Homeland Security

Joining the Security Dots: Cyber Security, Surveillance and Democracy
Star Rating Loader Please wait...
Issue Net Edition | Date : 06 Jul , 2013

Surely this was known to data system designers in UIDAI and to India’s intelligence organizations. Also surely known is the fact that U.S legislation makes it mandatory for U.S firms to provide to the U.S administration on demand, any or all data or information that they may acquire in the course of their operations. Thus, the fact that the Indian intelligence community was strangely silent on the UIDAI contracts, leads an impartial observer to view this as another sign of India’s subservience to U.S diktat, not necessarily unconnected with corruption at some individual level. Whatever the reason for this, there can be no excuse for compromising India’s data security.

Compromising an individual’s personal data affects only that person, but when the personal data of many millions of people is involved, there is potential for all kinds of use of data for corporate gain or for misuse…

India also imports electronic hardware from China (e.g. data routers, which handle data within networks), Japan and South Korea, which is used in government departments. There is little if any systemic method by which these hardware devices with embedded software can be checked for their ability to access the data which they are only meant to handle.

Enabling U.S cyber hegemony

Linked with Snowden’s expose is the report that U.S president Obama has authorized drawing up a list of potential targets for Offensive Cyber Effects Operations (OCEO), to advance “U.S national objectives around the world”. This could be in pursuance of the PNAC. An intelligence source with extensive knowledge of NSA’s systems told the Guardian, that with both defensive and offensive cyber operations being central to U.S strategy, “ … America had participated in offensive cyber operations and widespread hacking – breaking into foreign computer systems to mine information”. OCEO by the U.S military is also very much on the table.4. Thus the hegemonic cyber-power of USA in political, economic and military spaces is frighteningly real.

UIDAI’s Aadhaar program aims to provide a unique identity to all Indian residents including non-citizens, by providing a unique 12-digit number based upon biometric records of every individual, to form India’s flagship database. The Aadhaar number will be used by various government, quasi-government and non-government systems across India to establish the identity of any person who wishes to receive a service or derive benefit from it. Breaking into the Aadhaar database can provide an individual’s primary personal data (e.g., biometrics, name, age, sex, relation, address, mobile number, bank account, etc), thus violating his/her privacy.5.

Thus access into UIDAI’s CIDR and associated programs due to UIDAI’s contracts, provides reach into personal information of all India’s residents.  Compromising an individual’s personal data affects only that person, but when the personal data of many millions of people is involved, there is potential for all kinds of use of data for corporate gain or for misuse for profiling people on the basis of caste, religion, language, etc. This would be an unmitigated national disaster not merely because of loss of security and the resulting disgrace, but also because it will effectively allow foreign control of India’s flagship database.

CMS is a wide-ranging surveillance programme that will give its security agencies the ability to tap directly into e-mails and phone calls without oversight by courts or parliament. Security agencies will not need to seek a court order for surveillance.

The Indian establishment may publicly rubbish the foregoing, but that is only to be expected from a political-bureaucratic-intelligence set-up that has possibly colluded to award sensitive contracts concerning India’s strategic interests to U.S corporations specializing in intelligence and surveillance. This is not to suggest that USA will launch offensive cyber operations against its strategic partner, but to point out that with the strategic upper hand, USA will be in a position to dictate policy and action to India, exacerbating its subservience besides compromising sovereignty. That the U.S military, already organized into six commands that straddle the globe6  has expanded its Cyber Command, should sound alarm bells in the Indian military, unless the canker of subservience has affected it too.

Ownership of databases

Data is the new property. An executive notification of the Planning Commission dated January 28, 2009, stated among other things, that UIDAI “shall own and operate” the Aadhaar database.7. The Technical Advisory Group for Unique Projects (TAG-UP) chaired by UIDAI Chairman Nandan Nilekani, envisages formation of National Information Utilities (NIUs) which would be “private companies with a public purpose: profit-making, not profit maximising”, with at least 51% private ownership and at least 26% government shares. TAG-UP envisages that when the Aadhaar system attains a “steady state”, the database will be taken over by a NIU and government, which set up the Aadhaar system at enormous public cost, will take the role of a “paying customer”. Indeed, TAG-UP states, “Once the rollout is completed, the government’s role shifts to that of a customer“.

Apart from the sheer audacity of TAG-UP’s proposal of government funding the start-up of private companies, the data-security risks of private companies owning and handling strategic databases appears to have been overlooked. Data security of Indian citizens and other residents would be compromised, simplifying the task for NSA. Purchasing the desired data from an entity which has it or has access to it, is so much more elegant, risk-free and cheaper that hacking into a system! This is not to suggest that only USA (through its NSA, CIA and FBI) would be interested in hacking into India’s critical information infrastructures. Surely China, Pakistan, Russia, Israel, Britain, France, Iran, Bangladesh, Sri Lanka and Myanmar at the very least, would have reasons to obtain data and information from India for political, economic and military purposes.

