Aadhaar, the 12-digit
number linked to the fingerprints and iris patterns of most Indians, the key to
unlocking government for the citizen, is a security nightmare in a world where
big data and a handful of global defence contractors control the technology for
biometric solutions. If information warfare is the way of the future—as Brexit
and the Trump campaign show it need not be rooted in facts—select companies and
the small circle of protagonists behind them have proprietary tools and the
world’s best expertise to access, mine and manipulate data belonging to
governments and citizens for desired outcomes.
In the post 9/11 world, the west’s military-industrial complex, fed by wars across continents, is stronger than ever. It is funded in part by America’s Central Intelligence Agency (CIA) and the National Security Agency (NSA), the mass surveillance behemoth; billionaires with agendas; and populated by a revolving-door of key American security and intelligence personnel. Cambridge Analytica, Palantir Technologies and the Chertoff Group are among these corporations.
The Unique Identity Authority of India (UIDAI) in 2010-2012—its inception phase—awarded contracts to three US-based biometric service providers (BSP): L-1 Identity Solutions, Morpho-Safran, and Accenture Services Pvt. Ltd. These companies, all with proprietary biometric software, were responsible for profiling 60 crore Indian residents; developing protocols for avoiding de-duplicating of user details and supplying devices to enrolment agencies.
An investigation by Fountain Ink shows that the companies contracted by UIDAI to process the information are connected to both Cambridge Analytica and Palantir Technologies through business dealings and individuals involved in their affairs during the period of the contract. L-1 Identity Solutions, Morpho-Safran and Accenture have scores of business contracts with American, French and British intelligence and defence agencies through direct contracting of services or services provided by parent corporations and sister companies. Several individuals who worked at these companies have held top positions in the CIA, the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and the US military before making the switch.
Following the business links, partnerships and associations, investments and cross-holdings of the individuals and companies involved, situates biometric technology and persons involved in delivering Aadhaar in the midst of a labyrinth of interlocking relationships and conflicts of interest within the intelligence-industry complex. In an ecosystem where intelligence analysis is increasingly outsourced to private firms, these relationships fudge the distinctions between government and corporate, private and public, civilian and military.
Following the business links, partnerships and associations, investments and cross-holdings of the individuals and companies involved, situates biometric technology and persons involved in delivering Aadhaar in the midst of a labyrinth of interlocking relationships and conflicts of interest within the intelligence-industry complex.
This includes dealings and relationships with companies that work with NSA, and at least one involved in online monitoring of data for the US Secret Service as part of the PRISM programme exposed by whistleblower and former NSA contractor Edward Snowden. UIDAI, as far as is known, did not do a background check on these companies or their business, professional and personal associations. Or as shown by the contracts given to these companies and accessed through RTI, insist on technological safeguards against the possibility of illegal data theft, destruction or manipulation by foreign State actors through back doors or malware.
Fountain Ink has reviewed the contract between the BSPs and UIDAI and found that they had access to unencrypted biometric data as part of their job, contrary to UIDAI’s public stand that the data is always encrypted and inaccessible. A set of written questions sent to UIDAI and its top officials didn’t receive any response.
After Edward Snowden’s revelations that NSA is collecting data from Google, Facebook and Yahoo, Bloomberg News reported that thousands of technology, finance and manufacturing companies shared sensitive data with US national security agencies in exchange for favours. The Bloomberg report said that the arrangement was so sensitive that it was brokered in direct meetings between company CEOs and the heads of intelligence services and implemented by a handful of people. The NSA has been known to spy on other nations.
Fountain Ink has reviewed the contract between the BSPs and UIDAI and found that they had access to unencrypted biometric data as part of their job, contrary to UIDAI’s public stand that the data is always encrypted and inaccessible. A set of written questions sent to UIDAI and its top officials didn’t receive any response.
