#India Surfers- Soon govt will know what you surfed in 24 hrs #WTFnews


Be warned: Soon govt will know what you surfed yesterday

by  May 25, 2013

A report in BusinessLine today informs us that the government wants to keep track of where you go on your internet travels, and is planning to make it compulsory for telecom and internet service providers (ISPs) to maintain detailed records of your surfing habits and proclivities.

An insecure state machinery that regularly snoops on its people is bad enough; but a police state greased by corruption and zero accountability means the privacy of ordinary citizens will be sacrificed in the cause of the powerful. Reuters

An insecure state machinery that regularly snoops on its people is bad enough; but a police state greased by corruption and zero accountability means the privacy of ordinary citizens will be sacrificed in the cause of the powerful. Reuters

Currently, mobile companies have to keep voice call data records, but in future they may have to do so even with data traffic.

An Internet Protocol Detail Record (IPDR) system, offered by may companies selling telecom gear, enables ISPs to track and store details of our net usage. If the telecom department succeeds in forcing them to keep records of everyone’s data usage patterns without putting in place a strong privacy law, anyone with access to these records can blackmail individuals.

The fact is security agencies already have the right to ask telcos and ISPs to intercept the data of people they suspect of wrongdoing. Forcing them to maintain detailed records of data usage patterns means privacy risks will soar since information will be available on anyone and everyone.

Consider the dangers:

When usage data is stored for long periods of time, every telco knows it is there and could use it to access privileged information.

When paying bribes comes so easily, the possibility that such data may be sold to criminals or blackmailers for cash is high. Once data leaks, there may be no way to trace it back to who passed the information on.

Governments can always use this information against political rivals.

It is worth recalling that the Niira Radia tapes, though legitimately tapped by the income-tax department, were leaked to the media. Even though this helped us discover the 2G scam, the fact is nobody has been held accountable for the illegal leaks in this case — even with the Supreme Court hearing the matter.

An insecure state machinery that regularly snoops on its people is bad enough; but a police state greased by corruption and zero accountability means the privacy of ordinary citizens will be sacrificed in the cause of the powerful.

 

Supreme Court – Two-finger test violates rape survivor’s right to privacy #Vaw #Goodnews


Press Trust of India | Posted on May 19, 2013

New Delhi: The Supreme Court has held that the two-finger test on a rape survivor violates her right to privacy, and asked the government to provide better medical procedures to confirm sexual assault. A bench of Justices BS Chauhan and FMI Kalifulla said even if the report of the two-finger test is affirmative, it cannot give rise to presumption of consent on part of a rape victim.

“Undoubtedly, the two-finger test and its interpretation violates the right of rape survivors to privacy, physical and mental integrity and dignity. Thus, this test, even if the report is affirmative, cannot ipso facto, be given rise to presumption of consent,” the bench said.

The two-finger test entails medical inspection of the female hymen. Referring to various international covenants, the judges said rape survivors are entitled to legal recourse that does not violate their physical or mental integrity and dignity.

Two-finger test violates rape survivor\'s right to privacy: SCThe apex court said that rape survivors are entitled to legal recourse that does not re-traumatise them.

“Medical procedures should not be carried out in a manner that constitutes cruel, inhuman or degrading treatment and health should be of paramount consideration while dealing with gender-based violence,” the apex court said. “The State is under an obligation to make such services available to survivors of sexual violence. Proper measures should be taken to ensure their safety and there should be no arbitrary or unlawful interference with her privacy,” the bench said.

Keeping in mind the International Covenant on Economic, Social, and Cultural Rights 1966 and the UN Declaration of Basic Principles of Justice for Victims of Crime and Abuse of Power 1985, the Supreme Court said, rape survivors are entitled to legal recourse that does not re-traumatise them or violate their physical or mental integrity and dignity. “They are also entitled to medical procedures conducted in a manner that respects their right to consent,” it said.

 

India takes its first serious step toward privacy regulation – but it may be misguided


By-

Simon Davies , http://www.privacysurgeon.org/

india-map

 By Simon Davies

The world’s second-most populous nation may be on the cusp of embracing privacy legislation. After several false starts the Indian government appears ready to accept the need for some form of regulation.

 

Shah’s report provided a convincing body of evidence – both at the domestic and the international level – for the creation of national regulation.

Well, maybe this is a slightly optimistic view. A more accurate portrayal might be “the Indian government appears ready to accept the principle of some form of regulation”. 

