Edward Snowden’s Statement on UID/Aadhaar Database & police case welcomed

Public Statement

Edward Snowden’s Statement on UID/Aadhaar Database & police case welcomed

Supreme Court’s Right to Privacy verdict refers to Snowden’s disclosures

Wikileaks leaked a document showing that UID/Aadhaar database is “the key identifier through the individual’s various life events”

Citizens Forum for Civil Liberties (CFCL) welcomes the statement of Edward Snowden on police case against the journalist who revealed colossal breach in Central Identities Data Repository (CIDR) of 12-digit biometric Unique Identification (UID)/Aadhaar Numbers of Indian residents who have lived in India for at least 182 days.

On the police case against the reporter for reporting about breach in UID/Aadhaar database, Snowden said, “The journalists exposing the #Aadhaar breach deserve an award, not an investigation. If the government were truly concerned for justice, they would be reforming the policies that destroyed the privacy of a billion Indians. Want to arrest those responsible? They are called @UIDAI”, in his tweet. https://twitter.com/Snowden

Notably, Snowden also retweeted the statement of Harish Khare, The Tribune Editor-in-Chief on FIR filed against disclosure of breach in Aadhaar Database by The Tribune reporter.   Snowden joined the Twitter on 29 September, 2015.

Prior to this, he tweeted, “It is the natural tendency of government to desire perfect records of private lives. History shows that no matter the laws, the result is abuse.”

Snowden is known for his ethical position against mass surveillance saying, “I don't want to live in a society that does these sort of things ... I do not want to live in a world where everything I do and say is recorded. That is not something I am willing to support or live under.”

India’s Parliamentary Standing Committee on Information Technology that examined the work of department of electronics and information technology, now called ministry of electronics and information technology (MeitY) asked about the surveillance by NSA of the USA. It desired to know the department’s stand on the issue of surveillance by the US and interception of data sent through e-mails in its 27^th Report. Citizens Forum for Civil Liberties (CFCL) has written at length about Snowden’s disclosures and judicial and parliamentary observations about them.

It is in such backdrop that a committee was set up by MeitY midway through the hearing on the UID/Aadhaar in Supreme Court wherein MeitY’s position that right to privacy is not a fundamental right was unambiguously debunked. This committee has been set up to “suggest a draft data protection bill.” The terms of reference (ToR) of the committee does not pay heed to the verdict of the court’s 9-Judge Constitution Bench of Supreme Court as it was set up hurriedly ahead of the verdict to outwit the Court.

The ToR pertains to the “study of various issues relating to data protection in India” and “to make specific suggestions for consideration of the central government on principles to be considered for data protection in India and suggest a draft data protection bill” after personal sensitive data of the residents of India has contractually been handed over to foreign transnational companies like Accenture, Mongo DB, Safran Group and Ernst & Young for up to seven years only. 

MongoDB (formerly called 10gen) is a technology company from the US and a NoSQL database startup. In 2012 it raised funding from the CIA-backed In-Q-Tel, an independent non-profit venture backed by the CIA and other U.S. intelligence agencies. This company is a Palo Alto and Manhattan-based database software provider in the $30 billion relational database market.

Relational databases commenced in the 1970s when computers were moving away from punch cards (that facilitated the Holocaust in Germany using census data) to terminals. UIDAI’s relationship with MongoDB (extracted from "huMONGOus," meaning"extremely large") remains under cloud. It is apparent that UIDAI has compromised vital data of Indians by such tie-ups.

In response to a question as to the names of UIDAI officials who met MongoDB’s CEO during all the meetings, the UIDAI said, “DDG Tech Centre and ADG IT-II, Tech Centre” met him.

In reply to the query about the copy of the full contract signed between UIDAI and MongoDB, and/or any of its previous or successor names / titles / agents, UIDAI and IBM, UIDAI and Oracle and UIDAI and In-Q-Tel, the UIDAI has written, “No contract signed” between UIDAI and MongoDB, and/or any of its previous or successor names / titles / agents and “No contract signed” between UIDAI and IBM.

With regard to the query about contract between UIDAI and Oracle, UIDAI has stated, “Production support for MySQL is provided by Oracle; not contact signed.” 

This reply reveals that UIDAI is engaging companies like Oracle and others without signing any contract. As to contract agreement between UIDAI and In-Q-Tel, UIDAI has written “No contract signed” between them. Oracle too is also in the business of ‘cloudifying’ database that seems to have the potential to turn governments into puppets at least as far as control over database is concerned. 

In response to the query about “the country of registration of above listed companies and the names and profile of the persons as the Board of Directors”, UIDAI has given an evasive reply stating, “No Information is known”. The RTI reply is dated February 14, 2014, by UIDAI but it was received on February 21, 2014, by Speedpost.