Investigative journalist and the author of the 2008 book Spies for Hire: The secret world of intelligence outsourcing, Tim Shorrock said he has so far not found any evidence of intelligence agencies leveraging their revolving door connections with private players for information. “However, given the connections to US intelligence of these former high-ranking US officials, I would say it is very risky for India to be turning over such a vast database to private companies, particularly from a foreign power. Many of these former officials keep their security clearances after they leave government and often have access to highly classified intelligence information that ordinary executives do not have. When Indian and US national security interests diverge, as they often do, these revolving door figures could make decisions about their biometric contracts that could be detrimental to India and favourable to the US. India would be better off depending on its own technology and technology companies,” he said.
On May 7, The
Guardian published a story that connected the dots in a hazy picture
which started emerging gradually in the months after the shock of Brexit and
Trump. Drawing upon months of investigations by British, German and American
journalists, the story revealed how a reclusive American billionaire used a
network of influential friends and associates in tech firms, political parties
and far-right news outlets to drive electoral results in favour of two desired
outcomes—a British vote for exiting the European Union, and a victory for
Donald Trump in the US election. The story pointed to a level of coordination
between the players involved, the Trump campaign, the Leave EU campaign, Nigel
Farage, the head of UKIP, and Robert Mercer, hedge fund billionaire and
At the heart of the revolution in the global order that this motley group of anti-establishment allies brought about is a data analysis company that Mercer funded. Cambridge Analytica, which worked for Trump’s election campaign and the Leave EU campaign, married data gathering and artificial intelligence with psy-ops—psychological propaganda techniques developed by the US military to change enemy behaviour. In this case, the targets were US and UK citizens.
What gave Cambridge Analytica the power to profile entire populations? Facebook. Every time any of us like a picture or video that a friend shared, show support for a cause by liking that clever meme, or disliking a snarky comment by a troll, we leave digital footprints that say something about our personalities. In 2014, Cambridge Analytica built an algorithm based on research it contracted a Cambridge scientist to conduct. Aleksandr Kogan paid Facebook users to take a personality test that allowed him to mine not only their data, but also of everyone on their friends’ network. Using this, Kogan built what the company calls “psychometric” profiles of users. Cambridge Analytica then combined this data with voter data they bought from other commercial sources: email addresses, phone numbers, home addresses. This purportedly allowed the Trump campaign (and in UK, the Brexit campaign) to target ads at individuals based on their psychological traits and to find key emotional triggers. People high on a neuroticism scale, for example, could be targeted with messages about immigrants taking away jobs.
Cambridge Analytica claims that it has psychological profiles of 220 million US citizens based on 5,000 separate data sets. While experts debate the extent to which Brexit and American presidential votes were decided by the data company’s psy-ops, what is undeniable is the potential for such technology in two elections determined by wafer-thin swing votes: Trump won the electoral college by 80,000 votes in three states and two per cent of UK voters decided the EU referendum .
Cambridge Analytica and a partner are now being investigated by British regulatory authorities for breaking campaign finance rules and possibly breaching data privacy laws. Two other alarming threads emerged from newspaper investigations that brought together politics, big data and the world of government intelligence. Mercer and friends’ campaign for a plutocratic takeover of the western liberal order was not limited to Cambridge Analytica and millions of dollars of campaign funds to conservative candidates and thinktanks. Mercer is part-owner of Breitbart News, the extreme right-wing white racist website run by Steven Bannon, the White House chief strategist. Bannon was on the board of Cambridge Anlaytica and, according to reports from The Observer and The Guardian, was vice-president of the company before he joined the Trump administration. Breitbart News has been consistently accused of publishing fake news and conspiracy theories to create an alt-right bubble; a self-contained ecosystem of news propaganda consumed by supporters of Donald Trump. It appears Breitbart tailored its news and search keywords based on analysis from Cambridge Analytica.
The technology used by Cambridge Analytica as well as the company itself emerged from the military-industry complex. The young company is a subsidiary of Strategic Communications Laboratory (SCL), a British psy-ops company Guardian called “effectively part of the British (and now American military) establishment ).”
The second thread, one unearthed by the Guardian story, is even more alarming. Information from former employees and emails showed that Cambridge Analytica was in talks with the US data monitoring company Palantir Technologies, and had discussed the possibility of collaboration.
