Skip to content

Aarey Milk Colony, spread over 1,259 hectares of land, is an extension of Sanjay Gandhi National Park. In 1949, the land we know as Aarey was given to the Dairy Development Board of Maharashtra to shift the cattle sheds from the city to Aarey. Since then this area has been known as Aarey Milk Colony. Aarey has 27 tribal hamlets; in terms of flora and fauna, it has leopards and numerous species of birds, animals, insects, butterflies, snakes, herbs, shrubs and trees (which number more than 4 Lakh 80 thousand).

In November 2014 , morning walkers, cyclists and other regular visitors to Aarey Milk Colony found notices put up, announcing that 2298 trees in Aarey would be felled for construction of the carshed for Metro3. Citizens came together to protest against this mass felling of trees. Thus was born the Save Aarey Movement.

In December 2014 angry citizens for the first time gathered in Aarey Picnic Point area to protest against this unnecessary destruction of the city's ecology. 1200 + citizens came together again in February 2015, creating a human chain along Marine Drive. Post this event, the Chief Minister of Maharashtra announced appointment of an Expert Committee to explore other options for location of the Metro3 carshed .

The Expert Committee had 6 members; four Bureaucrats and two environmental experts from IIT and NEERI. Both the environmentalists put a dissenting note in the Committee's report, holding that Aarey is an ecologically sensitive area and rich in biodiversity. The proposed carshed location is the floodplain of the Mithi River, and construction in this area can lead to flooding in Andheri. Hence the carshed location should be shifted out of Aarey, they said .The other options for the carshed location suggested by the expert members were Kanjurmarg and Backbay in Colaba.

The Detailed Project Report prepared in 2011 for the Metro 3 Line also mentions three other options (along with the option of 33 ha land in Aarey) for the Metro 3 Carshed location: the ground in Bandra Kurla Complex, 26 Ha of land in Kalina, the Mahalaxmi Race Course. Mumbai Metro Rail Corporation ( MMRCL) always claims that the 33 ha land area in Aarey is the only suitable location for the Metro 3 Carshed.

In 2015 the NGO, Vanashakti, along with citizens, filed a petition in National Green Tribunal (NGT) praying that Aarey be declared a forest and an Eco-Sensitive Zone. NGT on 19th August 2015, ordered status quo in Aarey pending final decision on the case. MMRCL, in August 2017 started dumping debris in the Metro 3 Carshed area in Aarey, along with excavation and mud filling activities in the area. This was in contempt of Court orders and was highlighted at the NGT. On 14th May 2018, NGT again ordered against any dumping of debris, land reclamation and Tree Felling in Aarey pending final decision in the case. But MMRCL continues to violate court orders. They have cordoned off more area in Aarey on the opposite side of the carshed area and have started land reclamation. What initially started as destruction of 33 ha of forest land is now leading to destruction of a much bigger area. Citizens lodged complaints in Aarey Police Station against these violations of court orders. MMRCL has also evicted Adivasis from Prajapur Pada in Aarey to SRA Buildings. This is in violation with Tribal Rights. Adivasis have filed a petition in Mumbai High Court.

On 20th September 2018 Judges from NGT's Principal Bench decided that this matter of declaring Aarey a Forests does not come under NGT's jurisdiction and NGT directed the petitioners to withdraw application and approach the right Authorities. This has happened after 3 and 1/2 years long proceedings in National Green Tribunal.

Through an RTI in 2017, Vanashakti found a letter written by the Divisional Manager of Sanjay Gandhi National Park( SGNP). This letter indicates that Aarey Milk Colony was of a much larger area earlier, and that 2076 ha of land from Aarey Milk Colony was Transferred to SGNP in 1969. But the forest department claims that they do not have any land records related to Aarey Milk Colony.

The forest department, in 2015, had submitted a draft proposal to the Ministry of Environment and Forest (MOEF) to declare Aarey Milk Colony as an Eco Sensitive Zone. MMRCL moved an application with the MOEF and got 165 ha of land (1.65 sq km) from Aarey denotified from the Eco Sensitive Zone. The MOEF denotified an area of 1.65 sq km from the ESZ in December 2016. This decision has been challenged by Vanashakti in NGT through a different petition.

Already, a large part of Aarey Forest has been lost to different projects and construction activities. Citizens fear that with the entry of the Metro 3 carshed, better described as a railway service centre, the rest of this forest, spreading over 1259 ha, will be lost to construction activities for ever.

