[Reader-list] Jean Dreze on the UID-Database State in India in the Hindu

[anuradha mukherjee]

Was trying to get some instances of data theft. In 2007, NHS data was stolen
in UK in which financial details were also involved.

http://news.bbc.co.uk/2/hi/uk_news/7449927.stm


   Previous cases of missing data



*There has been a series of cases where confidential information has been
lost or stolen.*

Several laptops containing sensitive data have gone missing and files marked
Top Secret have been left on a commuter train.

In one of the most high-profile cases, a private consulting firm lost a
computer memory stick containing the details of tens of thousands of
prisoners.

Here are other cases to emerge in the recent past:

*MAY 2009: RAF PERSONNEL DATA*

It emerged that data lost from RAF Innsworth in Gloucestershire the previous
September included 500 highly sensitive files, containing details of
individuals' extra-marital affairs, debts and drug use.

An internal MoD memo passed to the BBC warned that the material "provides
excellent material for Foreign Intelligence Services and blackmailers".

On the same day, a report from the Information Commissioner told the NHS to
improve its data security, after the watchdog took action against 14 NHS
organisations in the last six months.

*JANUARY 2009: PRISONER MEDICAL RECORDS*

A health worker in Lancashire lost a memory stick containing the medical
details of more than 6,000 prisoners and ex-prisoners from HMP Preston.

The data was encrypted, but the password had been written on a note which
was attached to the stick when it was misplaced.

*NOVEMBER 2008: GOVERNMENT COMPUTER PASSWORDS*

A memory stick - holding passwords for a government computer system - was
found in the car park of a pub in Staffordshire.

The Gateway website gives access to services including tax returns and child
benefits. The memory stick was lost by an employee of a subcontractor called
Atos Origin.

*OCTOBER 2008: MINISTRY OF DEFENCE DATA*

A computer hard drive containing the personal details of about 100,000 of
the Armed Forces was reported missing during an audit carried out by IT
contractor EDS.

It is thought to contain more than 1.5m pieces of information, possibly
unencrypted, including the details of 600,000 potential recruits, a small
amount of information about bank details, passport numbers, addresses, dates
of birth, driving licence details and telephone numbers.

The Ministry of Defence police said it was investigating the disappearance
but it is not yet known whether or not it was stolen.

*SEPTEMBER 2008: JUSTICE AND RAF EMPLOYEE DETAILS*

The government confirmed that a portable hard drive holding details of up to
5,000 employees of the justice system was lost in July 2007.

The details of employees of the National Offender Management Service in
England and Wales, including prison staff, were lost by a private firm, EDS.


Officials only realised the data was missing in July of this year. Justice
Secretary Jack Straw launched an inquiry.

Also this month, the MoD admitted that tens of thousands of personnel files
had been lost from RAF Innsworth in Gloucestershire.

Hard disks containing the data, which included names, addresses and some
bank account details, were taken from a secure area.

*AUGUST 2008: DATA ON CRIMINALS*

Home Office contractor PA Consulting admitted losing a computer memory stick
containing information on all 84,000 prisoners in England and Wales.

It also held personal details of about 10,000 prolific offenders.

The Home Office suspended the transfer of all further data to the private
firm pending the outcome of an investigation.

An Information Commissioner's investigation later ruled that the Home Office
had broken data protection laws over the incident and must sign a formal
undertaking to improve its procedures in future.

*JULY 2008: MEMORY STICKS AND LAPTOPS*

The Ministry of Defence confirmed that 121 computer memory sticks and more
than twice as many laptops than previously thought have been lost or stolen
in the past four years.

Armed Forces Minister Bob Ainsworth gave a written statement to parliament
saying 121 USB memory devices had gone astray - five of which contained
secret data.

And in a parliamentary written answer, Defence Secretary Des Browne said 747
laptops had been stolen - 400 more than originally reported. Of those, 32
have been recovered so far.

*JUNE 2008: TERROR DOCUMENTS*

A senior intelligence officer from the Cabinet Office was suspended after
documents were left on the seat of commuter train from London Waterloo. A
passenger later handed them to the BBC.

