Notoriety of Aadhaar

Gopal Krishna

[Citizens Forum for Civil Liberties (CFCL) denounces & disapproves SLAPP case / FIR against reporter of The Tribune for exposing the truth about Central Identities Data Repository (CIDR) of 12-digit biometric Unique Identification (UIID) / Aadhaar Numbers of residents of India who have lived in India for at least 182 days. It appreciates the statements of the Editors Guild of India and Media Association of Punjab that has expressed deep concerns over registration of a case by Unique Identification Authority of India (UIDAI), in the Crime Branch, Delhi Police. This case is a Strategic Lawsuit Against Public Participation (SLAPP) which is intended to censor, intimidate, and silence critics of UID / Aadhaar in the 8th year of UIDAI's existence. We publish below a slightly shortend version of the statement issued by Gopal Krishna on behalf CFCL on January 7, 2018.]

The act of UIDAI appears to be guided by its diffidence ahead of the hearing in the Supreme Court on 17 January by the Constitution Bench on the constitutionality of world's biggest database of UIDAI / Aadhaar Numbers. It merits greater scrutiny given the fact that countries like UK, Australia, China, France, USA, Germany and others have abandoned similar efforts to build citizen's databases, which becomes one of the most vulnerable assets of the country.

Besides several other provisions of law, reporter of The Tribune has been booked under Section 30 and 37 of Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016 because under Section 47(1) of the said Act only a complaint made by the UIDAl or any officer or person authorised by it is a punishable offence.

It is noteworthy that Aadhaar Act does empower any reporter or any person who comes to know of the misuse and abuse of the UID / Aadhaar or related demographic or biometric information to file an FIR herself. This Act has disabled citizens in general and journalists in particular. It is evident that had she not undertaken the task the government and citizens could have remained in dark about the unprecedented breach of national security and security of citizens. CFCL appreciates the exemplary journalistic work done by The Tribune and its reporter which serves supreme public interest and national interest.

As per Section 36 of the Aadhaar Act "Whoever not being authorised to collect identity Information under the provisions of this Act, by words, conduct or demeanour pretends that he is authorised to do so, shall be punishable with imprisonment for a term which may extend to three years or with a fine which may extend to ten thousand rupees or, in the case of a company, with a fine which may extend to one Iakh rupees or with both".

A joint reading of Section 47(1) and Section 36 reveals that government wants to remain in dark about unauthorised collection of identity information because no one other than UIDAI itself is authorised to do so and no one other tha itself can file complaint against unauthorised collection.

The case has also been filed under Section 66 of the Information Technology Act, 2000 which deals with hacking with computer system. This Section of the IT Act reads : "(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack: (2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend upto two lakh rupees or with both".

If the relevant provisions of Aadhaar Act and IT Act are read together, it is abundantly clear that as far as CIDR of UID / Aadhaar numbers of residents of India is concerned, government and the UIDAI do not wish anyone other than itself to file a complaint against any person causing "wrongful loss or damage to the public or any person destroying or deleting or altering or diminishing or affecting or hacking UIDAI's database injuriously.

While UIDAI has filed cases also under sections 419 (punishment for cheating under impersonation), 420 (cheating), 468 (forgery) and 471 (using a forged document) of Indian Penal Code, the fact is that UIDAI itself has handed over data of all those who have enrolled to foreign companies like Accenture, Safran Group and Ernst & Young who are subservient to laws of their country and under legal compulsion to share it with their governments and other unauthorised private entities. CFCL demands disclosure of all the contract agreements which UIDAI has signed with private entities and public institutions.

It is noteworthy that UIDAI awarded contracts to three companies namely, Satyam Computer Services Ltd, (Mahindra Satyam), as part of a "Morpho led consortium", LI Identity Solutions Operating Company and Accenture Services Pvt Ltd of USA for the "Implementation of Biometric Solution for UIDAl". Sagem Morpho Security Pvt Ltd of French Safran Group was awarded contract for the purchase of Biometric Authentication Devices on February 2, 2011 by the UIDAI. On July 30, 2010, in a joint press release, it was announced that "the Mahindra Satyam and Morpho led consortium has been selected as one of the key partners to implement and deliver the Aadhaar program by UIDAI". UIDAI Chief was given ID Limelight Award at the ID World International Congress in 2010 held in Milan in November 2010. One of the two Platinum Sponsors of this Congress was Morpho (of Safran group), a French high-technology company with three core businesses : Aerospace, Defense and Security in which French Government has a 30% stake. This company has a 40-year partnership with China. Coincidentally, this Global Summit on Automatic Identification in 2009 had awarded Tariq Malik, Deputy Chairman of Islamabad based National Database & Registration Authority (NADRA) too for implementing UID project in Pakistan.

It is alarming to note that Unique Identification Authority of India (UIDAI) will have residents / citizens of India believe that three transnational biometric technology companies working with foreign intelligence agencies namely : 1) Mahindra Satyam Computer Services / Sagem Morpho, 2) LI Identities Solutions and 3) Accenture Services who have been awarded contracts by UIDAI that "There are no means to verify whether the said companies are of US origin or not" in a reply to Right to Information (RTI) Application. Didn't UIDAI know the country of origin of the award and their sponsors who were awarded contract by UIDAI prior to taking award inform UIDAI Chief "means to verify" the country of the use of three companies in questions?

The second company, L-I Identities Solutions is headquartered in Stamford, Connecticut, US. The company received ‘$24.5 million in Purchase Orders in the initial phase of India's Unique Identification Number Program for Certified Agile TP(TM) Fingerprint Slap Devices and Mobile-Eyes (TM) Iris Cameras’.

