Friday, December 6, 2013

Why Resident Identity Cards for Indians based on biometric identification under NPR/UID scheme should be abandoned


Shri A.K. Antony,
Union Minister of Defence
Group of Ministers (GoM) regarding Issue of Resident Identity Cards to all  usual residents of the country of age 18 years and above under the scheme of National Population Register (NPR)
Government of India
New Delhi

Date: November 7, 2013

Subject-Why Resident Identity Cards for Indians based on biometric identification under NPR scheme should be abandoned


This is reference to the Terms of Reference given to the GoM headed by that is meant to “examine all aspects relating to the proposal for issuing Resident Identity Cards to the usual residents of the country keeping in view all relevant issues and finalize its recommendations at an early date.” This is in continuation of my earlier letter dated September 24, 2013 arguing why following Supreme Court's order dated September 23, 2013 issuance of biometric aadhaar/UID number should be stopped.

I submit that there is vehement opposition to 12 digit biometric unique identification (UID)/aadhhar number project and the related NPR project because it is contrary to the basic structure of the Constitution of India which provides for a limited government and not an unlimited government. The project is aimed at creating an unlimited government.  Even if a law is passed to make it legal it will remain bad and illegitimate.

I submit that the installation of authoritarian architecture through biometric identification of Indians based on which Resident Identity Cards is to be issued to all usual residents of the country of age 18 years and above under the scheme of  National Population Register (NPR).

I submit that human body is again under attack through indiscriminate biometric profiling.
I submit that there is an unacknowledged relationship between The National Identification Authority Bill, 2010 for Unique Identification (UID) Project and the US based National Defense Industrial Association that was set up in 1919 to scale up the war effort during World War I since then it has been “promoting national security” of United States of America (USA) and 'institutionalizing' Biometrics Enabled Identification based on Automatic Identification Technologies (AIT).. The same National Defense Industrial Association-sponsored Unique Identification (UID) Industry Leadership Advisory Group (ILAG) that was organized “in March 2005 at the suggestion of the DoD (US Department of Defence) UID Program Manager to serve as a defense industry focal point for government-industry collaboration and coordination in developing UID implementation policy and procedures.”  The origin of the Indian schemes can be easily be traced to this UID policy.  

I submit that Defence Procurement and acquisition policy office in the US Department of Defense (DoD) has a “Unique Identification” (UID) section for “in tracking and reporting the value of items the Government owns”, “ Item Unique Identification (IUID) Standards for Tangible Personal Property”  and “Unique Identification (UID) Standards for a Net-Centric Department of Defense” that cites “Department of Defense Chief Information Officer (CIO) Memorandum, “DoD Net-Centric Data Strategy”” dated May 9, 2003.  It is stated that IUID requirement does not apply to “Software, manuals, etc.” and “Commercial off-the-shelf (COTS) items”  but it applies to “Not-for-profit contracts such as research contracts with universities”, “Classified items”, “Foreign Military Sales”, “Small businesses”, “Government Furnished Property”, “Defense Logistics Agency (DLA) requests” “Models, prototypes, or development items delivered to DoD”. It is not clear whether Cabinet Committee on Security has examined how UID related schemes compromise short term and long term security interests of our country.   

I submit that US Department of Defence uses both Radio Frequency Identification (RFID) and Item Unique Identification (IUID). “Within IUID, the unique item identifier (UII) is a piece of data associated with an item that uniquely identifies it throughout its life. RFID is a vehicle for holding and sharing data. IUID of tangible items deals with physical markings applied directly (or indirectly via label, data plate, etc.) on items. IUID also requires data to be captured about the item and submitted electronically to a registry database. Think of this as creating a birth certificate for the item. On a superficial level IUID and RFID employ different technologies. IUID utilizes a optically scannable 2-dimensional data matrix barcode to carry information whereas RFID utilizes some form of integrated circuitry to encode information and produce radio waves which can be received and interpreted at a greater distance with a radio antenna and receiver. Functionally, IUID’s purpose within the (US) DoD is to uniquely identify individual items. It may be noted that based on the recommendations of the committee headed by Shri Nandan Nilekani to use RFID technology paving way for a unified Electronic Toll Collection (ETC) technology for National Highways in India.

