Big Brother is watching you!

Modertaor's Note: A recent objection from KM Chandrasekhar, the Union Cabinet Secretary to the use of iris recognition (IR) test as a part of Unique Identification Database (UID) project sets one thinking about the dangers from this project.

Claiming the test has a useless expenditure, Chandrasekhar had been reported to have requested Prime Minister Manmohan Singh to omit it as the third tool for the UID project. Chandrasekhar said, "It is an unnecessary recurring expenditure, which will have to be paid to an American company."

Nandan Nilekani, Chairman, Unique Identification Authority of India (UIDAI) had proposed to bring in high tech tools for the recognition process. According to reports, Nilekani had suggested IR test beside fingerprinting and face recognition as biometric identification. The IR uses pattern recognition to create images of the iris of an individual.

Although eone has been reading about the Unique Identification Authority of India (UIDAI) that has been created as an attached office under the Planning Commission and its role to develop and implement the necessary institutional, technical and legal infrastructure to issue unique identity numbers to Indian residents, one did not pay sufficient attention.

It may be recalled that on June 25th 2009, the Union Cabinet has created and approved the position of the Chairperson of the UIDAI, and appointed Nandan Nilekani as the first Chairperson in the rank and status of a Cabinet Minister and Ram Sewak Sharma has been appointed the Director General.

As per its website, the official mission of the USD Authority is to issue a unique identification number (UID) that can be verified and authenticated in an online, cost-effective manner, and that is robust enough to eliminate duplicate and fake identities. The first UID numbers will be issued over the next 12-18 months counted from August 2009. The first number would be issued between August 2010 to February 2011. Over five years, the Authority plans to issue 600 million UIDs. The numbers will be issued through various ‘registrar’ agencies across the country.

Having come across considered views about the harmful effects of the UID, this blog invites comments, opinions and questions about this project. One can visit UID project's website:

Gopal Krishna

Big Brother is watching you!

A citizen's privacy will be compromised through the unique identity project leading to misuse by the State and other agencies, writes Praful Bidwai.

After promising a serious public debate on the sensitive issue of breach of citizen privacy and other risks associated with the Unique Identity project, the government has rushed headlong into it. There hasn't been a proper discussion of the risks even in the Cabinet, leave alone in Parliament or a larger public forum.

The public has been stampeded into and delivered to the UID project through the device of the National Population Register, which itself piggybacks on the just-launched Census 2011 operation. The NPR data will be sent to the UID Authority of India, which after filtering it and weeding out duplication, will issue a 16-digit UID to each person.

Although the scheme was meant to be voluntary according to the authority's working paper, it seems set to become the preferred document that governments will demand for giving people access to social services including the public distribution system for food, National Rural Employment Guarantee Act, and educational and health-related schemes. This is supposed to eliminate leaks, help improve service delivery and reduce corruption. Even if this claim appears extravagant, it at least seems benign.

However, there's a much greater and distressing, if understated, dimension to the NPR-UID, related to security and surveillance. Indeed, security seems to be the project's primary purpose. The NPR in its present form was recommended by the Kargil Review Committee chaired by security hawk K Subrahmanyam. The committee greatly exceeded its brief and recommended mandatory multipurpose national identity cards for all Indians.

The UID's security rationale was emphasised by none other than Union Home Minister P Chidambaram when he announced that UIDAI was established in February 2009 as a timely response to the November 2008 Mumbai terrorist attacks. As we see below, UID will lead to gross violations of the citizen's privacy and abuse of personal information. Handing over excessive power to the state has dangerous implications.

The NPR will collect information on each person on 15 counts, including name, sex, date of birth, present and permanent address, names and UIDs of parents, marital status -- and 'if ever married, name of spouse'. Worse, it will include biometric identification, including a photograph and impressions of all 10 fingers. The database will be shared with UIDAI and NATGRID (National Intelligence Grid) connecting 11 security and intelligence agencies, including the Intelligence Bureau, Research and Analysis Wing, Central Bureau of Investigation, Directorate of Revenue Intelligence, central boards of excise and customs and of direct taxes, Narcotics Control Bureau, etc.

NATGRID, to be established by May 2011, will provide security agencies real-time access into 21 categories of databases -- including bank account details, credit card transactions, driving licences, and visa and immigration records. An intelligence official has been quoted as saying: "Once you feed in a person's name, you'll get all the details about him, across all the databases." These include the colour of his/her car, the outstanding traffic fines to be paid, and the last time he/she paid by card for a late-night dinner with a friend. "There really will not be any secrets from the State."

This data would far exceed the discrete bits of largely need-based information that citizens currently have to furnish to different official agencies. The police don't need to know if an ordinary citizen (as opposed to a suspect) has more than one bank account or possesses health insurance. Your bank doesn't need to know how often you travel and where. The passport office needs to know your name, address and date of birth, but not whether you own a two-wheeler. Now all this discrete data will be pooled together and made to converge in a single database, which will be available to hundreds of government departments at the click of a mouse.

The citizen will lose control over the personal information s/he chooses to share. Some of this information is liable to be passed on to commercial agencies and private companies, which will use it to make money. After all, the designated 'registrars' under the UIDAI will include private operators as well as government agencies. They could sell the information, for a profit, to banks, health insurers, prospective employers or foreign security agencies.

Citizens will lose control over how the information might be used to track their movements, activities and monetary transactions. Disclosure of intimately personal details -- pre-existing illnesses, romantic relationships, anonymous donations -- may cost a job or earn her/him stigma.

The UID, then, will not be a mere number to assign an identity to people, such as below-poverty-line families which were left out of the official count but deserve to be included in welfare schemes. Rather, it will be a device to track and profile individuals through various transactions -- from cash withdrawals from banks, to receiving wages, to buying PDS grain -- and other means.

