Skip to content

2

On August 24th 2017, WikiLeaks published secret documents from the ExpressLane project of the CIA pertaining to the cyber operations the OTS (Office of Technical Services), a branch within the CIA conducts against liaison services. The OTS provides a biometric collection system to liaison services around the world with the expectation for sharing of the biometric takes collected on the systems. Additionally, the CIA has developed ExpressLane - a covert information collection tool to secretly exfiltrate data collections from these systems without the knowledge of the vendors as well.

ExpressLane installs and runs covertly behind a benign splash screen indicating a software upgrade and is used when OTS agents perform on site upgrades on the biometric system. The installation raises no suspicions other than the minor notices which don't appear to be out of the ordinary for a software installation.

The core components of the OTS system are based on products from Cross Match, a US company specializing in biometric software for law enforcement and the Intelligence Community. The company hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan. This company also provides biometrics collection systems for UIDAI's Aadhaar in India.

The response to these revelations in India has been astonishingly muted. A foreign government having access to confidential and highly accurate information on citizens of India amounts to an attack on India's sovereignty. The existence of Aadhaar itself now becomes a government sanctioned weapon against the country and citizens. The Aadhaar must be destroyed.

The few reports in media restrain themselves to very conservative reporting of the actual leaks without committing themselves to stating the implications for the country. This too is concerning, because it indicates an inadequate comprehension of how tech works in the media and renders the media toothless when it comes to providing public oversight on the highly insecure progression of the Digital India project.

On its part, the UIDAI has issued its standard voodoo denials. No explanations, no data, no alarm, no need for any investigations, nothing. Assurances that "all is well, don't worry" is all the UIDAI appears to have on any of the mounting concerns about the Aadhaar being illegally imposed on the citizens of India with blatant disregard to repeated orders of the Supreme Court. And of course, flat out lies - the hallmark of anything supported by the Modi government. Here are some claims debunked.

Aadhaar system has stringent security features to prevent any unauthorised transmission of data.

And here we thought UIDAI filed a case against Abhinav Srivastava, co-founder ofQarth Technologies Pvt. Ltd, who released an entire app that made unauthorized use of Aadhaar data e-kyc, then let him go, because he didn't have bad intentions. And oh, they complained about unauthorized access and then also claimed that no data was breached. We get it. There was no breach. He was using an authorized api without being authorized. No breach. Just reading news on the UIDAI is enough to give anyone who understands tech security high blood pressure.

No, Aadhaar most certainly doesn't have stringent security features to prevent unauthorized transmission of data. Aadhaar devices were not even encrypted till well after UIDAI started claiming 90% enrolment across the country (another dubious claim, for another day).

“Some vested interests are trying to spread misinformation that since ‘Cross Match’ is one of many devices which are being used in biometric devices by various registrars and agencies in Aadhaar ecosystem, the biometrics being captured for Aadhaar are allegedly unauthorisedly accessed by others.”

This is complete bullshit. The vast majority of people objecting to Aadhaar have nothing to gain from its failure (other than national and personal security). In contrast, the vast majority of people defending Aadhaar without any data, independent audit, robust explanations of technology and worse are invariably employed by UIDAI or its affiliates or have founded them (or, in a recent trend, are anonymous handles - I wonder who, other than Sharad Sharma could be behind those). Where is the misinformation in CIA being a spy agency, or it being known to engage in illegal and digital spying or it being known to subvert democratic governments in countries? Where is the "misinformation" in a leak of secret documents on a site that so far has never been questioned on the authenticity of leaked information it publishes?

Aadhaar biometric capture system has been “developed within our own country and it has adequate and robust security features to prevent any possibility of any such unauthorised capture and transmission of data regardless of any biometric device that may be used”.

This statement can be true, only if the UIDAI spokesman is a US national, because even the UIDAI website offers driver downloads for Cross Match and L-1 devices. The same Cross Match and L-1 that have apparently got biometric capture systems from the OTS branch of CIA on the understanding of data sharing. And the Express Lane is the data theft on top of that.

“In addition, there are many other rigorous security features and processes within UIDAI ensuring that no biometric data of any individual is unauthorized accessed by anyone in any manner whatsoever,”

This is a breathtaking lie, because the CONTRACT UIDAI had with L-1 Identity Solutions Operating Co Pvt Ltd, Morpho and Accenture Services Pvt Ltd, says that the company was given Aadhaar data access "as part of its job". This contract has also been reported and objected to in the past and on this blog as well in 10 big problems with the Aadhaar UID card project.

Golden rule in C-Sec is: If physical access is compromised, everything is gone. Wikileaks talks about physical access. It is about installing a backdoor on the source where biometric is acquired at the device driver level. Encryption argument is useless in that case. But encryption != Security.

