Skip to content

Automated surveillance technology using drones to spot problematic human behavior in crowds is going to be tested at Technozion and Spring Spree festivals at NIT Warangal, reports the Verge. Lead researcher Amarjot Singh of the University of Cambridge claimed that their system has 94% accuracy at identifying violent poses. However, this accuracy drops with more people in the frame (like there would be at a festival), for example, to 79% with 10 people in the frame.

Police surveillance is growing without much scrutiny in recent years. The laws governing such surveillance have grey areas in which a lot of video surveillance technology currently operates. Reported applications include face recognition technology, behavior recognition, as in the case of the surveillance drones reported in The Verge, facial recognition and linking with police records, including tagging personal information with Aadhaar and sharing it across states.

An increasing number of cities have police using various kinds of surveillance databases to get better information on suspects and potential criminals in the city. These databases, where individual policemen can add the information of people to have some disturbing implications. There are several cities using Facial Recognition Softwares to assist policemen keep track of criminals.

Surveillance of everyone, not just criminals or suspects

There are several cities where CCTV camera networks scan everyone on the street and match their faces against a database of suspects and criminals. Here is a partial list:

  • In 2015, Surat became the first city in India to deploy real time surveillance through facial recognition systems when they implemented NEC India's FaceWatch in collaboration with Innovative Telecom & Softwares. The system uses live feeds from a growing network of CCTV cameras and can be used to monitor for crime in real time. It is capable of facial recognition as well as Automatic number plate recognition. Also, "It automatically matches faces against a database of 30,000 criminal mugshots and can alert the police immediately of anyone on a watchlist."By August, Surat had 604 cameras in 114 locations, covering 10% of the city with plans to add another 900 cameras in a year and bring the total to 2,500 in two years.
  • In 2015, Hyderabad police launched vehicle mounted CCTV cameras with a 360 degree view and ability to store footage for 15 days.
  • In 2016, Mumbai got 4,617 CCTV cameras hooked to the RTO control room and backed by 1000 vehicles fitted with GPS in order to coordinate with the control room were made operational with the objective of tackling law and order, fighting and preventing crime, regulating traffic and detecting traffic-related offences. These cameras are also capable of Automatic Number Plate Recognition as well as Facial Recognition. Additional Chief Secretary (Home) K P Bakshi told the Indian Express, "We can search for an individual all over the city. The cameras will identify the face of a wanted criminal. The camera will also pick out faces of persons roaming around continuously in one place. The nearest police van will then be alerted about the person’s location."
  • In 2016, 160 CCTV cameras were installed in Visakhapatanam as a part of a hi-tech surveillance network.
  • In 2016, in Vijaywada in Andhra Pradesh, NEC's Facial Recognition System was used to identify suspects and criminals at the Krishna Pushkaram religious event which sees around 50 million pilgrims attending to take a holy bath in the Krishna river.
  • In 2017, Jaipur police trialed a facial recognition system with cameras installed outside the Ganesh temple at Modi Doongri and controlled from the command and control centre called "Abhay". The FRS would scan the people before it and match them against a database of serial offenders and suspects.
  • In 2018, Cameras with Facial Recognition Technology are expected to be in use in local trains on the Central line in Mumbai, by the end of the year 2018, at a total cost of 276 crore. The cameras "will store facial details of commuters (for 10 days). The cameras with facial recognition software would help trace past movements of any offender on a local train and arrest the person when he travels next." A total of 11,160 cameras will be procured - 76 cameras for each rake, with at least 6 cameras in each coach of the rake.
  • In 2018, Hyderabad city police are matching the faces of everyone on the city's streets against a database of one lakh criminas, from the control room at the Facial Recognition Analytics unit at the Commissioner’s office at Basheerbagh. IT Cell incharge, K. Sreenath Reddy said that the local police are alerted only when the resemblance is more than 70 per cent.
  • Thiruvananthapuram police are using 233 cameras in their surveillance network of the city.
  • Paradip in Odisha is to get a CCTV surveillance camera network within a month.
  • Retired ACP Dhoble (of the hockey stick wielding moral police fame) is now in the process of getting a facial recognition software for the city and believes it needs to be created with the "help" of his son Kshitij, who specialized in Artificial Intelligence at Aukland University. An effort that initially began with a goal of tracing missing people has expanded its objective to "tracking criminals" as well. "Meanwhile, they began compiling the information of all 15,847 police stations in India and uploaded it on the site. One aspect of the site is uploading the information of these police and stations. The other is to spot child beggars, labourers and send it to the site."

Police database for use with mobile app -FaceTagr

This is a database of criminal records that can be used with a Facial Recognition Software (FaceTagr) installed on Android mobile phones of beat policemen and inspectors working in the field. When a policeman scans a suspect's face, the mobile app returns data of police cases filed and police station limits for the criminal the face matches with. Databases being expandable, the database has the potential to store the records of criminals across the country.

The application that was originally built by Vijay Gnanadesikan, CEO of Haliscape Business Solutions, to help rescue children by matching records of missing and found children, was first trialled for police use in Chennal

  • In 2017, FACETAGR was adopted by T Nagar police station of Chennai, beginning with a database of 12,000 criminals. An additional 40,000 suspects were added to the app to improve the chances of police identifying faces. The app used by policemen to "scan" suspects. Once a suspect is scanned, the app returns information about them.
  • In 2018, Chennai police will expand the use of FACETAGR to include interstate criminals as well by expanding the data used by the application to other Southern states. Currently the database has information on 67,000 criminals, including information sent by the Pudducherry Crime Records Bureau. It is awaiting data from Andhra Pradesh, Telangana, Kerala and Karnataka. The application is in use in 10 out of 12 police districts and is installed on the phones of beat constables. 18 inspectors, subinspecotrs and 150 beat police of Washermanpet were the latest to get the app, with "700 criminals in A, A plus, B and C categories".
  • Chittoor adopted the app in December 2017 with data of 10,000 sandalwood smugglers and 3,000 suspected criminals.
  • Pudducherry has also adopted the use of FACETAGR in March 2018

e-Petty

The e-Petty app is being used across Telangana state to book cases in minor crimes under Sections pertaining to IPC, City Police Act, Gaming Act/ COTPA Act 2003, Motor Vehicle Act and Town Nuisance Act. The app can record photographic and video evidence from the crime scene, photographs of suspects and generate an automatic chargesheet based on evidence. The app tracks previous cases of individuals as well and identify repeat violators because the app links profiles online with Aadhaar card numbers.