Mumbai City is already sinking because of the destruction of its water bodies, wetlands and mangroves. Loss of Forest area and destruction of the floodplain of the Mithi River in Aarey will lead to further destruction of the city and flooding in more new areas in Mumbai. Lakes , supplying drinking water to Mumbai are also located in Forest Areas. Vihar lake on the border of SGNP and Aarey.

The air quality of Mumbai will be seriously hit if 4000 full grown trees are removed from its last remaining green space,the Aarey forests. .

A Movement that started with the news of felling of 2298 trees has brought out more shocking details. MMRCL floated a tender document for felling of 3384 trees in Aarey Milk Colony in 2017. And number of trees that are in line for sacrifice is still increasing. Tribals have lost their homes and livelihood. Floodplain of Mithi River has been damaged and this city will finally lose 1.65 sq km of forest areas to construction activities if this Carshed is not shifted out of Aarey. Facts finding team of Citizens have also found letters that speak about Government granting 3 FSI on 33 ha (82.5 acres) of Aarey land. A design layout prepared by MMRCL for the Carshed area also has marked an area on 33 ha land for realestate prooject.

Citizens of Mumbai needs to decide what is more important for them. A peaceful and happy life in a place requires, Fresh Air, Good supply of Drinking water , accessible open spaces and flood free roads .

In a Costal city like Mumbai, when the entire world is suffering from the consequences of Global Warming a place like Aarey becomes extremely crucial for survival of the city.

1

A historic event has taken place in the Supreme Court of India. There will be no independent probe into Judge Brijgopal Harkishan Loya’s death. This is one of the first judgments to come at a time when the Indian Judiciary stands embattled in a manner not seen since Independence. Those quick to point out the Emergency, may do well to reflect, that while Emergency kept our democracy locked and at bay to pander to an autocratic leader, now and here, as we live and speak, work or laze, fight or make love, a dark cloud looms by which democracy and the rule of law are being artfully and systematically subverted. In hindsight, Emergency appears as a blip and our judiciary came out the stronger of it. It rose to the occasion and reclaimed its independence as well as integrity.

This spirit, which the Indian Judiciary showed at what was then the nadir of the Indian democratic experiment in the mid-seventies, is almost dead. This period is historic, not least for the other significant judgments that are being awaited, or for the unprecedented press meeting called by the Supreme Court’s senior-most judges, but for the very foundations that made our country possible in the first place. We are being uprooted like an old banyan tree might be, but we are by and large comatose, and don’t even feel the tremors. Such is the adversity of our collective situation.

Judge Loya died in 2014 but for some time he stood resurrected. Caravan’s reporter Niranjan Takle is an ordinary person, much like you and me, but what he did was extraordinary. For a moment it seemed that God spoke through him, that God could well be a regular reporter, who must resurrect the dead, especially when it seemed that they had not been properly buried.

Amongst its several rebuttals to the petitioners’ arguments, the bench constituted by the Chief Justice of India to decide the matter, is very keen on reprimanding the petitioners for their lack of bonafides and contempt of court. The bench then negates the evidence relied on by the petitioners. But this was not a criminal trial. The writ petitions only sought an independent probe into a critical case that was in fact mocking the very institution of our judiciary.

Judge Loya was a CBI judge entrusted with overseeing the Soharabbudin Sheikh fake encounter case in which the BJP President Amit Shah was an accused. Any reasonable person going by the murky and sordid history of the case, and what followed thereafter, and as it stands to tragically unfold even now, would assume that there is a rat, and it is stinking as hell. Post the furor over the Caravan article the Supreme Court should have in fact taken suo motu cognisance of the case.

One of the time honoured maxims of the law is that justice should not only be done, but must be seen to be done.

The Supreme Court’s rebuttals have already been politically hijacked and can be dissected as well as Mr. Jaitley has sought to do, but it would be more of Machiavellian legalese. Given the divisive and political overtones the case has assumed, with help in no little measure from social media, the polarisation is complete and evident, just as it is for anything now these days. More than polarisation there is fear. Read FEAR.

None of Judge Loya’s family came ahead when they should have, even if it were to simply negate Caravan’s report in open court. The bench too declined to call the family or the judges who said they were with Judge Loya at the time of his death. These being just a couple of inexplicable positions taken by the bench. There was more than enough prima facie material, which the petitioners had brought on record in support of their plea. To reiterate - an independent inquiry is all that they sought. Nobody was going to be hanged for that. One does not need to be a legal scholar or a hotshot lawyer to understand this, or for that matter, the absolute retreat and silence of Judge Loya’s family in the days when the petitions and interventions were being heard.