(update: UIDAI has made some vodoo argument about how access is secured on UIDAI premises and what not. It is nonsense. Aadhaar data is collected out in the real world where the espionage would be happening. Whether UIDAI pickles the data or freezes in some on premises further access to foreign companies it makes no difference to that)

How much Aadhaar data and how much access do foreign BSPs have?

And this information is from an RTI filed by Col. Thomas, that the BSP (Biometric Service Provider) "may have access to personal data of the purchaser (UID), and/or a third party or any resident of India..." Further, Clause 3, which deals with privacy, says that the BSP could "collect, use, transfer, store and process the data".

Excerpt from UIDAI contract with Biometric Service providers
Excerpt from UIDAI contract with Biometric Service providers

In other words, the UIDAI has been deliberately undermining Indian security using Indian funds and flat out lying about its activities. The entire organization must be dismantled and its leaders investigated.

When you speak truth to power, you inspire others to stand by you. When you fabricate lies and engineer perceptions for profit, they come back to bite you.

It began with an innocent reply of a gullible Modi supporter who thought to assert Modi's honor with a claim that is popularly doing the rounds. That Assange had called Modi INCORRUPTIBLE. Is Assange corrupt? Well, Assange may not be corrupt, but the person who told you he said that could be, yes?

Wikileaks burst Modi's claim of incorruptible
Wikileaks burst Modi's claim of incorruptible

But then this was hardly news. Even when Modi made the claims of "America and Wikileaks declaring after their investigations that Modi was incorruptible... not just not corrupt, but incorruptible" there were news reports of this absurd interview even at that time that pointed out the utter inaccuracy of his claim.

The cables simply reported the beliefs of politicians (in this case Congress) the Ambassador interacted with and no investigations or comparisons. They were neither the opinion of United States of America nor Wikileaks. But facts are never a strong suit of the serial faker rising to fame faster as "Feku" than any of his many titles. Every public appearance brings embarrassment over some or the other lie he peddles - be it history or geography or economy or... an endorsement his party now claims he doesn't need. If he chose to present a cable reporting perceptions of him in India as a true endorsement of him by the United States or Wikileaks, here was an entire bevy of media to merely report what he said. Not for the hridaysamarat (Emperor of Hearts) would be the "well researched" exposes by a pliant media (read open browser, read cable out to camera, tell people how to verify).

Modi's official website flaunts the lies with pride.

Modi's claims about Wikipedia and the US on his official website
‘On one side it is being said, ‘Indian government is completely corrupt’. Then there are reports by America and WikiLeaks, which refer to the state of Gujarat where the leader is un-corruptible,’ ~ Modi's official website

Gujarat Assembly Elections came and went without these lies contested.

 We actually had news media publishing his claims with the contradicting quote of the cable (with link to original NEVER provided for viewer to check). As if the cable contradicting Modi was not an issue that needed clarification or confrontation.

And yet all it took to shred the pretence was one tweet from Wikileaks when they saw the credibility that was being claimed in their name and in the name of Assange. And all of a sudden, Indian media is pretending it just noticed this. Right.

So anyway, yours truly had an inadvertent role to play in this. There is a site called Fek le! which I started after getting fed up of the disinformation provided by the Narendra Modi brigade. It is a fake news site, which uses as "authentic sources" only satire websites, comedy shows, BJP's disinformation products and anyone else acting too ridiculous to take seriously. Routinely BJP supporters come up with some ridiculous propaganda, I take the juciest (or most harmful) and report it with further fabrications and exaggerations on the satire site as entirely true with the tag "BJP Photoshop Laghu Udyog" - which can be a security service, research organization or whatever the tall claim would qualify them as. When pictures of Julian Assange endorsing Modi in Hindi started circulating, it was too good to pass, and of course Fek Le! reported them.

Turns out brains rotted by brainwashing have real poor comprehension skills, because that fake post got BELIEVED by some Namo supporting website and republished in their news round up or something. It is an occasional side effect of satire sites to get picked up by news websites with lazy staff, but this was unbelievable. Julian Assange speaking in Hindi out of loyalty to Narendra Modi, saying that America is scared of Narendra Modi and tagged with "BJP Photoshop Laghu Udyog" AND on a site called Fek Le! I mean how gullible, can anyone be? Plenty, as it turns out.

The fake photo from my site (probably, or the original, where I got it from on Twitter) started circulating again along with its versions I hadn't seen, but were existing all through to the point Wikileaks set the record straight.