Palantir is a dark word today in circles concerned about mass surveillance by government. Started with the money from the CIA’s venture capital fund, Palantir developed state-of-the-art data-mining technology that can combine thousands of differing databases on hundreds of millions of individuals gathered by intelligence agencies and mix it with real-time information to spot patterns about individuals, organisations and events. The company works for and has access to data with NSA, CIA, FBI, GCHQ, the US military, as well as dozens of other intelligence, defence, and law enforcement agencies in contracts amounting to more than $1.2 billion since 2009.
Its biggest investor is co-founder Peter Thiel, who also founded PayPal, is on the board of Facebook, and has been the most vocal Trump supporter in Silicon Valley and a big contributor to his campaign. He is known to have had great influence in Trump’s transition team in its relationship with Silicon Valley, and is expected to be a major influence in the administration’s policy towards the IT industry. The Guardian report states “we are in the midst of a massive land grab for power by billionaires via our data. Data which is being silently amassed, harvested and stored. Whoever owns this data owns the future.”
Analytica started working for Donald Trump’s presidential campaign, it was
involved with the campaign of Senator Ted Cruz for the Republican nomination.
Cruz was then Mercer’s man for president: he was one of the biggest fundraisers
for Cruz and his daughter Rebekah had a significant role in running it. When
Mercer, who is an investor in Accenture via Renaissance Technologies,
brought Cambridge Analytica to the Cruz campaign, its chairman was a
Texan, Chad Sweet. A former Goldman Sacchs executive, he had started his career
in the CIA’s National Clandestine Service. After his private sector stint he
returned to government in 2005 as a special adviser to then secretary of
Homeland Security Michael Chertoff, rising to chief of staff. Roughly comparable
to the Indian Home Ministry, the DHS oversees domestic security agencies from
the coast guard to the US Secret Service. In 2009, when Chertoff left
government, Chad Sweet co-founded the Chertoff Group with him. Chertoff is also
one of the authors of the Patriot Act which opened a whole new world of
surveillance post 9/11.
In 2009, Safran, the part government-owned French defence conglomerate, acquired Morpho, a US company that offers biometric solutions.
In August/September 2010, UIDAI signed contracts with Morpho and L-1 Identity Solutions, a competitor. The contract with L-1 was signed on August 24. On September 20, Safran announced in Paris that it would acquire L-1 Identity and merge it with its subsidiary MorphoTrust. In effect, UIDAI gave two different contracts to the same company. Chad Sweet on behalf of Chertoff acted as strategic adviser for Safran in effecting the deal and was directly involved in the acquisition.
The Chertoff Group has other connections to Morpho, L-1 Identity and the biometric industry in the US. L-1 was incorporated into MorphTrust USA, which consists of various divisions of Morpho’s security consultancy. In November 2010, exactly a week after UIDAI signed the contracts, Jay M Cohen, principal at the Chertoff Group joined as chairman of the board of Morpho Detection. Cohen, a retired US Navy rear admiral and head of naval research served under Chertoff in DHS as undersecretary of the science and technology division. In May 2010, then owner and founder of L-1 Robert La Penta invested in the acquisition of Clear, a bankrupt company that developed biometric identification cards for US air travellers. Chertoff, fresh out of heading DHS, which controls the TSA, joined the board along with La Penta. Press reports from the period portray Chertoff as central to the new company’s business efforts. As head of DHS, Chertoff had pushed for biometric identification as a secure form of identification.
L-1 Identity was not only a biometric solutions provider and security firm, but also had an intelligences services arm that had several contracts with US agencies. L-1 sold its intelligence arms to BAE, the British aerospace defence contractor in February 2010. It is not known that the Chertoff group played any part in this acquisition but Michael Chertoff joined BAE USA’s board of directors in May. In 2012, he was made chairman of the board of directors.