The bench has also upbraided the petitioners for undermining the judiciary by casting aspersions on those in the bench and on the other judges whose names came up as part of the hearing. Yet the petitions well within the domain of public knowledge fundamentally argued that if the plea for an independent probe is not granted, it would result in an erosion of faith in the judiciary and within it as well, and does not bode well for the lower judiciary.

The tables stand turned and how. The irony is incredible.

In another situation this might seem like a neat sleight of hand, altogether familiar when it comes to political expediency, but now it is simply scary. The Bar and Bench stand divided like never before and the line of division is glaring and aching. Certainly the atmosphere in the Supreme Court has turned noxious. All along, in spite of all the pressures, our judiciary has always shown that it will be the ultimate leveller and a custodian of our rights and dignity. That modicum of faith is fast disappearing.

Judge Loya, who might have been afforded the chance to speak to us through his grave, has been silenced yet again. The questions however will not cease. I often look at his file photos in the news and I always think of him first as a judge and later in any of his filial capacities. Was it not enough that he had sworn to serve the judiciary and through the institution, us, the people of India? His life was exemplary in that regard, and his conduct impeccable, especially when he was assigned to adjudicate the notorious Sohrabbudin case. Do we understand that in failing an upright judge, we have also failed the very institution that is key to our democracy and our constitutional values? It is perhaps the latter that bothers me more and I have a feeling that Judge Loya would have concurred.

There are hundreds of Judge Loyas in our country who have taken the fall in the line of duty when they became a nuisance to the ruling establishment of their time. Judge Loya is certainly not an exception, but his case is. Our judiciary, and we the people of India, were offered a rare opportunity to redeem ourselves had an independent probe been permitted.

We have let that moment pass to our peril.

We stand witness to a new phase of history that has been surely and steadily taking its course, not dissimilar to other previous twisted regimes in the world. In this withering landscape we are adrift and pensive, and for now, our heads must hang in shame.

1

Linking Aadhaar to bank accounts is a recipe for creating benami[2] bank accounts and scaling benami bank transactions. It threatens to destroy your bank accounts and destroy the country’s banking system. It’s devastating that the integrity of banking processes is being destroyed by dividing, outsourcing and privatising processes integral to core banking so that they become the responsibility of no one.

Linking Aadhaar[1] to bank accounts is a recipe for creating benami[2] bank accounts and scaling benami bank transactions. It threatens to destroy your bank accounts and destroy the country’s banking system. It’s devastating that the integrity of banking processes is being destroyed by dividing, outsourcing and privatising processes integral to core banking so that they become the responsibility of no one.

Destroying the banking system

India’s Department of Revenue (DoR) has done it again.

On June 1, 2017 vide Notification №2/F .No. P.12011/11/2016-ES Cell-DOR it mandates the linking of every bank account with an Aadhaar number before December 31, 2017. While lawyers point out several illegalities, including the scope, of the notification of this subordinate legislation under the Prevention of Money Laundering Act (PMLA), the failure of the DoR to consistently protect national interest is unbelievable.

A few days back a co-panelist on a TV channel defended the DoR arguing that linking Aadhaar to Bank Accounts will weed out money laundering by verifying bank accounts. What my co-panelist did not say is money laundering is facilitated by creating benami accounts. It is also facilitated by benami transactions. Nor did my co-panelist explain how benami accounts happen or how benami transactions are scaled by money-launderers.

This latest notification ensures that the Trojan horse that they instilled into the banking system on January 27, 2011, will destroy the Indian economy along with the Indian banking system. As feared by the Reserve Bank of India before January 2011, Aadhaar is yet the best state sponsored enabling mechanism for money launderers to enable benami bank accounts. Aadhaar can even help the money launderer to take over your bank accounts. Aadhaar is also the enabler to scale benami transactions.

Here are just 5 ways in which linking the Aadhaar to PAN[3] or a bank account will hurt you, destroy India and, for those who care, an explanation of how Aadhaar creates benami bank accounts and scales benamitransactions.

The innocent will lose money, reputation and access to justice, dignity and livelihood

One, the innocent will lose money, reputation and access to justice, dignity and livelihood as their Aadhaar numbers can act as mules for money laundering, their subsidy and other Aadhaar enabled payments can be easily compromised, their access to their own bank accounts be denied, or they can be framed for economic offences. Helpless citizens and businesses may also find themselves at the receiving end of covert human rights violations as even their access to money and existence is disabled by deactivation or blocking of Aadhaar leaving no recourse to survival.