I submit that the purpose of RFID within the (US) DoD is to identify cases, pallets, or packages which contain items.” UID Policy Office of US DoD has a number of working groups to support the development and implementation of the UID policy. These include Working Groups on: Logistics IUID Task Force, Industry Leadership Advisory Group (ILAG), Wide Area Work Flow (WAWF)/UID/RFID Users Group, Property Management, Joint Aeronautical Commanders, Government Furnished Property Industry, Federal Acquisition Regulation, Business Rules, Standards, Implementation, Technical Interface and IUID Quality Assurance. Has concerned authorities within India have examined how and where military usage of RFID converges with seemingly civilian applications by design or by default?

I submit that the preamble of The National Identification Authority Bill reveals that it is “for the purpose of issuing identification numbers to individuals residing in India and to certain other classes of individuals”. There are two parts to the phrase “individuals residing in India and to certain other classes of individuals”. The first part refers to a resident as an individual usually residing in a village or rural area or town or ward or demarcated area (demarcated by the Registrar of Citizen Registration) within a ward in a town or urban area in India.”
I submit that human body came under assault as a result of forced vasectomy of thousands of men under 21 month period during June 25, 1975-March 21, 1977 when Internal Emergency was proclaimed. This had adverse consequences. 

I submit that biometrics technology companies like Raytheon Company who were awarded by National Defense Industrial Association in 2009 participated in the ILAG. It is these entities which are behind the UID/aadhaar project and the proposed Bill to sell their products. They have created an artificial need to sale their surveillance products in India unmindful of its dehumanizing ramifications.

I submit that Planning Commission’s Unique Identification Authority of India (UIDAI) has signed contract agreements on behalf of President of India with foreign surveillance technology companies like Accenture Services Pvt Ltd, USA, Ernst & Young, USA, L1 Identity Solutions Operating Company, now France (as part of Safran group), Satyam Computer Services Ltd. (Mahindra Satyam), as part of a “Morpho led consortium” (Safran group), France and Sagem Morpho Security Pvt. Ltd (Safran group), France “engaged in delivery of welfare services “. Admittedly, these agencies have access to personal information of the Purchaser and/or a third party or any resident of India for at least 7 years as per Retention Policy of Government of India or any other policy that UIDAI may adopt in future.  The purchaser is the President of India through UIDAI.

I submit that the contract agreement is applicable to both Planning Commission’s Centralized Identities Data Repository (CIDR) of digit biometric unique identification (UID)/aadhhar number which is ‘voluntary’ and the ‘mandatory’ National Population Register (NPR) of Ministry of Home Affairs which is also generating aadhaar number.

I submit that MongoDB, a technology company from USA which is co-funded by Central Intelligence Agency (CIA) was in New Delhi two weeks back to enter into a contract with UIDAI. (Reference: Lison Joseph, Navbaharat Times/Economic Times, December 2-3, 2013) 
I submit that this company is a Palo Alto and Manhattan-based database software provider in the $30 billion relational database market. Relational databases commenced in the 1970s when computers were moving away from punch cards (that facilitated holocaust in Germany using census data) to terminals. It is taking away customers from Oracle and IBM. This contract has not been disclosed so far. MongoDB will take data from UIDAI to undertake its analysis. UIDAI is tight lipped about CIA’s role in it. This company’s database software is already being used to verify the speed of registration. It is yet to become clear whether this company will be in a vendor relationship directly or it will operate through some pre-existing entity which is already working with UIDAI as system integrator. 

I submit that 10gen is the company behind MongoDB, a popular open-source, document-oriented database. It is forms part of a new generation of NoSQL -- Not Only SQL -- database products developed as an alternatives to convnetional relational databases from Oracle (NSDQ:ORCL), IBM (NYSE:IBM) and Microsoft (NSDQ:MSFT). Elsewhere Schireson has explained, “We deliver enterprises a 10 to 1 improvement — we charge tens of thousands of dollars to complete projects in a few months that they charge millions of dollars to finish in years” to deal with large volume and diverse variety of big data.

I submit that one of the investors of MongoDB is In-Q-Tel (IQT), a not-for-profit organization based in Virginia, USA created to bridge the gap between the technology needs of the U.S. Intelligence Community and emerging commercial innovation. It identifies and invests in venture-backed startups developing technologies that provide “ready-soon innovation” (within 36 months) which vital for the mission of intelligence community. IQT was launched in 1999. Its core purpose is to keep CIA and other intelligence agencies equipped with the latest in information technology to support of intelligence capability. Edward Snowden had revealed that US intelligence agencies are targeting communications in Asian countries.

