveat: "UID will only guarantee identity, not rights, benefits and entitlements" (emphasis added) and surely that isn't a misprint.

Discrimination

         The UIDAI promises that the UID will not lead to discriminations as no details regarding the religion or ethnicity is collected. But this does not guarantee that these data won't be collected in future. There is no such clause in the NIAI Bill 2010 as to prevent such a possibility. Even otherwise the government can obtain these details by cross-references with other databases. Convergence of databases can lead our country to aData Base State. "The real fear is access to such a data would give the government a free hand to profiling, segmenting and targeting a sect, group or religion."[23]  Terming Aadhar an invasive act that would facilitate communal targeting, Magsasay award winner Aruna Roys says,"The UID is a dangerous thing. I'm shocked minorities and other communities are not boycotting it". The impacts of such possible abuse of the data will be horrendous.

Against Basic Rights of Children

         The graphics below shows how Aadhaar will "benefit" children:


         The UIDAI wants even infants to be part of Aadhaar network so that it ensures a better implementation of child welfare schemes. The claim is a mockery of modern science (which the Aadhaar is said to be representing) for doctors say children do not develop stable biometrics till a particular age. (Iris properties will be stable only at the age of 13, for example). Combining this with the uncertainties already discussed in the section "questions on the science of biometrics" will ensure that the proposed goals are not realized. It will not eliminate duplication in attendance rolls; it will not reduce oozing in mid-day meal schemes or anything like that. But it can deny children their basic rights of individual privacy and could be against existing values enshrined in Juvenile Justice act which requires that all details   of indictments or criminal records of a Juvenile should be removed from his history after the age of 18. By linking them with UID those children would have to carry their past records tattooed on to them.
        
Limited scope for review

          The UIDAI says a resident can approach it if he/she has any complaints about the information entered in the UIDAI, but has no clear guidelines for grievance redressal. As said earlier the UIDAI is working under an executive order. The UIDAI is not directly answerable to the Parliament. Citizen will have to approach a court to redress his grievances. So scope for review is limited. This will increase the chances of financial exclusion and discrimination manifold.


Questions on the 'Science' of Biometrics


The scientific and technological discourse on Aadhaar revolved around claims by biometric industry. The project pegs its reliability on biometrics – "automated recognition of individuals based on their behavioral and biological Characteristics"[25]. The government of India had never felt the need for a study in this respect before deciding to start a project of this magnitude. Of course Scenario test was done but ironically after the government made a decision on the matter. There is something stinking. Let's have a look at what the scientific community has to say.

         Section 103(c) (1) of the U S Patriot Act 2001 reads:
         "…the National Institute of Standards and Technology (NIST)…shall… develop and
certify a technology standard that can be used to verify the identity of persons applying for a United States visa or such persons seeking to enter the United States pursuant to a visa for the purposes of conducting background checks, confirming identity, and ensuring that a person has not received a visa under a different name or such person seeking to enter the United States pursuant to a visa…"[26]

         That is by the American law NIST need to certify on biometric technology systems. And the NIST responded:

"For purpose of NIST PATRIOT Act certification this test certifies the accuracy of the participating systems on the datasets used in the test. This evaluation does not certify that any of the systems tested meet the requirements of any specific government application. This would require that factors not included in this test such as image quality, dataset size, cost, and required response time be included."[27]

A study by London School of Economics on the ID card project in UK notes:

 Identity systems may create a range of new and unforeseen problems. These include the failure of systems, unforeseen financial costs, increased security threats and unacceptable imposition on citizens.[28]

         No wonder the word 'biometrics' is missing from National Strategy for Trusted Identities in Cyberspace[29] issued by the White House in April 2011. The documents released in relation to United Kingdom's proposedDigital Identity Assurance Project are no different. In both this documents there is not a single occurrence of the word 'biometrics'. Even the L1Identity Solutions, the company that supplies biometric readers for Aadhaar does not claim in their website that their equipments has the accuracy levels needed for mass consumer applications on the scale of Aadhaar.

         Still UIDAI claims that "Aadhaar — backed by biometric de-duplication — is a secure and robust identification infrastructure that covers two shortcomings in the existing identity databases: fraud and duplication."[30]In this chapter, with the backing of scientific data we will prove that the claim is false.
        