Linking Aadhaar to bank accounts or PAN converts India into the new tax haven for money launderers

Two, linking Aadhaar to bank accounts or PAN converts India into the new tax haven for money launderers as it becomes easy to remotely create benamiaccounts and operate benami transactions while claiming complete legitimacy. This will destroy India’s economy and governance.

Financing crime and terrorism will grow uncontrollably

Three, financing crime and terrorism will grow uncontrollably as it becomes increasingly difficult to discover, report or close down such operations. This will make it impossible to ensure national security as the rule of law is destroyed.

Corruption will increase

Four, corruption will increase as it becomes easier when proceeds will not be traceable to the corrupt. It will be increasingly difficult to restore swarajya and impossible to ensure suraiya.

Banks will not be able to contain non-performing-assets

Five, banks will not be able to contain non-performing-assets, fraud and financial misappropriation as the real users of banking services will be untraceable. The economy will be completely out of control as the black and white economies become indistinguishable.

We are in a policy vacuum as the NITI Aayog and the bureaucracy have failed to recognise the Trojan horse and protect national interest. Unless the RBI de-licenses the payments systems based on Aadhaar (AEPS) immediately and the government stays linking Aadhaar to PAN and bank accounts, our leadership will have failed to protect India from this fast colonisation of India by the private interests driving Aadhaar.

Enabling Benami Bank Accounts

Benami accounts get created when banks fail to identify the real customers who own the accounts. The Panama Papers exposed data of thousands of benami accounts created through a Panamanian law firm, Mossack Fonseca. The Panama Papers exposed one modus operandi of hiding the real owners of the assets in tax havens.

panama papers modus operandi
The use of Aadhaar as KYC for bank accounts is similar to the note from Panama Law Firm Mossack Fonseca saying “they are an honest client”

Prudent bankers recognise the importance of knowing who they bank with. It is no wonder that the RBI had warned, right from before the Trojan horse was instilled in to the RBI in 2011, that the Aadhaar enrolment process does not have due diligence. It pointed out that for Aadhaar enrolment verification is not compulsory, as confirmed by the UIDAI in the Demographic Data Standards and Verification Procedure, and does not require document based verification.

The RBI also highlighted that such use of Aadhaar as third party identification is against Prevention of Money Laundering Act, the Financial Action Task Force (FATF) and the paper issued on Customer Due Diligence (CDD) for banks by the Basel Committee on Banking Supervision and circulated to scheduled commercial banks by the RBI on November 29, 2004.

The RBI also observed that a fixed time document like the Aadhaar cannot be a Proof of Address. It further cautioned using Business Correspondents (BC), to open bank accounts or undertake banking transactions, as the vulnerability of the system has not been tested and co-mingling funds of different banks in the hands of BC’s was a major operational risk to the banks. While resisting the use of Aadhaar, the RBI also highlighted the Government’s concern about the perceived misuse of such accounts for terrorist financing.

Under pressure from the UIDAI and the Department of Revenue, Ministry of Finance, the RBI, through its circular dated January 27, 2011, allowed bank accounts to be opened exclusively on the basis of Aadhaar number. However the RBI required such accounts to be put to restrictions and be subjected to conditions and limitations prescribed for small accounts.

Not happy with the restrictions, the UIDAI pressed the RBI to lift the restrictions placed on accounts opened with Aadhaar numbers under the PMLA. On September 28, 2011, again through the Department of Revenue, the UIDAI succeeded in getting the RBI to backtrack and suspend the restrictions of the PMLA on bank accounts opened solely through Aadhaar. The UIDAI also succeeded in causing the RBI further to accept eKYC or remotely using information associated with an Aadhaar number as KYC. According to the UIDAI eKYC brings scale to the ease of onboarding customers.

To put the problem in perspective, Aadhaar enrolment was completely outsourced to private parties by the UIDAI with the sole aim of building the worlds largest biometric database. Mr. Nilekani’s UIDAI repeatedly emphasised that they merely provided a framework to issue a number and store the (unverified and unaudited) data.

RTI says Aadhaar has never been verified or audited
UIDAI admits that the Aadhaar (UID) database has never been verified or audited

No one from the UIDAI or even the government even sign the Aadhaar card that is mailed back to the enrolee. The very same organisations that were declared by the UIDAI as holding databases full of ghosts and duplicates were asked to serve as “Registrars” to the enrolment process. They were even given flexibility in the collection, retention and use of the data (including biometric) that they collected.

