Sunday, 31 July 2016


Biometric UID/aadhaar, promised as “Civilian Application” transformed into Defence application

Centre, States & Banks violating Supreme Court’s order on biometric UID/Aadhaar Number likely to face music  

July 15, 2016: In a significant development three separate notifications on Unique Identification (UID)/Aadhaar Act has been published in the Gazette of India on 12th July 2016. One of them announces the entry into force of the Act. The three notifications and UID/Aadhaar Act, 2016 are attached for ready reference. Even after notification of 'coming into force' of UID/Aadhaar Act 2016 UID/Aadhaar cannot be made compulsory unless Hon’ble Supreme Court waives its order on request from the Union of India. Hon’ble Court’s orders are attached for ready reference.

Unless Union of India moves an application in the Hon’ble Court seeking waiver and gets an order waiving its orders, the “entry into force’ notification regarding 
Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (18 of 2016) cannot become operational. 
The Constitution Bench is likely to hear all the writ petitions including Jairam Ramesh's petition because a Chief Justice of India headed five judge bench of the Court passed an order underling its "urgency". The order dated 15.10.2015 passed by the Hon’ble Supreme Court of India in the ‘UID/Aadhaar’ matter, i.e. Justice (retd.) K.S. Puttuswamy v. UOI & Ors., WP (C) No. 494/2012 and related petitions are quite relevant in this regard. It is noteworthy that UID/Aadhaar scheme is presently under challenge before the Hon’ble Supreme Court of India vide a batch of petitions led by W.P (C) 494/2012 and the Hon’ble Court after hearing the parties has passed a series of interim orders starting the 23rdSeptember 2013 and the last of which was passed on 15.10.2015 which, inter alia, states as follows.
4.We impress upon the Union of India that it shall strictly follow all the earlier orders passed by this Court commencing from 23.09.2013.
5. We will also make it clear that the Aadhaar card Scheme is purely voluntary and it cannot be made mandatory till the matter is finally decided by this Court one way or the other.
In the related case the Hon'ble Supreme Court in SLP (CRl) 2524/2014 Unique Identification Authority of India Vs CBIpassed an order dated 24.3.2014 which reads as follows:
                        “More so, no person shall be deprived of any service for want of Aadhaar number in case he/she is otherwise eligible/entitled. All the authorities are directed to modify their forms/circulars/likes so as to not compulsorily require the Aadhaar number in order to meet the requirement of the interim order passed by this Court forthwith. Tag and list the matter with main mater i.e. WP (C) No. 494/2012.”
All the orders of Supreme Court are still in force as per Court's order of 15th October, 2015 and they will remain in force till the time court itself does not waive them. The Hon’ble Court’s order makes it clear that UID/ aadhaar remains voluntary.
Therefore, no one can be asked to produce UID/Aadhaar for disbursement of all Government subsidies/Scholarships/Fellowships which are to be disbursed directly into the beneficiaries' account.
The facts relevant to UID/Aadhaar are as under:
1.         UID/Aadhaar cannot be made compulsory because of orders of Hon’ble Supreme Court
2.         Passage of the Act by Parliament does not automatically imply that any agency can make UID/Aadhaar compulsory disregarding Hon’ble Court’s orders.
3.         Even after notification of 'coming into force' of Aadhaar Act 2016 UID/Aadhaar, it cannot be made compulsory unless Hon’ble Supreme Court waives its order on request from the Union of India 
Taking cognizance of these glaring facts Central Government ought to advise its agencies, State Governments and Banks to revise their orders making UID/Aadhaar mandatory in contempt of Hon’ble Court’s unambiguous order.
In a related development Shailesh Gandhi, former Information Commissioner, Central Information Commission personally faced the adverse consequence of UID/Aadhaar based system of Unique Identification Authority of India (UIDAI). In written note dated 14th July, 2016 he observes, “If the system cannot recognize people from its database with the thumb impression, what would happen to those whose foodgrains, pension or EGS wages depend on it?  I think there is an urgent need to check over a large sample of maybe 10,000 people in different places to validate whether the system does what is claimed. Otherwise we will only have a pretension of having a system to identify every individual in the country. It is necessary that the truth be revealed by actual verification of a large sample across different parts of the nation.”

It is evident from numerous such testimonies about online UID/Aadhaar database, the Central Identities Data Repository (CIDR) of UIDAI that it is one of the most vulnerable databases. 
The making of CIDR is contrary to the principle of decentralisation in cybersecurity.  The offices for CIDR operations are at Bengaluru and Manesar.