I wish to draw your attention towards a book ‘At The Center of The Storm: My Years at the CIA” by George Tenet, former CIA director wherein he says, “We (the CIA) decided to use our limited dollars to leverage technology developed elsewhere. In 1999 we chartered ... In-Q-Tel... While we pay the bills, In-Q-Tel is independent of CIA. CIA identifies pressing problems, and In-Q-Tel provides the technology to address them. The In-Q-Tel alliance has put the Agency back at the leading edge of technology ... This ... collaboration ... enabled CIA to take advantage of the technology that Las Vegas uses to identify corrupt card players and apply it to link analysis for terrorists [cf. the parallel data-mining effort by the SOCOM-DIA operation Able Danger , and to adapt the technology that online booksellers use and convert it to scour millions of pages of documents looking for unexpected results.”

I submit that In-Q-Tel sold 5,636 shares of Google, worth over $2.2 million, on November 15, 2005 The stocks were a result of Google’s acquisition of Keyhole, the CIA funded satellite mapping software now known as Google Earth. On August 15, 2005, Washington Post reported that In-Q-Tel was funded with about $ 37 million a year from the CIA. "In my view the organization has been far more successful than I dreamed it would be," said Norman R. Augustine , who was recruited in 1998 by Krongard and George J. Tenet, who then was director of central intelligence, to help set up In-Q-Tel. Augustine, former chief executive of defense giant Lockheed Martin, is an In-Q-Tel trustee. It was founded by Augustine.
It may be noted that former CIA chief, Tenet, was on the board of L-1 Identity Solutions, a major supplier of biometric identification software, which was a US company when UIDAI signed a contract agreement with it. A truncated copy of the contract agreement accessed through RTI is available with the author. This company has now been bought over by Safran group, a French defence company. The subsidiary of this French company in which French government has 30.5 per cent shares, Sagem Morpho has also signed a contract agreement with UIDAI. In August 2011, Safran acquired L-1 Identity Solutions.

I submit that given the fact that judicial orders from the High Courts and Supreme Court have so far dealt with the limited issue of how UID/aadhaar cannot be made mandatory, first thing anyone should do understand with regard to gathering momentum against biometric unique identification (UID)/aadhaar number is that the very first document that residents of India encounter in this regard is “Aadhaar Enrolment Form’. At the very outset the Enrolment Form makes a declaration is that “Aadhaar Enrolment is free and voluntary.” This is a declaration of Government of India. This is a promise of Planning Commission of India headed by the Prime Minister. As a consequence, all the agencies State Governments, the Government of India and the “agencies engaged in delivery of welfare services “ are under legal and moral obligation to ensure that it cannot be made mandatory.

I submit that as of now Supreme Court has simply stated what the Prime Minister himself has promised. In its interim order what the Court has done is to simply reiterate the significance of the promise made by Government of India. If programs, projects and schemes are launched in breach of Prime Minister’s promise, it will set a very bad and unhealthy precedent and no one ever in future trust the promise made by any Prime Minister.  The column no. 8 in the Aadhaar Enrolment Form at page no. 1 refers to “agencies engaged in delivery of welfare services “does not define who these agencies are. It appears that its definition has deliberately been kept vague. Which are the agencies that are involved in delivery of welfare services? Aren’t security agencies and commercial agencies with ulterior motives included in it?  

I submit that at page no. 2 of the Aadhaar Enrolment Form provides, “Instructions to follow while filling up the enrolment form” which states that column no. 8 is about seeking consent from an Indian “Resident (who) may specifically express willingness / unwillingness by selecting the relevant box” by ticking “yes” or “no” options .  The column no. 8 reads: “I have no objection to the UIDAI sharing information provided by me to the UIDAI with agencies engaged in delivery of welfare services.” Now the issue is that if residents are promised that enrolment is “voluntary” they may give their consent unaware of its ramifications but if they know that it is made “mandatory” they are may refuse to give their consent.

It may be noted that column no. 2 in the Aadhaar Enrolment Form at page no. 1 and 2 refers to “NPR Number” and “NPR Receipt/TIN Number” and at states “Resident may bring his/her National Population Register Survey slip (if available) and fill up the column” no. 2. The databases of both the numbers namely, UID/aadhaar number and NPR number are being converged as per approved strategy.  Does it not make both the databases of biometric identification numbers one and mandatory in the end? Is the promise by the Prime Minister about Aadhaar Enrolment being “free and voluntary” truthful? It is not “free” for sure because it costs citizens’ their democratic rights. As it being “voluntary” it is not so by design. It appears that the Prime Minister has been miser with truth.      

