Showing posts with label Statesman. Show all posts
Showing posts with label Statesman. Show all posts
Tuesday, April 5, 2016
62 - All 19 Articles Published by Usha Ramanathan in Statesman
All 19 ArticlesPublished by Usha Ramanathan in Statesman
54 - Part XVIII - An attempt to kill the Right to Privacy by Usha Ramanathan - The Statesman
An attempt to kill the Right to Privacy
09 September, 2013
Usha Ramanathan
When the UID project was launched in 2009, it was known that it would have a profound impact on privacy.
In decades past, violations of the right to privacy were brought into public debate, and into the courtroom, when telephones were tapped, or where the police placed a man under surveillance that included domiciliary visits at night, his habits, association, income, expenses and occupation enquired into, his movements and absences verified and collected and recorded on a ‘history sheet’ after he had been charged with dacoity but when he was discharged because of lack of evidence. Some judges thought some parts of this surveillance were illegal; others that it was unconstitutional. And the right to privacy began to be read into the fundamental rights of the
Constitution. In 1996, the Supreme Court was calling telephone tapping “a serious invasion of privacy”, and a series of directions issued forth in the event that, legally, telephone tapping had to be done.
Technology has added multiple layers of complexity to the notion of privacy. Facebook, Google and the internet generally have turned the world of privacy upside down.
Corporations controlling cyberspace, and using and claiming ownership of personal data, are hard at work creating a veneer of privacy even while they are discovering property in data that is exploding on the internet.
This is a relatively recent phenomenon, and there is a lot of hard policy work going on to rein in the galloping ambitions of the corporations. Finding a laxity induced by the difficulties posed to privacy by technology, projects such as the UID have been attempting to banish the right to privacy.
Computers and digitisation of data have produced widening opportunities to collect, collate, converge and mine data in ways not envisioned while the world was a different place, about a decade and some ago. Yet, there has been a certain degree of privacy where data that is collected is held in distinct silos. Medical data, educational records, travel information, credit card use, salaries, rental arrangements, library borrowings, caste and community, mortgages on land, details of employment, RTI requests – when these are in unconnected silos, privacy, and the personal security that privacy brings with it, has a chance.
The UIDAI, from early in its existence, has posed a threat to privacy, by being the number that will act a bridge between the various silos of information of a multiplicity of databases. The technique is called convergence.
Converging information which exists on various databases needs a device that can be used in each of the databases: that is the UID number.
So, first the number is produced, and then, it is “seeded” in various databases. So, in banks, travel tickets, land records, marriage registers, school rolls, medical establishments, driving licences, ration shops, credit cards, RTI requests, hotel bookings and anything else that can be reached, the UIDAI canvasses for the UID number to be inscribed into the record. Deriving data about any person from multiple databases then needs only mechanisms for data sharing, and data mining – defined as a process used by companies to turn “raw data into useful information”.
In carrying through this grand plan of convergence, the legal dimensions of privacy protection are sidestepped by claiming that enrolment for the UID is voluntary.
After all, those enrolling are wending their way to enrolment stations, standing in queues, and registering their biometrics and demographic data.
In this depiction of voluntariness, it is not acknowledged that, for those who choose not to enroll for a UID, there will be no gas subsidy, no subsidised rations, no marriage registration, no EWS quotas in schools, no pensions, no salaries even, as the Maharashtra government decreed, or no driving licence, as the Chandigarh administration decided, except that they withdrew when the Punjab and Haryana High Court asked them if, really, they had made the UID mandatory.
The UID number in various databases acts as a bridge between silos.
A draft report on privacy that the DoPT commissioned, and which was prompted by concerns about the UID, said as early as in 2010: “Data privacy and the need to protect personal information is almost never a concern when data is stored in a decentralised manner. Data that is maintained in silos is largely useless outside that silo and consequently has a low likelihood of causing any damage.
However, all this is likely to change with the implementation of the UID Project. One of the inevitable consequences of the UID Project will be that the UID Number will unify multiple databases.
As more and more agencies of the government sign on to the UID Project, the UID Number will become the common thread that links all those databases together. Over time, private enterprise could also adopt the UID Number as an identifier for the purposes of the delivery of their services or even for enrolment as a customer. Once this happens, the separation of data that currently exists between multiple databases will vanish.”
In the beginning, there were claims that the UID is merely a number with no great privacy implications, or impact on data mining and the commercialisation of data.. As time has moved on, these have metamorphosed into something quite else, protected from questioning by obfuscation and smoke screens.