Notably, Aadhaar Act 2016 lists breaking into CIDR as an offence but this law criminalises a technological impossibility. In a bizarre act, it provides that only UIDAI can file a complaint when the data of a resident of India is misused or abused instead of the victim of abuse.
As per Section 47, “Courts will take cognizance of offences under this Act only upon complaint being made by the UIDAI or any officer authorised by it.” This deprives the victim of a right to file complaint although Section 34 of the Act provides that “Impersonating or attempting to impersonate another person by providing false demographic or biometric information will punishable by imprisonment of up to three years, and/or fine of up to ten thousand rupees.” 
Victims cannot file complaint even when someone changes or attempts to change any demographic or biometric information of an Aadhaar number holder by impersonating another person (or attempting to do so), with the intent of i) causing harm or mischief to an Aadhaar number holder, or ii) appropriating the identity of an Aadhaar number holder although it is punishable under Section 35.
 Victims of abuse cannot file complaint in cases wherein collection of identity information is done by one not authorised by this Act, by way of pretending otherwise despite the fact that the Act makes it punishable under Section 36.
Unless authorized by UIDAI or any officer authorised by it, victims cannot file complaint even when there is “Intentional disclosure or dissemination of identity information, to any person not authorised under this Act, or in violation of any agreement entered into under this Act” under Section 37 although it is punishable.
Unless authorised by the UIDAI, the intentional acts like accessing or securing access to the CIDR; downloading, copying or extracting any data from the CIDR; introducing or causing any virus or other contaminant into the CIDR; damaging or causing damage to the data in the CIDR; disrupting or causing disruption to access to CIDR; causing denial of access to an authorised to the CIDR; revealing information in breach of (D) in Section 28, or Section 29; destruction, deletion or alteration of any files in the CIDR; stealing, destruction, concealment or alteration of any source code used by the UIDAI , will be punishable under Section 38. Even in such cases victims cannot file complaint without authorization by UIDAI.
Section 39 reads, “Tampering of data in the CIDR or removable storage medium, with the intention to modify or discover information relating to Aadhaar number holder will be punishable”. Thus, it admits that such acts are possible and imminent but the Act does not empower the victims of such tampering or removal instead it empowers UIDAI.
 While Section 40 makes “Use of identity information in violation of Section 8 (3) by a requesting entity will be punishable with imprisonment up to three years and/or a fine up to ten thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company)”, it is incomprehensible as to how a company or an individual feel deterred by such meager punishment when they can harvest big database of personal sensitive information which is admittedly a “national asset” and “rich asset”.     
Section 43 visualize a situation wherein offences can be committed by a Company but they can be excused “if they can prove lack of knowledge of the offense or that they had exercised all due diligence to prevent it.” It also underlines the possibility of an offence committed by a Company with the consent, connivance or neglect of a director, manager, secretary or other officer of a company but they too can be excused if they can prove their ignorance, inability and inevitability.
In a stark admission of the involvement of foreign locations and persons, Section 44 states that the Act “will also apply to offences committed outside of India by any person, irrespective of their nationality, if the offence involves any data in the CIDR.”
In the meanwhile, Secretary Government of India, Ministry of Communication and Information Technology wrote a letter to the Secretary Department of Defence Production asking him to introduce Aadhaar enabled Biometric Attendance System in the department of defence production. The system would enable an employee with an Aadhaar number to register his/her attendance (arrival/ departure) in the office through biometric authentication. It also says that a web based application software system will enable online recording of attendance and that the dash board relating to real time attendance and related statistics, can be viewed by everyone.
Citizens Forum for Civil Liberties (CFCL) had sent a legal notice to Department of Electronics and Information Technology (DeitY), Ministry of Communications and Information Technology. DeitY responded stating, “Aadhaar is being used for Biometric Attendance System and this does not form part of Defence application”.   
The fact is that the application of biometric UID/Aadhaar was restricted to ‘civilian application’ and was not meant for defence application. Central Government’s Biometrics Standards Committee had categorically stated that UID/aadhaar’s is meant only for “civilian application” but the order on aadhaar enabled biometric attendance system has been extended to defence employees as well. The fact remains UID was first adopted by USA’s Department of Defence, later by NATO. It has subsequently been pushed through World Bank’s etransform Initiative in partnership with France, South Korea, Gemalto, IBM, L1, Microsoft, Intel and Pfizer. L1 was a US a company when it got a contract from UIDAI but it got purchased by French Conglomerate Safran Group after security clearance by US Government. This constitutes breach of national security as no such clearance was granted by Government of India. Some of these companies have partnership with Chinese Government as well. 

Across the globe very stringent data privacy law has been framed wherein one’s personal data cannot be used by anyone including the government without your specific consent. But in India there is no data protection law. Aadhaar is akin to a piece of collar which the transnational powers want to tie on the neck of Indian citizens. Government has allowed itself to be misled and it has failed to protect personal sensitive information which has already gone to foreign companies and continues to flow in their direction.

The entire information of the employees working in the department of defence production, which will include related statistics, will be stored online and on cloud will be available to everybody. Besides application of UID in the Department of defence production not being in national interest making it available to everyone and on the cloud, including to the foreign companies like Safran Group, its L1 Solutions, Accenture and Ernst & Young will violate the order of Hon’ble Court.  It is evident that the coverage of defence employees under Aadhaar enabled Biometric Attendance System does establish conclusively that it Aadhaar is being put to defence application contrary to the claim of DeitY.

DeitY argues, “Attendance of Govt. employees is already being maintained and the Biometric Attendance System, maintained by the attendance.gov.in is just digital equivalent of the age-old attendance register. This is part of contractual relationship between the Public Servant and the Employer, viz. the Government of India, wherein the former has consented to/agreed to the terms of service and is therefore, contractually bound to follow the rules and regulations as specified for him by his/her employer.”     