The seven-page file, classified as "UK Top Secret", contained a report
entitled "Al-Qaeda Vulnerabilities" and an assessment of the state of Iraq's
security forces.

Cabinet Minister Ed Miliband said there had been a "clear breach" of
security rules, which forbid the removal of such documents from government
premises.

But Mr Miliband said national security did not seem to be "at risk".

Two inquiries - one by the Cabinet Office, the other by the Metropolitan
Police - have been launched.

*APRIL 2008: MCDONALD'S LAPTOP*

An Army captain's laptop was taken from under his chair as he ate in a
McDonald's, near the Ministry of Defence's Whitehall headquarters.

The MoD said the data on the laptop was not sensitive, and was fully
encrypted.

This is the latest MoD laptop theft to be made public and it came after the
government tightened the rules on employees taking computers out of work.

Whitehall staff are now banned from taking unencrypted laptops or drives
containing personal data outside secured office premises.

*JANUARY 2008: MILITARY RECRUITS*

A laptop computer belonging to a Royal Navy officer was stolen from car in
Edgbaston, Birmingham.

It contained the personal details of 600,000 people who had expressed an
interest in, or applied to join, the Royal Navy, Royal Marines and the RAF.

It contained data including passport numbers, National Insurance numbers and
bank details.

Defence Secretary Des Browne later admitted the inquiry into the loss of the
Royal Navy officer's laptop uncovered two similar thefts since 2005.

At the time, Dr Liam Fox, shadow defence secretary, said 68 MoD laptops had
been stolen in 2007, 66 in 2006, 40 in 2005 and 173 in 2004.

*DECEMBER 2007: DRIVING TEST CANDIDATES*

The details of three million candidates for the UK driving theory test went
missing in the US.

Names, addresses and phone numbers - but no financial information - were
among the details stored on a computer hard drive, which belonged to a
contractor working for the Driving Standards Agency.

The information was sent electronically to contractor Pearson Driving
Assessments in Iowa and the hard drive was then sent to another state before
being brought back to Iowa, where it went missing.

Ministers said the information had been formatted specifically to meet the
security requirements of Pearson Driving Assessments and was not "readily
usable or accessible" by third parties.

*NOVEMBER 2007: CHILD BENEFIT RECORDS*

HM Revenue and Customs (HMRC) lost two computer discs containing the entire
child benefit records, including the personal details of 25 million people -
covering 7.25 million families overall.

The two discs contained the names, addresses, dates of birth and bank
account details of people who received child benefit. They also included
National Insurance numbers.

They were sent via internal mail from HMRC in Washington, north-east
England, to the National Audit Office in London on 18 October, by a junior
official, and never arrived.

The Metropolitan Police were informed of the loss in November and extensive
searches began.

In December, a reward of £20,000 was offered for the return of the two
discs, but they were never recovered.

On Sat, Nov 27, 2010 at 6:37 PM, Anivar Aravind <anivar.aravind at gmail.com>wrote:

> On Sat, Nov 27, 2010 at 6:05 PM, Patrice Riemens <patrice at xs4all.nl>
> wrote:
>
> >
> > Methink RFID_tagging the whole Indian population is a much better idea!
> > Preferably with a 'destroy' remote command device attached. Then finally
> > 'gharib hatao' (*) policies can be effectively implemented!
> >
> >
> Partrice,
> The agenda is much more serious than that . It is not RFID taging. it is
> Geo
> tagging
> See Uncle Sam's (sam pitroda) new project which got approval
> http://www.slideshare.net/pmpiii/public-information-infrastructure-4560021
>
> GIS tagging people seems to the most scary joke i have seen in recent
> past. It is covering everything other than adding a GPS  Device with gprs
> modem to
> your body
>
>
>
>
> > (*) don't underestimate my Hindi...
> >
> >
> > > Main intention of UID is to keep watch on criminals and terrorist. Once
> > > the data is maintained it will be very easy task to keep watch on such
> > > anti national elements. I don't understand why worry about its
> > > confidentiality. When election data is an open document and nobody
> > objects
> > > to it than why for UID. UID will be worrisome for those involved in
> > > antinational activity.
> > >
> > > However, it should be made compulsory with fingerprints than only it
> will
> > > serve its purpose, else it's of no use.
> > >
> > > Thanks
> > > Bipin Trivedi
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: reader-list-bounces at sarai.net [mailto:
> > reader-list-bounces at sarai.net]
> > > On Behalf Of Shuddhabrata Sengupta
> > > Sent: Friday, November 26, 2010 12:04 PM
> > > To: reader-list list
> > > Subject: [Reader-list] Jean Dreze on the UID-Database State in India in
> > > the Hindu
> > >
> > > Dear all,
> > >
> > > Please find below a really excellent article by Jean Dreze in The
> > > Hindu on the UID scheme, which clearly and lucidly argues why the
> > > building of the database state in India is a very bad idea and a
> > > recipe for authoritarianism. Hope that this can provoke a debate on the
> > >
> > > http://www.thehindu.com/opinion/op-ed/article911055.ece?
> > > sms_ss=facebook&at_xt=4cef25dca9aa0aed%2C0
> > >
> > > best.
> > >
> > > Shuddha
> > >
> > > Unique facility, or recipe for trouble?
> > >
> > > Jean Drèze
> > >
> > > Opinion/Op Ed, The Hindu, November 25, 2010
> > > Many questions remain about the Unique Identity Number system that is
> > > being rolled out by the Central government.
> > >
> > > It is quite likely that a few weeks from now someone will be knocking
> > > at your doors and asking for your fingerprints. If you agree, your
> > > fingerprints will enter a national database, along with personal
> > > characteristics (age, sex, occupation, and so on) that have already
> > > been collected from you, unless you were missed in the “Census
> > > household listing† earlier this year.
> > >
> > > The purpose of this exercise is to build the National Population
> > > Register (NPR). In due course, your UID (Unique Identity Number, or
> > > “Aadhaar†) will be added to it. This will make it possible to link
> > > the NPR with other Aadhaar-enabled databases, from tax returns to
> > > bank records and SIM (subscriber identity module) registers. This
> > > includes the Home Ministry's National Intelligence Grid (NATGRID),
> > > smoothly linking 21 national databases.
> > >
> > > For the intelligence agencies, this will be a dream-come-true.
> > > Imagine, everyone's fingerprints at the click of a mouse, that too
> > > with demographic information and all the rest. Should any suspicious
> > > person book a flight, or use a cybercafé, or any of the services that
> > > will soon require an Aadhaar number, she will be on their radar. If,
> > > say, Arundhati Roy makes another trip to Dantewada, she will be
> > > picked up on arrival like a ripe plum. Fantastic!
> > >
> > > ‘A half-truth'
> > >
> > > So, when the Unique Identification Authority of India (UIDAI) tells
> > > us that the UID data (the “Central Identities Data Repository†)
> will
> > > be safe and confidential, it is a half-truth. The confidentiality of
> > > the Repository itself is not a minor issue, considering that UIDAI
> > > can authorise “any entity† to maintain it, and that it can be
> > > accessed not only by intelligence agencies but also by any Ministry.
> > > But more important, the UID will help integrate vast amounts of
> > > personal data, that are available to government agencies with few
> > > restrictions.
> > >
> > > Confidentiality is not the only half-truth propagated by UIDAI.
> > > Another one is that Aadhaar is not compulsory — it is just a
> > > voluntary “facility.† UIDAI's concept note stresses that
> “enrolment
> > > will not be mandated.† But there is a catch: “... benefits and