The claim was that the UIDAI only collects basic demographic information and biometrics, and this will have no privacy implications.
Actually, the data fields have expanded and now include information such as mobile number, bank account number, e-mail address, which adds significantly to the personally identifiable, and trackable, information on the database. This, however, is not all. By aggressively pushing for seeding the number in all manner of databases, the UIDAI is working overtime to make convergence, and data mining, simple and viable.
Then, the method of performing authentication is intended to make tracking, real-time, easier. So, Mr Nandan Nilekani was heard saying at his World Bank talk in April this year: “Between the UID and banks and NPCI (National Payments Corporation of India), you can get analysis on (sic) real time from agents…..you will know exactly how many agents are active, how many transactions happened, per hour or per minute….” And, of course, this applies to the individual in the transaction, too.
The claim was that the UIDAI only answers with a yes/no and does not give out any other information. But, there is the “information sharing consent”, there are data sharing agreements, the e-KYC framework requires the UIDAI to pass on demographic and biometric information and make money on performing that task. After all, data is the new property.
Mr Nilekani has little patience with privacy. “I think privacy and convenience are opposites. It's always a tradeoff,” he said to PBS, to NDTV, at the World Bank.
That is a remarkable low threshold at which he would have us abandon privacy. This, in any case, is not about convenience. It is about creating something that is a cross between Big Brother and the Panoptican. In the midst of this marketing blitzkrieg which is sweeping away concerns about fundamental rights and freedoms, it was Mr Sam Pitroda, speaking to the press in October 2010, who said it in words that are difficult to misinterpret: “So, the overall plan: UID will tag every person, GIS will tag every place, and the (PII – Public Information Infrastructure) will tag every programme.” It is from these ambitions that the right to privacy, and personal security, will have to be rescued.
The author is an academic activist. She has researched the UID and its ramifications since 2009
Read more at http://www.thestatesman.com/news/14130-an-attempt-to-kill-the-right-to-privacy.html#2FGPjhp9OTHBhLRt.99
53 - Part XVII - Mandatory or not? The government's flip-flop show by Usha Ramanathan - The Statesman
Part XVII -Mandatory or not? The government's flip-flop show by Usha Ramanathan - TheStatesman
Usha Ramanathan
Is UID mandatory? What does the government think? What is the government saying? That it is mandatory, or that it is not?
On 23 August 2013, Mr Rajiv Shukla, Minister of State for Planning, declared in Parliament: "Aadhaar is not mandatory for availing subsidies. If any public sector undertaking is making it mandatory, we will correct it." This categorical statement set the cat among the pigeons. The Minister's statement was a response to the CPI MP from Kerala, Mr Achuthan's query during Zero hour about LPG subsidy being linked with the UIDAI, and asking who had given companies the authority to make UID compulsory for getting the subsidy.
The Minister's assertion plainly did not impress other wings of his government. For on 27 August 2013, the PIB released a press note for the Ministry of Petroleum and Natural Gas titled "Aadhaar mandatory to avail LPG subsidy in DBTL (direct benefit transfer for LPG) districts ~ 2.4 million LPG consumers already receiving subsidy in their bank accounts". The note read: "In order to avail transfer of cash subsidy into the bank account, aadhaar number of LPG consumer has to be linked to the LPG consumer number and the bank account of the LPG consumer for which a grace period from the date of launch is provided."
In case anyone was in doubt about what had been said: "All LPG consumers of these 34 districts (as well as 20 districts covered earlier) are advised to obtain aadhaar number and provide them to their LPG distributors and to their banks if they wish to avail of the LPG subsidy." And to make trebly sure that the reader was not left in any doubt, it added: "It may be noted that aadhaar number is mandatory for availing LPG subsidy in DBTL districts after the initial grace period of 3 months. Aadhaar number is not required for availing LPG cylinders at non-subsidised rate."
Flip the calendar back, just a little bit. On 26 July 2013, Finance Minister P Chidambaram reportedly said in an interview to DD News: "Today I have asked my office to issue an advisory to all the chairmen of the banks to say that banks must directly approach the beneficiary and get the aadhaar number and seed it into bank accounts." He described DBT as a 'game changer', and voiced his expectation that 80 per cent (seeding of aadhaar with bank account) is doable, achievable..." Of the other 20 per cent, he thought half may be duplicate or false accounts, and the rest for whatever reason may not wish to claim the subsidy through the aadhaar platform."