The reply states that the point-wise response to the RTI application was given by the Tech Centre, Bangalore, UIDAI. It has not been explained as to what transpired at the meeting of UIDAI officials like DDG Tech Centre and ADG IT-II, Tech Centre, Bangalore, with Max Schireson, CEO of MongoDB. It is inexplicable as to why there is obsession with ensuring benefits for private/NGO sector using citizens’ personal sensitive information. This reply merits a probe by a high powered parliamentary committee or a Supreme Court constituted committee.

The proceedings on record make it abundantly clear that the office memorandum dated July 31, 2017, was issued under the signature of Rakesh Maheshwari, group coordinator, Cyber Law and Unique Identification Authority of India (UIDAI), ministry of electronics and information technology ahead of the court verdict as part of their argument underling that right to privacy is not a fundamental right. 

It is not surprising that the ToR of the committee has failed to encompass all aspects of privacy and data protection in the era of e-commerce, drones, Google maps, Facebook, Twitter, smartphones, Ola-isation and Uber-isation in the aftermath of revelations by Snowden, Chelsea Manning and Wikileaks.

Notably, the Parliamentary Committee was perturbed by the government’s unpardonable callousness towards the security ramifications of storing UID/Aadhaar data on cloud and the failure to enact a legal framework for right to privacy.

The tenure of Nandan Nilekani as the first chairman of Unique Identification Authority of India commenced in July 2009 and ended in March 2014 as a member of the Indian National Congress but the promised right to privacy bill did not see the light of the day. In effect, he took all the residents of India for a ride. The tenure of V S Madan, second chairman of UIDAI, too commenced and ended without the enactment of the right to privacy bill. The tenure of J Satyanarayana as the third chairman too has not been able to do anything about it.

It is apparent that the government is attempting to change the goalpost now by talking about the proposal of “draft data protection bill” to ignore the existing right to privacy bill.

It is noteworthy that the government has admitted before Parliamentary Standing Committee on Finance that examined the issue of UID/Aadhaar numbers may involve certain issues, such as (a) security and confidentiality of information, imposition of obligation of disclosure of information so collected in certain cases, (b) impersonation by certain individuals at the time of enrolment for issue of unique identification numbers, (c) unauthorised access to the Central Identities Data Repository (CIDR), (d) manipulation of biometric information.

The Parliamentary Committee observed, “There is no law at present on privacy, and data protection”. The government told the committee that “collection of information without a privacy law in place does not violate the right to privacy of the individual.”

The committee recommended that legislation on UID/Aadhaar would be appropriate “only after passing the legislation on privacy, and data protection so as to ensure that there is no conflict between these laws.”

The parliamentary committee recorded what the Philippines Supreme Court said in a similar context. It said, ‘The data may be gathered for gainful and useful government purposes; but the existence of this vast reservoir of personal information constitutes a covert invitation to misuse, a temptation that may be too great for some of our authorities to resist.’

It is noteworthy that the National Informatics Centre had pointed out that the issues relating to privacy and security of UID data, in case the data is not hosted in a government data centre requires consideration.

But UIDAI opined that the hosting of data in a private data centre does not necessarily lead to a violation of privacy or security. Appropriate contractual arrangement shall be put in place with the data centre space provider to ensure security and privacy of the data. This reply was given in the Rajya Sabha and is reproduced in the committee’s report. Snowden’s disclosures reveal that government has been misleading the parliamentary committee and the citizens.

The parliamentary committee recorded the findings of the Report on UK’s Identity Project by London School of Economics stating that ‘…..identity systems may create a range of new and unforeseen problems……the risk of failure in the current proposals is therefore magnified to the point where the scheme should be regarded as a potential danger to the public interest and to the legal rights of individuals’. Snowden’s disclosures demonstrate these dangers.

Taking cognisance of this report the United Kingdom shelved its identity cards project for a number of reasons, which included: (a) huge cost involved and possible cost overruns; (b) too complex; (c) untested, unreliable and unsafe technology; (d) possibility of risk to the safety and security of citizens; and (e) requirement of high standard security measures, which would result in escalating the estimated operational costs.

Notably, at the outset, the government, Wipro Ltd and UIDAI had cited the United Kingdom’s identity cards project as an example for the CIDR of the UID/Aadhaar number scheme.

It also noteworthy that Wipro Ltd had submitted a 14-page long document titled ‘Strategic Vision: Unique Identification of Residents’ to the processes committee of the Planning Commission.

Its vision statement reads: ‘Creating a unique identification system of all residents in the country for efficient, transparent, reliable and effective delivery of various welfare and private services to the common person.’ 

It is inexplicable as to why there is obsession with ensuring benefits for private/NGO sector using citizens’ personal sensitive information. 

Meanwhile, the use of electoral database mentioned in Wipro’s document remains part of the agenda. A confidential document of UIDAI titled ‘Creating a unique identity number for every resident in India’, leaked by Wikileaks on November 13, 2009, revealed, ‘It is likely that this number will then persist as the key identifier through the individual’s various life events, such as joining school, immunizations, voting etc.’