> > > services that are linked to the UID will ensure demand for the
> > > number.† This is like selling bottled water in a village after
> > > poisoning the well, and claiming that people are buying water
> > > voluntarily. The next sentence is also ominous: “This will not,
> > > however, preclude governments or Registrars from mandating enrolment.â€
> > >
> > > That UID is, in effect, going to be compulsory is clear from many
> > > other documents. For instance, the Planning Commission's proposal for
> > > the National Food Security Act argues for “mandatory use of UID
> > > numbers which are expected to become operational by the end of
> > > 2010† (note the optimistic time-frame). No UID, no food. Similarly,
> > > UIDAI's concept note on the National Rural Employment Guarantee Act
> > > (NREGA) assumes that “each citizen needs to provide his UID before
> > > claiming employment.† Thus, Aadhaar will also be a condition for the
> > > right to work — so much for its voluntary nature.
> > >
> > > Now, if the UID is compulsory, then everyone should have a right to
> > > free, convenient and reliable enrolment. The enrolment process,
> > > however, is all set to be a hit-or-miss affair, with no guarantee of
> > > timely and hassle-free inclusion. UIDAI hopes to enrol 600 million
> > > people in the next four years. That is about half of India's
> > > population in the next four years. What about the other half?
> > >
> > > Nor is there any guarantee of reliability. Anyone familiar with the
> > > way things work in rural India would expect the UID database to be
> > > full of errors. There is a sobering lesson here from the Below
> > > Poverty Line (BPL) Census. A recent World Bank study found rampant
> > > anomalies in the BPL list: “A common problem was erroneous
> > > information entered for household members. In one district of
> > > Rajasthan, more than 50 per cent of the household members were listed
> > > as sisters-in-law.â€
> > >
> > > Will the UID database be more reliable? Don't bet on it. And it is
> > > not clear how the errors will be corrected as and when they emerge.
> > >
> > > Under the proposed National Identification Authority of India Bill
> > > (“NIDAI Bill†), if someone finds that her “identity informationâ€
> > > is
> > > wrong, she is supposed to “request the Authority† to correct it,
> upon
> > > which the Authority “may, if it is satisfied, make such alteration as
> > > may be required.† There is a legal obligation to alert the Authority,
> > > but no right to correction.
> > >
> > > The Aadhaar juggernaut is rolling on regardless (and without any
> > > legal safeguards in place), fuelled by mesmerising claims about the
> > > social applications of UID. A prime example is UID's invasion of the
> > > NREGA. NREGA workers are barely recovering from the chaotic rush to
> > > payments of wages through banks. Aadhaar is likely to be the next
> > > ordeal. The local administration is going to be hijacked by enrolment
> > > drives. NREGA works or payments will come to a standstill where
> > > workers are waiting for their Aadhaar number. Others will be the
> > > victims of unreliable technology, inadequate information technology
> > > facilities, or data errors. And for what? Gradual, people-friendly
> > > introduction of innovative technologies would serve the NREGA better
> > > than the UID tamasha.
> > >
> > > The real game plan, for social policy, seems to be a massive
> > > transition to “conditional cash transfers† (CCTs). There is more
> than
> > > a hint of this “revolutionary† plan in Nandan Nilekani's book,
> > > Imagining India. Since then, CCTs have become the rage in policy
> > > circles. A recent Planning Commission document argues that successful
> > > CCTs require “a biometric identification system,† now made possible
> > > by “the initiation of a Unique Identification System (UID) for the
> > > entire population …† The same document recommends a string of mega
> > > CCTs, including cash transfers to replace the Public Distribution
> > > System.
> > >
> > > If the backroom boys have their way, India's public services as we
> > > know them will soon be history, and every citizen will just have a
> > > Smart Card — food stamps, health insurance, school vouchers,
> > > conditional maternity entitlements and all that rolled into one. This
> > > approach may or may not work (that is incidental), but business at
> > > least will prosper. As the Wall Street Journal says about the
> > > Rashtriya Swasthya Bhima Yojana (which is a pioneering CCT project,
> > > for health insurance), “the plan presents a way for insurance
> > > companies to market themselves and develop brand awareness.â€
> > >
> > > The danger
> > >