He thought the savings would be "quite a bit" and did a back-of-the-envelope calculation which gave him a monthly saving of Rs 500 crores, and Rs 4500 crores a year. (This is the only kind of arithmetic that there is in relation to the UID; so one must not blame the Finance Minister for being comforted by simple acts of assumption and multiplication.) Where there is no aadhaar, he clarified, it will still go through the National Electronic Funds Transfer payment system - which is to say, there is another way. "So, today," he said, "the payment is going through two channels. The goal is that all the payments should move to aadhaar channel." That is, there is another way, but soon choice is to be removed from the people.
Fast forward to 27 August 2013. Mr Jairam Ramesh is being interviewed for the Economic Times, and he says in the context of the Food Security Bill: "The reform of the PDS and the use of aadhaar are integral parts of the Bill." And, to reassure us, he says: "We have already seen the savings that can accrue from PDS reform and aadhaar in the East Godavari district of Andhra Pradesh." So, eight months after launching DBT the Minister for Rural Development had still to invoke the spirit of East Godavari to give the UID project a sheen. But, East Godavari is, by now, known to have had an administrator who worked tirelessly over two years to clean up and update the lists, computerise records and do a door-to-door investigation to ensure that the records ran a straight course.
And, yet, a couple of weeks into the introduction of the DBT in East Godavari, reports emerged to speak of exclusion when a person did not have a UID number.
"The authorities ask for the aadhaar number for every social scheme… They are depriving us of food and pension because we do not have the number," a reporter recorded a complaint. And Mr R Subrahmanyam, the well-intentioned and hard-working administrator, protested that this could not be a problem. "Those who are yet to be enrolled in the aadhaar system will be allowed to use the existing smart card for a period of 2 months." After that, the statement implied, the UID would be mandatory.
Move to 8 May 2013. The Minister of Planning Mr Rajiv Shukla is answering an unstarred question (No 6678) raised by Mr Rudramadhab Ray, MP: "Aadhaar card is not mandatory to avail subsidised facilities being offered by the government like LPG cylinders, admission in private aided schools, opening a savings account etc."
Hop and skip to 29 August 2013. The Minister for Planning, Mr Rajiv Shukla, has changed his mind. He had spoken on 27 August 2013, to declare that UID was not mandatory. But the Petroleum Ministry had had other plans. So, the Minister…w ell…he's now changed his mind too. Aadhaar will indeed be mandatory for receiving LPG subsidies in districts where the pilot projects are underway. "But." the Minister reportedly said, "this will be after the three-month grace period given to the LPG customers and after every LPG customer receives aadhaar."
As the clock struck the midnight hour between 29 and 30 August 2013, if you had googled "aadhaar mandatory", the headlines staring back at you from the page would have read: "Aadhaar mandatory to avail LPG subsidy in DBTL districts: Oil Ministry", two days ago; "Aadhaar not mandatory for availing of subsidies: Government", six days ago; "Aadhaar not mandatory?" nine days ago; and "Now, minister says aadhaar number must to get LPG subsidy", 22 hours ago.
Earlier this year, a petition was filed in the Punjab and Haryana High Court challenging the direction of the Deputy Commissioner in Chandigarh by which the UID was made compulsory for getting a driving licence or registering a vehicle.
The court asked the state to set out its position. Before you could say 'public servant or our master?', or any other phrase of like length, the state had withdrawn the direction and so reported to the court. On 2 March 2013, the court took this withdrawal on record; and one moment of reckoning on mandatoriness and compulsion was averted. There are still petitions in the Madras High Court, Bombay High Court, Bangalore courts, Delhi High Court and the Supreme Court, and mandatoriness is under challenge in each of these petitions. Will the government know what the answer is before they respond to the court?
This flip-flop show may have been a source of entertainment if it were not for the effect it has on people who feel bullied, threatened with exclusion, and are, only for those reasons, falling in line (pun intended). Parliament, and the courts, will have to step in. Well, Parliament did, when the Standing Committee rejected the Bill that was presented to it. Contrariwise, Cabinet Ministers admitted on 31 January 2013 that they did not know what the UID was - four years after the project started! It may be the courts that will have to work their way through this maze of obfuscation.
The author is an academic activist. She has researched the UID and its ramifications since 2009.
