CHENNAI: WikiLeaks published reports on Thursday that claimed to “expose” that CIA is using tools devised by US-based technology provider Cross Match Technologies for cyber spying that may have comprised Aadhaar data. The claim was dismissed by official sources in India, reports the Times of India.
Cross Match Technologies also provides biometric solutions to the Unique Identification Authority of India (UIDAI), the statutory body for Aadhaar, leading to claims of possible data leakage.
Linking to an article on Cross Match’s Indian operations with its partner Smart Identity Devices Pvt Ltd — which has enrolled 1.2 million Indian citizens on the Aadhaar database, WikiLeaks tweeted on Friday: “Have CIA spies already stolen #India’s national ID card database?” A few minutes later, it tweeted: “Has the CIA already stolen India’s #Aadhaar database?” linking to geopolitical magazine Great Game India’s online article.
When contacted, official sources said the report was not a WikiLeaks “leak” but areport by a website. Cross Match is a global supplier of devices used for biometric data capture. But the data collected cannot reach the company or any other entity as vendors collect data in an encrypted form that is transferred to Aadhaar servers. “The reports do not have any basis in fact. Aadhaar data is safely encrypted and is not accessible to any other agency,” said official sources, according to the TOI report.
However, other unverified international media reports accessed by IndiaScribes.com go on to explain in detail how agencies like the CIA, Mossad and even the Russian KGB have long developed tools in cahoots with American companies to access data on the sly, without the knowledge of the third party vendors or clients.
“The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world — with the expectation for sharing of the biometric takes collected on the systems. But this ‘voluntary sharing’ obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services,” said WikiLeaks on its website.
Four years ago in 2013, the CPI(M) demanded immediate cancellation of a tie-up between the Unique Identification Authority of India (UIDAI) and a US firm, reportedly financed by an arm of CIA, and suspension of the Aadhar scheme, charging the government with compromising vital data.
“The collection of personal data and biometrics of all Indian citizens through the Aadhar programme has been made available to the United State’s agencies through the employment of these companies,” party Polit Bureau said in a statement here, reported The Hindu.
“It is now known through the Snowden files that the US authorities have been suborning all data through US telecom and internet companies. The Indian government and the UIDAI has compromised the vital data collected of Indian citizens by such tie-ups,” it said.
News reports on Wednesday revealed that an American start-up that won the contract to validate Aadhar data was being partly funded by CIA’s finance arm In-Q-Tel.
The party also said that the UIDAI collection of data has “no legal basis” and, in spite of that, it was also “being used illegally to make the Aadhar number compulsory for delivery of social services and subsidies.”
Terming the report that UIDAI has tied up with a US company with CIA links as “a matter of deep concern,” CPI(M) said the US company, which provides the software to manage the data base for the registration of Aadhar, had CIA as “one of the investors.”
It said UIDAI had earlier too entered into contracts with a US-based company and another French company for the Aadhar project.
Meanwhile, according to a report from Economic Times and Navbharat Times, Max Schireson, CEO of MongoDB (formerly called 10gen), a technology company from US which is co-funded by Central Intelligence Agency (CIA), was in New Delhi two weeks back to enter into a contract with UIDAI. This company is a Palo Alto and Manhattan-based database software provider in the $30 billion relational database market. Relational databases commenced in the 1970s when computers were moving away from punch cards (that facilitated holocaust in Germany using census data) to terminals. It is taking away customers from Oracle and IBM. This contract has not been disclosed so far. MongoDB will take data from UIDAI to undertake its analysis. UIDAI is tight-lipped about CIA’s role in it. This company’s database software is already being used to verify the speed of registration. It is yet to become clear whether this company will be in a vendor relationship directly, or it will operate through some pre-existing entity which is already working with UIDAI as system integrator, says a report on MoneyLife.in.
10gen is the company behind MongoDB, a popular open-source, document-oriented database. It forms a part of a new generation of NoSQL — Not Only SQL — database products developed as an alternative to conventional relational databases from Oracle, IBM and Microsoft. Elsewhere, Schireson explained, “We deliver enterprises a 10 to 1 improvement — we charge tens of thousands of dollars to complete projects in a few months that they charge millions of dollars to finish in years” to deal with large volume and diverse variety of big data.
According to a report on MoneyLife.in, one of the investors of MongoDB is In-Q-Tel (IQT), a not-for-profit organisation based in Virginia, USA created to bridge the gap between the technology needs of the US Intelligence Community and emerging commercial innovation. It identifies and invests in venture-backed startups developing technologies that provide “ready-soon innovation” (within 36 months) which is vital for the mission of the intelligence community. IQT was launched in 1999. Its core purpose is to keep CIA and other intelligence agencies equipped with the latest in information technology to support intelligence capability. Edward Snowden had revealed that US intelligence agencies are targeting communications in Asian countries. It was founded by Norman Ralph Augustine.
According to a report in SabrangIndia.com, ExpressLane is installed and run with the cover of upgrading the biometric software by OTS agents that visit the liaison sites. Liaison officers overseeing this procedure will remain unsuspicious, as the data exfiltration disguises behind a Windows installation splash screen.The core components of the OTS system are based on products from Cross Match, a US company specializing in biometric software for law enforcement and the Intelligence Community. The company hit the headlines in 2011 when it was reported that the US military used a Cross Match product to identify Osama bin Laden during the assassination operation in Pakistan.
So is the Indian government by insisting on Aadhar compromising India’s core sovereignty?