Hyderabad

Hyderabad is probably the most surveilled city in the country. The Integrated People Information Hub pulls data from dozens of sources to create profiles of individuals that include not just their own comprehensive information, but that of parents as well. It is a data hoarding machine gone rogue, where there appears to be no reason or reasonable suspicion required to put citizens under surveillance. The surveillance includes call records, social media, relatives and friends, utilities and more.

Questions raised

The use of aggregated databases and Artificial Intelligence  in large scale applications is new in India and the laws don't yet have necessary support as well as restrictions on implementation. There is no doubt that information is power and information on suspects and criminals empowers police to do their jobs better. The lack of development of proper laws, policies, protocols and facilities for the police to record and access information in a secure manner has led to the adoption of various technologies in an ad hoc manner with little overisght.

However, largescale use of such applications raise several and serious questions:

  • Is it constitutional to treat every person as a potential criminal? When all the people entering the range of a Facial Recognition enabled camera are scanned and matched against databases of criminals, it amounts to intrusive surveillance. India lacks a data protection law or a law defining the contours of privacy, however the recent robust arguments against surveillance and observations by judges in the Constitutional Challenge to Aadhaar are very clear that Indians do have a right to privacy and surveillance violates this right.
  • Data ownership: FaceTagr is owned by Haliscape Business Solutiosn Pvt Ltd of Chennai. NEC is a global organization. It is unclear who owns or protects the data on these databases and what restrictions exist against its misuse.
  • Data access: Cortica, a foreign AI company has formed a partnership with the Best Group to analyze CCTV footage from public cameras to predict crime. While technologically it may be a challenging goal, a foreign company with considerable ties to foreign intelligence has capabilities and access to individuals on Indian streets. The software is capable of using data from not just video cameras but satellite and drone footage as well and is capable of analyzing human behavior, including differentiating between nature of crowds - routine market corwd or a protest, etc.In the case of Mumbai, a company run by a software professional and a retired police official appears to have  access to information from all police stations in India and are proceeding to build a database! It is unclear how and why a software under development by private individuals has access to nationwide sensitive data.
  • A market of the gullible: The lack of proper evaluation or policies requiring specific standards has left the police of India a ripe target for companies selling surveillance products who may exploit the real need for collecting information or corrupt insiders to gain contracts. Many of the technologies described here have not been subjected to robust testing and have no published research about their quality. Some of the stories describe extensive installations that become defunct or are not of adequate quality to begin with, as in the case of Visakhapatanam, left with 3 working cameras out of 160 within 2 years of installation at massive public expense. Others describe extremely efficient systems, but ones that violate the rights of the citizens they are supposed to serve.This risks spending public funds for purposes and methods that may not be in public interest. There is an urgent need to consult with independent experts and digital rights law researchers and other professionals without conflict of interest to put together guidelines for data collection for surveillance, data destruction when its purpose is served, securing of that data to prevent misuse and policies on who should have access and a transparent process for granting such access.
  • Who is a criminal or suspect: It doesn't take a lot for police to consider someone a suspect and there is little oversight. There is no warrant or independent authority required to initiate surveillance against anyone. Such a database has the capacity to take the local prejudices of police across state lines and cause considerable harassment to individuals in all areas covered by such databases.
  • Utility: While there is obviously a need for police to monitor suspects in order to gather evidence, the legality and utility of randomly spotting them on the street is debatable. What is the utility of someone say.... suspected of having conducted a robbery... being spotted in another state - if it even is the same person?
  • Technological limitations: Such "identification" is inherently probabilistic and can be wrong. A good example would be the Welsh police wrongly identifying over two thousand people as potential criminals when they used Facial Recognition at the 2017 Champions League final in Cardiff in a crowd of 170,000 spectators. This has the potential to create a lot of harassment as well as waste police resources when applied to the far bigger numbers of people on the street in Indian cities.
  • Bypassing consent: A person suspected by the police and asked to come for questioning has rights. They can agree or refuse and the police cannot actually force them to say.... stand in a line up to be identified without any due process. Or they may wish to have a lawyer present when interacting with a policeman as a suspect. However, use of software such as this allows a beat constable to completely arbitrarily scan people who may not even realize that they are actually in a situation with the law where they may need to exert choices to protect their interests.
  • Human rights: As often happens when the state adopts technology, the advantages of the technology have been understood and promoted, but there appears to have been little consideration given to human rights implications of falsely accused individuals, potential for corruption through entering or removing entries on the database for bribes or blackmail, consequences of false positives to innocents and other potential fallout. There needs to be better consultation by the state when adopting such technologies with professionals (other than those providing the technology as a solution) to assess the wider impact beyond the immediate problem the technology aims to solve and mitigate the potential for harm.
  • Ability to maintain technology: Out of 160 cameras installed in Visakhapatanam 2016, 3 cameras were working in 2018. One of them being pointed to the ground, was useless.
  • Aggregated or discrete databases? It is not known whether the databases used to identify criminals through CCTV or the FaceTagr app or e-Petty are linked where they coexist. Aggregation of data across these databases has even more potential for the violation of rights of citizens.
  • Magnifying social prejudices: A simple statistical reality is that positives - whether real or false - will be higher among those who get scanned more. In a country where there is considerable documented evidence of prejudice against religious minorities or underprivileged castes, classes and communities, the use of such a software has the potential to magnify and endorse prejudices that cause their targeting. Take for example, reported cases of slums being raided and all the men in them being asked to identify themselves. The chances of these men being identified - correctly or falsely - will always be higher than say a person living in a gated society, where such raids are unheard of, simply because such faces will get scanned more often than those whose circumstances don't lend easily to such situations.
  • Use of Aadhaar for profiling: the e-Petty app used in Telangana is a clear use of Aadhaar for profiling - something the government has consistently denied in the Supreme Court.
  • Lack of appropriate digital security: Apart from the data being shared across state borders, or being hosted on private servers or foreign companies being given access to it - which are issues of policy to determine what is appropriate and what is not, there are outright failures of digital security, which result in unintended and unauthorized access to the very sensitive data being collected. Researcher Kodali, for example, had pointed out that the Hyderabad police were using a third party portal to record and geotag crime. The portal having very poor security for the purpose it was being used for, had allowed the indexing of crime reports by search engines for years, including the names of rape victims - which is not legal in India.
  • Lack of independent audit or testing: The systems used for both largescale CCTV surveillance as well as scanning individuals using a mobile app do not have information available on their accuracy. The lesser the accuracy, the more such systems will end up wasting police resources on chasing dead ends and causing harassing citizens.
  • A need for legislation: It is undeniable that the police need effective ways to access databases to find information on suspects and criminals on the fly. It is also inevitable that this will involve a certain degree of invasion of privacy in the interests of conducting investigations. However, this cannot simply be left to whatever software developers believe can be done or police wish to adopt. There needs to be a regulatory framework that will identify situations when such use is legitimate and protect citizens from arbitrarily being entered into databases as suspects. There should also be regulation of what information should remain local and what should be disseminated - a local suspected of robbery does not need to be found acorss state borders, but an absconding criminal found in the footage of a murder should be. There is also a need for legislation to remove names from the databases when the people are no longer suspects - for example cases people were suspected in get closed with others charged.

