By Ramu Ramanathan

I met JT D’souza on YouTube. His demo at the Press Club shows him with candle wax and a 10-rupee Fevicol tube. It is a must-see demo about “how to fake a fingerprint”. The 62-year-old thoroughbred Mumbaikar explains the process. All you need is polyvinyl acetate (glue). Melt wax in a shallow container. Allow it to cool till it has a putty-like consistency. Press finger into the wax. Remove the finger, wait for the wax to cool till you see a negative impression of the fingerprints in the wax mould. Mix a few drops of Fevicol with a drop of water. Coat the wax mould with the water-diluted Fevicol using a make-up brush. Wait for a couple of hours for the Fevicol to dry. Peel off the Fevicol “skin”. And viola, you have a replica of the fingerprint. Curiously enough, your fingerprints change with age and environment, but the fake will last forever.

There are other tricks: like the good old-fashioned cellotape one, which I learnt from my colleagues in office. Make an impression of your fingerprint on the sticky side of a cellotape. This cellotape can be used to sign-in or sign-out on any fingerprint ID device. Oh yes, hang out with millennials and you can learn a lot.

Which is why, I ask the cognitive tech-scientist in D’souza about the ramifications of his demo in this day and age of 16-digit numbers and the allencompassing Aadhaar. He says, “My spoof demo is a retail attack. But there are innumerable ways to mount en masse attacks using Trojan-ed equipment and badly designed APIs.”

D’souza says, we should be worried not merely with the UIDAI, but “the huge periphery of organisations who have access to the UIDAI database”. He explains, “The core algorithms for biometric deduplication were supplied by a foreign company with directors who had links to the US defence establishment. Some of them are accused of lying to the Senate, others of issuing fraudulent driver licences in a US state. In response to an RTI query, the UIDAI had stated that it did not know where these companies were registered. This government and the bureaucracy are building a firewall of arcane rules to protect themselves.”

With the SC hearing on January 17, I ask D’souza how safe is Aadhaar? He replies, “As safe as carrying a half-kilo of radioactive Strontium 90 in your pocket. You expose everything you touch to extreme danger. It need not explode to cause mayhem. The UIDAI claim of ‘your biometrics is safe’ while pasting a radioactive number on everyone, is the analogy to Strontium 90.”

D’souza is a geek. Free and open software, Linux and a net connection are three of his favourite things. But when he was a child, what he really cherished was “taking apart anything I could lay my grubby little fingers on. No toy would last for more than a few hours. By the time I was eight, I had picked up some mechanical skills from my Mamu who was a mechanical whiz and could put things together. I had a jolly good time tinkering with a spool tape recorder that Mamu had got home for repairs. Since he could not set it right, it stayed at our place for some time, providing me countless hours of fiddling.”

It was in 1997 that he grasped the implications of biometrics. He says, “Around 1997 we started access control systems. We thought that a fingerprintreading access control would be the ultimate security. So, we started investigating the usage of fingerprint sensors. At the time certain technologies had embargoes and could not be exported to India. So, Indians were left with limited resources to get hold of sensors. It was during investigations and test-trials that the limitations of the lower-priced optical devices became evident.”

The philosopher inside D’souza dreams of a free and fair society. He cautions a tech-Luddite like me that not only is technology not neutral, but it is political. How, I ask him? He replies, “Look at the way corporates have sought to influence patent and copyright laws, and how they have interfered in the setting up of standards. The latest one is, net neutrality.”

He says, “The digital 1 and 0 reshaped the factory floor-shop and re-organised the political equation between capital and labour. Algorithms have reshaped relationships in political power structures. The Snowdens and Mannings have stirred up digital storms making political cover-ups, onerous. But at the same time, we have a new set of threats that disrupt democratic processes: fake news, troll armies, voting machine hacks, state surveillance, stateless money.”

As he decides whether he will head for a swim or practice gojuryu Karate, followed by a meal at Delhi Darbar or Bhagat Tarachand, he cautions me, “Whatever the judgement is, remember one thing about Aadhaar. The belief that biometrics are unique is a scientific falsehood. Also, keep an eye on the revolving doors between UIDAI, ISpirit and India Stack.”