Without a verification and audit Aadhaar enables duplicates and ghosts
Without a verification and audit Aadhaar enables duplicates and ghosts

No one in the Aadhaar enrolment process was required to identify anyone. At best they had to merely verify documents that were submitted for enrolment. Needless to say anyone in possession of your documents could enrol with minor changes in any demographic information or with different biometrics. Field stories of enrolments are replete with descriptions of biometric jugaad including using combination of persons, use of biometric masks, biometric modifications, and other ingenious methods to maximise registrations.

According to the IT Minister Ravi Shankar Prasad, 34,000 operators who tried to make fake Aadhaar Cards have been blacklisted. Even if each operator worked for a year before being blacklisted, at about 100 cards a day amounts to over a billion cards. That is more than 95 percent of the database. The Aadhaar enrolment has been unlike that of any other identity document, easily scaling the creation of duplicate and ghost identities.

Excrept of IT Minister Ravi Shanker Prasad’s reply in Rajya Sabha on April 10, 2017
Excrept of IT Minister Ravi Shanker Prasad’s reply in Rajya Sabha on April 10, 2017

While there is widespread belief that biometric authentication at time of opening a bank account prevents benami, it ignores the field realities of mobile phone SIM cards being issued on Aadhaar photocopies and used to open bank accounts, of having remotely “downloadable” accounts, and also plain simple use of photocopies of Aadhaar or parallel Aadhaar databases to open bank accounts. With Aadhaar, banks do not have any trace of the real customer. The real customer is simply masked by a benami owner using an Aadhaar number.
Even your Aadhaar can be used, without your knowledge, by a perpetrator to open multiple accounts in order to use it to collect bribes, park black money, or siphon your subsidies. In the eyes of law enforcement, if these accounts are discovered, you will be the criminal.

benami money laundering aadhaar bank account
Is Aadhaar the new Panama?

To compound the problem, UIDAI has no liability for benami bank accounts opened with Aadhaar. After the introduction of the Aadhaar to open bank accounts, the accounts and deposits have doubled in 5 years. No one knows who really controls these accounts.

Growth of bank accounts and deposits in India
Growth of bank accounts and deposits in India

Enabling Benami transactions

Even when it had no mandate to develop banking platforms, in 2009, the UIDAI signed an MoU with the National Payments Corporation of India (NPCI), a non government company, to develop an Aadhaar Enabled Payment System (AEPS). In this MoU the UIDAI has no responsibility for your banking transactions and the NPCI has no obligation to the RBI. The payment system uses the Aadhaar linked to a bank account as a financial address to do electronic money transfers from one Aadhaar number to another.

Company data for NPCI
Company data for NPCI

Unless an Aadhaar is linked to the account, the AEPS cannot access the bank account. Linking a PAN to the Aadhaar will have the same effect as linking the Aadhaar to a bank account as the PAN is already linked to the bank account. Such accounts become Aadhaar enabled. Aadhaar enabled bank accounts are ready to be used by the AEPS for Aadhaar to Aadhaar money transfers.

Linking an Aadhaar to a bank account is done through a process called as “seeding” an Aadhaar number to a bank account. After receiving the Aadhaar number from the customer, the bank uploads such numbers’ into a “NPCI mapper” or a repository of Aadhaar numbers and Institution Identification Number (IIN) numbers used for the purpose of routing transactions to the destination banks. The IIN is a unique 6-digit number issued by NPCI to the participating bank. If you or anyone else seed your Aadhaar with another bank account, the NPCI mapper is overwritten with the new banks’ IIN. Money transferred to an Aadhaar number, using the Aadhaar Enabled Payment System, gets transferred to the bank account linked to the Aadhaar number at the branch recognised by the IIN.

A money launderer can transfer money to an account linked to an alternate IIN and then re-seed the NPCI’s mapper with the original IIN for the Aadhaar number, completely wiping out any trace of money to the alternate IIN. Like transactions of bearer shares in Panama, such money transfers becomes no different from a hawala[4] transaction between real parties who remain anonymous or benami[5].

Your Aadhaar number can be used to facilitate such benami money transfers. If these money transfers linked to your Aadhaar number are detected by investigation officers or tax authorities, you, not the real operator will be held on suspicion of economic offences.

