Usha Ramanathan works on the jurisprudence of law, poverty and rights. She writes and speaks on issues that include the nature of law, the Bhopal Gas Disaster, mass displacement, eminent domain, civil liberties including the death penalty, beggary, criminal law, custodial institutions, the environment, and the judicial process. She has been tracking and engaging with the UID project and has written and debated extensively on the subject. In July-September 2013, she wrote a 19-part series on the UID project that was published in The Statesman, a national daily.

Her work draws heavily upon non-governmental experience in its encounters with the state; a 6 year stint with a law journal (Supreme Court Cases) as reporter from the Supreme Court; and engagement with matters of law and public policy.

She was a member of: the Expert Group on Privacy set up by the Planning Commission of India which gave in its report in October 2012; a committee (2013-14) set up in the Department of Biotechnology to review the Draft Human DNA Profiling Bill 2012; and the Committee set up by the Prime Minister's Office (2013-14) to study the socio-economic status of tribal communities which gave its report to the government in 2014.

Tuesday, April 5, 2016

37 - Part i - Threat of exclusion, and of surveillance by Usha Ramanathan - Statesman


Part i - Threatof exclusion, and of surveillance by Usha Ramanathan - Statesman


02 Jul 2013

The aadhaar project has become the bane of average Indians, threatening their access to all manner of services. basic questions have sometimes been asked and almost never been answered, says  Usha Ramanathan, in the first of a multi-part series.

The Unique Identity (UID) project has been around for over four years. The Unique Identification Authority of India (UIDAI) was set up by an executive notification dated 28 January 2009 and came into its own after Mr Nandan Nilekani was appointed as chairperson in July 2009. Now it has, as some observers say, become an experiment being conducted on the entire country.
In its early stages, it was marketed, simply, as giving the poor and the undocumented an identity. It was to be voluntary, and an entitlement. But, it is evident even from the Strategy Overview document of the UIDAI that it was never intended to be an entitlement that people may choose to adopt or ignore. That document said that "enrolment will not be mandated", but went on to add: "This will not, however, preclude governments or registrars from mandating enrolment". So, the potential for compulsion was built into the architecture of the project. Starting in 2012, voluntariness began to be eroded, and threats of exclusion from services and entitlements began to be bandied about. By January 2013, a virtual panic was set off when it was announced that various services and entitlements would not be accessible to persons who did not have a UID number.

Mr Nilekani has said time and again that half the population is expected to be enrolled by the end of 2014; yet, there have been warnings that people without a UID number may find themselves unable to access benefits and subsidies if they did not have it, if a bank account had not been opened, and if the UID number were not embedded in the bank account. So, subsidy for cooking gas, kerosene, and scholarships, for instance, became dependent on having a bank account seeded with the UID, or aadhaar, number. In case anyone wonders what the UIDAI has to do with these decisions, it is the chairperson of the UIDAI, Mr Nilekani, who chaired the committees that recommended these changes. The reports are in the public domain.

From its inception, the UID project has been about creating the 'database resident'. The website of the Department of Information Technology, which has been renamed as Department of Electronics and Information Technology, modestly carrying the acronym DeitY, has said all along that "Project UID, a Planning Commission initiative, proposes to create a central database of residents, initially of those above the age of 18 years". Except, that the UIDAI got more ambitious and wanted everyone, from the newborn to the oldest resident, on its database. And it was always intended to converge various databases to construct a profile of the individual, and to this effect the website of DeitY says that "the project envisages provision of linking of existing databases, as well as providing for future additions, by the user agencies". The MoUs between the UIDAI and various registrars that include the state governments, oil companies, banks and the Registrar-General of India, who is in charge of census and the National Population Register and socio-economic and caste census, not only provide for various additional fields of data being collected during enrolment, but also for having the UID number appended to each such database.

As for biometrics, documents reveal that when the decision was made to use fingerprints and iris for enrolment, there was no knowledge about whether these biometrics would work in India, given the demographic and environmental conditions. In fact, it has since been found that with age the fingerprint fades, that manual labour makes the fingerprint difficult to read, that malnourishment-induced cataract blights an estimated 8-10 million people, and so on. In fact, as recently as 23 April 2013, Mr Nilekani said in his speech at the Centre for Global Development in Washington: "We came to the conclusion that if we take sufficient data, biometric data of an individual, then that person's biometric will be unique across a billion people. Now we have to find that out. We haven't done it yet. So we'll discover it as we go along." First, the conclusion. Then they will wait to find out! That is why some observers of the project have been saying that it is an experiment being conducted on the entire population. The consequences of failure have not been discussed, although, in a talk at the World Bank in Washington on 24 April 2013, Mr Nilekani said in response to a question about what he thought was the greatest downside risk to the UID: "To answer the question about what is the biggest risk," he said "in some sense, you run the risk of creating a single point of failure also."

There is more to cause concern, and much to be answered about UID.

(The writer is an academic activist. She has researched the UID and its ramifications since 2009.)

LEGALITY
The UID project is proceeding without the cover of law. There is only the notification of January 2009 which says the UIDAI "owns" the database, but which says nothing about how it may be used, or what will happen if it fails or if there is identity fraud, or some outside agency gains access to the database. A Bill was introduced in Parliament in December 2010, after the project had been launched and data collection had begun. The Bill collapsed in December 2011 when the Parliamentary Standing Committee found it severely defective, and after it found that the Bill and the project needed to be sent back to the drawing board. There is no sign yet of a Bill, and any protection that the law may offer is non-existent. There is no law to protect privacy either.

Convergence and snooping
The UIDAI, and Mr Nilekani, have refused to address the probability of surveillance, convergence, tracking, profiling, tagging and intrusions into privacy that is likely to result from the creation of the database of residents and the intended convergence. The link between technology, databases, governmental power and corporate involvement in creating, maintaining, managing and using databases has produced various scenarios of surveillance that we ignore at our peril. PRISM is such a stark demonstration of the ambitions that can fuel a state that the UIDAI can no longer just say `no comment' when asked about the surveillance potential being created.
In the same period, the state has already set up agencies such as the Natgrid, NCTC, NTRO, CCTNS, MAC which will use the potential for convergence of databases that the UID makes possible. In April 2011, the government made rules under the IT Act 2000, by which it would be able to access any data held by any "body corporate". More recently, we have been hearing about the CMS, or the Central Monitoring System, speaking to a surveillance and control approach that will have the state snooping on us with no oversight, no prior permission, no answerability at any time to anyone.

The companies engaged by the UIDAI to manage the database include L1 Identity Solutions and Accenture. The UIDAI, in response to an RTI request, has claimed that they have no means of knowing that these are foreign companies, given the process of their selection! Yet, a search on the internet reveals the closeness between the L1 Identity Solutions and the CIA, and that after a recent transaction, it is part-owned by the French government; while Accenture is in a Smart Borders Project with the US Department of Homeland Security. Data security, personal security, national security and global surveillance are all drawn into a ring of concern, but remain unaddressed.