"All that is necessary for the triumph of evil is for good men to do nothing".
Edmund Burke
"Among a people generally corrupt liberty cannot long exist".
Edmund Burke
“In matters of conscience, the law of the majority has no place.”
Mahatma Gandhi

"Democracy was the greatest gift of our freedom struggle to the people of India. Independence made the nation free. Democracy made our people free. A free people are a people who are governed by their will and ruled with their consent. A free people are a people who participate in decisions affecting their lives and their destinies".
Rajiv Gandhi
Hi-tech without Panchayati Raj is just a bogus stunt for geeks and nerds."
Mani Shankar Aiyar, Congress leader

Wednesday, December 1, 2010

SAMIR KELEKAR



UID: Some unique life stories of common citizens


Aadhaar Article no 925

December 07, 2010 01:01 PM | Bookmark and Share
Samir Kelekar



The average Indian has much more serious problems to attend to, like making both ends meet, or how to procure high-priced essentials, or get decent health care, and the hugely expensive UID programme isn’t going to make any difference about this
Thanks to a pliant media (and through the Radia tapes we now know who controls the mainstream media) and the UIDAI's media campaign (tax payers' money spent to brainwash people) one almost begins to feel that lack of identity is a real problem in India. In urban India, however, one need only look at a few examples to bust the myth being propagated by the UID campaign. Here are some examples from lower middle-class Bangalore.
Joy is a car mechanic who has his own mechanic shop. He works deligently, gets a few customers, and does a very good job for a very reasonable price. He is not a dealer or an approved mechanic for any of the big car brands; he doesn't even have an air-conditioned showroom that might attract upmarket customers. He operates in a low-class locality in Bangalore called Viveknagar.
Joy basically lives a hand-to-mouth existence, and to his credit has created a few jobs too. Joy's mother, 75, was ill some time back. She was taken to the government-owned Bowring Hospital. She was diabetic and also suffered from a heart disease. The doctors told her that one of her kidneys was not functioning and that the heart was functioning only about 10%, and that was only a matter of time before she would leave for her heavenly abode. They asked that she be taken back home.
No tests like echocardiogram, or a treadmill test, let alone an angiogram. It puzzles me how the doctors came to the conclusion simply on the basis of an ECG. I won't be surprised if they looked at Joy's ability, or rather inability, to pay for the sophisticated tests and surgical procedures and concluded that Joy and his mother were not worth wasting time on. Joy had a resigned look on his face-he told me it is all a matter of fate. A few weeks after his mother was brought home, she passed away.
Harry is a painter who works for a big paints manufacturing company in Bangalore. He earns Rs10,000 a month. Harry is a Bangalorean, owns a small house in the HAL locality. He has rented out a part of his house, and that gets him an income of Rs2,000 a month.
Harry's problem is that two years ago, his son who was about 12 years old had an accident. His leg was damaged; the bones near his thighs were damaged. The hospital screwed up or some such thing happened, and his son will forever be on crutches. Harry spent Rs2 lakh on medical treatment. Not knowing the intricacies of the medical condition, or how the hospitals and doctors operate, Harry sees no solution for his son's health condition. All Harry does is plead with me, "Pray for my son".
I could describe a hundred stories like these, deaths that should not have happened, or of permanent disabilities due to a lack of knowledge of patients, about private health-care costs that are very high, and dismal health care in public hospitals.
Among the several people in the low-class localities of Bangalore that I know, the story is more or less the same. Many die by the time they are 50, bad food habits, drinking and ignorance of modern health care leading to heart attack in most cases. When the sole bread-earner dies, the cycle repeats. Children don't have the money to study and take up a higher professional degree, as a result of which their earning capacity is dismal. The loop will continue to the next generation. This to me is urban lower middle-class India's story.
Unless I am drastically wrong somewhere, I believe what urban India needs is cheap government subsidised education, affordable health care, and good education that can give people higher-paying jobs. For instance, today the IT sector has high-paying jobs but not enough talented and skilled people. There are too many low-skilled or unskilled people around, and most job vacancies require higher skills. Thus, there
is a mismatch.

I cannot understand how UID (unique identity number), or deploying a sophisticated biometric scanner is going to help these people. Sure, they will enroll in the UID programme; for that matter, show them any carrot and they will enroll in anything. They are too naive to see through the complex, sophisticated business models of the fat-cat corporates.
Portable identity is touted as a feature of this UID programme. Eliminating fake ration cards is touted as another feature. In a recent talk by the IT secretary of Karnataka on a panel discussion on UID, he mentioned how computerisation of traffic records and subsequent linking of records had helped increase revenues from traffic fines in the state. This may be true, but how high a priority should this be? Even with a few fake ration cards, a poor family could make say Rs5,000 a month more by pilfering grains and kerosene. Compare this with the hundreds of thousands of crores taken away by sophisticated scamsters in the Commonwealth Games, the Adarsh army building case and the 2G spectrum allocation matter. Who should the government be going after? Big crooks or petty thieves?
Coming to catching traffic violators, it is interesting that most traffic cops prefer to catch two-wheeler riders over those going around in say luxury cars. The concept of a hierarchical society is ingrained in our psyche so much, more so in the psyche of even our cops. That all citizens should be equal before the law is hardly practiced in our country.
Coming back to the UID programme, why spend Rs50,000 crore of tax payers' money to catch a petty thief? And to whom are we going to give the contracts for biometric scanners and such other contracts to? It would have helped if the contracts for biometric scanners were given to Indian companies who could have done research on biometrics, manufactured the scanners in India and as a result would have created good technology and good jobs in India. Indeed, India could have become leaders in biometric research and manufacturing, and these companies could have then tried to get into foreign markets. However, these contracts have been given to the likes of Microsoft and L-1 identity solutions. L-1 has had or continues to have a number of former US government intelligence personnel as its top executives or employees.
Indeed, it takes a few conversations with a man on the street, and not moving about the malls alone, to see the state of the nation and the aam aadmi's problems.
Even the so-called conveniences attributed to come from UID-instant mobile connection for instance-would be useful really for the upmarket crowd who are busy making money and cannot afford to make even two visits to a mobile providers' office, or do not have the time to arrange for address proof and identity proof documents. The aam aadmi on the other hand has time at his disposal; he wouldn't give much importance to this convenience. But he has much more serious problems to deal with-like how to make both ends meet; how to deal with the huge price rise of essential commodities; how to get health care; problems that are much more serious than helping you shop for the right item at the click of a mouse.