The proximity of companies tasked by UIDAI with processing the biometric data of Indians to Cambridge Analytica and the heart of an emerging data empire is troubling enough. But the significance of the Chertoff Group and the intricate web of intelligence, military and government contacts involved becomes clear only when we look at how the world of intelligence gathering was transformed post 9/11.
failure led to rethinking within government on how American intelligence
agencies functioned. Unlike in the Cold War where human intelligence was the
main source, SIGINT or Signal Intelligence became the primary tool of the “war on
terror”, while analysis based on data-mining supplanted human analysis. The
Iraq war created a massive demand for intelligence support and the CIA, NSA and
GCHQ massively expanded the hiring of private analysts. The DHS was created to
deal with domestic security. A bureaucratic behemoth, it pulled in 22 agencies
from other departments.
In his book on the cyber-intelligence complex, investigative journalist Tim Shorrock calculated that 70 per cent of the US intelligence budget was being spent on private contractors. A study by the Office of the Director of National Intelligence gave the more conservative figure of 50 per cent. According to internal government figures accessed by Shorrock, in the two years after 9/11, the worth of intelligence contracts jumped from $22 billion to $43.5 billion. It also led to unprecedented access for private employees to state level intelligence.
Shorrock writes, “The National Terrorism Council (is) the electronic hub of the US intelligence community and the heart of the national intelligence State established by George W. Bush in the aftermath of September 11… Its analysts have at their disposal more than 30 separate government networks, each carrying more than 80 unique sources of data. As they go about their task they draw upon human intelligence from the Central intelligence Agency, communication intercepts from the National Security Agency and domestic reports from the Department of Homeland Security (and) the FBI. More than 50 per cent of the people working there are private sector contract employees.”
Shorrock has been a vocal critic of what he calls the cyber-intelligence elite. Along with a section of US and British journalists who cover national security, he believes that the post-9/11 technological capabilities deployed by the US and UK governments has created a surveillance state where citizens as well as foreign nationals risk constant monitoring. In this world, information is quite literally power. The revolving-door policy followed by western governments allows a handful of this elite to simultaneously inhabit government, corporate and intelligence communities, using their knowledge to push the agenda of whoever is employing them at the moment. Or who will employ them in future, when the door revolves again.
After becoming head of
the DHS, Chertoff increased the involvement of private contractors. After
starting the Chertoff Group, he continues to be on a number of important bodies
that advise the US government on cyber-security and intelligence. He has been accused
of advocating policies that benefit his own investments or the investments of
clients that the Chertoff group advises. In a story published in The
Nation, Shorrock wrote “The Chertoff Group doesn’t disclose its clients.
But one of its most important functions for both the state and its contractor
allies is as a broker of mergers and acquisitions. These aren’t just ‘deals’;
they also represent significant reorganisations within the intelligence
community…Using its team of NSA, CIA, and DHS veterans (who have deep
classified knowledge of their agencies’ contracting histories and future
needs), the Chertoff Group has brokered dozens of deals through its subsidiary,
Shorrock writes that within months of the Obama administration taking power, Chertoff and Chad Sweet had recreated the national security team that advised President George Bush and Vice-President Dick Cheney. Instrumental in this was the hiring of Michael Hayden, who first served as NSA director and then CIA director under Bush. Hayden put together a team that Shorrock called a “Shadow NSA”.
Charles Allen, an almost legendary CIA officer, Paul Shneider, who worked under Hayden at NSA and later was deputy to Chertoff at the DHS, and Sir John Scarlett, chief of MI6 under Tony Blair. When The Independent reported on the revolving door in the intelligence community it talked of how within six months of leaving MI6 Scarlett joined in advisory positions to PricewaterhouseCoopers (PwC), Morgan Stanely and Chertoff. On the Chertoff group, the report said that “The group’s roster of former US intelligence officials has earned it the nickname of America’s “shadow” homeland security agency.”
Going through Chertoff’s website shows that these are not exaggerated claims. Among its executives and senior advisers are at least 13 former top or senior CIA officials, seven NSA officials and 13 DHS officials. Other important power-brokers are former officials from the department of defence and department of justice.