I submit that initially, it seemed surprising as to why L 1 which was a high value company of USA that worked with the USA’s intelligence was sold to French conglomerate Safran group which has a forty year partnership with China. It also seemed puzzling as to why the contact amount given to Sagem Morpho of Safran Group is not being disclosed. But with the disclosure of non-traceability of financial data with regard to French conglomerate’s Sagem Morpho courtesy New Indian Express and emergence of the possible relationship of UIDAI with US based agencies like In-Q-Tel  and MongoDB on the horizon courtesy Navbaharat Times, such transactions do not appear astounding anymore.  Information gathered using RTI corroborate these disclosures. 

I wish to ask you whether these agencies have access to biometric and demographic data of even those residents of India who did not give consent as per Column 8 of aadhaar enrolment form for sharing information provided by them to the UIDAI with these agencies who do seem to be engaged in delivery of welfare services.

I submit that there is no confusion as to why such agencies of USA, France and China are eager to get hold of the biometric database of Indians. “Biometrics Design Standards For UID Applications” prepared by UIDAI’s Committee on Biometrics states in its recommendations that “Biometrics data are national assets and must be preserved in their original quality.”

I wish to draw your attention towards UIDAI’s paper titled ‘Role of Biometric Technology in Aadhaar Authentication’ based on studies carried out by UIDAI from January 2011 to January 2012 on Aadhaar biometric authentication reveals that the studies “focused on fingerprint biometric and its impact on authentication accuracy in the Indian context. Further improvements to Aadhaar Authentication accuracy by using Iris as an alternative biometric mode and other factors such as demographic, One Time Pin (OTP) based authentication has not been considered in these studies.”  This paper explains, “Authentication answers the question ‘are you who you say you are’”. This is done using different factors like: What you know– userid/password, PIN, mother’s maiden name etc, What you have – a card, a device such as a dongle, mobile phone etc and What you are – a person’s biometric markers such as fingerprint, iris, voice etc. The ‘what you are’ biometric modes captured during Aadhaar enrollment are fingerprint, iris and face. “It is noteworthy that this paper refers to biometric markers like “fingerprint, iris, voice etc” revealing that after fingerprint and iris, “voice” print is also on the radar and its reference to “etc” includes DNA prints as well.   

I wish to draw your attention towards the UIDAI paper which states, “Of the 3 modes, fingerprint biometric happens to be the most mature biometric technology in terms of usage, extraction/matching algorithms, standardization as well as availability of various types of fingerprint capture devices. Iris authentication is a fast emerging technology which can further improve Aadhaar Authentication accuracy and be more inclusive.”  Such absolute faith in biometric technology is based on a misplaced assumption that are parts of human body that does not age, wither and decay with the passage of time.  Basic research on whether or not unique biological characteristics of humans beings is reliable under all circumstances of life is largely conspicuous by its absence in India and even elsewhere.
I submit that there is a need for the Parliament, Supreme Court, State legislatures and High Courts to examine whether or not biometrics provides an established way of fixing identity of Indians. Has it been proven?

I submit that a report “Biometric Recognition: Challenges and Opportunities” of the National Research Council, USA published on September 24, 2010 concluded that the current state of biometrics is ‘inherently fallible’. That is also one of the finding of a five-year study. This study was jointly commissioned by the CIA, the US Department of Homeland Security and the Defence Advanced Research Projects Agency.

I submit that another study titled “Experimental Evidence of a Template Aging Effect in Iris Biometrics” supported by the Central Intelligence Agency (CIA), the Biometrics Task Force and the Technical Support Working Group through Army contract has demolished the widely accepted fact that iris biometric systems are not subject to a template aging effect. The study provides evidence of a template aging effect. A “template aging effect” is defined as an increase in the false reject rate with increased elapsed time between the enrollment image and the verification image. The study infers, “We find that a template aging effect does exist. We also consider controlling for factors such as difference in pupil dilation between compared images and the presence of contact lenses, and how these affect template aging, and we use two different algorithms to test our data.”