(The author has a BTech from IIT Mumbai, and a PhD from Columbia University, New York. He runs a start-up, Teknotrends Software Pvt Ltd, that does cutting-edge work in the area of network security.)

________________________________________________________________

SAMIR KELEKAR


November 18, 2010 05:42 PM | 
Samir Kelekar
 
A recent deal for the purchase of biometric scanners from a US-based company, which has worked closely with American intelligence agencies, raises serious questions on the security of data in the Aadhaar project

Could the Aadhaar project, touted as a critical requirement for development, turn into a threat to the country's national security and sovereignty?

It was recently reported that L-1 Identity Solutions, a US-based company which is now being bought by a French company, has been given a $25 million order for biometric scanners. This was among the deals announced by the White House during the visit of president Barak Obama to India a fortnight ago. In fact, president Obama, for the same reason, also blessed the Unique Identification Authority of India (UIDAI) with a visit to the innovation forum event in Mumbai where he even had a chat with UIDAI's tech head.

In the case of any other commercial deal this would not have raised eyebrows. But it is the background of L-1 Identity Solutions that raises questions. L-1 has close ties with US intelligence agencies. Read what a report says about L-1: "I will start by mentioning that Louis Freeh (former director of the US Federal Bureau of Investigation), Admiral Loy (former head of the Transportation Security Agency), George Tenet (former director of the Central Intelligence Agency), Frank Moss (former program manager for the State Department's E-Passport program), and many others who previously held key positions in the federal government, all
joined Viisage/L-1 as members of the Board of Directors or as paid employees of Viisage/L-1. It must be really sweet to sign off on contracts worth millions of dollars, tens of millions or more in fact, and then turn right around and go on the payroll of the same company that you awarded the contracts to. Sure, Tenet, Freeh and the others may not have had to sign the actual contracts but certainly they are responsible for knowing who the contracts went to when they were in charge of their respective agencies and departments.

"L-1 dominates the state driver's license business. L-1 also produces all passport cards, involved in the production of all passports, provides identification documents for the Department of Defense and has contracts with nearly every intelligence agency in our government. To a large extent it is fair to say that your personal information is L-1's information. L-1 is the same company that thinks our political party affiliation should be on our driver's license along with our race. L-1 has a long history starting with its taking over Viisage Technology. It was a great sleight of hand, Viisage morphing into L-1 while Viisage was under investigation by our government," the report said.

Tenet, the former CIA director who was later on the board of L-1, was accused of passing on false information concerning Iraq's WMD (weapons of mass destruction) capabilities which led to the Iraq war. In the new world of surveillance that is emerging, L-1 is turning out to be very powerful, a multi-national giant which can potentially have control over countries. How, some skeptics might ask. Is this one more bogey by the activist lobby? Recently, L-1 has bagged orders from France as well as China.

UIDAI has been professing open standards. But the contract to L-1 is a slap in the face of its professed policy. By now, it is clear that UIDAI does not keep the promises it makes, so this does won't surprise anyone.

In the absence of a thorough audit of source code-the only way in which one can be sure-a backdoor can be easily inserted in any of the biometric scanners. This backdoor can not only transfer biometrics data to the vendor's database and to UIDAI's database, but it can also shut down the scanner at will. So, if the UIDAI project goes through and the biometric scanners and UIDAI's infrastructure becomes ubiquitous to the point that every financial transaction in the country requires a biometric scanner, it doesn't require a scientist to tell us that this is equivalent to handling the nation's economy in the hands of foreign companies. The danger posed to the nation's economy is no less than that from foreign companies controlling our telecom infrastructure.

In the case of telecom, after a lot of noise, some action is being taken. It is another matter whether the action taken is good enough or not. But no amount of charisma on the part of the UIDAI chairman can fix this problem which could affect the sovereignty of the nation.

The only way out is to ask all vendors of biometric equipment to open their source code and subject it to thorough audit by experts. That is how countries such as China would handle similar situations. Recently, China asked Microsoft to reveal its source code and Microsoft complied. The US too secures its own nationalistic interests properly. Sometime back the US stopped the sale of Tipping Point, a US security company, to a Chinese firm on the grounds of securing national interests.

Further, there could well be a vendor lock-in. L-1 has been on a buying spree, taking over smaller biometric companies. It is quite possible that it buys off other biometric vendors of UIDAI, resulting in a virtual monopoly, which could lead it to hike the prices for upgrades. What checks and balances has UIDAI got to ensure that this does not happen? More important, will the checks and balances, if any, stay or will they be dropped as time passes, for UIDAI's statements cannot be trusted as evidenced from its past actions.

Coming to the Unique Identification Number (UID), there has been misinformation by UIDAI that the social security number (SSN) of the US is equivalent to the UID in India. This is not the truth. The SSN does not have your biometrics, it is just a number.