L-1 Identity was one
of the major suppliers of fingerprint and iris scan machines to Aadhaar
enrolment agencies. Together with Accenture and a consortium formed by Morpho
and Satyam they also acted as biometric solution providers. The three
organisations (L-1 Identity, Accenture and Morpho-Satyam) processed the data of
60 crore people the various enrolment agencies provided UIDAI. By the terms of
the contract, each organisation was allotted 20 crore, unless the UIDAI felt
dissatisfied with the quality of the data they supplied. In that case,
enrolments would be redistributed to other providers. L-1, Morpho-Satyam and
Accenture not only provided biometric proprietary software to authenticate
enrolments and queries, they designed, configured and maintained these systems
for UIDAI. The contract period was for two years, from 2010 to 2012, after
which these companies continue to maintain and give service support.
From the contracts it appears that apart from enrolments, the bulk of the Aadhaar project, including processing, system building and de-duplication was carried out by the three biometric vendors. All the data was stored in UIDAI’s data centre in Bengaluru and the Central Identities Data Repository of India (CDRI) in New Delhi. While these sites are owned by UIDAI, the contracts signed with the biometric vendors indicate that the work carried out by these companies as well as the systems involved in it, ran as independent and self-contained units with only minimum supervision by UIDAI. In that sense, it was no different from an IT contract, even though the information accessed and processed was biometric records of Indian residents.
The technology used, consisting of proprietary biometric templates and algorithms have been developed by these companies. L-1, Morpho-Satyam and Accenture also carried out the process of weeding out duplicate applications from the initial 60 crore enrolments. This involved the complex task of comparing the biometric data of 60 crore individuals against each other. De-duplication makes it necessary that these companies had access to the biometric data of all individuals enrolled.
UIDAI spokespersons have often made claims to the effect that private companies that handle Aadhaar data do not have access to unencrypted biometric data. A “Facts About Aadhaar,” section on the UIDAI website says: “During de-duplication, UIDAI software application (running within UIDAI managed data centres within India) simply “uses” the biometric software (procured from market) to de-duplicate. Interestingly, even within the UIDAI data centres, demographic data and biometric data are partitioned into different databases to ensure no single database has both sets of information. That means, even within the UIDAI data centres, the Biometric de-duplication subsystem does not get resident demographic details and the data it sees is fully anonymised.”
But contracts signed by UIDAI with the BSPs indicate this may not be true. For enrolment and de-duplication processes, the algorithms work on unencrypted biometric data. The personnel of the companies involved have access to the photographs, demographic information and biometric information that people submit for getting Aadhaar. They are also able to tag all these sets of information together.
For example, the biometric solution provider is entrusted with ensuring the quality of biometric data received by UIDAI. Section 9.8.2 of Annexure E of the contracts UIDAI signed with L-1 Identity and Accenture says: “Data quality of capture would be received with the image. Image would be received in the raw form.” Later, in the same section it says: “The solutions being offered by the BSP (Biometric Service Provider) should have adequate safeguards, and validations to ensure that all data relating to an applicant, together with the photograph, biometrics (sic) get tagged together and that there is no mix-up of the particulars relating to one applicant with those of the others.”
But contracts signed by UIDAI with the BSPs indicate this may not be true. For enrolment and de-duplication processes, the algorithms work on unencrypted biometric data. The personnel of the companies involved have access to the photographs, demographic information and biometric information that people submit for getting Aadhaar.
Section 4.1 says “Face photograph is provided if the vendor desires to use it for de-duplication. While certain demographical information is also provided, UIDAI provides no assurance of its accuracy. Demographic information shall not be used for filtering during the de-duplication process, but this capability shall be preserved for potential implementation in the later phases of the programme.” The data is stored by the vendors’ team in encrypted form in the data centres and the key is shared with the UIDAI.
The main precautions apart from the legal that UIDAI has taken to ensure the safety of data are: a log that would serve as an audit trail every time anyone accesses the data of an Aadhaar enrollee. No one from the biometric service provider’s team is allowed to carry storage devices and hardware out of the data centre unless they obtain written permission. The teams’ access to internet except for Aadhaar authentication is restricted. For the 20 crore enrolments each biometric operator processed at the data centres, UIDAI supplied the computer hardware and equipment, except for the first one crore enrolments, where vendors were contractually obliged to install their own hardware free of cost, with UIDAI providing only storage space and internet connection. The contract does not specify any measures from UIDAI to check or investigate the hardware, except the list of minimum specifications they should conform to.