The NPCI’s idea of Aadhaar to Aadhaar banking itself is flawed. It is surprising if the RBI has licensed this payment system under the Payment and Settlements Act.

All money is ultimately stored in bank accounts and not in the name of a person. Nowhere in the world does one transfer money to a person, you transfer it to a persons account. Money transfers to and from a bank account makes every money transfer traceable from source to destination making money laundering difficult, if not impossible.

Hawala schemes make money transfers untraceable by eliminating the bank accounts. Money transfers that, like the hawala, are based on the premise that you do not share an account number, with someone transferring money to you, are inherently flawed in auditability as they wipe out the money trail.

The idea of a mapper, as used by NPCI’s AEPS, does not allow for instructions from sender but relies on periodic update of IIN in the NPCI’s table mapping Aadhaar numbers from banks. As multiple banks have to upload the Aadhaar numbers seeded with accounts held by them, this cannot guarantee desired results.

Perhaps the worst aspect of the mapper is that it slices the business process and outsources parts. This destroys the responsibility of the payment system from any single party as was in the case of NEFT or RTGS. Neither the NPCI, the UIDAI or the banks are responsible in such money transfers. They merely provide “look-up” services. In this system, a single compromised or rogue bank branch, or the perpetuator’s ability to exploit a good one, is enough to siphon off subsidy, park black money or take bribes.

Such money transfers would be difficult, if not impossible, to trace without a whistleblower. A few cases have been reported that suggest the large scale play of this scenario already. For example more than 40,000 erroneous transfers were reported through AEPS in DBT transfers meant as part of drought relief for farmers in Karnataka. The government allegedly blamed the banks for failure to seed the correct Aadhaar numbers with the beneficiaries.

Governments across India had been using the RBI’s own payment system, the NEFT or RTGS, to undertake electronic money transfers. This is also evidenced by the fact that Aadhaar Leaks has exposed that bank details are already present in every record of the leaked data. There is absolutely no reason to switch public payments from NEFT to AEPS, run by a non-government company.

The replacement of a time tested standard of electronic money transfers under government regulation by a non-standard payment system run by a non-government company raises several serious questions of national and public interest, propriety and possible conflicts of interest.

Preventing disaster

If the government and the Supreme Court implement the wisdom of 7 orders of the Supreme Court of India on the use of Aadhaar, they can yet save the country from disaster resulting from the colonisation of India by the new East India Companies or the private interests driving Aadhaar.

In its first order of September 23, 2011 the Supreme Court had indicated that “no person should suffer for not getting the Aadhaar card inspite of the fact that some authority had issued a circular making it mandatory and when any person applies to get the Aadhaar Card voluntarily”.

On August 11, 2015, the 3 member bench restricted the use of Aadhaar and indicated that it may not be used for any other purpose.

On October 15, 2015, a 5 member bench led by the Chief Justice had emphasised that “the Aadhaar card Scheme is purely voluntary and it cannot be made mandatory till the matter is finally decided by this Court”. It had restricted the voluntary use of Aadhaar to public distribution system (PDS) Scheme, the liquefied petroleum gas (LPG) distribution scheme, the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS), National Social Assistance Programme (Old Age Pensions, Widow Pensions, Disability Pensions), Prime Minister’s Jan Dhan Yojana (PMJDY) and Employees’ Provident Fund Organisation (EPFO).

In the meantime, following Mahatma Gandhi’s footsteps and refusing to link Aadhaar to anything may be the only option left for you.

On 10 January 1908 Mahatma Gandhi was arrested for the first time in South Africa for refusing to carry an obligatory identity document card commonly known as the ‘pass’.

[1] Aadhaar is a 12 digit random number assigned by India’s Unique Identification Authority of India to unaudited and unverified demographic and biometric information submitted by private enrollers.
[2] Accounts and transactions undertaken using a ghost or a duplicate identity are called benami.
[3] Permanent Account Number or PAN is a number used to track financial transactions and file income tax returns in India.
[4] Hawala is an alternative or parallel remittance system that works outside formal banking systems.
[5] This was first highlighted in September 2014 in http://www.moneylife.in/article/how-aadhaar-linkage-can-destroy-banks/38736.html

 

Originally published here.

Many of the problems and issues in India – witness the political debate and the controversies that are so rife on twitter and other social media – are to do with either the relationship between people and the state, or the fine balance between the competing rights of individuals and communities.

It may be a generalisation but I believe that at its core these disputes arise from a fundamental lack of clarity in our own minds of the status of the people.