> > > The biggest danger of UID, however, lies in a restriction of civil
> > > liberties. As one observer aptly put it, Aadhaar is creating “the
> > > infrastructure of authoritarianism† — an unprecedented degree of
> > > state surveillance (and potential control) of citizens. This
> > > infrastructure may or may not be used for sinister designs. But can
> > > we take a chance, in a country where state agencies have such an
> > > awful record of arbitrariness, brutality and impunity?
> > >
> > > In fact, I suspect that the drive towards permanent state
> > > surveillance of all residents has already begun. UIDAI is no Big
> > > Brother, but could others be on the job? Take for instance Captain
> > > Raghu Raman (of the Mahindra Special Services Group), who is quietly
> > > building NATGRID on behalf of the Home Ministry. His columns in the
> > > business media make for chilling reading. Captain Raman believes that
> > > growing inequality is a “powder keg waiting for a spark,† and
> > > advocates corporate takeover of internal security (including a
> > > “private territorial army†), to enable the “commercial czarsâ€
>  to
> > > “protect their empires.† The Maoists sound like choir boys in
> > > comparison.
> > >
> > > There are equally troubling questions about the “NIDAI Bill,â€
> > > starting with why it was drafted by UIDAI itself. Not surprisingly,
> > > the draft Bill gives enormous powers to UIDAI's successor, NIDAI —
> > > and with minimal safeguards. To illustrate, the Bill empowers NIDAI
> > > to decide the biometric and demographic information required for an
> > > Aadhaar number (Section 23); “specify the usage and applicability of
> > > the Aadhaar number for delivery of various benefits and
> > > services† (Section 23); authorise whoever it wishes to “maintain
> the
> > > Central Identities Data Repository† (Section 7) or even to exercise
> > > any of its own “powers and functions† (Section 51); and dictate all
> > > the relevant “regulations† (Section 54).
> > >
> > > Ordinary citizens, for their part, are powerless: they have no right
> > > to a UID number except on NIDAI's terms, no right to correction of
> > > inaccurate data, and — last but not least — no specific means to
> > > redress grievances. In fact, believe it or not, the Bill states (in
> > > Section 46) that “no court shall take cognisance of any offence
> > > punishable under this Act† except based on a complaint authorised by
> > > NIDAI.
> > >
> > > So, is UID a facility or a calamity? It depends for whom. For the
> > > intelligence agencies, bank managers, the corporate sector, and
> > > NIDAI, it will be a facility and a blessing. For ordinary citizens,
> > > especially the poor and marginalised, it could well be a calamity.
> > >
> > > (The author is Visiting Professor at the Department of Economics,
> > > University of Allahabad and Member of the National Advisory Council.)
> > >
> > >
> > > Shuddhabrata Sengupta
> > >
> > >
> > > _________________________________________
> > > reader-list: an open discussion list on media and the city.
> > > Critiques & Collaborations
> > > To subscribe: send an email to reader-list-request at sarai.net with
> > > subscribe in the subject header.
> > > To unsubscribe: https://mail.sarai.net/mailman/listinfo/reader-list
> > > List archive: <https://mail.sarai.net/pipermail/reader-list/>
> > >
> > > _________________________________________
> > > reader-list: an open discussion list on media and the city.
> > > Critiques & Collaborations
> > > To subscribe: send an email to reader-list-request at sarai.net with
> > > subscribe in the subject header.
> > > To unsubscribe: https://mail.sarai.net/mailman/listinfo/reader-list
> > > List archive: <https://mail.sarai.net/pipermail/reader-list/>
> > >
> > >
> >
> >
> > _________________________________________
> > reader-list: an open discussion list on media and the city.
> > Critiques & Collaborations
> > To subscribe: send an email to reader-list-request at sarai.net with
> > subscribe in the subject header.
> > To unsubscribe: https://mail.sarai.net/mailman/listinfo/reader-list
> > List archive: <https://mail.sarai.net/pipermail/reader-list/>
> >
>
>
>
> --
> "[It is not] possible to distinguish between 'numerical' and 'nonnumerical'
> algorithms, as if numbers were somehow different from other kinds of
> precise
> information." - Donald Knuth
>  _________________________________________
> reader-list: an open discussion list on media and the city.
> Critiques & Collaborations
> To subscribe: send an email to reader-list-request at sarai.net with
> subscribe in the subject header.
> To unsubscribe: https://mail.sarai.net/mailman/listinfo/reader-list
> List archive: <https://mail.sarai.net/pipermail/reader-list/>
>