The US is trying to introduce something called the Real ID, which has biometrics, and this is being stiffly resisted by Americans. As of 2008, over 20 legislatures in the US had passed resolutions (or legislation) opposing the implementation of the Real ID Act. Eleven of those legislatures had gone further, by passing laws specifically prohibiting compliance with Real ID. What is sauce for the goose may not be sauce for the gander. Will the Indian authorities wake up and investigate this critical aspect before it is too late?

(The author has a B Tech from IIT Bombay, and a PhD from Columbia University, New York. He currently runs a start-up, Teknotrends Software Pvt Ltd that does cutting-edge work in the area of network security).



____________________________________________________

 19th October 2010


UIDAI project may infringe on civil liberty says SAMIR KELEKAR
 
When Nandan Nilekani a technocrat was appointed the chairman of UIDAI by PM Manmohan Singh, I had applauded the decision. The reasons were many, but mainly, given Nilekani’s background as an entrepreneur with high ethics with respect to Infosys, it was expected that he would bring the same standards to this government project. Fourteen months later, the hope of many on this front has not just been shattered, as the monster that is Aadhar (UID) unleashes on a hapless population, now there is a national campaign to stop this project.
   
For starters, this project has flouted all norms of accountability and transparency. The appointment of Nilekani is now widely called undemocratic. The legality of the project is called into question since it was launched by the Prime Minister and it does not have legal sanction as yet. The lack of transparency has been pointed out after only lip-service was paid to discussions with civil society organizations and all calls for transparency have gone unheeded.
   
There is a lot that has gone wrong and continues to go wrong with this project. Even the intent of this project is suspect. Jean Dreze, noted development economist, member of the prestigious National Advisory Council (NAC) of India chaired by Congress President Sonia Gandhi, and the one who conceived of NREGA the scheme that assures 100 days of labour in a year to the rural poor, has called the UID project a national security project camouflaged as a social welfare initiative.
   
Others who are opposing the project include noted Magasasay winner and social activist Aruna Roy also part of NAC, Former Justice of the  Supreme Court Krishna Iyer and a huge number of civil society organizations. Even Nobel Laureate Amartya Sen has warned about this project.
   
The fact that UIDAI cannot solve anything other than minor problems with PDS (public distribution system) and NREGA is now backed by data. Both the schemes are plagued by corruption and most of this corruption does not take place at what is called “the last mile” which the UID project tries to fix. At best, the number of fake ration cards in PDS is pegged to around 8 to 10 percent in most instances.
   
In PDS, most of the corruption takes place at the higher end; grains are siphoned off before they reach the fair price shops. The UIDAI makes us think that ration card holders go to the ration shop and use more than one card and pilfer ration. This is not true by and large. Thus, checking the identity of the ration card holders will not solve the pilferage problem.
   
Similarly, in NREGA, the problem is not of identity. The village supervisors take bribes to mark the attendance of workers and only then the workers get paid. UID cannot solve this problem.
   
There are also serious issues raised about the PR campaign mounted by UIDAI which mainly harps on financial inclusion. Even this is proved wrong.  About 83 percent of NREGA payments already take place via bank accounts. 

Also, there are fears that an ID card can lead to exclusion rather than inclusion and even ethnic cleansing. Now, as never before, it would be possible to list the names, addresses and possibly religion (with some more intelligence thrown in the system) of people at the click of a mouse. It wouldn’t take much for an average Indian to imagine the consequences.
   
UIDAI’s promise of a privacy law has been only lip-service till now. There is a clamour in a lot of quarters that the UIDAI program be halted till relevant laws are put in place, but that hasn’t gotten any response from UIDAI. And the project is going on at breakneck speed.
 
   Quite surprising though it is, coming from an organization headed by a former corporate boss, there is neither a project report, nor feasibility or impact assessment study nor a cost-benefit analysis for the UIDAI project.
 
   Thousands of crores of tax payers’ money are being spent without all this. And a recent report from the US National Research Council that has done a multi-year study on biometrics says that biometrics is not reliable as an authentication method and has to be used with some other method for good results. It is not yet known what effect the results of this report would have on the UID project.
 
   The biggest fear due to this project is the threat to civil liberties, democracy and freedom itself. Given that it is well known that fingerprints lying in various places can be captured, and now that the State would have fingerprints of its citizens/residents in a database, an authoritarian ruler can play havoc nailing people at will with false evidence. As yet, there is no law preventing this, only statements from UIDAI saying “we are looking into it”.
 
   Quite interestingly, the monster unleashed by UIDAI could even go out of its own control. It is also worth noting that UK has shelved a similar National ID project. The statements made while getting rid of the project reveal a lot.
 
   UK’s Home Secretary Theresa May said “The national identity card scheme represents the worst of Government. It is intrusive and bullying, ineffective and expensive. It is an assault on individual liberty that does not promise a great good.”
 
   Finally, Mahatma Gandhi’s first satyagraha in South Africa was against identity cards that segregated Indians from others. This identity card had the finger prints of all ten figures and the law was passed in 1906. Gandhi called it the Black Act. A century later, Gandhi’s own party the Congress is reintroducing a similar law in India.
   
The UIDAI project needs to be severely opposed. I urge Goans not to give their fingerprints and iris scans and oppose this draconian project with all their might.
_____________________________________________________ 

Aadhaar and the myth of lack of identity- Money Life Article
October 05, 2010
Samir Kelekar 

October 05, 2010 08:19 PM

Samir Kelekar
What is needed today to solve the problems of the poor is not so much esoteric technology but first and foremost clear logic as to where the problems lie. Most poor get deprived of what they should get because of corruption, and not lack of identity

The UID programme has been launched without any legal and constitutional sanction for it as yet. In the name of the poor, a huge amount of money is being spent.