Further reading:

  • Research published by the Center on Privacy and Technology at Georgetown Law, "The Perpetual Line-Up" on the unregulated use of public surveillance by law enforcement and the risks.
  • Technological bias: While MediaNama was not able to find any research about FaceTagr specifically, "Face Recognition Performance: Role of Demographic Information" by the FBI about accuracy of Facial Recognition in various population demographics is an interesting read on the biases caused by how the system is "trained" to recognize faces.
  • Policy Paper on Surveillance in India by the Centre for Internet & Society

1

DeMonetisation did not promote the uptake of digital transactions

Driving India towards a less-cash, digital payments economy was one of the aims claimed by the Prime Minister when he invalidated 86% of India's circulating currency. The reasoning was that India was a largely cash-based economy; if circulating cash was reduced, people would rapidly move towards electronic, or digital payment systems for their commercial transactions. That at any rate was the hope.

Did it happen?

Rupa Subramanya thinks it did. She claimed as much in a blog in the Hindustan Times. She accepts that the original aim of taking out black money has not been met, given that almost all of the Specified Bank Notes (SBNs) hav now been returned for exchange or deposit. But she goes on to say that her research shows that the secondary aim of pushing the country towards digital payments and away from a cash based economy has been achieved. To quote from her article:

....several key components of digital payments such as Point of Sale Debit and Credit (PoS) purchases, National Electronic Fund Transfer (NEFT), Immediate Payment Systems (IMPS) and mobile banking, are way above their pre-demonetisation trends

.....

The bottom line of the research conclusively demonstrates that there was a structural break after November 2016 with a permanent increase in digital payments and decrease in the relative importance of cash. Whatever you may think of the original goals and whether they succeeded, it’s clear digitisation is one demonstrable success story of demonetisation.

She expresses the use of digital payments not in absolute terms but as a proportion of total M3 Money. However, though she says she has published her findings,  they are not in peer reviewed journals. Rather the findings are published in research papers for the Observer Research Foundation - a think tank. I haven't seen these papers and therefore cannot comment on the methodology of the research. In any case she does not cite a source, nor does her article present the full results of her analysis. Her data source, though is the same that I have used earlier in a series of tweets and in a twitter Moment. This is the Reserve Bank of India's Database on Indian Economy.

I believe her conclusions are premature, they may even be misleading or wrong, based as they are not on absolute value of payments but on payment volumes as a ratio of M3.

I present here my own much simpler and more intuitive analysis of the RBI data set and draw very different conclusions.

Data and Methods: The RBI dataset consists of monthly transaction amounts for each of several different modes of digital transactions. The data goes back to 2004 and the latest available data is for August 2017, 10 months after DeMonetisation. Rather than look at just at the figures a few months either side of D-Day (DeMonetisation-Day if you are a fan or Disaster-day if you are a critic), I suggest it is best to look at the entire period. Since these are time series data (defined as data collected consistently with a defined periodicity - in this case monthly) the most obvious and simple technique would be to chart the data against time, draw a vertical line at D-day and look for a change in the trend . If D-Day did indeed result in qualitative sustained change in aggregate behaviour the change in trend would be obvious. I used the statistical programming language, R and the charting package ggplot2 to draw and annotate the charts. These statistical programmes are widely used in academia and business.

Results: The results of my analysis are best presented as a series of charts. They speak for themselves.

The key point to get is that by looking at the entire time series for each of the main digital payment modalities, two conclusions leap out immediately.

One, that in the first few months after D-Day there was a spurt the volume of payments made by digital means.

Two, for some payment modalities, they have subsequently fallen back to levels that were seen well before D-day. In particular retail electronic clearing, and plastic card volumes are effectively back on the same trend growth they always were since long before D-Day. Mobile banking transactions in particular were going up steeply in the months before D-Day was even a glint in anyone's eye; they went up even more steeply after D-day - and here's the crucial point, they have more latterly dropped right back. If we superimpose what we know about the re-introduction of new currency notes this looks like a perfect fit. As cash was re-introduced into the system, people began giving up on mobile banking transactions.

Another set of charts looks at the volumes (i.e number) of transactions.

Here there appears to be a small shift upward that, despite some month on month fluctuation appears to be settling down at a level clearly higher than anything seen pre D-Day. In the case of mobile transactions it is small-ish numbers and starting from a very low base; in the case of digital transactions its a step change from about 1.4 billion transactions a month to about 2 billion. But the volumes transacted appear not to have shifted much at all - it is in keeping with long-running trend and it is certainly not a step change.

Undoubtedly, there has been a steep growth in the number of Point of Sale outlets, as shown here:

Starting from a very low base, this is only to be expected given the huge Government push including cash incentives and subsidies for the take up of POS machines. The extend to which these have penetrated much beyond the largest urban centres and the plushest retail outlets is the big question. The last chart above is based on data published by NITIAayog

Conclusions. My analysis leads me to conclude that any effect of DeMonetisation on the use of digital payment systems has been transient, small and short-lived. Some change has occurred (POS terminals for example) but the fact that both retail electronic clearing and card usage is back on what I call 'trend growth' (i.e. on the same trend as obtained before D-day) would suggest that there has not been a structural change that can be confidently ascribed to DeMonetisation.

