Aadhar & UID: Supreme Court Order Exposes its Illegality

Now opposition parties should promise destruction of database of biometric features created so far; Promoters of Biometric aadhaar and NPR emerged as killers of privacy unlike heroes like Julian Assange, Edward Snowden and Bradley Manning.

By Gopal Krishna,

March 24, 2014 New Delhi: Hearing the Special Leave to Appeal (Criminal) No(s).2524/2014, which has been linked with the previous case Writ Petition (Civil)    494 of 2012, the Supreme Court bench of Dr. Justice B.S. Chauhan and Justice J. Chelameswar passed an order that exposes the illegality of the unscientific exercise of indiscriminate biometric data collection by Planning Commission’s UIDAI, Home Ministry’s Registrar General of India for Aadhaar number and National Population Register (NPR) and other government and private agencies.

Aadhar Logo

The Supreme Court has passed this order asking Government of India to delink all programs from biometric aadhaar. Non-Congress political parties have denounced biometric aadhaar as a case of fraud and a national betrayal. The same holds true for NPR.

Welcoming the order, Citizens Forum for Civil Liberties (CFCL) demands that the opposition parties should promise that new government after the Lok Sabha elections will destroy the illegal and illegitimate database of biometric features as has been done in UK and other countries.

Notably, even as data thieves and brokers are feeding memory of online companies, the dictum “Internet never forgets” faces challenge from legislatures in USA which are grappling with Do Not Track Me Online Act and European General Data Protection Regulation that includes right to be forgotten. The European Parliament passed the regulation on March 12, 2014. In the absence of any regulatory resistance, data mining mafia is on the prowl in India through aadhaar and NPR. The marriage of internet with biometric data consequents in the death of privacy and democratic rights.

Biometric data itself has scientifically been proven to be ‘inherently fallible’ especially because of constant decay of biological material in human body. Global experience demonstrates that the trust in junk science of biometrics is misplaced. The stolen biometric passport of a passenger in the missing Malaysian airliner has exposed its claims for good.

The incident of two of the 239 passengers who were on the Malaysian airliner that disappeared on March 8, 2014 between Kuala Lumpur and Beijing having used stolen European passports based on biometric data including electronically stored fingerprints and facial images merits attention. It is this very biometric technology which is the basis of biometric unique identification (UID)/aadhaar number and National Population Register (NPR).

In post-independent India, except for the Emergency period never was privacy under such unprecedented assault.

In the light of these developments there is a compelling need to explore the following questions:

1.         What is the technological basis of 12 digit unique identification (UID)/aadhaar number and NPR?

2.         What is the basis of the editorial claims like “privacy issues can be take care of once supporting legislation is in place” be considered defensible. Is this what is called putting the cart before the horse?

Is there a biological material in the human body that constitutes biometric data immortal, ageless and permanent? Besides working conditions, humidity, temperature and lighting conditions also impact the quality of biological material used for generating biometric data. Both aadhaar and NPR are based on the unscientific and questionable assumption that there are parts of human body likes fingerprint, iris, voice etc” that does not age, wither and decay with the passage of time.

In a RTI reply dated October 25, 2013, UIDAI shared its contract agreement with Ernst & Young states in a most startling disclosure from the contract agreement is its admission that “biometric systems are not 100 % accurate”. It admits that “uniqueness of the biometrics is still a postulate.” In an admission that pulverizes the very edifice on which UID/aadhaar and the NPR rests, it writes, “The loss in information due to limitations of the capture setup or physical conditions of the body, and due (to) the feature representation, there is a non-zero probability that two finger prints or IRIS prints coming from different individuals can be called a match.”

This is underlined in bold letters in the contract agreement. In simple words, “non-zero probability that two finger prints or IRIS prints” turning out to be a match means that there is a probability that biometric data of two different individuals can be identical.

The contract agreement states, “the Unique ID will be a random 12-digit number with the basis for establishing uniqueness of identity being biometrics”. The agreement further states, “we will provide a Unique Identity to over 113.9 crore people.” This is evidently a fraudulent claim because UIDAI with which the agreement has been signed has mandate to provide Unique Identity to only 60 crore residents of India and not to 113.9 crore people.

A report “Biometrics: The Difference Engine: Dubious security” published by The Economist in its 1 October 2010 issue observed “Biometric identification can even invite violence. A motorist in Germany had a finger chopped off by thieves seeking to steal his exotic car, which used a fingerprint reader instead of a conventional door lock.” This reveals the frightening ramifications of using biometrics as a basis for identification.

Another report “Biometric Recognition: Challenges and Opportunities” concluded that the current state of biometrics is ‘inherently fallible’. That is one of the findings of a five-year study was jointly commissioned by the CIA, the US Department of Homeland Security and the Defence Advanced Research Projects Agency.