         The pioneer institutions in the world that deals with biometric technology are National Institute of Standards and Technology (NIST) of the US and National Physical Laboratory (NPL) of the UK. Our discussion will therefore be based on a paper by Mr. James L Wayman (Office of Graduate Studies and Research, San Jose University, San Jose, USA), Mr. Antonio Possolo (Chief, Information Technology laboratory, statistical engineering Division, NIST, USA), Anthony J Mansfield (National Physical Laboratory, Teddington, U K).
        
         The paper titled "Fundamental issues in biometric performance testing: A modern statistical and philosophical framework for uncertainty assessment" discusses current approach to repeatability and reproducibility within a broader concept of Scientific experimentation and NIST traditions in data evaluation and reporting. The Trio discusses the issue based on 'Duhem-quine thesis on testing Holism', Churchil Eisenhart's concept of 'statistical control', NIST and ISO approaches to uncertainty in laboratory measurements, current disconnect (lack of inductive relevance) between testing results and "performance" as assessed by a system operator and need for statistical control and uncertainty assessment in current biometric test programmes. The paper focuses on four points:

j)             "Uncertainty", a broader concept than "error", is doubt about how well a test result
represents the quantity it is said to measure.   Uncertainty can exist even in the absence of error in the sense of "mistake".
2. A central source of uncertainty is definitional incompleteness in specifying all of the factors influencing the measurement.
3. What we actually measure is usually only a proxy for what we want to measure.  
4. How we control, measure and report the values in a test must reflect how we expect those values to be used by others.  In other words, our testing and reporting must take into account, and state, how we expect the results to be used.  [31]

Every experiment should take into consideration everything involved in it. This include the data collected, factors which could influence that process like behavioral patterns of individuals in it and should come up with a result, along with a measurement of various uncertainties involved. ISO/IEC 98 "Guide to Expression of Uncertainty in Measurement" commonly referred to as the GUM says that "in principle, a measurand cannot be completely described without an infinite amount of information. Thus, to the extent that it leaves room for interpretation, incomplete definition of the measurand introduces into the uncertainty of the result of a measurement a component of uncertainty that may or may not be significant relative to the accuracy required of the measurement." The infinite information required for defining measurand may not be achievable but the concept of 'Statistical Control" developed by Eisenhart could help. For example to measure the velocity of sound  we need to know the composition of air, the pressure, temperature etc. without the knowledge of such physical conditions the quantity that we measure ( the measurand) will mean nothing. And that niche is referred to as statistical control. In Eisenhart's own words "…a measurement operation must have attained what is known in industrial quality control language as a state of statistical control . . . before it can be regarded in any logical sense as measuring anything at all."[32] The degrees of statistical control vary with the target application.

         In biometrics we measure performance in terms of error rates:

1.    False Positive Rate (FPR): case in which a person is identified as a real person in the data base when he is not. This is also known asFalse Acceptance Rate.

2.    False Negative Rate: result in which a person is not identified as a person in the database when he really is. This also known as False Reject Rate.


In 1999, NIST developed the concept of three levels of testing for biometrics – Technology, Scenario and Operational.
Technology Test is the one that is done in a laboratory with available database. In Scenario Test data is collected from the field and test is done in laboratory. Operational Test is performed on field when the system is put into operation in a selected application as trial.

In their paper, the Trio studies each of them separately and shows that the results of none of them have the completeness as to use them in mass consumer applications. Analyzing NIST Proprietary Finger Print Testing Programme, they show that "Changes in either software or database result in unpredictable changes in the reported results".

         All the three forms of tests leave enough scope for uncertainties for innumerable reasons. Some of the factors that can affect the outcomes of the results are listed below:

a)Incomplete definition of the measurand;

b) Imperfect realization of the definition of the measurand;

c) Non-representative sampling — the sample measured may not represent the defined measurand;

d) Inadequate knowledge of the effects of environmental conditions on the measurement or imperfect measurement of environmental conditions;

e) Personal bias in reading analogue instruments;

f) Finite instrument resolution or discrimination threshold;

g) Inexact values of measurement standards and reference materials;

h) Inexact values of constants and other parameters obtained from external sources and used in the data-reduction algorithm;

j)             Approximations and assumptions incorporated in the measurement method and procedure;

k) Variations in repeated observations of the measurand under apparently identical conditions."[33]

Other factors that include:

1.   Labeling errors:  details of X are labeled as Y. by NIST estimates it is 1 in 100 in government database. In a country like ours the rate could be very high

No comments:

Post a Comment