Post-script discussion. In all the commentary on Digital Payments insufficient attention has been paid to a most fascinating report that was published on Oct 5 by Visa India. Amitabh Kant, CEO of NITIaayog, wrote the foreword to this report. Nobody who read the detailed figures or had taken in the measured  recommendations in this report would have supported a sudden, cataclysmic and disruptive withdrawal of 86% of the currency, certainly not with the intention of promoting a digital payments economy. Among the key findings of the report are:

  • Cash usage costs the economy 1.7% of GDP (Note: borne largely by the State)
  • According to a 2014 World Bank survey, only 0.38 percent of women above 15 years old used the internet to make payments compared with 2.04 percent
    of men; 3.25 percent women had used a debit card versus 5.25 percent of men.
  • The cost of a point-of-sale (POS) terminal in India ranges from INR 8,000 to INR 12,000. The annual operating cost is INR 3,000
    per terminal. Low transaction volumes especially outside of Tier 1 cities, make it unviable for banks to expand their footprint into such segments.
  • RBI and the Govt of India already had a plan to transition to a less-cash economy.
  • If India  invested a total of INR 58,000 crores (USD 8.6 billion) over the next five years through tax
    rebates, it could not only expedite the pace of payment digitisation but also save about INR 70,000 crores (USD 10.4
    billion) in that period through a reduction in the cost of cash with a potential to save 4.7 lakh crores (USD 70 billion)
  • If we invested 60,000 crores and undertook a series of reforms and regulatory changes cash use could come down in 2025 from 1.7% of GDP to 1.3%.
  • In particlar see exhibit 7 of the rport which details the benefits from a sustained programe of policy changes as well as investments to improve the infrastructure for digital transactions. Effectively, a 5 year programme of sustained policy implementation and investment would potentially result in a growth of digital payments for Personal Consumption Expenditure from 4% to a whopping 36%, a drop in cash need from 11% of GDP to 10%.

 

A year on the Prime Minister's Great Idea may have turned out to be a dud

Mao ZeDong’s Great Leap Forward [1]  has to be the most outstanding example of the devastating harm from the unintended consequences of a state policy that aimed to modernize and develop an entire country.  It resulted in the deaths of 45 million Chinese in 4 years [2].

That was possible only because China was a Communist dictatorship and Mao held absolute power over both Party and the people of China. He decided it was a good idea and the Great Leap Forward happened.

In contrast, Mr Modi’s sudden, dramatic and hugely disruptive announcement of a year ago on Nov 8 2016 [3] was a tame affair; only a few score people died[4]. Like the Great Leap Forward, it too was one man’s Great Idea [5]; the aims were similarly laudable even if the goalposts kept changing; unlike Mao ZeDong though, Mr Modi was an elected leader of a Party that had won a decisive mandate.

Black Money was a major problem, declared the Prime Minister, and it called for a dramatic, decisive and bold step. Effective midnight 8th Nov 2016 the 500 and 1000 Rupee notes would be raddi ('worthless pieces of paper' to use the PM's words). New notes would be issued, including inexplicably a 2000R-Rupee note; and people left holding the old notes would be able to exchange them at banks or deposit them for credit to their accounts.

Almost everyone in India was affected and quite a few overseas Indians. Those with real black money (held as cash, you were safe if all your illegal wealth was held as gold or real estate)  found ingenious ways to convert their illegal stash of old notes into bank deposits.

The others, especially the poor, suffered the most. Day-to-day commercial transactions seized up. Shopping for groceries, taxi rides, buying a train ticket, paying the utility bill - all the routine stuff of everyday life became hard. Given that the notes that were declared illegal made up fully 86% of the currency-in-circulation, and that for all but the richest urban citizens India was still predominantly a cash economy, this was hardly surprising. Daily wage labourers lost livelihoods; victims of domestic violence lost the money they were hiding from violent partners; small businesses saw customers turn away; smaller businesses and street traders could not afford to take up the offer of Point of Sale equipment.  The rural sector was worst hit;  agricultural markets collapsed in a state-ordained market failure. [6]

But there was also widespread support for a ‘decisive strike against the rich and the corrupt’; in the days of chaos that followed, support for the Prime Minister hardly wavered. The cause was a noble one and people were prepared to make personal sacrifices for the national good. In time the economy would pick up, more of the informal cash-driven sector would be persuaded, cajoled or dragged into the formal, digital-transaction banked sector, the tax take would rise and India would become a modern rich economy. Trillions of rupees would not be returned to the banks by rich crooks and the ensuing windfall would be put to good use in building up national infrastructure. That, at any rate, was the hope.

It remained a forlorn hope. None of the claimed benefits materialised.

By June 2017, even the Govt's staunchest media supporter, SwarajyaMag.com acknowledged that the move had not lived up to the expectations. [7] press Very little Black money has been unearthed. After much delay a discredited central bank finally came out with the figures that almost all of the notes in circulation have been handed in [8]. There were no major prosecutions for tax evasion or illegal money laundering.

The process of re-monetisation with the new notes gradually picked up and by the 1st anniversary the total currency in circulation was back to 85% of what it used to be. Cashless transaction rose in the early days after Nov 2016 as people were forced to use alternative means of payment but have since fallen back to previous levels as currency became available.[9]

The wider economic damage too has been widely acknowledged. GDP growth fell back to levels last seen in the worst years of the previous  regime.[10] Jobs growth just did not materialise.

The Great Idea of 2016 will continue to be assessed, studied, debated and analysed for a long time, [11] But some questions may never be unanswered for many years to come.

  • What advice and analysis went into the formulation of the policy? Were experts consulted at all?
  • What was the role of economic and finance policy institutions like the Reserve Bank of India and NITI-Aayog? Did they play a role in the formulation of the policy and its implementation or were they relegated to serving as mere apologists for the ill-effects of a decision taken by an autocratic Prime Minister?
  • Why did Cabinet not protest at being ensconed in a room without access to mobile phones as the decision was announced?
  • Was it not the role of Parliament to hold the Government to account?
  • Will there ever be an independent cost-benefit analysis of the decision?