As to privacy, in the contract agreement between the President of India for UIDAI, as purchaser and L-1 Identity Solutions Operating Company, and Accenture Services Pvt Ltd accessed through RTI at clause 15.1 it is stated, “By virtue of this Contract, M/s Accenture Services Pvt Ltd/Team of M/s Accenture Services Pvt Ltd may have access to personal information of the Purchaser and/or a third party or any resident of India, any other person covered within the ambit of any legislation as may be applicable.”  The purchaser is President of India through UIDAI. The clause 15.3 of the agreements reads, “The Data shall be retained by Accenture Services Pvt Ltd not more than a period of 7 years as per Retention Policy of Government of India or any other policy that UIDAI may adopt in future.”  This clearly implies that all the biometric data of Indians which has been collected so far is now available to US Government and French Government.

In “Broken Promises of Privacy: Responding to the surprising failure of Anonymisation”, a 77 page long study by Paul Ohm Associate Professor at the University of Colorado Law School illustrates how central identity databases facilitate the reverse audit trail of personal information. This paper underlines that the assumption of robust anonymization of electronic identity has been blown up, “casting serious doubt on the power of anonymization, proving its theoretical limits…”

Sam Pitroda’s public information infrastructure (PII) is tagging people, tagging places, tagging programmes etc to connect 2.50 lakh Panchayats all over the country. UID/aadhaar and NPR of Chandramouli are subsets of this program. Ever wondered as to why the votaries of privatization of every imaginable natural resource ‘for public welfare’ have become advocates of centralization of biological information of Indians ‘for public welfare.’ The rationale for the stateization of personal sensitive information of Indian residents and citizens appears dubious.

Not surprisingly, Government’s own Draft Discussion Paper on Privacy Bill stated, “Data privacy and the need to protect personal information is almost never a concern when data is stored in a decentralized manner” unlike UIDAI, NPR and PII.

Human body came under assault as a result of forced vasectomy of thousands of men under the notorious family planning initiative of Sanjay Gandhi. Nilekani and his ilk have acted worse than Sanjay Gandhi in putting Indians’ body under the assault of biometric surveillance.

Earlier it appeared strange as to how the aadhaar cases namely, Writ Petition (Civil)    494 of 2012 W.P(C) NO. 829 of 2013, W.P (C) NO. 932 of 2013, T.C.(C) NO. 152 of 2013, T.C. (C) NO. 151 of 2013, W.P (C) NO. 833 of 2013 and CONMT.PET. (C) NO.144/2014 IN W.P.(C) NO.494/2012 which were listed for hearing on 4th March, 2014 got knocked out from the priority list of hearing, after passing 14 orders and ongoing hearing in the case ahead of the Lok Sabha elections.

Supreme Court’s previous 14 Orders in the aadhaar case are   as under:

 

While whistleblowers like Julian Assange, Edward Snowden and Bradley Manning have joined the ranks of hall fame as the defenders of privacy as a basic human right, likes of Nandan Nilekani, C Chandramouli and Sam Pitroda have joined the hall of infamy with entities like National Security Agency as killers of privacy. The latter are admittedly in the business of ‘cloudifying’ databases that has the potential to turn governments into puppets at least as far as control over database is concerned.

For further details: Gopal Krishna, Member, Citizens Forum for Civil Liberties (CFCL), Mb: 9818089660, E-mail:gopalkrishna1715@gmail.com

  • sridhara

    The article deals mainly with two issues viz: reliability of Biometrics and secrecy of biometric data. Strangely it ignores the purpose and advantages of project UID.

    I while respecting the privilege of their biometric data may I ask what do I lose if my biometric data is accessed by others? You may ask about infringing personal privilege. Every rule truncates some privileges. Rules are a must for smooth running of any society.

    We use a password in several occasions to deny access to others. Soon we realised that password can be cracked. Does it mean we should not use password and keep the data open to others? We should strive to improve the strength of password but not reject it. So, there is no reason to believe that UID will not improve its secrecy further. If we were living when paper currency was introduced we would have opposed its introduction. So, opposing UID on secrecy issues is strange.

    Hence look at the purpose of UID. Respect UID by weighing its advantages against silly disadvantages.

    • Kumar

      mr. sridhara here definitely does not understand its implications. There is a reason why the social security no. was scrapped in the U.S. and its not compulsory for an US citizen to have that no. Through UID you can be watched at every step which is creepy, you can be implicated for a crime which you have not committed, now that the information will be shared with the CBI.

      • sridhara

        Mr. Kumar (sorry for delayed reply)
        I have asked for implications to be explained. Instead of explaining them your reply makes fresh possible implications but do not explain how it could be possible. As long as onus of proving we can list any number of implications.
        UID is not an RFID to be tracked. If information is shared with CBI the job of CBI may become easy to catch the culprit but how can CBI implicate wrongly? Can UID data become proof of crime? For those that have been demanding faster justice this is good. For those that want to evade law this is objectionable.
        SSN in US is mandatory to all those above 18 age receiving income. SSN system is very old and less efficient. UID offers better advantages than SSN. In any case SSN exists in US, can you quote ant instances of their police wrongly implicating its people using SSN data?