I logged in late last night to discover that everyone was tagging me with Wikileaks handle that had minced no words in denying the tall tales or "feks". I was thrilled, only to discover that Wikileaks had linked to the photo on my website. And I set the record straight. Fek Le! only reproduces disinformation already in circulation and all the images and videos on it (so far) have been made by someone else. Usually the people getting "idolized" in the article. The site combats disinformation by exaggerating it, and making it ridiculously obvious and the occasional sprinkling of "news sources" and "documentary films" from satire websties or comedy shows.

But feels great to have contributed a long overdue journalistic and political confrontation .... and all because of a satire website tracking political disinformation. I do hope that this will help bring down some of the false propaganda in time for this elections.

Long overdue news. Wikileaks, which had gotten targeted in many ways by the US government over its exposes of war crimes was literally being starved of funds by the refusal of credit card companies to process donations to them. This Press Release from them is very good news. Strike one for whistleblowers!

In a case against Valitor, formerly VISA Iceland, Reykjavík District Court just ruled the company had violated contract laws by blocking credit card donations to Wikileaks. After WikiLeaks' publications revealing U.S. war crimes and statecraft in 2010, U.S. financial institutions, including VISA, MasterCard, Bank of America, erected a banking blockade against WikiLeaks wholly outside of any judicial or administrative process. The blockade stripped away over 95% of donations from supporters of WikiLeaks, costing the organization in excess of USD 20M.

The court ruled that the donation gateway should be reopened within 14 days otherwise Valitor will be penalized with a fine of 800 000 ISK daily. WikiLeaks is persuing several actions against the blockade and a European Commission preliminary investigation into the blockade was started last July. A Commission decision on whether to pursue the financial services companies involved in the blockade is expected before the end of August.

WikiLeaks founder Julian Assange, said "This is a significant victory against Washington's attempt to silence WikiLeaks. We will not be silenced. Economic censorship is censorship. It is wrong. When it's done outside of the rule of law its doubly wrong. One by one those involved in the attempted censorship of WikiLeaks will find themselves on the wrong side of history."

I had said when the persecution of Wikileaks began that India was walking down the wrong path. How i had hoped that mine could be the country to offer Assange asylum. At least with this news, other, more ethical countries may take the chance...

5

To all of you anonymous, known, yet to be known harbringers of truth.

India Pakistan anything is not easy. Be it praise, care or even blame. So here I am, an Indian, telling you in this moment at least that I care.

Not my place to recommend anything. Not qualified. Not as journalist, neither as someone who has seen so much danger. Never seen blast or touched gun. I almost feel guilty writing this. So take with salt. But I thought of it, so sharing.

Beginning with saying how much I admire you for still having the guts to question things, break stories, risk life and limb in pursuit of truth. In a time when we are losing belief in the credibility of journalists in my country, where we wonder about bribes and lobbies and what nots, it is a stark contrast to see the extents to which you go to, in full knowledge of possible danger to your life. Perhaps danger also brings out the best in each of us.

I think you guys should have some kind of strategy. Each of you has been scarred by these deaths. You know the pain. Perhaps the ones doing really risky work can protect identities somehow? Fake or protected author info on some articles, or possibly breaking difficult stories in many places at same time?

I don't know, but I have come to read your words and I care.

Saleem Shahzad died today. I had read his words and admired the kinds of inside information he was leveraging. Today he is dead. I feel sad. I see your sorrow in the torrent of tweets (on Twitter) and other places. I have no words to offer. That is my frustration.

I think you guys are pretty much the only hope Pakistan has left. The only ones with the reach to people and objectives of changing society for the better. You owe it not only to yourself, but to your country, and this region to be strong and safe. I don't think careful is working anymore. SS was picked from a supposedly safe area.

This candles in the dark thing is not working. Too easy to puff out. You need to be a wildfire. To have back ups, possibly Julian Assange style information bombs if something happens? Perhaps the answer is in being bold and being bold in unstoppable quantities? I don't wish to see you in danger and courting risks, but increasingly it appears as though only the bold have been able to make any dent in anything or even be relatively safe.

I don't know. Thinking aloud mostly.

I want you to know I care.

What remains to be seen is how this history will be written. The 'masses' are getting their dose of scandal and assuming that 'someone' will fix things now that they are blown wide open. But is this true? The country waging wars to impose democracy on assorted regions with assorted psyches about authority is standing boldly as a dictatorship and there is not a single squeak from any other world authority, including the UN, who seem content with asking for some explanations on comparatively trivial matters. Queries that are apparently utterly ignored by the US government.