Impending death of democracy

India’s new Centralized Monitoring System (CMS) has, like UIDAI before it, been created by executive fiat. CMS is a wide-ranging surveillance programme that will give its security agencies the ability to tap directly into e-mails and phone calls without oversight by courts or parliament. Security agencies will not need to seek a court order for surveillance. CMS will provide government unfettered access to all landline and mobile phone calls (900 million subscribers), SMSs, e-mails, web browsing (120 million internet users), video-conferencing, multi-media streaming and even video games.8. This has been planned and put into place without any legal safeguards and procedures concerning who or what will be surveilled, who will authorise surveillance, the period of surveillance, etc. In typical obfuscation, junior minister for Information Technology, Mr.Milind Deora, said the new data collection system would actually improve citizens’ privacy because telecommunications companies would no longer be directly involved in the surveillance – only government officials would.

The operationalization of CMS together with UIDAI’s Aadhaar operating in corporate (NIU) hands will make India into a police state under unfettered capitalism of corporate control.

The purpose of UIDAI’s Aadhaar project was stated to be reaching government benefits and programs to the poor by direct benefit transfer (DBT). If that was indeed so, then there was no need to coercively enrol the non-poor into Aadhaar as has been done, and to link up rights like salary and pension to the Aadhaar number. Thus, with plans to hand over strategic databases to private entities (NIUs), there is little doubt that UIDAI’s Aadhaar project will be an enabler in the CMS plan. The doubt is only whether it was planned to be the enabler, to facilitate surveillance.

The operationalization of CMS together with UIDAI’s Aadhaar operating in corporate (NIU) hands will make India into a police state under unfettered capitalism of corporate control. The power of the people by electing representatives to legislatures will be meaningless as legislators are themselves corporate honchos or increasingly under the influence of corporates. Those who are not, will be silenced with information obtained by CMS investigation.

The strategic subservience of India to USA and the latter’s PRISM, will ensure that India’s chief executive (prime minister) will toe the U.S line, not unlike USA’s imposition of dictators in the countries of South America in the 1970s and 1980s. This was done to impose neo-liberal economic policies according to Milton Friedman, through political shock doctrine methods. These include harassing, arresting or “disappearing” dissenters, objectors, political opponents, trade union leaders, whistleblowers, intellectuals, and all those who are foolish or courageous enough to demand social justice, equity and democracy, because locating and targetting them through Aadhaar and CMS will be child’s play.9.

References

  1. Tom Engelhardt; “The Making of a Global Security State”; <http://www.countercurrents.org/engelhardt180613.htm>; Countercurrents.org; June 18, 2013.
  2. Zia Mian, “America’s Time and Place”; Economic & Political Weekly; Vol.XL, No.16, April 16, 2005.
  3. Sandeep Joshi; “Waking up now, India to up cyber security strength”; The Hindu, Bangalore, June 19, 2013, p.14.
  4. “Obama orders US to draw up overseas target list for cyber-attacks”; The Guardian; <http://www.guardian.co.uk/world/2013/jun/07/obama-china-targets-cyber-overseas>; June 9, 2013.
  5. Indulekha Aravind; “Criminals will be able to crack UID system easily: Jacob Appelbaum”; <http://www.business-standard.com/article/economy-policy/criminals-will-be-able-to-crack-uid-system-easily-jacob-appelbaum-113053100728_1.html>; Business Standard, Bangalore, June 1, 2013.
  6. Vombatkere, S.G., “The US War Machine – Yesterday, Today and Tomorrow”, Mainstream, New Delhi, Vol XLVIII No 17, April 17, 2010, p.25-30.
  7. Usha Ramanathan; “Your data, going on sale soon”; <http://www.thehindu.com/opinion/op-ed/your-data-going-on-sale-soon/article4733606.ece>; The Hindu; May 13, 2013.
  8. Shalini Singh; “India’s surveillance project may be as lethal as PRISM”; The Hindu; June 21, 2013; p.1.
  9. Naomi Klein; “The Shock Doctrine: The Rise of Disaster Capitalism”; Random House, Toronto, 2007.
1 2
Rate this Article
Star Rating Loader Please wait...
The views expressed are of the author and do not necessarily represent the opinions or policies of the Indian Defence Review.

About the Author

Maj Gen S G Vombatkere

retired as major general after 35 years in the Indian military, from the post of Additional DG in charge of Discipline & Vigilance in Army HQ.

More by the same author

Post your Comment

2000characters left

One thought on “Joining the Security Dots: Cyber Security, Surveillance and Democracy

  1. It was bound to happen.The spying by USA is not a surprise but the lack of vision or better say resistance to vision is surprising.The cyber security always remained a useless topic for our government.despite having large no. computer professionals we haven’t done anything on system software and hardware manufacturing is surprising.even a simple computer graduate know that any spyware or virus cannot be easily detected after triple encryption and it can be embedded in any firm ware but our national reader don’t have knowledge about it.

More Comments Loader Loading Comments