There is actually no agreed policy position across government on the question of privacy and data protection, but the Planning Commission last year established an Expert Group under the chairmanship of the former Chief Justice of the Delhi High Court, A.P.Shah. Justice Shah’s subsequent report is being considered and a draft Bill has been created.

Shah’s report provided a convincing body of evidence – both at the domestic and the international level – for the creation of national regulation. It called for the formation of a regulatory framework and set out nine principles that could form a foundation for the next stage. These principles – reflecting the basis of law in other countries – have been generally accepted by Indian stakeholders as a sound frame of reference for progress.

There’s a long way to go before consensus is established on a overall type of regulatory framework. Having said that, India is closer than ever to seeing real legislation – and the international community needs to put its weight behind the activity.

 

However although the nine principles are supported, the precise nature of any possible regulation is still very much in flux. There’s a long way to go before consensus is established on a overall type of regulatory framework. Having said that, India is closer than ever to seeing real legislation – and the international community needs to put its weight behind the activity.

Debate over the merits of data protection and privacy law stretch back beyond a decade but reform was constantly hampered by perceptions that regulation would stifle economic growth. Some industry lobbies have been as keen as government to ensure that privacy proposals are stillborn.

Even with the nine principles as a bedrock the path to privacy law must overcome two extremely difficult hurdles.

The first of these is that a substantial number of Indian opinion leaders continue to express an instinctive view that there is no cultural history for respect of privacy in India. That is, people don’t want or expect privacy protection and Western notions of privacy are alien to Indian society.

In support of this assertion these critics often cite an analogy about conversation on Indian trains. It is well known that many Indians will disclose their life story to strangers on the Indian rail network, discussing their personal affairs with people they have never before met. This trait is construed as evidence that Indians do not value their privacy.

Debate over the merits of data protection and privacy law stretch back beyond a decade but reform was constantly hampered by perceptions that regulation would stifle economic growth.

I spoke last week at an importantmeeting in New Delhi where this exact point was repeatedly made. The meeting, organised by the Data Security Council of India andICOMP India was well attended by industry, government, academics and NGOs. Speakers made constant reference to the matter of public disclosure of personal information. 

In response, noted commentator Vickram Crishna expressed the view that the train anecdote had no relevance and was a convenient ruse for people who for their own self interest opposed privacy regulation.

“In reality this circumstance is like Vegas”, he said. “What happens on Indian trains, stays on Indian trains. People will talk about their lives because they will never see these passengers again and there is no record of the disclosures.”

“What we are dealing with in the online world is a completely different matter. There is no correlation between the two environments”.

A substantial opinion poll published earlier this year also debunked the myth that Indians don’t care about privacy. Levels of concern expressed by respondents was roughly the same as the level of concern identified in other parts of the world.

A second hurdle facing privacy legislation is the perception -  particularly prevalent in the United States – that legislation will be a burden on industry and people do not want yet another cumbersome and costly government structure.

Government intervention does not enjoy a history of consistent success in the marketplace, though in many instances intervention has been the only means to bring industry into compliance with basic safeguards.

 

There are perhaps some grounds for considering this perspective, given the vast scale and complexity of India’s economy. Government intervention does not enjoy a history of consistent success in the marketplace, though in many instances intervention has been the only means to bring industry into compliance with basic safeguards.

I made the point at the meeting that support for a purist model of industry self regulation was simplistic and misguided. Most systems of a similar nature fail unless someone is mandated to ensure compliance, transparency, enforceability and consistency. It’s a question of finding a way to embed accountability in industry self regulation – and this is where legislation and government could help.

Justice Shah’s report reflected this widespread concern by recommending a co-regulatory framework in which a privacy commissioner would oversee industry self regulation. However – as last week’s meeting exemplified – even this compromise solution is not acceptable to many industry players. They oppose the idea of an appointed commissioner and believe that industry self regulation alone will be sufficient.

This is an influential view that cannot be brushed aside. However in a special programme to be aired tomorrow evening (19th April) on India’s main parliamentary television network – RSTV – I repeatedly make the point that such a view, if successful, would put Indian industry in danger of winning the battle but losing the war. Europe is unlikely to accept a model of sole industry regulation, and the crucial flow of data between the two regions could be imperiled

Conscious of all these challenges the influential NGO Centre for Internet and Society has published a draft Citizens privacy bill and has commenced a series of consultation meetings across the country. These initiatives will provide important input for the emerging legislation.

This is an important moment for privacy in India, and one that will require careful thought and sensitive implementation. However no-one in India should be in any doubt that the current unregulated situation is unsustainable in a global environment where nations are expected to protect both their citizens and the safety of data on their systems.

 

Bangalore police do a Dhoble, replace hockey stick with handycam #moralpolicing


Outrage after policemen begin filming couples in city’s famous Cubbon Park

Hemanth.Kashyap mirrorfeedback@indiatimes.com
BANGALORE , DEc 3, 2012

Taking a leaf out of Mumbai’s hockey stick-wielding cop Vasant Dhoble, who had hit the headlines for his crackdown against pubs and restaurants, the Bangalore police have armed its force with cameras to curb ‘immorality’ in the city.
For the past two weeks, ‘armed’ policemen have been tailing lovers at the famous Cubbon Park, known for its dense green foliage and ample private space, sparking an outrage. “This ridiculous and another example of Bangalore police’s direct encroachment into the lives of citizens,” K S Vimala, vice-president, Akhila Bharata Janawadi Mahila Sanghatan,said.“Thisisafreecountry and we all have our right to a moment… right to express.”
The police say they had to resort to the measure following several complaints of misbehaviour and indecent acts in public places.
“You have to see the park to understand why we have taken this measure,” a senior police officer said. “Policemen have been told not to disturb couples who are not misbehaving.Ifacouplecrossestheline, they will first be told politely. If they continue, cops will aim the camera at the couple, pretending to shoot. In extreme cases, however, they will take shots and use it as evidence, if need be. With this good intention, we have taken this step,” he said.
Though police claim that ‘immoral’ acts have come down, not manyareimpressedbytheintrusion into their private lives.
“Indecent or immoral are debatable terms; nobody can be a judge of that,” Vimala said.
“This type of moral policing is not acceptable at all,” she added.
Slamming the police action, Advocate Chandrika Pateel said, “It is unlawful to capture someone’s image without permission, especially in his/her private moments. No rule states that a couple can’t hold hands in public, but if the police think so, let them catch those who smoke in public rather than those who breathe fresh air in parks,” Chandrika Pateel, advocate, said.
Inspector Badrinath of Cubbon parkpolicestationinsistedthatthey were not harassing anyone. “It is an effort to control illegal and immoralactivitiesinthepark.Bangaloreans are proud to have such a big and beautiful park in the city. We should maintain its values and beauty. There is no intention to harass people. Also, the law allows us to book a nuisance case against thoseengagingindecentactsatsuch places.”

Armed with a camera, a policeman approaches a couple in Cubbon Park, Bangalore. Right: Terrified, the lovers flee the spot

 

#India- Bolstering right to remain private


 

#India- Justice AP Shah expert Groups Report on #Privacy #Planning Commission #mustread


pic ocurtsey – The Hindu

With the initiation of national programmes like Unique Identification number,  (UID)
NATGRID, CCTNS, RSYB, DNA profiling, Reproductive Rights of Women, Privileged
communications and brain mapping, most of which will be implemented through ICT
platforms, and increased collection of citizen information by the government, concerns
have emerged on their impact on the privacy of persons. Information is, for instance,
beginning to be collected on a regular basis through statutory requirements and through egovernance projects. This information ranges from data related to: health, travel, taxes,
religion, education, financial status, employment, disability, living situation, welfare
status, citizenship status, marriage status, crime record etc. At the moment there is no
overarching policy speaking to the collection of information by the government. This has
led to ambiguity over who is allowed to collect data, what data can be collected, what are
the rights of the individual, and how the right to privacy will be protected The extent of
personal information being held by various service providers, and especially the enhanced
potential for convergence that digitization carries with it is a matter that raises issues
about privacy.
II. Global data flows, today, are no longer the result of a file transfer that was
initiated by an individual’s action for point-to-point transfer over 30 years ago. As soon
as a transaction is initiated on the Internet, multiple data flows take place simultaneously,
via phenomena such as web 2.0, online social networking, search engine, and cloud
computing. This has led to ubiquity of data transfers over the Internet, and enhanced
economic importance of data processing, with direct involvement of individuals in transborder data flows

. While this is exposing individuals to more privacy risks, it is also challenging businesses which are collecting the data directly entered by users, or through
their actions without their knowledge, – e.g. web surfing, e-banking or e-commerce – and
correlating the same through more advanced analytic tools to generate economic value
out of data. The latter are accountable for data collection and its use, since data has
become one of the drivers of the knowledge based society which is becoming even more
critical to business than capital and labor. The private sector on the other hand, uses
personal data to create new demands and build relationships for generating revenue from
their services. The individuals are putting out their data on the web in return for useful
services at almost no cost. But in this changed paradigm, private sector and the civil
society have to build legal regimes and practices which are transparent and which inspire
trust among individuals, and enhance their ability to control access to their data, even as
economic value is generated out of such data collection and processing for all players. In
order to understand these concerns and identify interventions for effectively addressing
these issues, a brainstorming session on privacy-related issues was held in the Planning
Commission under the chairmanship of Justice A P Shah, former Chief Justice of Delhi
High Court. The meeting was presided over by Dr. Ashwani Kumar, MOS (Planning,
S&T and MoES) and attended by representatives from industry, civil society NGOs,
voluntary organizations and government departments.
III. During the meeting it was decided to constitute a small Group of Experts to
identify key privacy issues and prepare a paper to facilitate authoring of the Privacy bill
while keeping in view the international landscape of privacy laws, global data flows and
predominant privacy concerns with rapid technological advancements. Accordingly a
Group of Experts was constituted under the chairpersonship of Justice A P Shah. The 4
constitution and the terms of reference of the group is at Annex 1. The Group held several
meetings to understand global privacy developments and challenges and to discuss
privacy concerns relevant to India. The Group was divided into two sub-groups – one for
reviewing privacy regimes around the world with a view to understand prevalent best
practices relating to privacy regulation and the other for reviewing existing legislation and
bills to identify prevalent privacy concerns in India. However, the committee did not
“make an in-depth analysis of various programs being implemented by GOI from the
point of view of their impact on privacy.” This report, which is a result of the work of
both sub-groups, proposes a detailed framework that serves as the conceptual foundation
for the Privacy Act for India.
IV. This report proposes five salient features of such a framework:
1. Technological Neutrality and Interoperability with International Standards:

The
Group agreed that any proposed framework for privacy legislation must be
technologically neutral and interoperable with international standards. Specifically,
the Privacy Act should not make any reference to specific technologies and must be
generic enough such that the principles and enforcement mechanisms remain
adaptable to changes in society, the marketplace, technology, and the government. To
do this it is important to closely harmonise the right to privacy with multiple
international regimes, create trust and facilitate co-operation between national and
international stakeholders and provide equal and adequate levels of protection to data
processed inside India as well as outside it. In doing so, the framework should
recognise that data has economic value, and that global data flows generate value for
the individual as data creator, and for businesses that collect and process such data.
Thus, one of the focuses of the framework should be on inspiring the trust of global
clients and their end users, without compromising the interests of domestic customers
in enhancing their privacy protection.
2. Multi-Dimensional Privacy:

This report recognises the right to privacy in its
multiple dimensions. A framework on the right to privacy in India must include
privacy-related concerns around data protection on the internet and challenges
emerging therefrom, appropriate protection from unauthorised interception, audio and
video surveillance, use of personal identifiers, bodily privacy including DNA as well
as physical privacy, which are crucial in establishing a national ethos for privacy
protection, though the specific forms such protection will take must remain flexible to
address new and emerging concerns.
3. Horizontal Applicability:

The Group agreed that any proposed privacy legislation
must apply both to the government as well as to the private sector. Given that the
international trend is towards a set of unified norms governing both the private and
public sector, and both sectors process large amounts of data in India, it is imperative
to bring both within the purview of the proposed legislation.
4. Conformity with Privacy Principles:

This report recommends nine fundamental
Privacy Principles to form the bedrock of the proposed Privacy Act in India. These
principles, drawn from best practices internationally, and adapted suitably to an Indian
context, are intended to provide the baseline level of privacy protection to all
individual data subjects. The fundamental philosophy underlining the principles is the
need to hold the data controller accountable for the collection, processing and use to
which the data is put thereby ensuring that the privacy of the data subject is
guaranteed.
5. Co-Regulatory Enforcement Regime: This report recommends the establishment of
the office of the Privacy Commissioner, both at the central and regional levels. The
Privacy Commissioners shall be the primary authority for enforcement of the
provisions of the Act. However, rather than prescribe a pure top-down approach to
enforcement, this report recommends a system of co-regulation, with equal emphasis
on Self-Regulating Organisations (SROs) being vested with the responsibility of
autonomously ensuring compliance with the Act, subject to regular oversight by the
Privacy Commissioners. The SROs, apart from possessing industry-specific
knowledge, will also be better placed to create awareness about the right to privacy
and explaining the sensitivities of privacy protection both within industry as well as to
the public in respective sectors. This recommendation of a co-regulatory regime will
not derogate from the powers of courts which will be available as a forum of last
resort in case of persistent and unresolved violations of the Privacy Act.

DOWNLOAD FULL REPORT HERE

 

#India- Bill to create bank for DNA profiling of accused coming #Privacy


Access to data only for victim’s or suspect’s relatives
21 October 2012 , By Aarti Dhar, The Hindu

A Bill to create a DNA data centre to profile people accused of serious crimes and unknown deceased is in the works. The proposal was originally mooted in 2007 but was dropped to factor in ethical, moral and legal issues on the sensitive matter.

Crafted by the Department of Biotechnology, it allows Deoxyribose Nucleic Acid (DNA) profiling for cases of culpable homicide, murder, death by negligence, miscarriage, dowry deaths, causing death of new born child, sexual assault, unnatural offences, outraging the modesty of a woman, co-habitation with a woman by deceit, adultery, enticing a married woman with criminal intent, among others.

Protecting privacy

Addressing issues related to protecting privacy of individuals, the draft Bill envisages that access to the information in the National DNA Data Bank will be restricted to those related to the victim or suspect; any individual undergoing a sentence of imprisonment or death sentence can apply to the court which convicted him, for an order of DNA testing of specific evidence under specific conditions.

The Human DNA Profiling Bill seeks to establish a DNA Profiling Board that will lay down the standards for laboratories, collection of human body substances and custody trail from collection to reporting. It also has a provision for setting up a National DNA Data Bank.

The DNA analysis of body substances that makes it possible to determine whether the source of origin of one body substance is identical to that of another, and to establish the biological relationship, if any, between two individuals.

The “forensic material” from which the DNA sample can be lifted is biological material from the body and represents intimate body samples. They include blood, semen, or any other tissue fluid.

DNA Profiling Board

As envisaged in the Bill, the DNA Profiling Board at the national level, with similar structures at the State level, will be headed by a renowned molecular biologist with the other members being from police, legal, biological and related fields.

It will deliberate and advise on all ethical and human rights issues emanating out of DNA profiling in consonance with the United Nations vis-à-vis the rights and privacy of citizens, civil liberties and issues having ethical and other social implications.

The Board will make recommendations on the use and dissemination of DNA information, ensure the accuracy, security and confidentiality of DNA and guidelines destruction of obsolete, expunged or inaccurate information.

Jail, fine for data misuse

It will also will lay down standards and procedures for establishment and functioning of DNA laboratories and Data Banks and prepare guidelines for storage of biological substances and their destruction. Any misuse of DNA data will attract imprisonment up to three years and monetary fine.

The working draft of the Bill has been sent to the Centre for Internet and Society for analysis and comments. The Citizens Forum for Civil Liberties has already opposed the proposed legislation and sought pre-emptive intervention to stop “dangerous” erosion of privacy by DNA profiling of citizens.

In a representation submitted to the National Human Rights Commission, the Forum has said DNA profiling is “undesirable, particularly as forensic DNA developments are intertwined with significant changes in legislation and contentious issues of privacy, civil liberty and social justice.”

The Forum has sought “immediate intervention to safeguard citizens’ privacy and their civil liberties, which face an unprecedented onslaught from the provisions of the DNA Profiling Bill and other related surveillance measures being bulldozed by unregulated and ungovernable technology.”

 

 

 

Tweeting the Principles of Internet Freedom #FOE #Censorship


 

Image representing Twitter as depicted in Crun...

Image via CrunchBase

 

 

 

Posted 6 August 2012 15:39 GMT

 

Here’s a good opportunity to share with your friends and coworkers on Twitter, as well as other Declaration supporters and signers whatThe Declaration of Internet Freedom principles personally mean to you, why you value these principles and how these issues effect your life.

To encourage further engagement and feedback on the Declaration we hope that you, a member of Global Voices community will in the following weeks use Twitter to highlight your opinion on one principle of the declaration a week. To discuss the first principle “Don’t censor the Internet”, please use these hashtags this week:#netfreedom #censorship. Below is a schedule of when we will begin to highlight each principles and which hashtags we plan to use each week.

Please tweet your own opinions about what each principle means to you. Your input adds a lot of value to the discussion. Also, follow the hashtags and respond to individuals who are interested in discussing the principles. If there are new developments happening in your country which effect your freedom on the internet, share them using the week’s hashtags. At the end of each week Katy Tasker, of Public Knowledge will curate a Storify page to highlight the most interesting tweets on each principle.

Weekly schedule:

July 30: Expression: Don’t censor the Internet #netfreedom #censorship

Aug 6: Access: Promote universal access to fast and affordable networks #netfreedom #access

Aug 13: Openness: Keep the Internet an open network where everyone is free to… #netfreedom #openinternet

Aug 20: Innovation: Protect freedom to innovate, don’t block new technologies #netfreedom #innovation

Aug 27: Privacy: Protect privacy and defend everyone’s ability to control how their data and devices are used#netfreedom #privacy

 

 

 

Why UIDAI has not given any data with respect to money?


UIDAI contracts


 http://tahaz.wordpress.com/2012/07/06/uidai-contracts/

Why UIDAI has not given any data with respect to money?

How much public money did UIDAI give to each contract?

What is the duration of contract?

What was the process?

Why a particular firm was selected? On that grounds?

What is the time frame of completing the contracts?

What are the consequences if contracts are not completed on time?

http://uidai.gov.in/contracts-awarded-link.html

Contracts Awarded

 

S.No.

Agency

Description

Order Date

1

HCL Infosystems Design, development, maintenance and support of Intranet and Knowledge Management portal 07-07-2011

2

M/s HP India Sales Pvt Ltd Aadhaar Document Management service 07-06-2011

3

M/s Wipro Ltd. Deployment of 7 Project Managers 02-05-2011

4

M/s MAC Associates Renovation/Remodelling of 9th Floor, UIDAI office, Delhi 28-04-2011

5

M/S. Wipro Ltd Supply, Installation, Commissioning for Hardware & Software for Data Centre at Bengaluru & NCR 29-03-2011

6

National Informatics Centre Services Inc. Purchase of 68 Blade Servers 08-03-2011

7

M/S. Wipro Ltd Deployment of 32 Resource Personnel and Monitoring Tools 03-02-2011

8

Sagem Morpho Security Pvt. Ltd. Purchase of Biometric Authentication Devices 02-02-2011

9

Totem International Ltd Purchase of Biometric Authentication Devices 02-02-2011

10

Linkwell Telesystems Pvt. Ltd. Purchase of Biometric Authentication Devices 02-02-2011

11

Sai Infosystem (India) Ltd. Purchase of Biometric Authentication Devices 02-02-2011

12

Geodesic Ltd. Purchase of Biometric Authentication Devices 02-02-2011

13

HCL Infosystems Ltd. Purchase of Biometric Authentication Devices 02-02-2011

14

I D Solutions Purchase of Biometric Authentication Devices 02-02-2011

15

NISG Order for preparation of DPR for setting up of UBCC 31-01-2011

16

STQC Hiring of Agency for Security Audit of IT infrastructure at UIDAI 21-01-2011

17

Telsima Communication Pvt.Ltd Hiring of space for UBCC at Bengaluru 27-01-2011

18

Wipro Limited Hiring of Data Centre Space (2000 sqft) & Facilities for UIDAI at Delhi/NCR 23-12-2010

19

Aircel, Bharti Airtel Ltd, BSNL, RailTel Corporation of India Ltd, Reliance Communications, Tata Communications Piped Data Connectivity 29-11-2010

20

HCL Infosystems Ltd. Disk Array Enclosures, SATA Disk Drives and Upgrade Pair 4G FC Ports 29-11-2010

21

National Informatics Centre Services Inc. Video Conferencing for UIDAI HQ & ROs 03-08-2010

22

Satyam Computer Services Ltd. (Mahindra Satyam) Implementation of Biometric Solution for UIDAI 30-07-2010

23

L1 Identity Solutions Operating Company Implementation of Biometric Solution for UIDAI 30-07-2010

24

Accenture Services Pvt. Ltd. Implementation of Biometric Solution for UIDAI 30-7-2010

25

Percept H. Pvt. Ltd. (Media) Advertising Agency for designing Creative Content 01-07-2010

26

Bharti Airtel Ltd. Hiring & Data Center Space (2000 sq ft.) & facilities for UIDAI at Bangalore 25-06-2010

27

Intelenet Global Services Setting up and Operating Contact Centers for the UIDAI 15-6-2010

28

Tata Consultancy Services Ltd. Re-Design, Development, Maintenance and Support of UIDAI Web Portal 11-06-2010

29

National Informatics Centre Services Inc. Purchase of Storage Systems for Data Centre 05-05-2010

30

Mindtree Ltd. Application Software Development, Maintenance and Support Agency for UIDAI 27-04-2010

31

National Informatics Centre Services Inc. Purchase of Hardware for Data Centre 07-04-2010

32

National Informatics Centre Services Inco Purchase of Blade Servers and Hardware for Data Centre 05-04-2010

33

Tata Consultancy Services Ltd. Purchase of Biometric Devices 10-03-2010

34

HCL Infosystems Ltd. Purchase of Biometric Devices 10-03-2010

35

Ernst & Young Consultancy Services to UIDAI for Setting up of Central ID Data Repository (CIDR) and Selection of Managed Service Provider (MSP) 26-02-2010

36

4G Identity Solution Pvt. Ltd. Purchase of Biometric Devices 24-02-2010

37

e-Smart Systems Pvt. Ltd. Purchase of Biometric Devices 22-02-2010

38

Base Systems Pvt. Ltd. Purchase of Biometric Devices 22-02-2010

 

India- Experiments with Aadhaar #UID #Nandan Nilekani


    Bharat Bhatti

Jean Drèze

    Reetika Khera

The Hindu

Technical glitches in the unique identification method make it unreliable in disbursing wages under the employment guarantee scheme

Within a few weeks of “Aadhaar-enabled” payments of Mahatma Gandhi National Rural Employment Guarantee Scheme wages being initiated in Jharkhand, earlier this year, glowing accounts of this experiment started appearing in the national media. Some of them also gave the impression, intentionally or otherwise, that this successful experiment covered most of Jharkhand. A fairly typical excerpt, which condenses five grand claims in a few lines, is as follows: “As the new system ensures payment of wages within a week, the demand for work under MGNREGS has gone up. Consequently, migration has been checked, families have been reunited and, no less important, some workers have a saving in the bank.”

Enthused by these upbeat reports, we tried to trace the evidence behind them, but quickly reached a dead end. The authorities in Ranchi referred us to the website of the Unique Identification Authority of India (UIDAI), but we did not find any evaluation of the experiment there or, for that matter, any details of it. There was no alternative, it seemed, than to check the facts for ourselves.

Ratu Block

We headed for the Ratu Block in Ranchi District, the source of most of the reports. It was, at that time (early March), one of the five Blocks where the experiment had been launched. On arrival, we found that only three gram panchayats (GPs) were involved, out of 14 in Ratu Block. The showpiece appeared to be Tigra GP, but it turned out that even there, only one worksite had enjoyed the blessings of Aadhaar-enabled wage payments. In the three GPs together, the system had been implemented at five worksites, employing a total of about 50 workers. We managed to interview 42 of them with the help of a small team of student volunteers.

The main role of Aadhaar in the Jharkhand experiment is to facilitate the implementation of the “business correspondent” (BC) model. Under this model, accredited agents provide doorstep banking services to MGNREGS workers using a micro-ATM. They act as extension counters of the local bank (in this case, Bank of India), disbursing wages close to people’s homes. Biometric authentication is meant to prevent identity fraud, e.g. someone’s wages being withdrawn by someone else. Aadhaar is one possible foundation of biometric identification, though not the only one. In this approach, wages are paid through Aadhaar-enabled accounts that are supposed to be opened at the time of UID enrolment. Authentication requires internet connectivity, so that workers’ fingerprints and Aadhaar numbers can be matched with the UIDAI’s Central Identities Data Repository.

The BC model widens the reach of the banking system in rural areas. This, in turn, helps to bring more MGNREGS workers under the umbrella of the banking system, as opposed to post offices, where corruption (including identify fraud) is a serious problem. Doorstep banking facilities are also a significant convenience for workers in areas where bank offices are distant, overcrowded, or unfriendly.

A little farcical

Coming back to Ratu, some aspects of the experiment were a little farcical. For instance, on one occasion, workers from Tigra were asked to collect their wages 10 kilometres away, so that Aadhaar-enabled payments could be done in front of a visiting Minister. On a more positive note, the system seemed to work, at least under close supervision. Further, most of the workers had a positive view of it. They appreciated being able to collect their wages closer to their homes, without the hassles of queuing in overcrowded banks or of depending on corrupt middlemen to extract their wages from the post office. They did not fully understand the new technology, but nor were they afraid or suspicious of it.

Having said this, there were problems too. Dependence on fingerprint recognition, internet connectivity, and the goodwill of the BC created new vulnerabilities. Fingerprint recognition problems alone affected 12 out of 42 respondents. Some workers did not have a UID number, and some had a UID number but no Aadhaar-enabled account. None of them had received bank passbooks, making it difficult for them to withdraw their wages from the bank when the Aadhaar system failed.

Four respondents were yet to find a way of getting hold of their wages. Otherwise, the payment of wages was reasonably timely, but this had more to do with intensive supervision than with Aadhaar. It is important to understand that Aadhaar, on its own, is of limited help in reducing delays in MGNREGS wage payments. This is because the bulk of the delays occur before the banking system is involved — at the stage of submission of muster rolls, work measurement, preparation of payment advice, and so on. At every step, there is a lot of foot-dragging, and Aadhaar is not the answer.

(According to the MGNREGA Commissioner in Jharkhand, quoted in one of the articles mentioned earlier, “Against one month now, payments will reach workers’ accounts in one week.” This statement is typical of the delusional mindset of the Jharkhand administration. Not only are current delays much longer than one month, the claim that Aadhaar will reduce them to one week has no basis.)

Nightmare

What next? It is easy to envisage a certain way of extending this experiment that would turn it into a nightmare for MGNREGS workers. Three steps would be a potent recipe for chaos: depriving MGNREGS workers of bank passbooks, imposing the system even where there is no internet connectivity, and insisting on a single bank operating in each Block (the odd “one Block, one bank” rule). All this may seem far-fetched, but there are precedents of this sort of irresponsibility. Short of this, if the Aadhaar-based BC model is hastily extended without the system being ready (as happened earlier with the transition from cash to bank and post-office payments of MGNREGS wages), it could easily compound rather than alleviate other sources of delays in wage payments.

It is also possible to see a more constructive roll-out of the BC model across the country. In this constructive approach, the BC model would act as an additional facility for MGNREGS workers, supplementing ordinary bank procedures instead of becoming a compulsory alternative. This would enable labourers to bypass the BC in cases of fingerprint recognition problems, or when the BC is corrupt or unreliable. For this purpose, the first step is to issue bank passbooks to MGNREGS workers — this had not been done in Ratu.

The question remains whether Aadhaar adds value to other versions of the BC model. In the adjacent Block of Itki, the BC model is being implemented without Aadhaar, in partnership with FINO, a private company. Workers’ fingerprints are stored on a smart card, used for authentication and tamper-proof record-keeping. This obviates the need for internet connectivity, an important advantage of the Itki system in areas like rural Jharkhand.

Aadhaar, for its part, has two potential advantages. First, it facilitates multiple biometric applications based on single UID enrolment. Second, Aadhaar facilitates “inter-operability”, that is, linking of different UID-enabled databases. But the same features also have costs. For instance, dependence on a centralised enrolment system (as opposed to local biometrics) makes it much harder to correct or update the database, or to include workers who missed the initial enrolment drive. Similarly, inter-operability raises a host of privacy and civil liberties issues. A brief exploratory visit to Itki did not uncover any obvious reason to prefer the Aadhaar system to local biometrics.

Poor cousin

It is also worth noting that the Jharkhand experiment is a very poor cousin of much earlier and larger efforts to implement the BC model in Andhra Pradesh. Unlike UIDAI, the government of Andhra Pradesh has conducted serious experiments with the BC model and learnt from them. Biometric micro-ATMs are now being installed at local post offices, an important idea for the whole country: micro-ATMs could give post offices a new lease of life as effective payment agencies.

In short, Aadhaar-enabled payments for MGNREGS workers raise many issues that are yet to be properly examined and debated. The Ratu project, for one, looked more like a public relations exercise than a serious experiment. Incidentally, we learnt in June 2012 that Aadhaar-enabled wage payments had been discontinued in Tigra, due to resilient fingerprint recognition problems. That, of course, was not reported in the national media.

Last but not the least, it is not clear why MGNREGS should be used as a testing ground for UID applications when other, more useful options are available. For instance, UID could be used quite easily to monitor office attendance of government employees.

The social benefits are likely to be large, and this is a more natural setting for early UID applications than the jungles of Jharkhand. Any takers?