On July 19, 2011, L-I Identity Solutions and Safran, Paris announced that in connection with the pending acquisition of L-I by Safran, the parties have reached a final agreement on the terms of a definitive mitigation agreement with the United States government. L-I and Safran were notified by the Committee on Foreign Investment in the United States (CFIUS) on July 19, 2011 that the investigation of the merger transaction is complete and that there are no unresolved national security concerns with respect to the transaction. With CFIUS approval for the merger, and having satisfied all other condition required prior to closing, the parties completed the merger transaction. As a consequence of Safran's purchase of L-I Identity Solutions, the de-duplication contracts of UIDAI's CIDR which was given to two companies, both contracts are with one company now.

While Committee on Foreign Investment in the United States (CFIUS) resolved national security concerns, has the same been done in India?

Following Central Information Commission (CIC)'s intervention in the matter of application filed by Col Mathew Thomas, an octogenarian defence scientist, and submissions by the present author on his behalf, UIDAI shared its contract agreement with French and US biometric technology companies but crucial pages are missing from the contract agreement after the CIC heard the matter on 10 September 2013. After examining these documents with regard to the Accenture for Biometric Technology, it has come to notice that the first 237 pages appear to be in order but after that there is a one pager Titled Annexure J Technical Bid (Technical Bid as submitted by M/s Accenture Services Pvt Ltd). The Technical Bid document is missing. After that there is a one pager titled Annexure K Commercial  (Bid as submitted by M/s Accenture Services Pvt Ltd). The Commercial Bid document is missing.

When this was pointed out to the new Information Commissioner, he ordered the Registrar, CIC to check compliance by UIDAI's earlier order. The Registrar then informed that the new Information Commissioner has allowed UIDAI to furnish limited financial information. In effect, he changed the earlier order of the CIC without authority to do so. The Writ Petition (Civil) No. 9143/2014 (Mathew Thomas V Union of India and Ors) in this regard is pending in Delhi High Court. The next date of hearing has been fixed for 4 May, 2018 by Justice Vibhu Bakhru's order of 15 September, 2017. Till 21 February, 2017 it was before Justice Sanjeev Sachdeva. So far there have been 10 hearings in the case since December 22, 2014. The companies in question have argued that the copies of their technical bids should not be given to the petitioner. Justice Sanjeev Sachdeva's order of 22 December, 2016 revealed that M/s L-l Identity Solutions Operating Company Private Limited and M/s Accenture Services Private Limited have been impleaded in the case.

In the aftermath of 11th Ministerial of WTO which concluded in December 2017, media should be vigilant about the forces which are promoting citizens' surveillance in the name of promotion of Innovation in the Global Digital Economy and e-commerce. It should take note of the fact that ministries that drafted India's written position on e-commerce opposed demand for negotiations on e-commerce by US and its allies have not been kept in loop in the matter of database of Indian residents. US and its allies who are deeply interested in access to Aadhaar database  have been demanding access to citizens' database for free as per their written submissions. The WTO has a 1998 Work Programme on e-commerce. This Work Programme provides for the discussion of trade-related issues relating to e-commerce to take place in the relevant WTO bodies like the Council for Trade in Services; Council for Trade in Goods; the Council for TRIPS; and the Committee for Trade and Development. The WTO's General Council was envisaged to play a review or oversight role.

In recent times, proposals are being pushed by some developed countries to negotiate new rules in addition to the existing ones in the WTO Agreements with regard to e-commerce amidst vehement opposition by many developing countries including India because it goes beyond the 1998 mandate. Since the 1998 WTO Ministerial Conference when Members adopted a temporary moratorium of not imposing customs duties on electronic transmissions, this moratorium has been renewed at the WTO Ministerial Conferences. Global trade remains open and closed for strategic reasons. It is increasingly evident that trade in services and non-agricultural products is going to acquire electronic route in near future in a dramatic manner. This will result in huge financial losses when investors, rather than establishing local presence, prefer to provide services online. Counties like India will experience losses from taxation forgone.

The online databases including CIDR of UlD / Aadhaar is admittedly on cyber cloud beyond the jurisdiction of India which will facilitate foreign investors and compromise Indian's economic interest of Indians. Unmindful of such imminent economic disruptions the proposed data protection law framework by Government of India remains foreign digital entrepreneur centric, not citizen centric and is not geared up to keep pace with emerging future Internet which is going to be invisible and which is being embedded into everything.

In such a backdrop, The Tribune report of January 3 by Rachna Khaira has exposed the vulnerability of UIDAI's database in great public interest and Editors Guild of India has aptly described the FIR as "unfair, unjustified and a direct attack on the freedom of the press. Instead of penalizing the reporter, UIDAI should have ordered a thorough internal investigation into the alleged breach and made its findings public". CFCL endorses Guild's demand that the concerned Union Ministry to intervene and have the Cases against the reporter withdrawn apart from conducting an impartial investigation into the matter. ooo

For details : Gopal Krishna, Citizens Forum for Civil Liberties (CFCL),
email :,
Mobile : 9818089660/08227216731

[Citizens Forum for Civil Libterties (CFCL) had appeared before the Parliamentary Standing Committee on Finance that examined and trashed the Aadhaar Bill, 2010, which was reshaped and introduced in Rajya Sabha and it remained pending there till 3rd March 2016, when it was withdrawn and supposedly a new Bill was introduced as Money Bill that got enacted as Aadhaar Act 2016, amidst vociferous objection by Rajya Sabha and people’s movements. It faces constitutional challenge before Supreme Court’s Constitution Bench.]

Vol. 50, No.31, Feb 4 - 10, 2017