Yet, UIDAI disowns all responsibility for how its database will be used. It openly declares it's "in the identity business. The responsibility of tracking beneficiaries and the governance of service delivery will continue to remain with the respective agencies." Also, "the UID number will only guarantee identity, not rights, benefits or entitlements". This falsifies the ostensible basis on which the entire scheme was founded: namely, that the UID will break the barriers that prevent the poor from accessing public services.

In fact, for all its presumed benefits, UIDAI only hopes to cover 600 million people, or one-half of India's population, over five years, and that too with 95 percent accuracy. This means that half the people will still be denied the presumed public service benefits from the scheme. In any case, the technology it will employ is untested, unreliable, and probably unsecured. If someone hacks into its database, the consequences, including those for national security, could be horrendous.

The compilation of the NPR isn't being done under the Census Act, but under the Citizenship Act 1955 and Citizenship Rules 2003. This distinction is all-important. The Census Act guarantees confidentiality and says personal data is "not open to inspection nor admissible in evidence". Such protection is missing from the Citizenship Act, which makes citizen registration "compulsory". The Census Act aims at profiling the population, not individuals. The Citizenship Act's function is to profile individuals, potentially violating their freedom, privacy and confidentiality.

The basic model of the UIDAI is deeply flawed, based as it is on the Integrated Automated Fingerprint Identification System of the US Federal Bureau of Investigation, which holds the biometric data of 50 million people. The FBI has long been notorious for using personal information to target civil rights groups, Left-leaning intellectuals and those it paranoically regards as subversive -- for instance, John Lennon of the Beatles! Many countries, including the UK, US, the bulk of the European Union and Australia, have given up on national ID card schemes because they are too expensive, "too complex, technically unsafe, overly prescriptive and lack a foundation of public trust and confidence".

Besides costing an unconscionable Rs 1.5 lakh crores, UIDAI's huge database will be vulnerable to even greater abuse given the Indian police's unflattering record of harassment of citizens, the dysfunctional nature of the Indian justice delivery system, and ceaseless victimisation of the poor by official agencies.

The National Human Rights Commission has admitted in response to a Right to Information Act inquiry that as many as 2,560 police 'encounters' were reported to it between 1993 and 2006 -- an average of 183 a year. It found that almost half -- 1,224 cases -- were 'fake' or staged: i.e. non-judicial executions. For police and security agencies which can kill at will, the UIDAI database and NATGRID will be more grist to the satanic mills.

None of this can be justified in the name of security or counter-terrorism. The key to fighting terrorism is to treat it as a crime and bring its perpetrators to book while addressing the root-causes of the grievances that breed terrorism in the first place. What's needed is not more and more intrusive surveillance, which is prone to abuse -- as numerous cases including the victimisation of journalist Iftikhar Gilani so starkly show -- nor more sophisticated electronic databases. What's needed is good, honest policing, patient collection of evidence, and sincere, competent prosecution.

We have already paid a huge price in the form of human rights violations of innocent citizens who are wrongfully detained, physically abused and tortured in the name of fighting terrorism. As many as 170,000 undertrials languish in our jails for petty offences. Even Union Law Minister Veerappa Moily has written to the chief justices of the high courts requesting them to do everything possible to facilitate their early release.

We certainly cannot afford another draconian system devoted to tracking and surveillance. The notorious intelligence agency of the German Democratic Republic, STASI, had the motto 'The State Must Know Everything'. The horrifying story of how the knowledge was used to harass, detain and deny jobs to thousands of artists, intellectuals and writers, and to kill innocents, unfolded soon after the Berlin Wall collapsed and the GDR disintegrated. Surely, the Indian state shouldn't want to replicate those horrors.

Praful Bidwai


Critics to debate privacy issues of UID project

For the first time after the government announced the Unique Identification Project, an organised critical debate on the potential benefits and pitfalls of the scheme will take place in Bangalore on April 16.

Some critics of the project, which aims at issuing unique identification numbers (UIDs) to all Indians, have raised concerns in the absence of strict laws protecting the privacy of Indian citizens.

The half-day workshop, titled “Unique Identity (UID) Project: A Debate on Fundamental Rights”, is co-organised by various groups, including Citizens’ Action Forum, People’s Union for Civil Liberties - Karnataka, Slum Janandolana - Karnataka, Alternative Law Forum and the Centre for Internet and Society (CIS).

The workshop will be divided into panel discussion sessions on social/ethical concerns, economic issues and legal implications of the UID.

According to CIS, the UID scheme proceeds from the standpoint that solving the problem of identity will help tackle other social and economic problems.

However, seen against the backdrop of work on a National Population Registry, the National Intelligence Grid and other schemes that focus on the collection of data on individuals, the potential dangers to privacy and other civil liberties need to be discussed along with the stated benefits of the project.

“Given that the key laws relating to the project are not yet enacted, this is a timely exercise and opportunity to influence change,” says the CIS.

Critics often quote examples of countries such as the UK, Australia and the USA where they claim similar measures have been found to be unworkable with a possibility of abuse.

“Taking a strong view against the UID will be futile as the team is very knowledgeable about privacy issues and is ready for dialogue and self-correction.

However, it will be a good time to explore how it will shape our understanding of privacy, which needs to be looked upon as a fundamental right,” said Nishant Shah (Director - Research), CIS India.

Bangalore is set to become a hub of activities for the Unique Identification Authority of India as Karnataka has been chosen as one of the states where the project, led by Infosys co-founder Nandan Nilekani, will be implemented first.



Popular posts from this blog

Cover-up Commissions

Public Statement on Prashant Bhushan's contempt case

Obama Administration Releasing New Rules To Expand Ability To Hold Citizens' Data