And, in spite of severe criticism from rights organisations including warnings by eminent academicians such as Nobel Prize winner Amartya Sen, no action of reviewing the project has been taken.

The main argument of the UID that it will help plug leakages in NREGA and PDS is fallacious.
Consider these two videos from the ground:

1)
MREGA corruption video
http://indiaunheard.videovolunteers.org/ajeet/rural-workersdenied-wages/

2)
Villagers expose corrupt dealer http://indiaunheard.videovolunteers.org/varsha/villagers-exposecorrupt-pds-dealer/

The first video shows how the supervisor who is in charge of the NREGA programme takes a bribe to mark the attendance of the workers.

It is not that the workers don't have a form of identification. They do have a job card. Their work does not fetch them anything unless their attendance is marked, and for that they have to depend on the supervisor. And the supervisor asks a bribe for it. UID or for that matter no amount of identification can solve this problem.

Consider the second video which is about PDS. Here the ration shop owner charges more money for the grain. Here too, lack of identification is not the problem, and hence UID will be of no good to solve this problem.

If one goes by estimates done by various sources, the leakage in the government schemes due to fake cards is about 8% to 10% - a miniscule part of the whole lot of leakages. In the case of PDS for instance, most leakages do not take place at the last mile as per the UIDAI hypothesis; instead it is the big corrupt sharks who are involved in siphoning grains before they reach the ration shop itself.

Thus, it is clear that not enough study is conducted by UIDAI in concluding that lack of identification is the real problem. No wonder, there was no independent impact assessment study of what the UIDAI project can lead to, which if done, the above problems would have been revealed. This begs the question - is the amount to be spent on UIDAI in the name of plugging of leakage of government aid justified?

A cost-benefit analysis would have given the right answers.

Jean Dreze, who conceived NREGA, has said that the UID project is a security project camouflaged as a welfare initiative.

The examples shown above reveal that the UIDAI project will not be able to plug other than minor forms of leakages from the government aid programmes; further, that too at huge costs and many other negative fallouts.

Also, some of the technological choices made by the UIDAI project may just be not the best ones available, but in fact could be counterproductive.

A recent report based on a multi-year study by the US-based National Research Council states that biometrics are inherently unreliable for authentication as a replacement for other forms of authentication.

The reasons given are as follows:

First of all, biometric authentication is called "inherently probabilistic." That is, the match between sample and master record will always include some uncertainty - no matter how good a sample, the sensor reading the sample and the information technology system matching the sample to a master record.

Among the reasons for that uncertainty is the nature of biometric identifiers themselves. Human bodies and the features on them aren't necessarily constant over time.

 Also, biometric identifiers, while difficult to duplicate on the body of another person, are still available for surreptitious collection through fingerprint gathering, as per the report. It concludes that an imposter could be detected by a human operator administering the biometric authentication system, but that "significantly constrains remote or distributed applications of biometrics."

The report doesn't dismiss the possible usefulness of biometric authentication, however, noting that in combination with other methods, it can augment security at least in applications "where user cooperation can be inferred."

Interestingly in the case of UIDAI, none of the above cases apply. Specifically, the human operator says the ration shop owner administering the biometrics in the case of UIDAI should be considered an adversary as he would himself have interest in stealing the biometrics of the ration card holder.

Further, he operates in a remote area where what he does is not visible to the authorities unlike say in a setting such as an international airport.

Thus, he could probably design a number of ways of beating the authentication process of biometrics. It is precisely these kinds of use case scenarios that haven't been thought through thoroughly by the UIDAI folks.

Another argument given by the UIDAI authorities is that of inclusion, and that 120 million migrants have no form of identity.

Consider the following scenario: A genuine migrant with his home town from Azamgarh moves to Delhi and goes to a bank there for a loan. Since his permanent address is not Delhi, banks could deny him a loan. In fact, instead, he might be put on a terror watch list. Is there a guarantee that his UID won't be used against him, in fact to exclude him rather than for inclusion?

All the above issues point out that Aadhaar is using lack of identity as a myth to justify its spend. Remove the myth and Aadhaar stands bare, without any justification other than mainly as a national security project and for purposes of targeted marketing, linking data, tracking and surveillance, and yes, some amount of convenience due to easy check of one's identity.

What is needed today to solve the problems of the poor is not so much esoteric technology but first and foremost clear logic as to where the problems lie. Most poor get deprived of what they should get because of corruption, and not lack of identity. The bull of corruption needs to be taken by the horns and not by the tail which Aadhaar tries to do.

Secondly, the poor should be made aware of their rights, and empowered to tackle corruption. As is shown in the two videos (linked above), if at all technology should be used, it should be stealth cameras which should be given to the poor free; instead Aadhaar fetters the poor by taking their biometrics.

(The author has a B Tech from IIT Bombay, and a PhD from Columbia University, New York. He currently runs a start-up, Teknotrends Software Pvt Ltd that does cutting-edge work in the area of network security).

__________________________________________

UID: Will NAC come to the rescue of India’s democracy?
Money Life Article by Samir Kelekar
1st September 2010 


Aadhaar Article No. 497 


It is important that the UID project be halted and a committee be appointed to look into the various issues plaguing the project; further, a thorough feasibility and impact assessment study is needed before more taxpayer money is spent on this venture

Today's Hindustan Times carries an article titled 'Unique ID plan hits advisory panel roadblock'. The article states that some of the members of NAC (the National Advisory Council, an apex body appointed by the prime minister and headed by Sonia Gandhi, UPA chairperson), have raised serious concerns about the UID project.