Read more at http://www.thestatesman.com/news/13706-mandatory-or-not-the-government-s-flip-flop-show.html#rcMtC1761g5WVW5X.99
52 - Part XVI - A tale of two turfs: NPR and UID by Usha Ramanathan - The Statesman
Part XVI - Atale of two turfs: NPR and UID by Usha Ramanathan - The Statesman
A tale of two turfs: NPR and UID
15 August, 2013USHA RAMANATHAN
14 August, 2013
In 1999, the Kargil conflict led to the setting up of the Kargil Review Committee to analyse intelligence lapses when the incursions happened. In its report, the committee suggested that "steps should be taken to issue ID cards to border villages in certain vulnerable areas on a priority basis, pending its extension to other or all parts of the state. Such a policy would also be relevant in the North East, Sikkim and parts of West Bengal." In 2003, when the Citizenship Act 1955 was amended to introduce section 14-A to create a National Register of Indian Citizens, the rhetoric had moved to illegal migration. A Multipurpose National Identity Card (MNIC) was mooted as an exercise in "border management". In 2003, pilots were run issuing MNIC in 20 districts across 12 states and Delhi. The first MNIC was issued in Narela, Delhi in 2007, and the coastal areas have largely been covered in the years since.
The pilots demonstrated a problem that the MNIC project encountered. "One of the important learning of the project," a "Compendium of mission mode projects under NeGP" (National e-Governance Plan) acknowledges, "was that determination of citizenship was a complicated and involved issue and may be tackled in a phased manner."
The National Population Register (NPR) therefore registers all "usual residents", not just citizens. The Citizenship Rules say that this should be done by "house-to-house enumeration for collection of specified particulars relating to each family and individual". These Rules specify twelve fields of information that are to be gathered in the process of enrolling people on the NPR. These include name, father's name and mother's name, sex, date of birth, place of birth, residential address both present and permanent, marital status, visible identification mark, date of registration of citizen, serial number of registration and a National Identity Number. The Rules prescribe penalty for refusal to give any information that the enroller is authorised by the Rules to collect. (The parent statute, viz., the Citizenship Act 1955 as amended in 2003, does not provide for penalty, and such penalty in the Rules may be challenged, but that is another discussion.) Biometrics is not in the Rules. There is no law that requires any person to give their biometrics to the NPR enroller. In any event, and at the least, no resident/citizen can be compelled to part with their biometrics as part of the NPR exercise. Refusal to give biometrics cannot, then, attract any legal consequences.
The Standing Committee on Finance had cautioned: "The collection of biometric information and its linkage with personal information of individuals without amendment to the Citizenship Act 1955 as well as the Citizenship Rules 2003, appears to be beyond the scope of subordinate legislation, which needs to be examined in detail by Parliament." This has been studiously ignored.
The Registrar General of India (RGI), who is also in charge of the Census, is tasked with building up the NPR. In March 2011, the RGI entered into an MoU with the UIDAI, by which the RGI became a "Registrar" for the UIDAI.
In January 2009, when the UIDAI was set up by executive notification, enrolment was not among the list of "responsibilities" of the UIDAI. It was to "generate and assign UID numbers", and to "take necessary steps to ensure collation of NPR with UID (as per approved strategy)". It was when Mr Nandan Nilekani became Chairperson of the UIDAI in July 2009, and a Cabinet Committee on the UID was constituted, that the UIDAI was given the mandate to enrol up to 10 crore people, which was later revised to 20 crore. Since then, there has been a push from the UIDAI and from the Deputy Chairperson of the Planning Commission to gain more enrolment for the UIDAI.
In contrast with the NPR, the UID project is not rooted in law. The notification by which it was set up does not specify limits, wrongs, remedies nor does it vest any authority in the UIDAI.
That is why it has had to be promoted as voluntary even when the UIDAI has worked with agencies to make it mandatory through the threat of exclusion; as collecting very limited data, only enough to generate a unique number, when it has actually expanded its fields of data to include, for instance, mobile phone number, email address, and bank account number; as performing only a "yes" or "no" verification function when it has in fact introduced a column for consent to share information.
Importantly, while the NPR is based on a house-to-house collection of data, the UID is entirely based on outsourcing, with embarrassing errors showing up, where dogs, trees and leaves have been issued UID numbers, and over 800 people have been enrolled as "biometric exceptions" in one episode in Hyderabad when they have been later found not to exist.