If there is one thing worse than a veiled dictatorship, it is a veiled dictatorship that no longer needs to keep up a pretense and things in America seem to be getting uglier by the day. Some things off the top of my head, which seem extremely dangerous for world safety and peace:

  • Hillary Clinton conveyed her regrets to the UN. Please notice the use of words. We can regret anything without being accountable for it. There was no apology. In fact, there has  been no apology for anything (ever?). Why is this on top rather than the more horrific things? Because its an alarm about how easily it was swallowed without any questioning.
  • Sweden, which has an extraction arrangement with the US has suddenly developed from a country with sorry figures for the proscecution of rape to one that issues international red alerts and arrest warrants for the questioning of a suspect who can't even be called a suspect, since there are no charges. Suspected of what? Yet Julian Assange spent 9 days in prison for being a flight risk - this in spite of the fact that he hadn't hidden from the police in either country and had left Sweden legally and was open to communication on the matter. He was denied bail at first, and then when he was granted bail, it was delayed by another two days because of some mysterious process where it got contested. Sweden lawyers say they didn't contest it, but the UK guys did. Apparently the UK has an interest in keeping him out of commission, which was quite evident in the nature of his imprisonment. For someone imprisoned only to prevent flight, why deny him company, exercise, communication... his lawyer had to struggle to meet him. Why? Why was he prevented from seeing the TIME magazine (His face was on the cover, but apparently the entire magazine was destroyed, not just the cover)? The Swedish lawyer protested that Julian coming to Sweden will only complicate America's access to him, as they will now require the agreement of two countries. Are we fools? He can't be held in the UK for long, since they have nothing on him, while it is Sweden that does. And who in the world thinks that Julian needs to be brought to the US for US to have access to him? This is the country that has used the UK fields for renditions against the express stated directions of the Queen herself. This is also the country that is already fixing for other countries to hold its prisoners. All it needs is for Julian to be off the streets, which is not possible without a really monstrous farce in the UK (where he also has a lot of support), while a really big farce has been possible to rig up in Sweden. As simple as that.
  • A multitude of companies have cut off services to Wikileaks in an economic stranglehold, while its virtual existence has been threatened in other ways ranging from removing its domain name to censoring the reading of the documents it released. We have already experienced two days on this site where the account was suspended for hosting  a mirror. All these companies Mastercard, Visa, Paypal, EveryDNS, Amazon, Bank of America.... and our very own Mochahost have done this without any legal directive, based solely on their own choice to interpret their Terms of Service to fit their action.
  • Censorship of Wikileaks in the US is rampant ranging from implied threats to career choices with the government to outright blocking of over 25 media sites including newspapers.
  • Politicians and public figures have called for Wikileaks to be declared a terrorist organization, for Assange to be pursued like Osama bin Laden, for his assassination, etc. Utterly illegal. Crass. And no one has managed to get any of this retracted. Not the citizens, not other politicians. To me, it sounds remarkably similar to terrorist videos - this guy has wronged unacceptably - kill him. Yep. Its a so called democracy's leaders delivering such evil speech.
  • Bradley Manning, who is suspected to be the source of the leaks, but not charged of anything has been imprisoned in solitary confinement under conditions described as torture WITHOUT CHARGE.
  • A splinter group of Wikileaks claims to promote its values by not making leaks public, but offering them selectively to (state-controlled) media. Yeah right. Who got sold? Check out the contact page when the site launches.

On the other hand, we have public figures standing up solidly for Wikileaks and Assange. People offering their homes, reputations and money to see him out on bail. Anonymous citizens of the world beginning with rage and illegal DDoS attacks called Payback, but maturing into more and more thoughtful and determined responses. Politicians, journalists, national heroes speaking out in condemnation of America's disproportionate and illegal response. Street protests.

Yet, things are pretty much where they stand. America is suppressing information to its citizens and employees, and projecting Wikileaks as a rogue/terrorist/virtual guerilla type organization. People are objecting. Small battles are happening on many fronts. Bradley is still in prison, but Assange is out for now, at least.

It is time to be a part of history to whatever extent we are able. To have a stake and exercise it in shaping our world and the legacy we leave our children. To participate in whatever way you can. Some suggestions (in increasing order of difficulty):

  • Be informed. If you do nothing else, you owe yourself this - a firm basis for your stand and understanding.
  • Share good articles or information you think the world should pay attention to on your Facebook profiles, Twitter, Buzz, whatever.
  • Speak out. In real life discussions. Online. Write articles, opinions on Facebook... if you don't currently write, but would like to write something, but don't have a place, feel free to submit it here.
  • Join the Anonymous operation Paperstorm. Print out cables and hand them out, stick them on walls...
  • Influence your society and government to insist on transparency, lawful behaviour and human rights.

Seeing as how no country in the world (or the UN) has really confronted the US on anything about the injustice we see unfolding, no matter where you live, current events are going to cascade on your freedoms - by virtue of becoming acceptable - its only a matter of time.