"There is no real informed debate on the project which has enormous potential of segregating the population (based on few parameters). It is a matter concerning people at large - public money being spent to profile common public," a member told Hindustan Times, adding the opinion is shared by some more people in the council.

"There is a vast difference between the census and UID. Without explaining what it means, memorandums of understanding (MoUs) are being inked with private companies. They say UID would reform systems like the public distribution system (PDS), but no detail of how it will is available in the public domain," said activist Aruna Roy.

The NAC of India is an advisory body set up to monitor the implementation of the UPA government's manifesto, the Common Minimum Programme (CMP). It is a brainchild of Congress party president, Sonia Gandhi. It is also informally called as UPA's Planning Commission for social agenda.

The NAC is a mix of activists, retired bureaucrats, economists, politicians and an industrialist with unstinting passion for social change.

To give an instance of the stellar record of the members of the NAC, here is a brief from their Wikipedia profiles.

Aruna Roy is a political and social activist who founded and heads the Mazdoor Kisan Shakti Sangathana ('Workers and Peasants Strength Union'). She is best known as a prominent leader of the Right to Information movement, which led to the enactment of the Right to Information (RTI) Act in 2005. In 2000, she received the Ramon Magsaysay Award for Community Leadership.

Anu Aga is an Indian businesswoman and social worker, who led Thermax Ltd, the Rs 830-crore energy and environment engineering major, as its chairperson from 1996-2004. She had figured among the eighth richest Indian women, and in 2007 was part of the 40 Richest Indians by net worth according to Forbes magazine.

After retiring from Thermax, she took to social work, and in 2010 was awarded the Padma Shri (Social Work) by the Indian government.

Jean Drèze is a development economist who has been influential in Indian economic policymaking. He is a naturalised Indian of Belgian origin. His work in India includes issues like hunger, famine, gender inequality, child health and education, and the NREGA. He had conceptualised and drafted the first version of the NREGA.

His co-authors include Nobel laureate in economics Amartya Sen, with whom he has written on famine, and Nicholas Stern, with whom he has written on policy reform when market prices are distorted. He is currently an honorary Professor at the Delhi School of Economics, and Senior Professor at the GB Pant Social Science Institute, Allahabad.

Deep Joshi is an Indian social worker and NGO activist and the recipient of the 2009 Magsaysay award. He was recognised for his vision and leadership in bringing professionalism to the NGO movement in India. He co-founded a non-profit organisation, Professional Assistance for Development Action (PRADAN) of which he is the executive director. He was awarded the 2009 Magsaysay award for Community Leadership for his work for 'development of rural communities'.

Some of the members of the NAC want answers to questions about UID. Nandan Nilekani, UIDAI chairperson, was supposed to address the NAC on Monday, but apparently the discussion has been postponed to late September.

As has been stated by various articles, these concerns are not just valid but are of a very serious nature. To put it bluntly, the UID is building an infrastructure for future authoritarianism in the country. It is most important to thrash these concerns out completely. In fact, it is important that the UID project be halted and a committee be appointed to look into these issues deeply; further a thorough feasibility and impact assessment study is needed before more of taxpayer's money is spent on this project. What is at stake is not just possibly hundreds of thousands of crores of  taxpayer's money, but democracy itself.

Let us hope that the esteemed NAC members will have a thorough discussion with UIDAI regarding this issue, and resolve these issues.

(The author has a B Tech from IIT Bombay, and a PhD from Columbia University, New York. He currently runs a start-up, Teknotrends Software Pvt Ltd that does cutting-edge work in the area of network security).
 


__________________________________________ 

2nd August 2010
Aadhar, bonanza for corporates; no win situation for the people - Money Life

by Samir Kelekar 
adhaar could be extremely dangerous to freedom and democracy itself, a reason why similar identity projects have been confined to the dustbin by many other democratic countries

Since Aadhaar, that national UID project, seems to be the flavour of the season with news coming out everyday as to how it is turning out to be a bonanza for corporates, and now even the Supreme Court joining in on the Aadhaar bandwagon, I thought, why not pen another article.

To summarise, whichever way one looks at it, I find that Aadhaar is either an idea conceived very naively or it is a fast one pulled on the hapless people of India. Let me elaborate why.

Firstly, any security architect knows that the probability of any computer system getting hacked can never be zero. There is no such thing as 100% security.

Safeguards and backup plans are built into systems for such an eventuality even while taking care that the systems are made as secure as possible. Aadhaar is using biometrics of people which are unique to them. What happens if the Aadhaar database gets hacked and biometrics of a million people are stolen? Even with the best of security experts designing and securing a system, such an eventuality is eminently possible.

The recourses I can think of in case of such an eventuality would be either for Aadhaar to shut down - the million-odd people whose biometrics are stolen can't be given new fingerprints and irises (a recent news report indicates that fingerprints can be surgically replaced in China for a mere Rs15,000) - or for Aadhaar then to use some other forms of biometrics, say DNA for instance. The overall Aadhaar budget would then increase further.

The above fact is considered a major weakness of using biometrics as an ID, in that unlike a password, biometrics is not replaceable.

Secondly, Aadhaar claims to solve the problem of leakage of government aid that is meant to go to the poor. Aadhaar claims to do so by plugging what it says is the problem of fake identities. To be precise, Aadhaar has now revised its stand and said that it will only deal with the issue of identity proof and the problem of fixing issues with government aid have to be dealt by other agencies.

