Two weeks ago, Max Schireson, chief executive of MongoDB, a New York-based technology startup, was in New Delhi to sew up a very important contract for his company — with the Unique Identification Authority of India (UIDAI).
The contract is yet to be announced but what could raise eyebrows is the fact that MongoDB is part-funded by the US’ Central Intelligence Agency.
The company is expected to help in capturing and analysing data related to the ambitious plan to issue a unique identity number — Aadhaar — to over a billion citizens.
MongoDB, which makes software that helps manage large databases, especially unstructured data, has raised $231 million (Rs1,400 crore) since being founded in 2007. Some of its funding is from In-Q-Tel, the not-for-profit venture capital arm of CIA.
While MongoDB lists In-Q-Tel as one of its investors on its website, the company has not disclosed the quantum of funding received from it. The fund’s stated mission is to identify, adapt and deliver innovative technology solutions to support the missions of CIA and the broader US intelligence community.
Besides CIA, In-Q-Tel works with National Geospatial-Intelligence Agency, Defense Intelligence Agency and Department of Homeland Security Science and Technology Directorate.”Once an investment is made, IQT (the fund) works with the company and the intelligence community partner agency to complete a work program and facilitate solution delivery,” the fund’s website said. The quote describes IQT’s relationship with any company in which it invests in and is not specific to MongoDB.
||Neither UIDAI nor MongoDB responded to queries from ET on whether the CIA link was considered before entering into a partnership. UIDAI Chairman Nandan Nilekani did not respond to emails, messages and phone calls.A senior UIDAI official confirmed the agency has entered into an agreement with MongoDB and that the company’s database software is already being used for analysing the pace at which registration of new beneficiaries is taking place.It is not clear if MongoDB’s vendor relationship would be with UID directly or with one of the system integrators that UID works with. Schireson, the CEO, was also one of the national co-chairs for Technology for Obama, an interest group that campaigned for the reelection of President Barack Obama after his first term.
There is no evidence in the public domain that the firm is controlled or significantly influenced by the CIA in any manner.
But the revelations of Edward Snowden, a former NSA contractor-turned-whistleblower that US intelligence agencies routinely intercepted communication in Europe and Asia, including in India has raised concerns. Experts said the UID’s centralised design could pose a risk, where even a single mistake can make the whole system disproportionately vulnerable
“The risk exposure because of CIA involvement (could be that) if MongoDB is a data controller, then secret courts and and secret court orders could be used to get access to the UID data,” said Sunil Abraham, executive director at the Centre for Internet and Society.
He added that even if UIDAI is only using the source code without getting into a commercial relationship with MongoDB, they should audit the source code to check if CIA has introduced any back doors. “This is because Snowden has told us that the army of mathematicians working for the US government has compromised some standards even though they were developed in an open, participatory and transparent fashion.” MongoDB, whose name is a play on the word humongous, competes with OracleBSE -0.04 %, IBM and Microsoft. It has around 320 employees and some 600 customers. At its latest round of $150 million in fund-raising in October, the company was valued at about $1.2 billion, according to Bloomberg.