 

References:

  1. See this wikipedia account of the Great Leap Forward.
  2. See: this review of a book on the subject. I acknowledge that I have not read the book in the original.
  3. See this article in the Scroll.In for a review of how the news was covered in the newspapers on Nov 9th 2016.
  4. Deaths attributable directly and solely to the scrapping of notes was always going to be difficult. That a number of deaths occurred in queues is undeniable. Were they caused by the need to stand in queues? That's more difficult. Arguably the distress, the economic harm, the job losses and the lost wages/livelihoods and savings took its toll on ordinary people. The exact number of deaths became a political ding-dong  that diverted attention from the bigger question of the wisdom of the policy.
  5. We'll never know for certain that the final decision to go ahead and DeMonetise the currency was entirely Mr Modi's. There has never been a proper enquiry. All the indirect evidence points to it being either solely or largely his decision and his alone. Much later on it emerged that the RBI Board met on the morning of the 8th Nov and agreed to a Govt proposal but the delay in publishing this resolution leads to the suspicion that it was a hastily put together fig leaf. See: this and this . There's also speculation that a war on cash was one of the suggestions put forward to Mr Modi by an engineer and keen campaigner for tax reform Mr Anil Bokil of the Pune based ArthaKranti Foundation . Its worth noting that these ideas have no traction among mainstream economists.
  6. See the writings of P Sainath on the effects of the noteban on rural economy of India.  https://ruralindiaonline.org/articles/demonetisation
  7. SwarajyaMag.com is an online journal that is openly and avowedly right wing and a keen supporter of the PM's party. In an unexpected op-ed piece on June 14 2017, R Jagannathan the editor declared Demonetisation to be a failure but argued that the critics were right for the wrong reasons. Their criticisms, he argued was led more by animosity towards Mr Modi than by any special economic insight. But even I, as an amateur student of economics, argued in my blog of 16 Nov 2016, a week after the decision to demonetise, that it was a flawed policy that would do nothing to root out black money. I argued that DeMonetisation would cause tremendous hardship and loss to large numbers of people, that it would not deliver its claimed benefits, that there were other better targeted means of combating black money.  It was, I argued neither necessary nor sufficient to make a serious dent in black money. At that time, it is important to note, the stated aim was to eliminate black money. The push to a digital cashless payments system came later on.
  8. The earlier, almost gleeful, expectation was that as much as 3.5 to 5 trillion rupees worth of high denomination notes would not be handed back in and would be a free windfall for the Reserve Bank of India which would see a dramatic drop in its liabilities. This would be a huge bonanza in the form of a one off dividend from RBI to the Govt. This euphoria evaporated when someone pointed out that a decline in liabilities affected the balance sheet but would not lead to a profit and the RBI act  required it to pay a dividend only out of annual profits from banking activities. In the event the actual dividend that RBI paid out to the Govt in 2017 actually fell by almost half compared to the previous year. The losses arose out of scrapping the old notes, printing new ones, and the extra logistics costs of shipping the new notes out to where it was needed.
  9. I published a twitter thread and a moment with analysis of month-by-month time series data right up to August 2017 of the amount of money that flowed through non-cash digital payments systems. These include bank-to bank systems, like real time gross settlements used by businesses, paper-based payments systems (bank drafts and cheques), retail electronic payments, credit and debit card payments, and mobile banking payments. These charts show that any effect of DeMonetisation has been at best short-lived. There has been a growth in the number of point of sale terminals but from a very low base, and a growth in the number of subscribers to mobile phone based payments systems.
  10. The GDP growth slowdown has been widely commented upon. The standard Govt response has wavered between arguing that DeMonetisation was necessary medicine for a a backward economy built on cash-fuelled corruption, and a counterattack that the slowdown is not due to Demonetisation but was in the making long before Nov 2016. As arguments go both are own-goals and ill-serve the Govt's credibility.  
  11. The Harvard Business review paper argues that the 4 lessons to learn are
    • Choose your experts carefully. Mr Modi may have been influenced by a few cranks posing as economic experts with not so much out-of-the-box ideas as off the wall thoughts.
    • Dont ignore basic data. All the evidence was that only 6% of black or illegal wealth was held in cash. Not attacking the sources of corruption - politicians, real estate, and big businessmen meant tha instead of a targeted approach we had an assault on everyone - honest and weak included, in which the rich and corrupt got clean away.
    • Consider human behaviour. People found a way out of the cash crunch both to manage their poor honest lives and to squirrel away whatever illegal cash they held. Digital transaction was already growing as fast as it could given the infrastructure available, so as soon as new cash came into the system any spurt faded away.
    • Beware of digital silver bullets. India came 41st out of 42 countries just ahead of arch-rival Pakistan in the infrastructure needed to support a digital payments eco-system. However 'bold' and 'decisive' an executive ordz er cannot replace patient attention to detail.

1

Linking Aadhaar to bank accounts is a recipe for creating benami[2] bank accounts and scaling benami bank transactions. It threatens to destroy your bank accounts and destroy the country’s banking system. It’s devastating that the integrity of banking processes is being destroyed by dividing, outsourcing and privatising processes integral to core banking so that they become the responsibility of no one.

Linking Aadhaar[1] to bank accounts is a recipe for creating benami[2] bank accounts and scaling benami bank transactions. It threatens to destroy your bank accounts and destroy the country’s banking system. It’s devastating that the integrity of banking processes is being destroyed by dividing, outsourcing and privatising processes integral to core banking so that they become the responsibility of no one.

Destroying the banking system

India’s Department of Revenue (DoR) has done it again.

On June 1, 2017 vide Notification №2/F .No. P.12011/11/2016-ES Cell-DOR it mandates the linking of every bank account with an Aadhaar number before December 31, 2017. While lawyers point out several illegalities, including the scope, of the notification of this subordinate legislation under the Prevention of Money Laundering Act (PMLA), the failure of the DoR to consistently protect national interest is unbelievable.

A few days back a co-panelist on a TV channel defended the DoR arguing that linking Aadhaar to Bank Accounts will weed out money laundering by verifying bank accounts. What my co-panelist did not say is money laundering is facilitated by creating benami accounts. It is also facilitated by benami transactions. Nor did my co-panelist explain how benami accounts happen or how benami transactions are scaled by money-launderers.

This latest notification ensures that the Trojan horse that they instilled into the banking system on January 27, 2011, will destroy the Indian economy along with the Indian banking system. As feared by the Reserve Bank of India before January 2011, Aadhaar is yet the best state sponsored enabling mechanism for money launderers to enable benami bank accounts. Aadhaar can even help the money launderer to take over your bank accounts. Aadhaar is also the enabler to scale benami transactions.