Nevertheless, Aadhaar has used the above issue - that of its application as solving the problem of leakage of government aid - to justify the whole project.

However, Aadhaar hasn't justified the fact that the problem of leakage of government aid is due to fake identities by giving any numbers or data. In fact, discussions with people who claim to know how PDS works say that the grains are siphoned not at the last mile, that is fair-price shops, but from the warehouses themselves, and this is done with connivance from the highest authorities and politicians.

Fake zombie identities are used as an accounting fraud to siphon off grains. According to these people, it is not that the major leakage takes place because multiple end-customers go with fake IDs and buy more grain. I haven't found any precise data or study on what are the various causes of leakages, how specifically siphoning  of PDS grains takes places, what are the percentages of each way of leakage and how each one can be tackled. If indeed there are no precise numbers, then it is outrageous on the government's part to spend huge amounts of money without such a study and on a solution that may not even tackle the problem to a substantial extent. In fact, if there is no grain arriving at the fair-price shop because most of it is siphoned off at the warehouse itself, what use is proving the identity of the end customer, which Aadhaar claims to do?

Further, if the black marketers announce that a huge amount of grain is now rotten, how is Aadhaar going to tackle that? Incorrect weighing of grains, frauds in weights and measures, or allocating lesser grains than the entitled amount to the end customer, are other ways of grain-siphoning that a mere identity check, Aadhaar style, can do nothing about.

What seems to be necessary and more important to plug government aid leakage is strict enforcement of law and coming down with a heavy hand on those who siphon grains, irrespective of their position.

The UPA government unfortunately hasn't shown much political will in tackling corruption and it is wishful thinking on its part that with the help of Aadhaar the problem will magically go away.

In fact, as far as government aid is concerned, what Aadhaar could possibly do is to help in directly transferring money to the account of the aid recipient, provided of course there are no security issues with Aadhaar and the project can really stop the problem of zombie accounts in the UID database, a tall order in my opinion and even if solved, would increase the Aadhaar budget by a large amount. For instance, it is well known that fingerprints and irises can be faked, and one way to fix that problem is to use fingerprint readers that detect live fingerprints, and iris readers that detect live irises. Even some of such machines can be fooled. But the idea of direct transfer of cash to aid recipients has been struck down by the Planning Commission because cash can be misused - people may end up spending on alcohol rather than grains, for instance. Also, how many of our
poor are literate enough to operate bank accounts? Touts will exploit this opportunity of operating a bank account on behalf of the illiterate people and extract their pound of flesh from the hapless souls, thus leading to another avenue for corruption.

The third problem that Aadhaar fails to tackle is that of abuse and privacy violations. This perhaps is the biggest danger of Aadhaar.

There are two ways Aadhaar can be abused. On the one hand, the ration shop owner for instance can deny the rightful grains to the customer saying that his/her biometric authentication failed and thereby open a new avenue of corruption here - the bigger abuse could be by the State itself.

While on the one hand Aadhaar has so many challenges to tackle on issues such as security, de-duplication of biometrics etc. If these problems are solved, which if at all they can only be done at a huge cost; the success of Aadhaar can open all doors to future authoritarian rulers to cause havoc.

It is well known that one can easily fake evidence by placing fingerprints at the scene of a crime for instance, and a government that has the biometrics of all its citizens, has complete power on its citizens, and can play havoc with the citizenry. While this may not happen with the current government, there is no guarantee that a future authoritarian ruler won't abuse the system.

Aadhaar could thus be extremely dangerous to freedom and democracy itself, a reason why similar identity projects have been confined to the dustbin by many other democratic countries.

Thus, Aadhaar seems to be in a no-win situation whichever way one looks at it. However, there are surely some entities which are reaping the benefits of Aadhaar. These are corporates and IT companies, and in times of recession, Aadhaar has been god-sent for them. No wonder, all
corporates and even a lot of the media are going ga-ga over Aadhaar.

Since everyone in the corporate world seems to have fallen so much for technology not just because of one's love for technology but also because of the financial benefits that come from projects worth thousands of crores, I was just wondering what could be the next thing that one could use to reap the next big bonanza. Once it is clear that Aadhaar won't solve the problem of government aid reaching the poor because grains get siphoned off from FCI warehouses themselves (by the way, recent news reports indicate that 1/3rd of grain in FCI warehouses gets spoilt), one could think of attaching an RFID tag with each grain of rice and wheat so that one can track its path from the field where it is produced onwards. It could be the next Rs500,000-crore bonanza for the corporates!

It is another matter that Chhattisgarh has created a revolution in plugging leakages in PDS, and it cost them much less. Their solution: empower the people, colour all the trucks carrying PDS grains in a bright yellow colour, and if any truck empties grains in any place other than fair-price shops, people themselves report it to the authorities, who then take action.

(The author has a B Tech from IIT Bombay, and a PhD from Columbia University, New York. He currently runs a start-up, Teknotrends Software Pvt Ltd that does cutting-edge work in the area of network security).

_______________________________________
14th June 2010
Urgent Need for Independent impact assessment of National UID project. By Samir Kelekar - Money Life


In the absence of hard numbers, it is anybody's guess as to what is the real intent of the UIDAI project. Is the project really meant to help the poor? Or is it just a corporate ruse to link people, track them and do targeted marketing, with the poor being used as a fig leaf to justify the huge spend on the project?

Unique Identification Authority of India (UIDAI) chairman Nandan Nilekani has been very concerned about privacy implications of the National Unique Identification (UID) project. Time and again, he has emphasized that the project could lead to privacy violations. For instance, he said in March of this year and I quote from an msn.com article: "We are also conscious of the privacy issue. In fact the UID database cannot be read by anybody. The only thing you can use it for is authentication. We are making all efforts technically and legally to see privacy is protected," Nilekani, a former Infosys co-founder, told IANS in an interview.
 