In November 2011, there were reports of disquiet in the Home Ministry that the biometric enrolment did not meet security criteria. Mr Nilekani's response was surprisingly bureaucratic: that the UIDAI has been collected “as per accepted procedure”. In January 2012, the differences between the Home Ministry and the UIDAI escalated, with the Home Secretary, Mr RK Singh communicating to the Cabinet Secretary that the UIDAI's collection of biometrics was "fraught with security risks".
There was a brief standoff between the MHA and the UIDAI that lasted for about a week till, on 27 January 2012, a perplexing compromise was reached.
Despite the security concerns raised by MHA about the UIDAI's processes, including the extent of outsourcing, and the introducer system, it was decided in an inexplicable move that the RGI and the UIDAI would both continue doing enrolment, and that they would divide the population between them, 50:50!
On 6 August 2013, the Minister of State for Home Affairs, in answer to a parliamentary question, said: "The UIDAI issues UID numbers ... based on the demographic and biometric attributes of the person residing in India through the multiple Registrar model.
The RGI is one of the Registrars." The Minister was to say in perpetuation of an exploded myth: "The enrolment for aadhaar is voluntary." Then: "The de-duplication and generation of aadhaar number by UIDAI is a part of the NPR process ... (and) NPR is mandatory.”
And, representing the deliberate fogginess of the process: “... but during the course of NPR biometric enrolment, a person indicates she/he is already enrolled for aadhaar, the biometric data will not be captured for NPR. Instead the aadhaar number will be recorded in NPR and the biometric data will be sourced from the UIDAI.”
In handing over the data that it collects to the UIDAI; in enrolling biometrics as part of the NPR process; in accepting enrolment that is outsourced and which does not follow the process set out in the citizenship law; in handing over information to the UIDAI which the UIDAI will then “own” ~ these have introduced doubts about the legality of the NPR exercise.
Also, the RGI is expected to maintain the database, not hand it over and become a customer of the UIDAI; but it is in that direction that the NPR is headed. The conflation of the NPR and the UID has created opacity and suspect legalities. It is no wonder that the resident-citizen is confused!
The author is an academic activist. She has researched the UID and its ramifications since 2009
Read more at http://www.thestatesman.com/news/10497-a-tale-of-two-turfs-npr-and-uid.html#laPdtdLRwt83Q8BH.99
51 - Part XV - States as handmaidens of UIDAI by Usha Ramanathan-The Statesman
08 August, 2013
Memoranda of Understanding, data sharing agreements and permanent enrolment centres tell a very different story from the images that the UIDAI has attempted to conjure up about the UID project. That it is cheap, at $2.50 per person, as Nandan Nilekani said in April in Washington. That the UIDAI only gives a yes or no answer, and does not share any information. That it is a finite exercise, with 600 million enrolled by 2014, and the rest in a phase that will follow. These are reassuring, perhaps, but they are not true.
On 23 November 2009, Mr Nilakeni told a gathering with a generous dash of lawyers to work on a law that would lay at rest questions that some in officialdom were asking, about passing on information on residents to the UIDAI. The law did not happen; but MoUs did. The MoUs not merely skirted the concerns raised; they reduced states to subservience, where they would act as instructed by the UIDAI, with little in the nature of reciprocal commitments. Why the states willingly fell in line is a mystery yet to be solved, especially since what the UIDAI was setting out to create was a centralized database of residents over which states would have no control.
The MoUs conform to a pattern. They refer to the relationship between states and the UIDAI as a "partnership". Government and other agencies are reduced to 'Registrars' for the UIDAI. The UIDAI would set the tasks, specify the software; and the Registrars would deploy the enrolling agencies "pre-qualified" by the UIDAI. The UIDAI would conduct "periodic audit of the enrolment process and to this end shall have the power to visit and inspect offices of the Registrars and enrolling agencies".
"Such audits," the Kerala MOU, as a case in point, reads, "are necessary to ensure the integrity of the enrolment process…." Inexplicably, the states asked for no reciprocal authority to inspect the UIDAI and audit its working. The UIDAI would "prescribe protocols for transmission of data," "to ensure the confidentiality, privacy and security of data," and "prescribe limits for fees that could be charged for issuing a UID number". The states demanded no role in any of this.