Here are just 5 ways in which linking the Aadhaar to PAN[3] or a bank account will hurt you, destroy India and, for those who care, an explanation of how Aadhaar creates benami bank accounts and scales benamitransactions.

The innocent will lose money, reputation and access to justice, dignity and livelihood

One, the innocent will lose money, reputation and access to justice, dignity and livelihood as their Aadhaar numbers can act as mules for money laundering, their subsidy and other Aadhaar enabled payments can be easily compromised, their access to their own bank accounts be denied, or they can be framed for economic offences. Helpless citizens and businesses may also find themselves at the receiving end of covert human rights violations as even their access to money and existence is disabled by deactivation or blocking of Aadhaar leaving no recourse to survival.

Linking Aadhaar to bank accounts or PAN converts India into the new tax haven for money launderers

Two, linking Aadhaar to bank accounts or PAN converts India into the new tax haven for money launderers as it becomes easy to remotely create benamiaccounts and operate benami transactions while claiming complete legitimacy. This will destroy India’s economy and governance.

Financing crime and terrorism will grow uncontrollably

Three, financing crime and terrorism will grow uncontrollably as it becomes increasingly difficult to discover, report or close down such operations. This will make it impossible to ensure national security as the rule of law is destroyed.

Corruption will increase

Four, corruption will increase as it becomes easier when proceeds will not be traceable to the corrupt. It will be increasingly difficult to restore swarajya and impossible to ensure suraiya.

Banks will not be able to contain non-performing-assets

Five, banks will not be able to contain non-performing-assets, fraud and financial misappropriation as the real users of banking services will be untraceable. The economy will be completely out of control as the black and white economies become indistinguishable.

We are in a policy vacuum as the NITI Aayog and the bureaucracy have failed to recognise the Trojan horse and protect national interest. Unless the RBI de-licenses the payments systems based on Aadhaar (AEPS) immediately and the government stays linking Aadhaar to PAN and bank accounts, our leadership will have failed to protect India from this fast colonisation of India by the private interests driving Aadhaar.

Enabling Benami Bank Accounts

Benami accounts get created when banks fail to identify the real customers who own the accounts. The Panama Papers exposed data of thousands of benami accounts created through a Panamanian law firm, Mossack Fonseca. The Panama Papers exposed one modus operandi of hiding the real owners of the assets in tax havens.

panama papers modus operandi
The use of Aadhaar as KYC for bank accounts is similar to the note from Panama Law Firm Mossack Fonseca saying “they are an honest client”

Prudent bankers recognise the importance of knowing who they bank with. It is no wonder that the RBI had warned, right from before the Trojan horse was instilled in to the RBI in 2011, that the Aadhaar enrolment process does not have due diligence. It pointed out that for Aadhaar enrolment verification is not compulsory, as confirmed by the UIDAI in the Demographic Data Standards and Verification Procedure, and does not require document based verification.

The RBI also highlighted that such use of Aadhaar as third party identification is against Prevention of Money Laundering Act, the Financial Action Task Force (FATF) and the paper issued on Customer Due Diligence (CDD) for banks by the Basel Committee on Banking Supervision and circulated to scheduled commercial banks by the RBI on November 29, 2004.

The RBI also observed that a fixed time document like the Aadhaar cannot be a Proof of Address. It further cautioned using Business Correspondents (BC), to open bank accounts or undertake banking transactions, as the vulnerability of the system has not been tested and co-mingling funds of different banks in the hands of BC’s was a major operational risk to the banks. While resisting the use of Aadhaar, the RBI also highlighted the Government’s concern about the perceived misuse of such accounts for terrorist financing.

Under pressure from the UIDAI and the Department of Revenue, Ministry of Finance, the RBI, through its circular dated January 27, 2011, allowed bank accounts to be opened exclusively on the basis of Aadhaar number. However the RBI required such accounts to be put to restrictions and be subjected to conditions and limitations prescribed for small accounts.

Not happy with the restrictions, the UIDAI pressed the RBI to lift the restrictions placed on accounts opened with Aadhaar numbers under the PMLA. On September 28, 2011, again through the Department of Revenue, the UIDAI succeeded in getting the RBI to backtrack and suspend the restrictions of the PMLA on bank accounts opened solely through Aadhaar. The UIDAI also succeeded in causing the RBI further to accept eKYC or remotely using information associated with an Aadhaar number as KYC. According to the UIDAI eKYC brings scale to the ease of onboarding customers.

To put the problem in perspective, Aadhaar enrolment was completely outsourced to private parties by the UIDAI with the sole aim of building the worlds largest biometric database. Mr. Nilekani’s UIDAI repeatedly emphasised that they merely provided a framework to issue a number and store the (unverified and unaudited) data.

RTI says Aadhaar has never been verified or audited
UIDAI admits that the Aadhaar (UID) database has never been verified or audited

No one from the UIDAI or even the government even sign the Aadhaar card that is mailed back to the enrolee. The very same organisations that were declared by the UIDAI as holding databases full of ghosts and duplicates were asked to serve as “Registrars” to the enrolment process. They were even given flexibility in the collection, retention and use of the data (including biometric) that they collected.

Without a verification and audit Aadhaar enables duplicates and ghosts
Without a verification and audit Aadhaar enables duplicates and ghosts

No one in the Aadhaar enrolment process was required to identify anyone. At best they had to merely verify documents that were submitted for enrolment. Needless to say anyone in possession of your documents could enrol with minor changes in any demographic information or with different biometrics. Field stories of enrolments are replete with descriptions of biometric jugaad including using combination of persons, use of biometric masks, biometric modifications, and other ingenious methods to maximise registrations.

According to the IT Minister Ravi Shankar Prasad, 34,000 operators who tried to make fake Aadhaar Cards have been blacklisted. Even if each operator worked for a year before being blacklisted, at about 100 cards a day amounts to over a billion cards. That is more than 95 percent of the database. The Aadhaar enrolment has been unlike that of any other identity document, easily scaling the creation of duplicate and ghost identities.