Are we citizens or are we subjects?

Until  70 years ago there was no question – we were subjects of one king or imperial power or the other. Even if you go back to before recorded history we were subjects of a King who later came to be regarded as God. Kingdoms large and small were sometimes replaced with empires as conquests superseded earlier victories. 

That changed dramatically with the ‘tryst with destiny’ in 1947 when almost overnight we became, in theory at any rate, citizens of a free sovereign nation. In 1950 we became a Republic when we gave ourselves a We-the-People type Constitution, thus setting in stone, so to speak, the role of the people as free citizens in determining the future.

But has this change of status from subject to citizen been reflected in how the State treats us; in how we treat and how we demand to be treated by the state;  and how we respond to each other and react with the State? Do we feel ourselves to be empowered citizens or do we behave like loyal (or disloyal) subjects? Do those we elect to run our affairs treat us as free citizens to whom they are accountable, or as subjects who can be taken for granted?

Make up your own mind But consider the distinction I make between citizens and subjects.

Citizens have rights and freedoms. They have independence of thought, speech and choice; they have agency. Citizens elect their governments to run the affairs of State – their State. They implicitly consent to laws that their elected representatives frame for the greater good of all citizens. When citizens are deprived of their basic freedoms by the agencies of the State it is only by the fair and impartial rule of law, and only after due process. When the State uses its power unreasonably citizens protest and expect at the very least not to be ostracised for it. 

Subjects, on the other hand, are people who have a duty, explicitly stated or otherwise, whether or not they agree, to serve the interests of the ruler. Such rights as they do enjoy are granted to them  at the will and behest of the ruler, capable of being restricted or removed at will. The ruler frames laws mainly for his benefit and implements these laws arbitrarily and not always with due process. As a consequence subjects can have new obligations imposed on them and rights and freedoms abrogated at the whim of the ruler.

A nation of citizens has a truly representative government with transparency, accountability and the rule of law applying equally to both rulers and citizens. The institutions and agencies (that run the country according to the will of the people as expressed through an elected legislature) do so impartially because firstly, they follow a code that requires them to respect the citizens, and secondly, they are independent of the state.  

It is possible in a country of nominally free citizens under an electoral democracy to end up with power going to a small group or ruling class that, whether benign or otherwise, acts mostly in its own interests with little accountability and little or no need for openness. It applies the law selectively, sparing its friends and cracking down on those who would question it. Indeed, the ruling class in a such a country with (de jure) citizens as  (de facto) subjects uses the law as a tool for oppression rather than for ensuring a free society. Such a power elite needs necessarily to subvert democratic processes, control institutions, and suppress dissent in order to maintain its hold on power.

Apply these criteria to the myriad ways in which the State in India interacts with the people, either liberating them or constraining them, either facilitating personal and collective freedoms or restricting individual liberties and group rights. Think about these criteria in relation to how we as individuals and communities interact with each other. Do we support each others’ freedoms or do we we deliberately or inadvertently reinforce our role as loyal subjects?

As a Twitter correspondent of mine put it, its actually quite simple:

Subjects are granted some rights by a sovereign Ruler.

Citizens are sovereign and grant some (temporary) power to a selected ruler.

I believe there is a long way to travel – before we can say we are no longer subjects but free citizens.

2

On August 24th 2017, WikiLeaks published secret documents from the ExpressLane project of the CIA pertaining to the cyber operations the OTS (Office of Technical Services), a branch within the CIA conducts against liaison services. The OTS provides a biometric collection system to liaison services around the world with the expectation for sharing of the biometric takes collected on the systems. Additionally, the CIA has developed ExpressLane - a covert information collection tool to secretly exfiltrate data collections from these systems without the knowledge of the vendors as well.

ExpressLane installs and runs covertly behind a benign splash screen indicating a software upgrade and is used when OTS agents perform on site upgrades on the biometric system. The installation raises no suspicions other than the minor notices which don't appear to be out of the ordinary for a software installation.

The core components of the OTS system are based on products from Cross Match, a US company specializing in biometric software for law enforcement and the Intelligence Community. The company hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan. This company also provides biometrics collection systems for UIDAI's Aadhaar in India.

The response to these revelations in India has been astonishingly muted. A foreign government having access to confidential and highly accurate information on citizens of India amounts to an attack on India's sovereignty. The existence of Aadhaar itself now becomes a government sanctioned weapon against the country and citizens. The Aadhaar must be destroyed.