"At the same time we need a larger debate of privacy and what laws we need in
the country. Today we don't have any privacy laws," said Nilekani who quit Infosys last year and was handpicked by Prime Minister Manmohan Singh to head the authority."
 
However, as of today, we haven't seen any law on privacy implications that
has been proposed in Parliament.

The publicly available minutes of the recent(6 May 2010) meeting with civil society organizations that the UIDAI had indicates that while UIDAI will draft a law on data security and endorse any potential law dealing with privacy violations, it is not clear if the UIDAI itself considers it as its mandate or even responsibility to come up with the legal framework concerning privacy violations and misuse of the UID database. And if that is the case, that is indeed not just unfortunate but looking at recent developments could even be dangerous.
 
A few days back, UIDAI signed its first registrar. And who could that be?  It was the Life Insurance Corporation of India (LIC). Various media reports have pegged the LIC database size having data of 60 million to 200 million customers.

Some entries of this database namely name, address, and biometrics which LIC will now capture will be shared with UIDAI. What are the   privacy implications of the above?
 
Even granted that the LIC shared only the name, address with UIDAI, the fact is the same entity which has your medical and other vital records now has your fingerprints, iris scans and the UID number. Crores of people buy life insurance or medical insurance from LIC. Lots share their financial data too. For instance, long back when I went to the US for higher studies, I took a loan, which required a guarantee in the form of a, LIC policy. LIC has in its records the fact that I took a loan, and many other details of mine. It is another matter, whether LIC has deleted my name from its database or not, once my policy was matured and I was no longer their customer.
 
A high-priced consultant brain could give LIC ideas on how to increase its revenue.

Share the medical records with a credit card company. Now, say ICICI Bank is the next registrar of UIDAI. Thus, ICICI now has its credit card number mapped with a UID. Suddenly, one day you start getting, along with your credit card statements, advice on how to deal with your diabetes, or worse still an infectious skin disease that you once had and no longer have. God forbid if you have something like HIV. What you apparently missed is a minor report in the newspaper that ICICI Bank tied up with LIC to share their databases. Now consider you are a young man about to get married, and your fiancé sees your credit card statements time and again having this same ad or advice on how to deal with your infectious disease. Chances are, you can kiss good bye to your upcoming marriage. Worse still, your land lady who stays downstairs who has all the time on her hands happens to inspect the covers of your daily letters or credit card statements. The kind of hell that one could go through is only limited by one's imagination. And given the market centric world that we are in, where everyone is out to sell info for money for all kinds of purposes, UID-the common element that unambiguously links the info-is just the thing we do not want. This is just the tip of the iceberg; wait till something like the Income tax department becomes a UIDAI registrar and has your UID.

You could be potentially stopped from boarding a flight going abroad because you have delayed filing your tax returns.
 
Quite interestingly, the UID concept was marketed so that the poor could get government doles and to plug leakages in government schemes. How many of the poor have even heard of LIC leave alone avail of their services?

The UIDAI argument is that LIC has this micro-finance system, which the poor avail of. What is not clear is what percentage of LIC's customer base comprises of these micro-finance customers.
 
In the absence of hard numbers, it is anybody's guess as to what is the real intent of the UIDAI project. Is the project meant to help the poor really or is it just a corporate   ruse to link people, track them, do targeted marketing and the poor are just used as a fig leaf to justify the huge spend on the project? And if both, what are the extents of each? Further, if UIDAI is shirking its responsibility to come up with a legislation that will prevent misuse of the UID from abuse by the state or other parties as mentioned above, the only potential justification for this project-namely security of the nation-also falls through.
 
Finally, I shudder to think of the security issues involved now that apart from the UIDAI database, here is another database-the LIC one which has your fingerprints. One can only imagine of the consequences, given the past records of the security of our government-owned systems.
 
I was always of the opinion that the UID might have been a good concept. But
after seeing the developments-lack of any feasibility or impact assessment study, the whopping escalation of costs (would anyone in his/her sane mind spend Rs30,000 crore on something just based on a few pages written in a book; the latest estimates peg the cost at Rs45,000 crore), and lack of privacy and other laws preventing misuse,   I am getting convinced that the UID project is going wayward. The least that needs to be done is to urgently conduct an independent third-party impact assessment study of the UID project.

And this has to be carried out by an entity which has no potential business interests in the business that will ensue from the UIDAI project, so that they have no vested interests in the results of the study.
 
As I close this, I think of the new India that is emerging in our cities. Whether one likes it or not, lakhs of our young girls escape the drudgery and hunger in their lives in their villages and come to our cities. Some have dreams of becoming an Aishwarya Rai; many work in dance bars. But our country is far from one about equal opportunities. Most end up working hard just to make ends meet.

Many want to get rid of their old identities, which tie them to their past, their caste, what not. They want to create new identities for themselves, forge new relationships with upwardly mobile guys in the city. What use is UID to them? They do not avail of government doles or aren't beneficiary of any huge government schemes.

Their main interaction with the government happens when cops try to extract bribes from them. It is an open question whether the UID will help them or will be more like a millstone tying them irrevocably to their past.

(Dr Samir Kelekar is founder-director of Teknotrends Software, Bengaluru )
 __________________________________________________

18th May 2010
National UID an Orwellian Odyssey by Samir Kelekar-Money Life ,
Aadhaar Article No 102

Cut to 2020. Is this how Big Brother is going to exploit the UID project?