Excrept of IT Minister Ravi Shanker Prasad’s reply in Rajya Sabha on April 10, 2017
Excrept of IT Minister Ravi Shanker Prasad’s reply in Rajya Sabha on April 10, 2017

While there is widespread belief that biometric authentication at time of opening a bank account prevents benami, it ignores the field realities of mobile phone SIM cards being issued on Aadhaar photocopies and used to open bank accounts, of having remotely “downloadable” accounts, and also plain simple use of photocopies of Aadhaar or parallel Aadhaar databases to open bank accounts. With Aadhaar, banks do not have any trace of the real customer. The real customer is simply masked by a benami owner using an Aadhaar number.
Even your Aadhaar can be used, without your knowledge, by a perpetrator to open multiple accounts in order to use it to collect bribes, park black money, or siphon your subsidies. In the eyes of law enforcement, if these accounts are discovered, you will be the criminal.

benami money laundering aadhaar bank account
Is Aadhaar the new Panama?

To compound the problem, UIDAI has no liability for benami bank accounts opened with Aadhaar. After the introduction of the Aadhaar to open bank accounts, the accounts and deposits have doubled in 5 years. No one knows who really controls these accounts.

Growth of bank accounts and deposits in India
Growth of bank accounts and deposits in India

Enabling Benami transactions

Even when it had no mandate to develop banking platforms, in 2009, the UIDAI signed an MoU with the National Payments Corporation of India (NPCI), a non government company, to develop an Aadhaar Enabled Payment System (AEPS). In this MoU the UIDAI has no responsibility for your banking transactions and the NPCI has no obligation to the RBI. The payment system uses the Aadhaar linked to a bank account as a financial address to do electronic money transfers from one Aadhaar number to another.

Company data for NPCI
Company data for NPCI

Unless an Aadhaar is linked to the account, the AEPS cannot access the bank account. Linking a PAN to the Aadhaar will have the same effect as linking the Aadhaar to a bank account as the PAN is already linked to the bank account. Such accounts become Aadhaar enabled. Aadhaar enabled bank accounts are ready to be used by the AEPS for Aadhaar to Aadhaar money transfers.

Linking an Aadhaar to a bank account is done through a process called as “seeding” an Aadhaar number to a bank account. After receiving the Aadhaar number from the customer, the bank uploads such numbers’ into a “NPCI mapper” or a repository of Aadhaar numbers and Institution Identification Number (IIN) numbers used for the purpose of routing transactions to the destination banks. The IIN is a unique 6-digit number issued by NPCI to the participating bank. If you or anyone else seed your Aadhaar with another bank account, the NPCI mapper is overwritten with the new banks’ IIN. Money transferred to an Aadhaar number, using the Aadhaar Enabled Payment System, gets transferred to the bank account linked to the Aadhaar number at the branch recognised by the IIN.

A money launderer can transfer money to an account linked to an alternate IIN and then re-seed the NPCI’s mapper with the original IIN for the Aadhaar number, completely wiping out any trace of money to the alternate IIN. Like transactions of bearer shares in Panama, such money transfers becomes no different from a hawala[4] transaction between real parties who remain anonymous or benami[5].

Your Aadhaar number can be used to facilitate such benami money transfers. If these money transfers linked to your Aadhaar number are detected by investigation officers or tax authorities, you, not the real operator will be held on suspicion of economic offences.

The NPCI’s idea of Aadhaar to Aadhaar banking itself is flawed. It is surprising if the RBI has licensed this payment system under the Payment and Settlements Act.

All money is ultimately stored in bank accounts and not in the name of a person. Nowhere in the world does one transfer money to a person, you transfer it to a persons account. Money transfers to and from a bank account makes every money transfer traceable from source to destination making money laundering difficult, if not impossible.

Hawala schemes make money transfers untraceable by eliminating the bank accounts. Money transfers that, like the hawala, are based on the premise that you do not share an account number, with someone transferring money to you, are inherently flawed in auditability as they wipe out the money trail.

The idea of a mapper, as used by NPCI’s AEPS, does not allow for instructions from sender but relies on periodic update of IIN in the NPCI’s table mapping Aadhaar numbers from banks. As multiple banks have to upload the Aadhaar numbers seeded with accounts held by them, this cannot guarantee desired results.

Perhaps the worst aspect of the mapper is that it slices the business process and outsources parts. This destroys the responsibility of the payment system from any single party as was in the case of NEFT or RTGS. Neither the NPCI, the UIDAI or the banks are responsible in such money transfers. They merely provide “look-up” services. In this system, a single compromised or rogue bank branch, or the perpetuator’s ability to exploit a good one, is enough to siphon off subsidy, park black money or take bribes.

Such money transfers would be difficult, if not impossible, to trace without a whistleblower. A few cases have been reported that suggest the large scale play of this scenario already. For example more than 40,000 erroneous transfers were reported through AEPS in DBT transfers meant as part of drought relief for farmers in Karnataka. The government allegedly blamed the banks for failure to seed the correct Aadhaar numbers with the beneficiaries.

Governments across India had been using the RBI’s own payment system, the NEFT or RTGS, to undertake electronic money transfers. This is also evidenced by the fact that Aadhaar Leaks has exposed that bank details are already present in every record of the leaked data. There is absolutely no reason to switch public payments from NEFT to AEPS, run by a non-government company.

The replacement of a time tested standard of electronic money transfers under government regulation by a non-standard payment system run by a non-government company raises several serious questions of national and public interest, propriety and possible conflicts of interest.

Preventing disaster

If the government and the Supreme Court implement the wisdom of 7 orders of the Supreme Court of India on the use of Aadhaar, they can yet save the country from disaster resulting from the colonisation of India by the new East India Companies or the private interests driving Aadhaar.

In its first order of September 23, 2011 the Supreme Court had indicated that “no person should suffer for not getting the Aadhaar card inspite of the fact that some authority had issued a circular making it mandatory and when any person applies to get the Aadhaar Card voluntarily”.

On August 11, 2015, the 3 member bench restricted the use of Aadhaar and indicated that it may not be used for any other purpose.

On October 15, 2015, a 5 member bench led by the Chief Justice had emphasised that “the Aadhaar card Scheme is purely voluntary and it cannot be made mandatory till the matter is finally decided by this Court”. It had restricted the voluntary use of Aadhaar to public distribution system (PDS) Scheme, the liquefied petroleum gas (LPG) distribution scheme, the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS), National Social Assistance Programme (Old Age Pensions, Widow Pensions, Disability Pensions), Prime Minister’s Jan Dhan Yojana (PMJDY) and Employees’ Provident Fund Organisation (EPFO).

In the meantime, following Mahatma Gandhi’s footsteps and refusing to link Aadhaar to anything may be the only option left for you.