The few reports in media restrain themselves to very conservative reporting of the actual leaks without committing themselves to stating the implications for the country. This too is concerning, because it indicates an inadequate comprehension of how tech works in the media and renders the media toothless when it comes to providing public oversight on the highly insecure progression of the Digital India project.

On its part, the UIDAI has issued its standard voodoo denials. No explanations, no data, no alarm, no need for any investigations, nothing. Assurances that "all is well, don't worry" is all the UIDAI appears to have on any of the mounting concerns about the Aadhaar being illegally imposed on the citizens of India with blatant disregard to repeated orders of the Supreme Court. And of course, flat out lies - the hallmark of anything supported by the Modi government. Here are some claims debunked.

Aadhaar system has stringent security features to prevent any unauthorised transmission of data.

And here we thought UIDAI filed a case against Abhinav Srivastava, co-founder ofQarth Technologies Pvt. Ltd, who released an entire app that made unauthorized use of Aadhaar data e-kyc, then let him go, because he didn't have bad intentions. And oh, they complained about unauthorized access and then also claimed that no data was breached. We get it. There was no breach. He was using an authorized api without being authorized. No breach. Just reading news on the UIDAI is enough to give anyone who understands tech security high blood pressure.

No, Aadhaar most certainly doesn't have stringent security features to prevent unauthorized transmission of data. Aadhaar devices were not even encrypted till well after UIDAI started claiming 90% enrolment across the country (another dubious claim, for another day).

“Some vested interests are trying to spread misinformation that since ‘Cross Match’ is one of many devices which are being used in biometric devices by various registrars and agencies in Aadhaar ecosystem, the biometrics being captured for Aadhaar are allegedly unauthorisedly accessed by others.”

This is complete bullshit. The vast majority of people objecting to Aadhaar have nothing to gain from its failure (other than national and personal security). In contrast, the vast majority of people defending Aadhaar without any data, independent audit, robust explanations of technology and worse are invariably employed by UIDAI or its affiliates or have founded them (or, in a recent trend, are anonymous handles - I wonder who, other than Sharad Sharma could be behind those). Where is the misinformation in CIA being a spy agency, or it being known to engage in illegal and digital spying or it being known to subvert democratic governments in countries? Where is the "misinformation" in a leak of secret documents on a site that so far has never been questioned on the authenticity of leaked information it publishes?

Aadhaar biometric capture system has been “developed within our own country and it has adequate and robust security features to prevent any possibility of any such unauthorised capture and transmission of data regardless of any biometric device that may be used”.

This statement can be true, only if the UIDAI spokesman is a US national, because even the UIDAI website offers driver downloads for Cross Match and L-1 devices. The same Cross Match and L-1 that have apparently got biometric capture systems from the OTS branch of CIA on the understanding of data sharing. And the Express Lane is the data theft on top of that.

“In addition, there are many other rigorous security features and processes within UIDAI ensuring that no biometric data of any individual is unauthorized accessed by anyone in any manner whatsoever,”

This is a breathtaking lie, because the CONTRACT UIDAI had with L-1 Identity Solutions Operating Co Pvt Ltd, Morpho and Accenture Services Pvt Ltd, says that the company was given Aadhaar data access "as part of its job". This contract has also been reported and objected to in the past and on this blog as well in 10 big problems with the Aadhaar UID card project.

Golden rule in C-Sec is: If physical access is compromised, everything is gone. Wikileaks talks about physical access. It is about installing a backdoor on the source where biometric is acquired at the device driver level. Encryption argument is useless in that case. But encryption != Security.

(update: UIDAI has made some vodoo argument about how access is secured on UIDAI premises and what not. It is nonsense. Aadhaar data is collected out in the real world where the espionage would be happening. Whether UIDAI pickles the data or freezes in some on premises further access to foreign companies it makes no difference to that)

How much Aadhaar data and how much access do foreign BSPs have?

And this information is from an RTI filed by Col. Thomas, that the BSP (Biometric Service Provider) "may have access to personal data of the purchaser (UID), and/or a third party or any resident of India..." Further, Clause 3, which deals with privacy, says that the BSP could "collect, use, transfer, store and process the data".

Excerpt from UIDAI contract with Biometric Service providers
Excerpt from UIDAI contract with Biometric Service providers

In other words, the UIDAI has been deliberately undermining Indian security using Indian funds and flat out lying about its activities. The entire organization must be dismantled and its leaders investigated.