What the states had were responsibilities and obligations. The state 'shall' "cooperate and collaborate with the UIDAI in conducting proof of concept studies and pilots…," appoint the Registrars from among its departments as prescribed by the UIDAI and create mechanisms and provide "logistic and liaison support" to the UIDAI. The states are to "provide required financial and other resources to the Registrars to carry out the enrolment process…"; this, of course, figures nowhere in the computation of costs of the project.
The UIDAI would issue instructions, and the state would follow them. If these were not followed, the UIDAI would make "reasonable attempts to discuss and attempt to resolve difficulties with the State Government….If the recommendations of the UIDAI are not implemented and matter settled to the satisfaction of both the parties, the UIDAI shall have the option to de-register the concerned Registrar and/or demand replacement of a concerned enrolment agency …" Unilateral, and no reciprocal obligation.
What was in it for the state governments? The MoUs said that during enrolment the Registrars may collect any additional information from residents, apart from that to be sent to the UIDAI for enrolment, and keep it with them. Even as the UIDAI assured residents that their UID number would be despatched only to them, the MoUs promise to send it to the Registrars simultaneously, which they can then append to the information already with them; and the process of convergence is set to begin.
ONCE IS NOT ENOUGH!
In the beginning, enrolment was projected as a one-time activity. By 2014, 600 million would be enrolled.
Then the rest. But, of course, it cannot be that simple. A 'Policy on Permanent Centre Model' has hit the stands, in a manner of speaking. Now that enrolment has reached a point where the project may be difficult to shelve, the un-discussed aspects are beginning to emerge. The plan is to set up permanent enrolment centres to "facilitate ongoing enrolments and updates". Updates? Information about marriage, migration, mobile number, death or other personal changes would require demographic updates.
Newborns would need to be databased; children would have to have their biometrics taken when they stabilize which may be when they are around 15; badly captured biometrics would need re-enrolment. "Events like accidents and diseases" may lead to biometric authentication failures and may have to be
re-presented on the database. And, capping all this: "Residents are recommended to update their biometric data every ten years." This is the first admission of a concern that those
questioning the wisdom of the project have been voicing from the beginning: that biometrics change, age, vanish with age and circumstance.
Re-registering the population every ten years? Has this been thought through by someone in government? Where can we find what the thinking is?
The "suggested minimum station requirement" is pegged at 1854 in 585 districts to be set up by the `Registrars'. This is a grand vision of ubiquity, where police stations, post offices and, for the moment, PDS shops are joined by Permanent Centres.
Between 'data sharing', re-registration of biometrics every ten years, and 'permanent centres', this is a very different project from what it marketed itself as being when it began.
There has, so far, been no independent audit of cost, process or outcomes. May be now is the time.
Read more at http://www.thestatesman.com/news/9349-states-as-handmaidens-of-uidai.html#z1WxrpBfyVwCXiwB.99
50 - Part XIV - Outsourcing enrolment, gathering dogs and trees by Usha Ramanathan - The Statesman
Outsourcing enrolment, gathering dogs and trees
07 August, 2013
USHA RAMANATHAN
How many people does it take to database a population of 1.2 billion? About 300. That is the number in the UIDAI. “Everything is outsourced, they don’t work for us,” Mr Nilekani said in talk at the Centre for Global Development earlier this year. “They” are over 100,000 people who include Registrars, enrollers, introducers, verifiers, and Authorised User Agencies.
Then there is the postal system which is to deliver the UID letter; the companies that “de-duplicate” and generate numbers; and local agencies and NGOs who participate in various stages of the project; and will in time include those in the proposed Permanent Enrolment Centres, but these are not within the 100,000 to whom Mr Nilekani refers.
They form the “ecosystem” that does the work for the UIDAI. The figures vary with a slightness that is forgivable, but they run something like this: “50 Registrars, 75 enrolling agencies, 30,000 enrolling stations, 50,000 operators”, and 300 people running the project. The UID is a “start-up”, through the scalable mode of “outsourcing”. May be all this should be impressive. Except for some disquieting facts.
On 9 May 2012, the Minister of Planning responded to a question raised by Ananth Kumar, MP, about “fraud uncovered in UID schemes”. “Some cases of process non-compliance and fraudulent enrolment have been reported against some enrolment agencies in some places”, the Minister said, before citing three such cases.
The first episode, perhaps, produced the most amusement. In April 2012, a couple of weeks after the fingerprint authentication report had been placed before the public by the UIDAI, a Telugu TV channel reported from Hyderabad that Kothimeer (dhaniya), s/o Pulav, r/o Mamidikayavuru (Telugu for “raw mango village”) in Anantapur district had been issued a UID number – 4991 1866 5246. The system will not complete the enrolment transaction unless all fields are filled, and so there had to be a photograph – a mobile phone lent its image to Kothimeer.
