The strange case of identity outsourcing
Rijo Jacob Abraham
The intentions behind Unique Identification Number have further come under scanner after the UIA (Unique Identification Authority) pre-qualified a US firm to register Indian citizens in the first phase of UID project.
Besides raising the issue of privacy infringement by providing personal data to a foreign company, what has come as a rude jolt is that the US company in the consortia was rejected by the US government agencies on grounds of the quality of it’s biometric cards. Further, the company was in news for its controversial engagements with US intelligence agencies.
The company in question is L-1 Identity Solutions, which along with Mahindra Satyam-Morpho and Accenture, bagged the contract. L-1 which is major driving licence provider in the US is also involved in the production of passports and is a leading provider of identification technology to the US State Department and Homeland Security.
In September the company received USD 24 million for the project from the UIDAI .The company has already shipped some units of the Agile TP fingerprint slap devices and Mobile iris cameras. In a Forward Looking Statement the company said it hopes to complete the remainder of the shipment by March 2011.
The three companies which lead the consortia were selected from a group of nine companies that were short-listed. The selection was done “in record time of three months” – according to the company’s own press release. The awarding of the contract without possibly fully looking into the past projects of the company raises disturbing questions.
The role of the company is to prevent identity fraud (or “de-duplication”) for the people enrolling under UID. The company does it primarily in two ways. One, through a multi-biometric search platform called ABIS (Automatic Biometric Identification System). And two, through a front-end application which ensures that the data collected is accurate. This is very crucial aspect of the UID project as the fingerprint of the rural populace is worn-out through a life-time of hard labour. Iris data also poses a problem while enrolling people with defective cornea.
There is no evidence of any explicit quality or privacy violations by the company in India. But the professional chutzpah of its head -- Robert “Bob” LaPenta – gives a red-eye to awarding the project to the company. The organizations he headed or was heading, was in the in the centre of the storm for issues related to national security and in once instance for the very quality of their work; not to mention L-1, his current organization has its hands dirtied on many US national security issues.
In February 1996 a Chinese rocket carrying US satellite meant to air NewsCorps TV shows to Latin America, was launched from Xichang. Twenty two seconds into the flight, the rocket blew up killing about 200 villagers and razing down an entire hotel building by its molten debris. The satellite was that of a company called Loral Space Communication. The company, as a part of post-crash report, sent highly sensitive information to the Chinese. US Department of Justice charged the company with helping China’s missile programme. Robert LaPenta was the Senior Vice-President and Controller of the organization, a post he held since 1981. Two years after the incident when the company was acquired by Lockheed Martin he served as its vice president.
In October 2007, a fraud-detection unit of US Department of Motor Vehicles found out that its scanners regularly passed fake IDs as valid. The technology they used was of Viisage, the company which LaPenta merged with Identix Solution to create L-1 in 2006. He was the Chairman and Independent Director at Viisage Technology Inc from 2005.
Lately in June 2010, a support contract unit of L-3 Communications Corp said it was de-listed from providing service to any federal agencies in the US. The support contract unit was providing aircraft maintenance and logistic support to the US Air Force. The unit allegedly used government computer network to collect data to promote its own business. LaPenta was the President and CEO of L-3 Communications from April 1997 to October 2002.
The case of Viisage Technology, which morphed into L-1, is interesting in itself. Viisage technology earlier just a small USD 50 million dollar company, transformed itself into a multi-billion dollar MNC within a short span. Key to its success was the presence of leading ex-security officials of the US government on the company’s board. Prominent among them were the ex-CIA chief George Tenet. Other people included Louis Freeh, former Director of the FBI and Admiral Loy, former head of the Transportation Security Agency – all of whom were in key positions in awarding contracts to the company. No wonder L-1 began to dominate the security and identity business in the US, and now in the world. Bob LaPenta once boasted that with a person like George Tenet on L-1’s board “a phone call gets us in to see whoever we want”. George Tenet is no-longer in L-1’s Board of Directors.
L-1’s China connection
Author activist, Naomi Klein in her article ‘China’s All Seeing Eye’ in ‘Rolling Stones’ magazine brought out the a little known fact which the US company is loath to admit. This is because the US passed a law after the Tiananmen Square incident in 1989, making it illegal for a US firm to partner with a Chinese in Crime Control and detection. L-1 in collaboration with a Chinese company called Pixel Solutions is working to develop national ID card and face recognition. The project is equivalent to our own UID, making use of biometric data for identification.
