AADHAAR CONTROVERSY

Is India’s controversial digital identity program a public policy that has been hijacked by private business?

By SAIKAT DATTA 0

There are worries that India's digital identity program Aadhaar will become a mass surveillance tool for governments and corporates. Photo: iStock

There are worries that India’s digital identity program Aadhaar will become a mass surveillance tool for governments and corporates. Photo: iStock

India’s controversial digital identity program, known as Aadhaar, is set to face a fresh round of litigation. The government of prime minister Narendra Modi is pushing amendments to the earlier law in attempts to get around a September 2018 Supreme Court judgment which barred access to sensitive personal data by private entities for any purpose.

However fresh evidence has emerged that raises serious questions about whether a private group lobbied the government behind the scenes to push through the controversial changes.The dailyReport Must-reads from across Asia – directly to your inbox

The proposed amendments will allow private entities unfettered access to exploit private and sensitive data of all those registered with the digital program for business purposes “on a voluntary basis”.

Leaked conversation

A conversation between two key members of the private group and a lawyer representing a private company was recorded in September, shortly after the Supreme Court judgment. The bombshell recording raises fresh concerns over potential policy interference by lobbyists, as well as possible conflicts of interest.

The conversation was recorded at an open-house discussion called in the southern Indian city of Bengaluru by the lobbying group known as the Indian Software Product Industry Roundtable or iSpirt. As volunteers, the group was responsible for building a series of applications around the Aadhaar database called “India Stack”.

Involved in the conversation were Sharad Sharma, listed as one of the founders of iSpirt under the “donors” tag on the official website; Sanjay Jain, the former chief product manager of the Aadhaar program; and a woman who is believed to be the in-house legal counsel for Khosla Labs, a company that is a key stakeholder in India’s digital identity business sector. The conversation reportedly took place days after the Supreme Court passed its order on the Aadhaar program.

While a majority of four judges of a five-judge bench held the Aadhaar program to be legal and Constitutionally valid, it read down several sections of the law that governs digital identities. Section 57 of the Aadhaar Act allowed private entities to access the data held by the digital identity program for private businesses.

Even though four judges found the program constitutionally valid, and one filed a dissenting judgment stating it was illegal and invalid, all the judges agreed that section 57 was problematic. While those opposed to the Aadhaar program have argued that the judgment was clear that any sharing of any data with a private entity is unconstitutional, those in favor had a different interpretation of the ruling.

They argued that all the Supreme Court wanted was more safeguards before this data could be shared with mushrooming technology businesses which could exploit it to rake in profits. At stake are businesses worth trillions of dollars that can use the personal information on over a billion Indians whose sensitive data has been added to the Aadhaar database.

Responding on behalf of Sharma and iSpirt, Sanjay Jain said that his opinion on the court’s view of section 57 differed. “We believe that the court primarily upheld the Act, with some changes. The change to section 57 in particular, appears to derive from a need for judicial oversight (the majority judgment actually says so). Hence, for any use of Aadhaar, the government needs to provide a backing law. If required, this can be tested in the court for constitutionality.” Jain has written about views on section 57 and his detailed response to specific questions is being published separately.

iSpirt: Evangelists or lobbyists?

In 2009 the United Progressive Alliance (UPA) government led by prime minister Dr Manmohan Singh launched a digital identity program, ostensibly to prevent massive leakages in subsidies and welfare programs in India. The idea was to issue a single numerical digital identity to anyone who resided in India for more than six months, so that all their transactions could be tracked through this number.

A number of lawyers, activists and constitutional experts immediately raised a flag against the program, saying it had enormous potential for misuse. They said this unfettered collection of data could easily be used to carry out mass surveillance by the government and make citizens vulnerable. They also pointed out that a similar digital identity program in the United Kingdom (UK) had been struck down once the British government realized its potential for misuse.

But a group of technologists and businesses, who saw the potential business spin-offs from this massive database, argued that such a project could propel businesses and technology spin-offs worth vast sums. Worried at the rising pitch against the Aadhaar program, and a hostile report from the Parliament’s standing committee on finance, they banded together to float a “think tank” and foundation called iSpirt.

Founders of iSpirt described it as a grouping of “30 product companies and individuals” who want to transform India into a hub for new software products. They say it is crucial to address government policy, create market catalysts and help entrepreneurs create mature products. “An integrative approach is fundamental and vital.” They also said they could “convert ideas into policy proposals to take to government stakeholders.”

“iSpirt’s constituency is product entrepreneurs. Their interests, in their own words, are to promote policies, technology platforms and playbooks for product entrepreneurs,” Anupam Saraph, a global expert on complex systems.

Among its founders, listed under the “donors” tag, are several well-known technology entrepreneurs, funders and a politician from the ruling Bharatiya Janta Party (BJP). While the UPA government lost the elections in 2014, the government of Narendra Modi, who also heads the BJP, continued to push the Aadhaar program and rapidly expanded its scope, making it virtually mandatory for all citizens to sign up. So, naturally, the government and iSpirt became powerful allies.

