Information being collected for the unique identification project
will be sold back to the government through specially created, privatized, for profit utilities.
Technology has created the potential to record, collate, converge,
retrieve, mine, share, profile and otherwise conjure with data. Data is
the new property. The Unique Identification Authority of India (UIDAI),
with its push to enrol the whole Indian resident population, signals the
emergence of an information infrastructure facilitated by the
government — it finances the “start up,” and uses its authority to
coerce people to get on to the database, and then handed over to
corporate interests when it reaches a “steady state.”
Allowing private entry
The UIDAI was set up by an executive notification dated January 28,
2009. The Planning Commission was the nodal agency “for providing
logistics, planning and budgetary support” and to “provide initial
office and IT infrastructure.” As part of its “role and
responsibilities,” the UIDAI was to “issue necessary instructions to
agencies that undertake creation of databases, to ensure standardisation
of data elements that are collected and digitised and enable collation
and correlation with UID [Unique Identification Number/Aadhaar] and its
partner databases.” It was to “take necessary steps to ensure collation
of NPR [National Population Register] with UID”. And, the UIDAI “shall
own and operate” the UID database.
When the state holds data it collects in its transactions with its
residents, it holds the data in a fiduciary capacity. It does not own
the data.
The framework for ownership of data was set out by the Nandan
Nilekani-chaired Technology Advisory Group for Unique Projects (TAG-UP),
which gave its report in January 2011. While the Nilekani committee
directly addressed five projects — Goods and Services Tax Network, Tax
Information Network, Expenditure Information Network, National Treasury
Management Agency and the New Pension System — it recommended that the
suggested framework “be more generally applicable to the complex
IT-intensive systems which are increasingly coming to prominence in the
craft of Indian public administration.”
As understood by TAG-UP, the government has two major tasks:
policymaking and implementation. Implementation is weak, and rather than
spend time finding correctives, the committee found in this an
opportunity for private business interests. So, TAG-UP suggested the
setting up of National Information Utilities (NIUs).
“NIUs would be private companies with a public purpose: profit-making,
not profit maximising.” The government would have “strategic control,”
that is, it would be focused on how it would achieve the objectives and
outcomes, leaving the NIU “flexible” in its functioning. Total private
ownership should be at least 51 per cent. The government should have at
least 26 per cent shares. Once it reaches steady state, the government
would be a “paying customer.” As a paying customer, “the government
would be free to take its business to another NIU”; though, given the
“large upfront sunk-cost, economies of scale, and network externalities
from a surrounding ecosystem (and what this means is not explained any
further), NIUs are ... essentially set up as natural monopolies.” To get
a buy-in from the bureaucracy, “in-service officers” are to be deployed
in the NIUs and are to be given an allowance of 30 per cent of their
remuneration.
Government as customer
“Once the rollout is completed,” the Nilekani committee blithely states, “the government’s role shifts to that of a customer.”
In sum, what emerges from the TAG-UP report is this: governmental data
and databases are to be privatised through the creation of NIUs which
will then “own” the data. NIUs will be natural monopolies. NIUs will use
the data and the database for profit-making and not profit-maximising,
and the definition of these terms are indeterminate.
Government will support the NIUs through funding them till they reach a
steady state, and by doing what is needed to gather the data and create
the database using governmental authority. Once the NIU reaches steady
state, the government will reappear as the customer of the NIU.
Government officers will be deployed in NIUs and be paid 30 per cent
over their salaries, which, even if the report does not say it
explicitly, is expected to forge loyalties and vested interests. The
notion of holding citizens’ data in a fiduciary capacity cedes place to
the vesting of ownership over citizens’ data in an entity which will
then have the government as their customer.
This notion of private companies owning our data has not been discussed
with state governments, nor with people from whom information is being
collected.
Unexplained
We might have treated the TAG-UP report as another report without a
future; except, in the Budget presented by Mr. Pranab Mukherjee as
Finance Minister in March 2012, he announced that the “GSTN (Goods and
Sales Tax Network) will be set up as a National Information Utility.”
The NIU was not explained to Parliament, and no one seems to have raised
any questions about what it is.
There is disturbing evidence that the UIDAI provided the basis for the
NIU. The report is littered with references to the UIDAI, and suggests
that the way the UIDAI has been functioning is a model for the NIU. The
Biometrics Standards Committee set up by the UIDAI in September 2009 and
which gave its report in December 2009 declared that the UIDAI intended
to “create a platform to first collect identity details of residents,
and subsequently perform identity authentication services that can be
used by government and commercial service providers.” The “UIDAI
Strategy Overview,” in April 2010, estimated that it would generate
Rs.288.15 crore in annual revenue through address and biometric
authentication once it reaches a steady state, where authentication
services for new mobile connections, PAN cards, gas connections,
passports, LIC policies, credit cards, bank accounts and airline
check-in, would net this profit. Till then, it is to be funded by the
government. Once that stage is reached, it will be a private,
profit-making entity and the government, like other commercial service
providers, will become its customer.
Data for a price
Mr. Nilekani calls it “open architecture”; that is, applications can be
thought up as the business grows; there are no limits or contours within
which it should be used. He has repeatedly described the UID as a
unique number, which will be universal and ubiquitous; the latter two
indicate that, despite being marketed as voluntary, all activities and
services are intended to be made dependent on the UID for all persons,
ensuring steady business for the enterprise. The UID enrolment form has a
column for “information sharing consent.” This will allow the UIDAI to
part with the data, both demographic and biometric, for a price. This
explains why there has been so little enthusiasm for a law on the
subject. A Bill was introduced in Parliament close to two years after
the project was started. When the Parliamentary Standing Committee
rejected the Bill and the project in December 2011, the law was
consigned to oblivion.
The UIDAI will be a business entity, governed by the Companies Act; not
bound by a law that will recognise the fiduciary role of the state, and
which will facilitate, and not penalise, a citizen for not having an
identity document or number.
The 2009 notification that set up the UIDAI says that the UIDAI is to
“take necessary steps to ensure collation of NPR with UID.” Registering
in the NPR is compulsory under the Citizenship Act and the Citizenship
Rules of 2003. Although biometrics is not within the mandate of the NPR,
they have also been collected in the process of building up the NPR
database. So, the data mandated to be given to the NPR is being handed
over to the UIDAI to become the property of the UIDAI, and we don’t even
know it!
(Usha Ramanathan is an independent law researcher and has been following the policy and practices of the UIDAI since 2009.)
No comments:
Post a Comment