Wipro’s document envisaged the close linkage that the UIDAI would have to the electoral database. This paves way for all-round surveillance adversely impacting political rights of present and future generations and making right to have civil rights extinct.

It also has the potential to hijack India’s democratic system by converging CIDR with electoral database, and EVMs. Admittedly, EVMs too have a UID Number. Such convergence can make the secret ballot system a party of history.   

After the UK abandoned its’ biometric identification based identity project Wipro Ltd and others have maintained a deafening silence. Besides being a consultant of the Planning Commission for preparing the vision document on UID of Residents, Wipro Ltd has also been among the companies were awarded contracts by UIDAI.

In such a scenario, the composition, of the Committee on “draft data protection bill” has been crafted in such a manner that it is packed with personalities who have consistently been found to be on the wrong side of the constitutional position. 

These personalities representing their institutions include current members of the committee, namely, CEO of UIDAI Dr Ajay Bhushan Pandey; National Cyber Security Coordinator Gulshan Rai; Additional Secretary in MeitY, Dr Ajay Kumar; IIT Raipur director, Prof Rajat Moona; IIM Indore director, Prof Rishikesha T Krishnan; DSCI’s Rama Vedasree; Research director of Vidhi Centre for Legal Policy, Arghya Sengupta; and secretary, department of telecommunications, Aruna Sundararajan.

The position of these members has been contrary to constitutionally recognised right to privacy as the fundamental right for over four decades.

There is not even an iota of confidence in most of members of the “draft data protection bill” committee because their role in misleading the court about the constitutional position on right to privacy is now a matter of record.

Snowden is a computer professional, former Central Intelligence Agency (CIA) employee, and former contractor for the USA’s National Security Agency (NSA) who revealed classified information in public interest in 2013. Citzenfour, a documentary by Laura Poitras about his story, won an Oscar in 2015. A biopic directed by Oliver Stone with Snowden's cooperation and starring Joseph Gordon-Levitt in the lead role has been released in the US.

During her acceptance speech for Academy Award in 2015, Poitras and the winning team was joined onstage by Snowden's girlfriend Lindsay Mills. During her acceptance speech, she said, "When the decisions that rule us are taken in secret, we lose the power to control and govern ourselves."

It may be recalled that Snowden went on a medical leave from NSA and on May 20, 2013, he took a flight to Hong Kong, China, where he spoke to Glenn Greenwald, a journalist and Laura Poitras, a filmmaker. Following which secret documents obtained from Snowden were published on June 5, 2013. These documents showed that USA’s Foreign Intelligence Surveillance Court implemented an order that required Verizon to release information to the NSA on an "ongoing, daily basis" extracted from customers' phone activities. Later, The Guardian and The Washington Post published information on PRISM, an NSA program that allows real-time information collection electronically leaked by Snowden.

In an interview Snowden said, “I'm willing to sacrifice [my former life] because I can't in good conscience allow the U.S. government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building,"

On June 14, 2013, federal prosecutors in USA charged Snowden with "theft of government Property," "unauthorized communication of national defense information" and "willful communication of classified communications intelligence information to an unauthorized person." US President ordered review of the country's surveillance programs. Snowden got temporary asylum in Russia and has been there since then.

Snowden says, "the problem with mass surveillance is when you collect everything, you understand nothing." He also stated that government spying "fundamentally changes the balance of power between the citizen and the state."

Snowden has underlined that "This really isn’t about me. It’s about us. It’s about our right to dissent. It’s about the kind of country we want to have."

In an interview on 5 January 2018, he said, “Privacy’s not about having something to hide, privacy’s about something to protect. Privacy is the fountainhead of all other rights. Privacy is where rights are derived from, because privacy is the right to the self. Privacy is the right to a free mind. Privacy is the ability to have something, anything, for yourself, for you.”

It is significant that his revelations have found mention in the unanimous verdict of 9-Judge Constitution Bench of Supreme Court of India delivered on 24 August, 2017. The verdict   reads: “Edward Snowden shocked the world with his disclosures about global surveillance.” 

For Details: Gopal Krishna, Citizens Forum for Civil Liberties (CFCL)*, E-mail:krishnagreen@gmail.com, Mb: 9818089660, 08227816731

* Citizens Forum for Civil Liberties (CFCL) had appeared before the Parliamentary Standing Committee on Finance that examined and trashed the Aadhaar Bill, 2010, which was reshaped and introduced in Rajya Sabha and it remain pending there till 3rd March 2016 when it was withdrawn and supposedly a new Bill was introduced as Money Bill that got enacted as Aadhaar Act 2016 amidst vociferous objection by Rajya Sabha and peoples movements. It faces constitutional challenge before Supreme Court's Constitution Bench.