Indeed, many members of iSpirt were also individuals who had worked on the Aadhaar project and then left to set up businesses that could be built around it. In fact, one such business, Khosla Labs, also had a keyofficial(s) from the Aadhaar program simultaneously serving on its board of directors, in a clear case of conflict of interest. This official dissociated himself from the company after this issue was raised in public and also covered in the media.

In a video posted on YouTube, Pramod Varma, the chief architect of Aadhaar, said the reason they decided to become “volunteers” was to avoid any scrutiny under India’s Right To Information Act or audits by the Comptroller and Auditor General of India (CAG). In India, it is mandatory for any government project or government-funded project to be covered under the Right To Information Act or CAG audits.

By posing as “volunteers” they were no longer answerable or accountable. Varma said innovation could not thrive under such scrutiny. However, Srinivas Kodali, who has been actively tracking code and design flaws in the Aadhaar program noted that the Indian Space Research Organization (ISRO) had managed to even send a probe to Mars, despite being subjected to the RTI Act and CAG audits.

Ironically, the Aadhaar program was launched to plug leaks from India’s welfare schemes and subsidies that run into billions of dollars every year. Even the bill that was introduced in Parliament in 2016 was called the ‘Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act‘.

But section 57 of the Act went much beyond subsidies and delivery of services, and allowed private entities to access any data collected under the program for their businesses. Soon startups began to mushroom around this database, many of them Financial Technology startups, which hope to benefit from a mine of big data.

However, the Supreme Court ruling jeopardized those plans and investments. “As is well known, apart from other restrictions, section 57 was read down by the Supreme Court majority opinion, thus preventing use of the Act and its enabling clauses for use of the system established by Aadhaar by private parties for any purpose whatsoever,” Vikram Crishna, one of the petitioners told Asia Times.

Getting around the court ruling

Soon after the judgment, the Modi government argued that the Supreme Court had not struck down section 57 and its access to private entities. Instead, they argued that the current law had only suffered “procedural lapses”. A set of amendments and additional “safeguards” would be sufficient to get around the court judgment, they said.

Usha Ramanthan, a legal and privacy scholar and one of the earliest activists to sound the alarm on the dangers that Aadhaar posed, claims the use of citizens’ private data for profit was the key all along. “It is useful to remember that India Stack did not heed anything in the law, or any order of a court. The governments – both the UPA and the NDA – have just ignored court orders and carried on with what they have wanted, and let business do this too. That is why the government enacted section 57, which even a sympathetic majority could not uphold. And they continue to try to get past this as if it is an obstacle and not a matter of people’s basic rights.”

She has noted repeatedly that the Court was quite clear that any sharing of Aadhaar data with any private entity was seen as “unconstitutional”. She also argued that the whole program was replete with many cases of conflict of interest.

“Since 2013, Mr [Nandan] Nilekani  [the founding chairman of the Aadhaar program] and Mr Vinod Khosla, for instance, began to exhort people to start using the UID database which they saw, not as an identity, but an identity platform on which many apps may be built. members of the technology team, like Mr Sanjay Jain and Mr Pramod Varma, got out of the UIDAI and worked under iSpirt to build applications on which businesses were to be built. All these businesses are built on the personal data of the citizen,” she said via email.

This is where the recorded conversations of Jain, Sharma and the legal counsel of Khosla Labs becomes crucial. It seems that they had a fair idea of the government’s plans to either pass an ordinance, or amendments to the existing law. In the leaked conversation they clearly state that this move is on the cards to ensure private businesses can continue to access the Aadhaar database.

Saraph, the complex systems expert, noted that the former technology head of Aadhaar is the co-founder and CEO of Khosla Labs, a company promoting Aadhaar Bridge, a set of applications that allow banks to access the database to process payments. He is on the board of HDFC Bank Ltd and also the chairman of Novopay Solutions, a company involved in the area of mobile payments.

Khosla Labs’ business model came to a standstill after the Supreme Court judgment. So, amendments proposed by the government last Friday came as a great relief to it and other such ventures.

“It is unfortunate that the government in power is now looking for ways to legitimize the actions of UIDAI for use by the private sector, where no benefits for the poor are envisaged, having failed to challenge the judgment in court through the normal process of a review petition,” Crishna said.

Also troubling is that even though a nine-judge bench of the Supreme Court ruled in August 2017 that privacy is a fundamental right under India’s Constitution, the government has yet to move on a privacy and data protection law, or framework, even though a general election is less than two months away.

Indeed, as noted by Derek O’ Brien, an MP from the opposition party Trinamool Congress, the government introduced its far-reaching amendments in the Lower House at 5pm on Friday – when most MPs had left Delhi to return to their constituencies on a day traditionally reserved for members to introduce private bills.

O’Brien suggested the government was keen to avoid a debate on these controversial amendments, and ensure they get through the Lower House when opposition parties are less prepared to contest them.

The leaked conversation suggests that while some citizens with vested interests knew this was coming for months, MPs may have been kept in the dark. The question now is what will happen in the Upper House, where the Modi government has lesser numbers. Will its members challenge the proposed amendments or send them back to the Lower House for a more substantial debate?

We will find out soon enough.

http://www.atimes.com/article/leak-reveals-indian-govts-plan-to-amend-digital-identity-law/