Who will have access to Aadhaar data? Which are the companies selected by Nandan Nilekani’s UIDAI project for this purpose? Can our government assure us that that these companies will keep data secure from foreign eyes? Has the government satisfied itself about the ownership of these companies? The evidence is available in the public domain but Indian authorities seem indifferent to what might well be a foreign invasion into our privacy. ~ Usha Ramanathan
In July 2010, UIDAI announced names of the companies that had been selected to implement the core biometric identification system. These companies would design, supply, install, commission, maintain and support the "multi-modal Automatic Biometric Identification System and multimodal Software Development Kit for client enrolment station, verification server, manual adjudication and monitoring function of the UID application". These would create the ability to de-duplicate on the basis of biometric information collected during enrolment.
The companies were: Mahindra Satyam (as it then was) partnering with Morpho, HP with L-1 Identity Solutions and a recently set up Indian company 4G Identity, and Accenture with MindTree and Daon. L-1 Identity Solutions was also present and participating in the PoC on enrolment.
These are companies with interesting profiles. A promotional document found on the web around the time that L-1 Identity Solutions was selected to partner with the UIDAI speaks of a close connection between the company and the security and intelligence establishment of the US government. "L-1 provides highly specialised government consulting services that address the most important challenges facing US defence and global security", it announces. "More than 1000 specialists, most holding top security clearances", it advertises, giving a more specific figure of "93 per cent holding high-level government security clearances".
In 2007, Tim Shorrock, an investigative journalist based in Washington, took a close look at the connection between L-1 and the CIA in an article he did on the former CIA chief, George Tenet, titled Cashing in on Iraq. Shorrock wrote: "Tenet sits on the board of L-1 Identity Solutions, a major supplier of biometric identification software used by the US to monitor terrorists and insurgents in Iraq and Afghanistan… The company with the closest ties with the CIA – and the biggest potential financial payoff for Tenet – is L-1 Identity Solutions, the nation’s biggest player in biometric identification. L-1’s software which can store millions of ID records based on fingerprints and eye and facial characteristics, helps the Pentagon and US intelligence in the fight against terrorism by providing technology for insurgent registration (and) combatant identification, the company says. L-1 technology is also employed by the State Department and the Department of Homeland Security…" When L-1 acquired Spec Tal, it got 300 employees with security clearances getting them several agencies with whom Spec Tal had contracts, "including the CIA, the NSA and the Defence Intelligence Agency." "We’re in the security business, right? So he’s a tremendous asset," Shorrock quotes an executive vice president of L-1 as saying about George Tenet.
Sagem Morpho which is among the participating companies is the Indian subsidiary of Morpho; which is part of the Safran group. Safran is a French defence company in which the French government holds 30.5 per cent shares.
In August 2011, Safran completed its acquisition of L-1 Identity Solutions. It was a $ 1 billion acquisition. With this, L-1 joins Safran’s security business which was until then operating as Morpho, and which together with L-1 was renamed Morpho Trust.
Morpho and L-1 have, with this acquisition, merged. So, when Mr. Nilakeni says that UIDAI has created a competitive environment, that is not quite accurate.
This deal was held back for about a year between September 2010 and August 2011 till the Committee on Foreign Investment in the US approved the acquisition. Since US contracts make up about 80 per cent of L-1’s business, and to protect US national interests, Safran was to establish "a three-person proxy board" to handle sensitive US contracts – a common feature when security companies are acquired by foreign companies. It was contemporaneously reported that the proxy board was expected to include Barbara McNamara, deputy director of the National Security Agency and William Schneider Jr. former Under Secretary of state under Ronald Reagan.
Accenture is known widely as a consultancy corporation. What is less known is its place in the world of surveillance technologies. Katherine Albrecht and Liz McIntyre, writing about Radio Frequency Identification (RFID) in their book, ‘Spychips: How major corporations and governments plan to track your every purchase and watch your every move’ (2006), introduced us to the patents and practices of Accenture in the RFID arena. It is interesting that Accenture describes itself as a "US based business…the global management consulting, technology services and outsourcing company"; no word on surveillance. Yet, in 2004, Accenture was selected by US Department of Homeland Security to design and implement the Smart Borders Project which would be deployed at the land, sea and air ports of entry. In November 2012, Accenture was awarded a bio-surveillance contract by the Department of Homeland Security.
This proximity and interdependence between foreign governments, including their intelligence agencies, and corporate ventures in surveillance technology is no secret. Yet, the UIDAI claims that it is unaware of the countries from where these companies originate.
A question that has been raised time and again in various fora relates to the security of the data. What effect does handing over data to companies that are close to foreign intelligence agencies, or allowing them to handle it, have on security of the person, and on national security? Laws such as the PATRIOT Act in the US, especially provisions such as section 215, bring all agencies in the country within the control of agencies such as the FBI and the Department of Homeland Security. As for Morpho and L-1, the French government is part-owner of these entities. Despite the concerns this should have raised in the UIDAI and within government, there has been a silence which provides no answers. The UIDAI’s response to an RTI query is more disturbing still.
In March 2011, Mr Veeresh Malik filed a request with the UIDAI for information, specifically asking for the "full name, address, websites of the foreign companies which are of US and non-US origin or control". In an appellate order of 21 July 2011, the Deputy Director at the UIDAI who is the Appellate Authority for purposes of the RTI, gave the names of three Biometric Service Providers to the UIDAI. These were, (i) Satyam Computer Services/ Sagem Morpho (ii) L-1 Identity Solutions (iii) Accenture Services. In a startling statement, the authority explained that "there are no means to verify whether the said companies/organisations are of US origin or not. As per our contractual terms and conditions, only the companies/organisations … who are registered in India can bid. Any further information in this regard can be obtained from the UIDAI public domain…" There is nothing more to be got from the UIDAI website.
Col. Mathew Thomas’ RTI query asking for copies of the contracts entered into with the companies was refused by the UIDAI citing section 8(1)(d) of the RTI Act 2005 which speaks of information including "commercial confidence, trade secrets or intellectual property" disclosing which would "harm the competitive position of a third party" to the request. The exception to this provision is if the "larger public interest warrants the disclosure of such information". At a hearing on 24 June 2013, the Central Information Commissioner has said she will hear and decide this matter. Snowden, and PRISM, have blown the lid, yet again, on surveillance by the USA.
Creating a database and handing the data over to companies, and with no discernible protection, should worry a government concerned about the safety of the people and national security, it would seem.
(The writer is an academic activist. She has researched the UID and its ramifications since 2009)