The task of protecting systems from external attacks or hacking attempts and of overall security lies with L-1 Identity, Morpho-Satyam and Accenture. UIDAI and its former chairperson Nandan Nilekani have repeatedly assured the public that data stored by UIDAI is absolutely safe from hacking attempts. Cyber-security experts have questioned how such categorical surety can be provided against the possibility of data-breaches.
L-1 Identity on the other hand has admitted that data breach is always a possibility. In 2010, after signing the contract with UIDAI, L-1 Identity in its financial filing before the US Securities and Exchange Commission said “Many of the systems included in L-1 solutions manage private personal information and protect information involved in sensitive government functions. The protective security measures used in these systems may not prevent security breaches, and failure to prevent security breaches may disrupt business, damage reputation, and expose L-1 to litigation and liability. A party that is able to circumvent protective security measures used in these systems could misappropriate sensitive or proprietary information or cause interruptions or otherwise damage L-1 products, services and reputation, and the property and privacy of customers. If unintended parties obtain sensitive data and information, or create bugs or viruses or otherwise sabotage the functionality of systems, L-1 may receive negative publicity, incur liability to customers or lose the confidence of customers, any of which may cause the termination or modification of contracts. Further, insurance coverage may be insufficient to cover losses and liabilities that may result from such events. L-1 may be required to expend significant capital and other resources to protect the Company against the threat of security breaches or to alleviate problems caused by the occurrence of any such breaches. In addition, protective or remedial measures may not be available at a reasonable price or at all, or may not be entirely effective.”
At the time L-1 signed the contract with UIDAI it had on its board an assortment of former US government and military officials. One of the directors was Admiral James M. Loy, former undersecretary at DHS. From 2005 to 2008, the most high-profile director of L-1 Identity was George Tenet, director of the CIA from 1997 to 2004, the second longest term any director had at America’s premier spy agency. When he left the CIA he joined the board of four major defence and security companies: L1 Identity, and the British multinational defence firm called QinetiQ among others. The online newsmagazine Salon reported in 2007 that Tenet received at least $2.3 million up to that point from these companies in compensation and stock options.
L-1 Identity acquired contracts for providing facial recognition software used by the US to identify terrorists and insurgents in Afghanistan and Iraq. It also received contracts from the CIA. In 2008, Tenet left these companies to become managing director of Allan & Co (A&C), a secretive New York boutique investment bank.
In 2009, QinetiQ
acquired Cyveillance, a cyber-security company. The Cyveillance website lists
Tech Mahindra and PricewaterhouseCoopers (PwC) as its partners in India.
Cyveillance says it offers threat intelligence solutions and related services
to its partners. Tech Mahindra is the parent company of Satyam, part of the
Morpho-Satyam consortium, one of Aadhaar’s biometric service providers. PwC has
been employed by UIDAI to carry out security audits of its servers and of other
partners in the Aadhaar programme. Cyveillance is one of the companies known to
be working on behalf of the US Secret Service to monitor online data. According
to documents submitted by the US Secret Service in court, Cyveillance trawls
the internet for data that includes personal data of individuals. The data
collected by Cyveillance is fed into PRISM, the NSA online spying programme
that Edward Snowden uncloaked.
To a set of questions on Tech Mahindra’s links with Cyveillance, a spokesperson for the company said on email: “We don’t work with Cyveillance.”
A spokesperson for PwC said:“PWC India has no association with the body (Cyveillance) you mention. Since your query is about Aadhaar, please contact the UIDAI.”
