Why Biometric Aadhaar Database Project Should Be Abandoned
Biometric databases have given birth to gnawing present and future civil liberties and civil rights concerns. Biometric identification exercise has been in use at least since 19th century. History of biometric profiling is a history of violence and repression. A stolen password can be changed but stolen fingerprints cannot be changed.
Biometric identification is an invitation to violence. A motorist in Germany had a finger chopped off by thieves seeking to steal his exotic car, which used a fingerprint reader instead of a conventional door lock. This was reported in the October 2010 issue of The Economist. Under its science and technology section, it wrote about the fallibility of biometric identification under the title The Difference Engine: Dubious security. It inferred that “Keeping evildoers out is no simple screening matter” contrary to what the belief of the proponents of Central Identities Data Repository (CIDR) of 12 –digit biometric Unique Identification (UID)/Aadhaar numbers.
As per Section 2 (g) of Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, “‘biometric information’ means photograph, fingerprint, iris scan, or such other biological attributes of an individual as may be specified by regulations.” The reference to “such other biological attributes” makes it clear that voice sample and DNA profiling is included under its ambit. It is noteworthy that the Human DNA Profiling Bill, 2015, is aimed at regulating the use of Deoxyribose Nucleic Acid (DNA) analysis of human body substances proﬁles and to establish a National DNA Data Bank. The definition of biometric information in the Aadhaar Act seems to make the proposed Human DNA Profiling Bill redundant.
It is germane to recall the role of task force for preparation of Policy Document on Identity and Access Management under National e-Governance Programme (NeGP) which submitted a report in April 2007, that revealed Project unique ID (UID) “to create a central database of resident information and assign a Unique Identification number to each such resident (Citizens and Persons of Indian Origin) in the country…..” was already under implementation long before the arrival of Nandan Nilekani in July 2009 as chairman of Unique Identification Authority of India. This report defines biometrics. The report of this Task Force appears to be making one of the earliest references to “Biometric authentication”.
Biometric identification and authentication is the foundation on which the entire CIDR of UID/Aadhaar project has been erected. The proponents of the project feign ignorance about a five-year study, Biometric Recognition: Challenges and Opportunities, published on 24 September 24, 2010, by the National Research Council in Washington D.C., conclude that biometric identification and recognition is “inherently fallible” like the discredited science of Eugenics.
J Satyanarayana, former IT secretary who is currently a part-time Chairman of UIDAI since September 6, 2016, was the member of the task force. The other members of the task force included 34 members. The members included 11 technology solutions providers namely, IBM, Microsoft, Oracle, Computer Associates, Novell, Honeywell, HP, Red Hat, ILANTUS Technologies, MPhasis and PricewaterhouseCoopers (PwC).
Satyanarayana, who was the member of the task force that authored the above mentioned report, finds mention at Pg No. 46-47 of the report Parliamentary Standing Committee on Information Technology that examined the work of Department of Electronics and Information Technology (DeitY), Ministry of Communications and Information Technology, asked about the surveillance by National Security Agency (NSA) of the US. He said, “We have been assured that whatever data has been gathered by them for surveillance relates only to the metadata. It has been reiterated and stated at the highest level of the US President that that only the metadata has been accessed, which is, the origin of the message and the receiving point, the destination and the route through which it has gone, but not the actual content itself. This has been reiterated by them, but we expressed that any incursion into the content will not be tolerated and is not tolerable from Indian stand and point of view. That has been mentioned very clearly and firmly by our government.”
In effect, the Government of India has formally communicated to the Government US that India has no problem if they conduct surveillance for metadata, in fact, it is acceptable and tolerable but “incursion into the content will not be tolerated and is not tolerable.” The Central Government has been misleading the state governments, media and the citizens. It must be remembered that the idea of UID was incubated in this very department. It is evident that Satyanarayana and this department has no problem in sharing metadata of Indians to foreign agencies.
Contract agreements accessed through RTI reveal unequivocally that personal sensitive data of Indians have been handed over to transnational by private enterprises like Accenture, Safran Group and Enst & Young. It has come to light that companies like 23andMe, a privately held personal genomics and biotechnology company based in California and Ancestry.com, a US online genealogy company, collect and store DNA data, and that such data can be sold or accessed by third parties. Notably, the Election Commission of India on its website has provided answer to a question about the “system of numbering EVMs”, wherein it reveals that “Each Control Unit has a unique ID Number (UID).” The proponents of world's biggest citizen identification scheme aim to converge electoral photo identity card (EPIC) numbers of electoral database, the UID/Aadhaar number database called CIDR. Thus, it can subvert the democratic process.
If these provisions are read with Section 23 (2) (g), it is clear that powers and functions of the Unique Identification Authority of India (UIDAI), Ministry of Electronics and Information Technology, includes the power of “omitting and deactivating of an Aadhaar number and information relating thereto in such manner as may be specified by regulations” through subordinate legislation as and when they deem it appropriate. It means that Aadhaar Act is worse than the overruled verdict in ADM Jabalpur case because it has empowered the central government to cause civil death of anyone it does not like and has deprived citizens the right to compliant as was done by ADM Jabalpur in pursuance of the Presidential Order dated 27 June, 1975, under Article 359(1). The order had “declared that the right of any person (including a foreigner) to move any court for the enforcement of the rights conferred by Articles 14 21 and 22 of the Constitution and all proceedings pending in any court for the enforcement of the above mentioned rights shall remain suspended….”
As per Section 47 (1) of the Aadhaar Act 2016, “no court shall take cognizance of any offence punishable under this Act, save on a complaint made by the Authority or any officer or person authorised by it.” This takes away the right of the “residents” and citizens to move any court for the enforcement of the rights conferred by Articles 14 21 and 22 of the Constitution.
Given the fact that Indians’ biological information is being colonised by these countries, it is likely to have implications for these “Embodied Subjects” in international relations because they end up creating biometric borders restricting their mobility.
Human body in India came under assault as a result of forced sterilization of thousands of men under the infamous family planning initiative of Sanjay Gandhi during Internal Emergency. Human body is once again under attack through indiscriminate biometric profiling seemingly under patronage of the Prime Minister. Such a project, which is aimed at creating an unlimited government, not limited by Constitution, must be abandoned in supreme public interest.
Dr Gopal Krishna is a public policy and law researcher, convener of Citizens Forum for Civil Liberties (CFCL) and editor of www.toxicswatch.org