An elderly gentleman is reported, in the Deccan Herald, to have wryly remarked, “we have completed all formalities, got our photographs almost a year ago after standing in long lines for days but haven’t received the cars (sic) so far. The Kothimeer is lucky.”
A disenchanted MLA, Payyavula Keshav, reportedly said: “It’s probably the work of a young man who wanted to tell us how routine the process of data collection was in villages.
The private agencies entrusted with the job have no understanding of the job in hand.” Although the Minister indicated that the operators involved in the enrolment had been blacklisted, there were attempts by those speaking for the UIDAI to explain it away as an “aberration”.
A year later, in April 2013, a reporter with a national daily filed an RTI which elicited a response from the UIDAI which he felt impelled to term “one of the strangest government goof-ups India has seen till date”.
The UIDAI admitted to having erred in 14,817 letters with the wrong person’s photograph, 3,858 letters with photographs of “non-humans” (including trees and dogs), 165 acknowledgment slips with photographs of “non-humans” and 653 cases of photograph mismatch on the letter and the slip. This time, it was the printing software that picked up random pictures from the computer. This time it was a “glitch”.
It is not that the government has not been aware of the faults in the system and their unreliability.
Mr P Chidambaram, as Home Minister, had drawn back from reliance on the project more than once. In November 2011, he said: “The possibility of fake identity profile in the UID data is real,” and asked that the biometric issue too be taken up with immediacy by the Cabinet Committee on the UID. In December 2011, the Parliamentary Standing Committee on Finance recorded the concern that “a security audit of the entire process of UIDAI including enrolment process ... the enrolment software, data storage, data management etc. should be conducted by an appropriate agency”.
On 20 January 2012, Mr Chidambaram wrote to the Prime Minister upping the ante to say that UIDAI data was not credible.
Then, in an inexplicable twist in the tale, a mere week later, there was a “truce” in this “turf war”, and peace was brokered by Dr Montek Singh Ahluwalia. Mr Chidambaram and Mr Nilekani shook hands and divided the turf between them, 50:50! How this resolved the data errors and security concerns is remains unanswered.
The errors had begun to manifest early in the process, and a Pune gentleman’s complaint that his UID letter had his wife’s photograph on it was reported on 5 August 2011. In October 2011, Ian Parker, writing for the New Yorker, described how these errors were being averted: “One afternoon ... in the offices of the UIDAI .... a young computer operator was watching a monitor on which photographs of Indians were passing before him at the rate of one every two or three seconds. He examined each image and its accompanying text: name, gender, date of birth. His job was to vet: Was this anxious-looking person, in fact, a man? A seventy year old man? He clicked `correct’ or `incorrect’, and scrolled to the next person.
That day, he had already inspected more than 5000 photographs, and he had clicked ‘incorrect’ 300 times: men listed as women, children as adults, photographs with two heads in them. Nine other operatives were doing the same.” The perils of outsourcing were on show.
The Minister also spoke of an episode where, in April 2012 again, fake identities were enrolled and UID numbers issued to people who were found not to exist. About 870 of them were enrolled as “biometric exceptions”, revealing a route to fraudulent enrolment. The ID of an employee who had been suspended in September 2011 was used to complete the enrolment.
The infrastructure major, IL&FS, is being investigated and a case has been booked against the supervisor. A government doctor who acted as “verifier” and gave fake proof of identity and of address in the names of high profile personages in Karnataka was the Minister’s third instance.
It is tough to tell who is a genuine enroller and who fraudulent. There are many stories where these come from, telling tales that are now alarmingly familiar.
Yet, there is no law, no system of liability, no protection for the resident and no legal responsibility vesting anywhere, not for fraud, or for loss, or for misuse or abuse of the data collected, or for impersonation, or for selling the data even before sending it onwards to the UIDAI, or for anything else; and traditional criminal law can deal with only a small segment of this unfolding problem.
The writer is an academic activist. She has researched the UID and its ramifications since 2009.
Read more at http://www.thestatesman.com/news/9098-outsourcing-enrolment-gathering-dogs-and-trees.html#vRIHMbeSREG2U8o1.99
Subscribe to:
Posts (Atom)