In 2005, Peter Thiel
teamed up with his former roommate and geek extraordinaire Alexander Karp to
start a data analysis company. They called it Palantir, after the magical
seeing stones in the Lord of the Rings trilogy, which allows
the user to see across vast distances of space and time and track people. Karp
was an unusual choice to head a technological company, having done his
doctorate under Jurgen Habermas, one of the 20th century’s great
sociologists and philosophers. But the success of Palantir was the story of how
a Silicon Valley start-up conquered the upper echelons of the
military-industrial complex, where a group of geeky engineers who believed they
could help catch terrorists with superior technology broke into the domain of
big time defence players like Booz Allen Hamilton who worked with intelligence
agencies, corporates and politicians and spent millions of dollars on lobbying.
It was a bottom-up insurgency, where the product they had to sell was so game
changing that in a few years Palantir become the hottest property in the
intelligence community; an indispensable analytical tool that left intelligence
agencies gushing, and privacy activists alarmed at the combination
of Big Brother and Big Data.
But all this was still in the future. In 2005, Palantir could not interest any big investor in their product. What saved the company was $2 million in funding from InQTel, a strategic venture capital firm owned by the CIA. As CIA director in 1999, Tenet co-founded InQTel, with the idea that the CIA would invest in research by commercial companies that would be useful for the agency’s work, a recognition that innovation in technology has moved from the government sector to Silicon Valley and its start-ups. Tenet has been a trustee of InQTel since he left the CIA.
As Palantir starts to take off in the world of intelligence analysis, A&C, the bank for which Tenet worked, became an investor. Tenet became advisor to the data surveillance company. Alexander Karp is reported to be personal friends with both Tenet and the owner of Allen & Co.
Palantir started out as a company run by idealists who wanted to help the government catch the bad guys. Karp in particular was big on protecting data privacy. But as it became more and more embedded within the state intelligence apparatus, the potential for misuse of its technology started to become obvious. In early 2011, leaked emails showed that a Palantir engineer had agreed to a plan by another security firm—HB Gary—to attack and bring down the WikiLeaks site. The mission was to help Palantir’s clients, Bank of America and the Chamber of Commerce. WikiLeaks announced that it would be releasing documents about the Bank of America. The plan also sought to target journalist Glen Greenwald who had revealed Edward Snowden’s information about the NSA’s massive secret surveillance programme. The CEO of HB Gary Aaron Barr resigned in disgrace. The attempt to target Greenwald destroyed Palantir’s claims about protecting citizens’ privacy from Big Brother, showing how easily surveillance technology can be used to target dissidents and those questioning the State.
In March this year, a group of protestors gathered outside Peter Thiel’s mansion against Palantir building software for the Trump administration that can mine massive amounts of data to identify illegal immigrants whom the administration wants to deport. One of the signs said “Don’t build software for Mordor.” The reference is to the castle of Sauron, the dark lord of Tolkien’s fantasy world. Commentators who have watched Palantir’s relationship to America’s national security state, have often remarked about the irony of Thiel and Karp’s adoption of the magical artifact “Palantir” as their company’s name. The Palantir is a perfect metaphor for the double edged relationship Silicon Valley has with the national security state. For in Tolkein’s world, the Palantir is ultimately controlled by Sauron, and those who gaze into it in the hope of gaining information, get corrupted and captured by the power of Sauron’s all-seeing eye.
Fountain Ink sent a detailed questionnaire to UIDAI chairman J. Satyanarayana, CEO A. B. Pandey and deputy director-general Y. L. P. Rao, asking whether the UIDAI knew about the relationship of L-1 Identity and Morpho with American and British intelligence agencies and the US-European military-industrial complex. The questionnaire also asked about access to biometric and demographic data of Indian citizens the biometric vendors had. The UIDAI was also asked about any security measures in place to check for malware or backdoor access by state actors in the software and hardware used by the biometric companies to implement Aadhaar. There was no acknowledgement of the mails from UIDAI.
Update, June 3,
2017: Responses from Tech Mahindra and PricewaterhouseCoopers added.
Correction: The print version of the story identified Chad Sweet as Ted Cruz's campaign manager. He is, in fact, the campaign chairman.
(The cover story of the June 2017 edition of Fountain Ink.)