DeitY will have us believe that there is no difference between “age-old attendance register” and UID/Aadhaar enabled Biometric Attendance System.

In order to comprehend the sophistry involved in such averments, it is germane to recall the intervention of National Human Rights Commission (NHRC) in the case wherein Indian students in USA were made to wear radio collars. NHRC ensured that the government acted to ensure that the human rights of students are protected. It is germane to note that radio collar is based on biometric data like voice print. If making Indian students wear biometric radio collar constitutes an act which Government of India admitted as an act of violation of human rights, indiscriminate biometric profiling is also an act of violation of human rights. As per Section 2 (G) of Aadhaar Act 2016, “biometric information” means photograph, fingerprint, Iris scan, or any other biological attributes specified by regulations. Thus, it clearly includes biological attributes like voice print and DNA.

If UID/Aadhaar enabled Biometric Attendance System is indeed a “digital equivalent” of “age-old attendance register”, why did NHRC object to radio collar which can also be argued by sophists to be “digital equivalent”. If the “digital equivalent” means biometric equivalent as well then it makes DNA based identity and attendance will also be deemed equivalent to “age-old attendance register”. It is quite evident that such is deeply misleading.       

Coincidentally, NHRC’s views on National Identification Authority of India Bill, 2010 (Aadhaar Bill, 2010) helped Parliamentary Standing Committee on Finance in its recommendation to trash the Bill and the biometric data based UID/Aadhaar programme. Fearing further censure from Rajya Sabha, the Central Government withdrew the pre-existing Aadhaar Bill from Rajya Sabha and inappropriately introduced the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 as a Money Bill. It faces legal challenge in the Hon’ble Supreme Court.                  

There is a logical compulsion for withdrawing the letter and all consequential letters by which UID is made applicable to defence application i.e. Department of Defence Production in the interest of supreme national security.

It is possible that such civilian and non-civilian applications are being bulldozed by some commercial entities in order to store and read biometric and DNA script of Indian population in the aftermath of the sequencing of Human Genome for epigenetics, medicine, big data, social control, inheritance, eugenics and genetic determinism.  

Under the tremendous influence and unprecedented onslaught from unregulated and ungovernable technology companies, Central Government and State Governments have failed to national security and safeguard citizens’ privacy which is part of their right to life. The role of opposition parties of all shades leaves a lot to be desired because their State governments are naively implementing a project which a grave threat to federalism as well. The sterile political and legal imagination of opposition parties is a case study.  

As to the ruling parties, it has righty been said that “Office-holding is a necessary but not a sufficient condition of governing.” In The Problem of Party Government, Prof Richard Rose wrote, “Where life of party politics does not affect government policy, the accession of a new party to office is little more significant than the accession of a new monarch; the party reigns but does not rule.” The colossal breach of trust by BJP on the issue of UID/Aadhaar demonstrates how a party reigns but fails to rule.  

In such a backdrop, all eyes are on Supreme Court because a Bench of five judge headed by Chief Justice of India ordered:  "Since there is some urgency in the matter, we request the learned Chief Justice of India to constitute a Bench for final hearing of these matters at the earliest" in its order dated 15th October, 2015 in the Writ Petition(s) (Civil) No(s). 494/2012 wherein a former judge, a former defence scientist and a former Major General from engineering branch are among the petitioners in supreme national interest.

The concerns against indiscriminate biometric identification of Indians was raised by Justice VR Krishna Iyer, Retired Judge, Supreme Court of India, S R Sankaran, retired IAS Officer, Prof. Romila Thapar, Prof. Upendra Baxi and other eminent citizens in a Statement of Concerns dated September, 2010. Their views have been reiterated in August 2015 in a Public Statement by Prof. Anil Sadgopal, noted educationist, Prof. Kalpana Kannabiran and other concerned citizens.

At a brainstorming cum workshop on “Understanding Aadhaar and its New Challenges” held at the Centre for Studies in Science Policy, Jawaharlal Nehru University in May, 2016, the scholars critically examined the robustness of the official discourse and the current status of the project, the technology, the law, the constitutional position and the safeguards. It explored the implications of the exploitation of biometrics (facial recognition, fingerprints and iris) for identification of individuals and authentication of their identities and underlined how UID/Aadhaar presents new scientific, technological as well as social and political challenges.

CFCL has been working on the issue of surveillance and biometric Unique Identification (UID) Number branded as “Aadhaar” since 2010. It had appeared as an expert to give testimony in front of Parliamentary Standing Committee on Finance which examined the National Identification Authority of India Bill, 2010 (Aadhaar Bill, 2010).

For Details: Gopal Krishna, Citizens Forum for Civil Liberties (CFCL)*, Mb: 08227816731, 09818089660, E-mail-1715krishna@gmail.com  *A series of articles on the subject are available at http://www.moneylife.in/author/gopal-krishna.html

P.S.: MS Word version of the release is attached  

No comments:

Post a Comment