On 10 January 1908 Mahatma Gandhi was arrested for the first time in South Africa for refusing to carry an obligatory identity document card commonly known as the ‘pass’.

[1] Aadhaar is a 12 digit random number assigned by India’s Unique Identification Authority of India to unaudited and unverified demographic and biometric information submitted by private enrollers.
[2] Accounts and transactions undertaken using a ghost or a duplicate identity are called benami.
[3] Permanent Account Number or PAN is a number used to track financial transactions and file income tax returns in India.
[4] Hawala is an alternative or parallel remittance system that works outside formal banking systems.
[5] This was first highlighted in September 2014 in http://www.moneylife.in/article/how-aadhaar-linkage-can-destroy-banks/38736.html

 

Originally published here.

2

On August 24th 2017, WikiLeaks published secret documents from the ExpressLane project of the CIA pertaining to the cyber operations the OTS (Office of Technical Services), a branch within the CIA conducts against liaison services. The OTS provides a biometric collection system to liaison services around the world with the expectation for sharing of the biometric takes collected on the systems. Additionally, the CIA has developed ExpressLane - a covert information collection tool to secretly exfiltrate data collections from these systems without the knowledge of the vendors as well.

ExpressLane installs and runs covertly behind a benign splash screen indicating a software upgrade and is used when OTS agents perform on site upgrades on the biometric system. The installation raises no suspicions other than the minor notices which don't appear to be out of the ordinary for a software installation.

The core components of the OTS system are based on products from Cross Match, a US company specializing in biometric software for law enforcement and the Intelligence Community. The company hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan. This company also provides biometrics collection systems for UIDAI's Aadhaar in India.

The response to these revelations in India has been astonishingly muted. A foreign government having access to confidential and highly accurate information on citizens of India amounts to an attack on India's sovereignty. The existence of Aadhaar itself now becomes a government sanctioned weapon against the country and citizens. The Aadhaar must be destroyed.

The few reports in media restrain themselves to very conservative reporting of the actual leaks without committing themselves to stating the implications for the country. This too is concerning, because it indicates an inadequate comprehension of how tech works in the media and renders the media toothless when it comes to providing public oversight on the highly insecure progression of the Digital India project.

On its part, the UIDAI has issued its standard voodoo denials. No explanations, no data, no alarm, no need for any investigations, nothing. Assurances that "all is well, don't worry" is all the UIDAI appears to have on any of the mounting concerns about the Aadhaar being illegally imposed on the citizens of India with blatant disregard to repeated orders of the Supreme Court. And of course, flat out lies - the hallmark of anything supported by the Modi government. Here are some claims debunked.

Aadhaar system has stringent security features to prevent any unauthorised transmission of data.

And here we thought UIDAI filed a case against Abhinav Srivastava, co-founder ofQarth Technologies Pvt. Ltd, who released an entire app that made unauthorized use of Aadhaar data e-kyc, then let him go, because he didn't have bad intentions. And oh, they complained about unauthorized access and then also claimed that no data was breached. We get it. There was no breach. He was using an authorized api without being authorized. No breach. Just reading news on the UIDAI is enough to give anyone who understands tech security high blood pressure.

No, Aadhaar most certainly doesn't have stringent security features to prevent unauthorized transmission of data. Aadhaar devices were not even encrypted till well after UIDAI started claiming 90% enrolment across the country (another dubious claim, for another day).

“Some vested interests are trying to spread misinformation that since ‘Cross Match’ is one of many devices which are being used in biometric devices by various registrars and agencies in Aadhaar ecosystem, the biometrics being captured for Aadhaar are allegedly unauthorisedly accessed by others.”

This is complete bullshit. The vast majority of people objecting to Aadhaar have nothing to gain from its failure (other than national and personal security). In contrast, the vast majority of people defending Aadhaar without any data, independent audit, robust explanations of technology and worse are invariably employed by UIDAI or its affiliates or have founded them (or, in a recent trend, are anonymous handles - I wonder who, other than Sharad Sharma could be behind those). Where is the misinformation in CIA being a spy agency, or it being known to engage in illegal and digital spying or it being known to subvert democratic governments in countries? Where is the "misinformation" in a leak of secret documents on a site that so far has never been questioned on the authenticity of leaked information it publishes?

Aadhaar biometric capture system has been “developed within our own country and it has adequate and robust security features to prevent any possibility of any such unauthorised capture and transmission of data regardless of any biometric device that may be used”.

This statement can be true, only if the UIDAI spokesman is a US national, because even the UIDAI website offers driver downloads for Cross Match and L-1 devices. The same Cross Match and L-1 that have apparently got biometric capture systems from the OTS branch of CIA on the understanding of data sharing. And the Express Lane is the data theft on top of that.

“In addition, there are many other rigorous security features and processes within UIDAI ensuring that no biometric data of any individual is unauthorized accessed by anyone in any manner whatsoever,”

This is a breathtaking lie, because the CONTRACT UIDAI had with L-1 Identity Solutions Operating Co Pvt Ltd, Morpho and Accenture Services Pvt Ltd, says that the company was given Aadhaar data access "as part of its job". This contract has also been reported and objected to in the past and on this blog as well in 10 big problems with the Aadhaar UID card project.

Golden rule in C-Sec is: If physical access is compromised, everything is gone. Wikileaks talks about physical access. It is about installing a backdoor on the source where biometric is acquired at the device driver level. Encryption argument is useless in that case. But encryption != Security.

(update: UIDAI has made some vodoo argument about how access is secured on UIDAI premises and what not. It is nonsense. Aadhaar data is collected out in the real world where the espionage would be happening. Whether UIDAI pickles the data or freezes in some on premises further access to foreign companies it makes no difference to that)

How much Aadhaar data and how much access do foreign BSPs have?

And this information is from an RTI filed by Col. Thomas, that the BSP (Biometric Service Provider) "may have access to personal data of the purchaser (UID), and/or a third party or any resident of India..." Further, Clause 3, which deals with privacy, says that the BSP could "collect, use, transfer, store and process the data".

Excerpt from UIDAI contract with Biometric Service providers
Excerpt from UIDAI contract with Biometric Service providers

In other words, the UIDAI has been deliberately undermining Indian security using Indian funds and flat out lying about its activities. The entire organization must be dismantled and its leaders investigated.