The year is 2020. I walk down from my apartment at Domlur Layout, Bangalore to go for an evening's relaxation to the Metro Road (previously called M G Road). As I hail an auto rickshaw and pay the fare via my automated mobile cum payment card, I get a message on my mobile: "Thanks for using Balaji's Auto Service, the last time you travelled by auto was three days back, from Koramangala to your home in Domlur". I am bit puzzled as to how they know this, but I brush the thought away.

I get off at Metro Road and hang out at Cafe Matteo at the Metro station. Nice, cool air-conditioned (AC) cafe. Bangalore has become so hot—due to global warming I suppose—that an AC is a must. As I pay for my regular Americano coffee with skimmed milk by the side via my credit card, my mobile beeps—"Welcome; I see you have just arrived from Domlur; as per our records, the last time you had a similar coffee was a week back at a Jayanagar Coffee Day joint; and yes, while going back make sure you take an auto rickshaw outside Eva mall; our computerised time and traffic analysis shows that it is the fastest and cheapest way to go by auto to Domlur from Metro Road at this time of the day."

I am flabbergasted. How do they know all this? Things like, when I had a coffee last time. And it strikes me, partly due to my mind working overtime thanks to the just-imbibed caffeine. It must be DL—the "Documented Life" service.

A day back I received an SMS on my mobile asking whether I would like to be subscribed for a 30-day free trial for this service, and I had said yes out of curiosity.

Documented Life has a database of what everyone does. And there has been some noise that they infringe on peoples' privacy. To me, it seems like my freedom itself is taken away. Still, I think there must be a way out. I decide not to travel by auto anymore or use my credit card. But, as I start walking back to Domlur from Metro—the only way I think my freedom would be preserved is if I walk—I see that the six-lane elevated highway no more allows people to walk.

So, maybe a bus might be fine, I think. But as I pay the conductor of the BTS (Bangalore Transport Service) bus via the special pass that BTS gives, I see a similar message on my mobile: "The last time you went back by bus to your house was a month back and you celebrated your bus travel by having a beer in Lakshmi Bar and Restaurant (LBR) at Domlur. How about doing that again today? We have specials for you."

"Riding on the UID database" said the footnote.

Aha! It all comes back to me now. I am convinced that the culprit for this loss of freedom and privacy is the unique identification (UID) project. The high-profile National UID project, which went on from 2009 to 2015 gave a unique ID to every resident in India.  The National UID Authority was established. It was claimed that it was particularly careful about privacy implications of the project.

The UID database for instance was carefully chosen, and one could only query if a particular UID corresponding to a particular fingerprint was valid or not. Owing to privacy concerns, you couldn’t do anything else with the database. To begin with, no one other than the UID Authority could even create a database with a UID as one of the elements.

But as time passed, due to one reason or the other, all these protections fell through.

First of all, even though the UID was not mandatory for everyone, slowly as banks and other institutes started making UID mandatory for their service, it became necessary for everyone, at least in cities, to have the UID by default. 
Without the UID, one could not get into an auto rickshaw as payment cards were linked to the UID, one couldn’t own a mobile as mobiles were linked to the UID or one could not have credit cards or bank accounts as they were also linked to the UID.
So, the first protection against privacy violation—not to make UID compulsory—fell through this way.

Secondly, as the threat of terrorism started growing, linking information became a critical necessity. NATGRID, a home ministry project meant to tackle terrorism by co-relating various important databases was the first one to use the UID to link information across disparate databases. Also, it became necessary for banks and mobile companies to keep UID-related data.

Thirdly, as each financial institution had issued their service against a UID, they did have a UID-service mapping, so given a UID, they could map it to say their credit card in case of a credit card company, and the credit card could be further linked to the transactions.

Documented Life did the next thing that was logical. It paid companies and bought their databases of this mapping, and once it had a threshold of a number of companies participating, they could literally track everything that a person did. Not that before the UID days the above was not possible. Even before the UID days, mobile companies could track where you are at any moment by tracking your mobile location. But at least the certainty and genuineness of the data wasn’t there. One could always use a mobile, which was in a friend's name and put the trackers off. What the UID did was that it gave the stamp of certainty to the whole data, and that was the game changer. For instance, Documented Life has recently announced a deal with the Income Tax (I-T) authorities; one will not have to file I-T forms anymore; I-T would get automatically deducted from one's bank account as all income and all expenses can now be auto-tracked thanks to Documented Life's database.

Isn’t this exactly the 1984 scenario that Orwell predicted, albeit one that has come about a bit later? It also struck me why most of the Western countries shelved or limited their national UID projects. Sure, the Indian National UID authority had good intentions for the UID project. They claimed that government schemes would reach the poor as the poor have problems proving their identity. UID turned out to be a boon to the poor, but a bane to freedom.

But I am not the type who would give in so easily. I think there should be some way out to beat the system and regain my privacy.

I come home, and call my friend M. He always has brilliant ideas to solve any problem. I tell him, "We are losing our freedom and privacy; this is what happened; when I paid for the bus ticket, they said the last time when I travelled by bus I had a beer in such and such place, and they said you should do it now, and there are specials. Isn’t this an invasion on my freedom and privacy?"

"Samir," says M, "I know very well you are going to have a beer. They are in fact making it convenient for you by reminding you beforehand and offering you specials."

As I walk into LBR and sip the chilled beer, I am confused. Have I lost my freedom or have I gained convenience?  I ponder for some time. But, slowly clarity dawns on me. "Would it be any different if they had inserted a chip in my body?"

(Dr Samir Kelekar is founder-director of Teknotrends Software, Bengaluru)