I submit that a report “Biometrics: The Difference Engine: Dubious security” published by The Economist in its October 1, 2010 issue observed “Biometric identification can even invite violence. A motorist in Germany had a finger chopped off by thieves seeking to steal his exotic car, which used a fingerprint reader instead of a conventional door lock.”  It seems that considerations other than truth have given birth to faith in biometric technologies.  Besides working conditions, humidity, temperature and lighting conditions also impact the quality of biological material used for generating biometric data.

In view of the above, I urge you to re-examine the basis of the central government’s faith in biometric technologies, to ascertain whether there a biological material in the human body that constitutes biometric data immortal, ageless and permanent. Both aadhaar and NPR are based on the unscientific and questionable assumption that there are parts of human body likes fingerprint, iris, voice etc” that does not age, wither and decay with the passage of time. They who support Aadhaar and NPR seem to display unscientific temper by implication.

Therefore, issuance of Resident Identity Cards to all usual residents of the country based on such ever changing biometric data will be a complete waste of resources and would bring disrepute to the government. There is a compelling logic for the GoM to recommend abandonment of this project the way China, Australia, France, UK and USA has done keeping in mind the fundamental rights of present and future generations.

Thanking You
Yours Sincerely
Gopal Krishna,
Citizens Forum for Civil Liberties (CFCL),
Mb: 09818089660, 08227816731,

Dr Manmohan Singh, Prime Minister, Government of India 
Smt Sonia Gandhi, Chairman, National Advisory Council, Government of India  

Hon’ble Members and Special Invitees of Group of Ministers (GoM) regarding Issue of Resident Identity Cards to all usual residents of the country of age 18 years and above under the scheme of National Population Register
Shri P. Chidambaram, Minister of Finance
Shri Ghulam Nabi Azad, Minister of Health and Family Welfare
Shri Sushilkumar Shinde, Minister of Home Affairs
Shri Ajit Singh, Minister of Civil Aviation
Shri Kapil Sibal, Minister of Communications & Information Technology, & Minister of Law & Justice
Kumari Selja, Minister of Social Justice and Empowerment
Shri Praful Patel, Minister of Heavy Industries and Public Enterprises
Shri V. Kishore Chandra Deo, Minister of Tribal Affairs & Minister of Panchayati Raj
Shri Jairam Ramesh, Minister of Rural Development.
Shri Montek Singh Ahluwalia, Deputy Chairman, Planning Commission
Shri Nandan Nilekani, Chairman, Unique Identification Authority of India
Prof. K.V. Thomas, Minister of State (Independent Charge) of the Ministry of Consumer Affairs,
Food & Public Distribution
Shri Paban Singh Ghatowar, Minister of State (Independent Charge) of the Ministry of Development of North Eastern Region, and Minister of State in the Ministry of Parliamentary Affairs
Hon’ble Chief Ministers, States of India
Hon’ble Members of Parliament
Chief Secretary, Government of Andhra Pradesh
Chief Secretary, Government of Bihar
Chief Secretary, Government of Chhattisgarh
Chief Secretary, Government of Goa
Chief Secretary, Government of Gujarat
Chief Secretary, Government of Haryana,
Chief Secretary, Government of Himachal Pradesh
Chief Secretary, Government of Jammu and Kashmir
Chief Secretary, Government of Jharkhand
Chief Secretary, Government of Karnataka
Chief Secretary, Government of Kerala
Chief Secretary, Government of Madhya Pradesh
Chief Secretary, Government of Maharashtra
Chief Secretary, Government of Odisha
Chief Secretary, Government of Punjab
Chief Secretary, Government of Rajasthan
Chief Secretary, Government of Tamil Nadu
Chief Secretary, Government of Uttar Pradesh
Chief Secretary, Government of Uttarakhand
Chief Secretary, Government of West Bengal
Chief Secretary, Government of Puducherry
Chief Secretary, Government of Arunachal Pradesh
Chief Secretary, Government of Assam
Chief Secretary, Government of Manipur
Chief Secretary, Government of Meghalaya
Chief Secretary, Government of Mizoram
Chief Secretary, Government of Nagaland
Chief Secretary, Government of Sikkim
Chief Secretary, Government of Tripura
Chief Secretary, Government of Andaman and Nicobar (UT)
Administrator, Government of Dadra and Nagar Haveli (UT)
Administrator, Government of Daman and Diu (UT)
Administrator, Government of Lakshadweep (UT) 

No comments: