Big U.S. technology companies are involved in the construction of one of the most intrusive citizen surveillance programs in history.
For the past nine years, India has been building the world’s biggest biometric database by collecting the fingerprints, iris scans and photos of nearly 1.3 billion people. For U.S. tech companies like Microsoft, Amazon and Facebook, the project, called Aadhaar (which means “proof” or “basis” in Hindi), could be a gold mine.
The CEO of Microsoft has repeatedly praised the project, and local media have carried frequent reports on consultations between the Indian government and senior executives from companies like Apple and Google (in addition to South Korean-based Samsung) on how to make tech products Aadhaar-enabled. But when reporters of HuffPost and HuffPost India asked these companies in the past weeks to confirm they were integrating Aadhaar into their products, only one company ― Google ― gave a definitive response.
That’s because Aadhaar has become deeply controversial, and the subject of a major Supreme Court of India case that will decide the future of the program as early as this month. Launched nine years ago as a simple and revolutionary way to streamline access to welfare programs for India’s poor, the database has become Indians’ gateway to nearly any type of service ― from food stamps to a passport or a cell phone connection. Practical errors in the system have caused millions of poor Indians to lose out on aid. And the exponential growth of the project has sparked concerns among security researchers and academics that India is the first step toward setting up a surveillance society to rival China.
A Scheme Born In The U.S.
Tapping into Aadhaar would help big tech companies access the data and transactions of millions of users in the second most populous country on earth, explained Usha Ramanathan, a Delhi-based lawyer, legal researcher and one of Aadhaar’s most vocal critics.
The idea for India’s national biometric identification team wasn’t unprecedented, and in fact, it has strong parallels with a system proposed for the United States. Following the Sept. 11, 2001, attacks, the CEO of Oracle, Larry Ellison, offered to build the U.S. government software for a national identification system that would include a centralized computer database of all U.S. citizens. The program never got off the ground amid objections from privacy and civil liberties advocates, but India’s own Ellison figure, Nandan Nilekani, had a similar idea. The billionaire founder of IT consulting giant Infosys, Nilekani conceptualized Aadhaar as a way to eliminate waste and corruption in India’s social welfare programs. He lobbied the government to bring in Aadhaar, and went on to run the project under the administration of Manmohan Singh. Nilekani gained even more influence under current Prime Minister Narendra Modi, who moved to make Aadhaar necessary for almost any kind of business in India.
The first 12-digit Aadhaar ID was issued in 2010. Today, over a billion people (around 89 percent of India’s population) have been included in the system ― from India’s unimaginably wealthy billionaires to the homeless, from residents of the country’s sprawling cities to remote inaccessible villages. While initially a voluntary program, the database is now linked to just about all government programs. You need an Aadhaar ID to get a passport issued or renewed. Aadhaar was made mandatory for operating a bank account, using a cell phone or investing in mutual funds, only for the proposals to be rolled back pending the Supreme Court verdict on the constitutionality of the project.
As Aadhaar identification became integrated into other systems like banking, cell phones and government programs, tech companies can use the program to cross-reference their datasets against other databases and assemble a far more detailed and intrusive picture of Indians’ lives. That would allow them, for example, to better target products or advertising to the vast Indian population. “You can take a unique identifying number and use it to find data in different sectors,” explained Pam Dixon, executive director of the World Privacy Forum, an American public interest research group. “That number can be cross-walked across all the different parts of their life.”
Microsoft, which uses Aadhaar in a new version of Skype to verify users, declined to talk about its work integrating products with the Aadhaar database. But Bill Gates, Microsoft’s founder, has publicly endorsed Aadhaar and his foundation is funding a World Bank program to bring Aadhaar-like ID programs to other countries. Gates has also argued that ID verification schemes like Aadhaar in itself don’t pose privacy issues. Microsoft CEO Satya Nadella has repeatedly praised Aadhaar in both his recent book and a tour across India.
Amazon did not respond to a request for comment, but according to a BuzzFeed report, the company told Indian customers not uploading a copy of Aadhaar “might result in a delay in the resolution or no resolution” of cases where packages were missing.
Facebook, too, failed to respond to repeated requests for comment, though the platform’s prompts for users to log in with the same name as their Aadhaar card prompted suspicions from users that it wanted everyone to use their Aadhaar-verified names and spellings so they could later build in Aadhaar functionality with minimal problems.
A spokesman for Google, which has its own payments platform in India called Tez, told HuffPost that the company has not integrated any of its products with Aadhaar. But there was outrage earlier in August when the Aadhaar helpline was added to Android phones without informing users. Google claimed in a statement to the Economic Times this happened “inadvertently”
Privacy Jeopardized For Millions
But the same features that are set to make tech companies millions are are also the ones that threaten the privacy and security of millions of Indians.
“As long as [the data] is being shared with so many people and services and companies, without knowing who has what data, it will always be an issue,” said Srinivas Kodali, an independent security researcher. “They can’t protect it until they encrypt it and stop sharing data.”
One government website allowed users to search and geolocate homes on the basis of caste and religion ― sparking fears of ethnic and religious violence in a country where lynchings, beatings and mob violence are commonplace. Another website broadcast the names, phone numbers and medical purchases — like generic Viagra and HIV medication — of anyone who buys medicines from government stores. In another leak, a Google search for phone numbers of farmers in Andhra Pradesh would reveal their Aadhaar numbers, address, fathers’ names and bank account numbers.
The leaks are aggravated by “a Star Trek-type obsession” with data dashboards, said Sunil Abraham, executive director of the Center for Internet and Society. Many government departments each created an online data dashboard with detailed personal records on individuals, he explained. The massive centralization of personal data, he said, created a huge security risk as these dashboards were accessible to any government official and in many cases, were even left open to the public.
Authentication failures have led to deaths among the poorest sections of Indian society when people were denied government food rations.
And much like the tech companies, some local governments are using the system to connect data sets and build expansive surveillance. In the state of Andhra Pradesh in India, there’s a war room next to the state chief minister’s office, where a wall of screens shows details from databases that collect information from every department. There are security cameras and dashboards that track every mention of the chief minister on the news. There’s a separate team watching what’s being said about him on social media and there are also dashboards that collect information from IoT [Internet of Things] sensors across the state.
Court Ruling Could Halt Rollout
Those issues around privacy are why the dreams of government bureaucrats and large tech companies to build a perfect surveillance apparatus around Aadhaar may ultimately fall apart. The Supreme Court of India is set to decide on a case that could decide the future of the program.
The court is set to review 27 petitions, including whether requiring an Aadhaar for government subsidies and benefits makes access to these programs conditional, even though the state is constitutionally bound to deliver them. The petitioners include lawyers, academics and a 92-year-old retired judge whose petition also secured the right to privacy as a fundamental right in August 2017. Petitioners also argue that the ability for Aadhaar to be used to track and profile people is unconstitutional.
In its judgment, due any day now, the court will rule on all 27 petitions together. It will decide not only the fate of the Aadhaar Act of 2016, but likely the future involvement of some of tech’s biggest companies in one of the world’s most ambitious and divisive IT projects.