The owner of the Chinese firm, Yao Rouguang says that the major use -- 95 percent -- of the project is crime detection. How does it work? The idea is to use street cameras which are supposedly for traffic control to take mug shots of the protestors and then compare it with the vast government database using face recognition software.
In fact, the Olympic glory of China largely rests on its street cameras.
UID could be a crucial way to crush any move to challenge the status quo. Augmented by street cameras, this may painlessly kill democracy.
Britain is the country most paranoid about security; London citizens get captured on CCTV at least 300 times a day. The country was to under-take a massive identification project using biometrics. But due to popular unrest it was scrapped. After the general elections in May this year in the Conservative-Liberal-Democrat coalition agreement, the project was excluded. In the same month the newly formed government said that it would save around 86 million pounds over the next four years and avoid another USD 800 million in maintenance costs.
UID will cost India around Rs 45,000 crores which does not include the costs that are to be borne by different government agencies to accommodate biometrics into their system. This could be even more as the UK example has shown.
The perils of publicity in India
India’s UID, unprecedented in it scale and scope. By taking finger-prints and iris scan, which is unique to each individual, a unique identity can be established which can apparently prevent cases of duplication in the PDS system and aid welfare schemes like MNREGS. Augmented by facial recognition software which uses the distance between the human eyes to identify individuals, it leaves no chances for duplicate entries. But the savings in PDS and targeting of welfare schemes come at a huge cost.
A case-study released by L-1 says that Andhra Pradesh has successfully deployed ration card based on iris identity. With 56 million people enrolled, it is the largest iris identity programme in the world. Through the exercise the company has saved “over USD 7 million in pensions and ration cards per month,” claims the company’s spokesperson.
The issue of privacy—which includes profiling and tracking of individuals – has been raised by campaigners against the project for a sometime now. By collating information about each individual, those in the state power or at helm of the companies involved could virtually peep into an individual’s life.
How real can this be? The UID project originally was started by the NDA government in 1999 after the recommendations of Kargil Review Committee. The committee recommended that the citizen should be compulsorily registered in National Population Register (NPR) and be issued Multi-purpose National Identity Cards. This was purely on national security ground to keep a check of immigration and insurgents. A developmental spin was given to it later by UPA government.
The NPR, which comes under Citizens Act 1995 (and not under Census Act 1948), is confidential in nature. There is a special provision in the Act to make available the information it collected to the UIDAI.
In day to day activities like opening a bank account or buying a vehicle, individuals transfer different pieces of their identity to the agencies involved. But if it is possible to put together the bits and pieces of information, by creating a network among different agencies, a complete profile of the individual can be built. Place this in context of National Intelligence Grid (NATGRID). (A Unique Identity Bill Usha Ramanathan, EPW Volume 45, Number 30, July 24-30 2010)
NATGRID, a brain child of Home Minister P Chidambaram is an attempt to link 21 government and private databases across the country to track terror-suspects. The information available with the grid will only be accessible to 11 government agencies. The proposal was rejected by Cabinet Committee on Security (CCS) in Feb 2010 on grounds of privacy infringement. But it is still awaiting approval, the chances of which are very positive.
With the agencies like RAW and IB above the ambit of the RTI Act there could be damning human rights violations, with its implementation.
But L-1 maintains that the company won’t have access to any personal data of individuals. “L-1’s role as a BSP involves de-duplication of biometric images that are associated with only a pseudo identifier and no demographic or personal details of the resident,” the co mpany spokesperson said in response to an e-mail query.
“But the point remains that the demographic data are attached to the biometric information. That remains the real problem,” opines R Ramakumar, professor at TISS Pune and one of the foremost anti-UID campaigners.
“The threat to privacy is not from the fact that L1 is doing it, but from the fact of the UID project itself. If L1 does not do it, someone else will; so, the problem is not L1 when we talk about privacies,” says Ramakumar
The company also brushes asides fears of the quality of their product in preventing de-duplication. The company says UIDAI selected it based on “its performance in other global, large-scale implementations, and is confident that the search platform used in the programme will achieve the targets.”
“…police and security forces, if allowed access to the biometric database, could extensively use it for regular surveillance and investigative purposes, leading to a number of human rights violations.” Prof Ramakumar writes.
With the growing gap among the haves and have not, especially in metropolis, there is bound to be unrest. The fact that one of the first few of the ID cards will be handed over to the people in Mumbai’s slums comes hardly as a surprise.