Skip to content

A Critical Primer on India’s UID: Simi Chacko and Pratiksha Khanduri

September 12, 2011
tags: ,

This guest post by SIMI CHACKO and PRATIKSHA KHANDURI is the full text of a booklet released in August 2011. A .pdf version of the booklet (41 pages, 304 KB) can be downloaded here.

A citizen gets her iris scanned for a UID 'Aadhar' card in Delhi.

Introduction

A. UID: The Basics

B. The Enrolment Process

C. Benefits of UID

D. Concerns: Biometrics, Privacy, Data security, Surveillance

E. UID and Other Databases

F. Similar Initiatives across the World

Endnote

References

Appendix 1: Valid Identification Documents

Appendix 2: ID Systems and Debates across the World

Notes

(The authors are graduate students at Jawaharlal Nehru University (JNU, New Delhi) and the Delhi School of Economics, respectively (contact address: uidfordummies@gmail.com). We thank Reetika Khera and Jean Drèze for their useful inputs and insightful comments.)


INTRODUCTION

The Government of India has embarked upon an ambitious exercise to provide a “unique identification” (or UID) number to every resident of the country. Each number is to be connected with three types of biometric data: iris scans, fingerprints (all ten fingers) and a picture of the face.

UID, it is claimed, will act as a useful identification facility and help the government to root out corruption from social programmes. The project was flagged off with lightening speed in September 2010, when the first residents were “enrolled” under UID in Tembhali village, Maharashtra. Since then, no effort has been spared to attract people to enrolment centres.

This urgency in enrolling people has led to a series of misinformed assumptions. Misconceptions range from iris scans being taken for an ‘eye test’ to fear of ration cards being taken away from those who didn’t participate in this ‘photography’.[i] Ranjana, the woman who made headlines in September 2010 for being the first person to get a UID number, was in the news again recently after complaining that the number was useless – she had tried to get a travel concession with it on the bus! The conductor bluntly told her to “dump the card in a dustbin”.[ii] The authorities are not able to clarify these misconceptions because their attention is focused on meeting the enrolment targets.

Meanwhile, the UID project has raised many questions related for instance to privacy, civil liberties, financial costs, and even technical feasibility. Even the Planning Commission is concerned that disquieting “test results” of the UID project have been ignored.[iii] Tall claims that UID will enable better management of welfare schemes like NREGA and the PDS have also begun to be questioned. Behind all this, there is a larger question – is there more to UID than meets the eye?

Despite these major concerns, there has been scarce public discussion about key aspects of the UID project. Viewing some of the media coverage that UID has got, it gives a sense of disproportion in the nature of reportage – a bit congratulatory, little depth and few questions asked. This inadequate probing and questioning has led to a lack of understanding within the general population about UID.  With that thought, this primer seeks to shed some light on various aspects of this project and answer some frequently asked questions.

The primer relies on official documents (such as the UIDAI’s “Strategic Overview”, “Handbook for Registrars”, “UID and Public Health” paper, etc) as far as the official side of the picture is concerned. This is complemented with other publicly available material, e.g. newspaper articles, reports, interviews, public lectures, websites, etc. As you read on, you will see that on many key aspects of UID, accurate information is not easy to find – we done our best with the material available.

A. UID: The Basics

Q. 1. What is UID?

UID is a “unique identification” number that is to be assigned to every resident of India – one person, one number. This number, aside from being unique for each person, can be verified from his or her fingerprints. It is a little bit like an identity card (or a voter ID) that no-one can lose, steal, forge, or duplicate. What purpose the UID is supposed to serve will be discussed further on.

Q. 2. What about UIDAI?

UIDAI (the Unique Identification Authority of India) is the authority that has been created to issue UID numbers. It was set up in January 2009, by an executive order, not a legislative measure such as an Act of Parliament, under the wings of the Planning Commission. The stated goal of the UIDAI is to “issue a unique identification number (UID) to all Indian residents that is (a) robust enough to eliminate duplicate and fake identities, and (b) can be verified and authenticated in an easy, cost-effective way.”[iv] Detailed information about UIDAI is available on the Authority’s website (http://uidai.gov.in).

Q. 3. Is there a law governing the functioning of UIDAI?

Not yet. The National Identification Authority of India Bill 2010 (hereafter “NIAI Bill”), tabled recently in the Rajya Sabha, seeks to create a legal framework for UID.[v] If and when the Bill is passed, UIDAI will become a permanent statutory body, renamed National Identification Authority of India (NIAI). The law will also stipulate rules, regulations, processes and protocols to be followed by different agencies partnering with NIAI. Meanwhile, the UID process is already in full swing, without any legal framework.

Q. 4. On what grounds do we need a UID?

UID is supposed to act as an all-purpose, fool-proof identification device. This could help, for instance, in preventing “identity fraud” (like impersonation, when someone pretends to be someone else), and in facilitating all processes that require identifying oneself – such as opening a bank account or applying for a passport.

According to the UIDAI’s “Strategy Overview” document, in India “inability to prove one’s identity is one of the biggest barriers preventing the poor from accessing benefits and subsidies.” The document goes on to state: “But till date, there remains no nationally accepted, verified identity number that both residents and agencies can use with ease and confidence. As a result, every time an individual tries to access a benefit or service, they must undergo a full cycle of identity verification. Different service providers also often have different requirements in the documents they demand, the forms that require filling out, and the information they collect on the individual.”[vi]

So, the UID project was initiated on the apparent premise that the poor faced great hurdles in accessing benefits and subsidies due to the inability to provide proof of their identity. This problem was always there. It is interesting that it is being “discovered” now, just when a readymade “solution” is in hand. There are, of course, more fundamental reasons why poor people are often excluded from public services and programmes – including the nature of power structures, which tend to be reinforced by projects like UID.

Some healthy scepticism, then, is in order here, especially since there are other views of the real purpose of UID. According to some, for instance, the initial purpose (under the NDA government) was “to wash out the aliens and unauthorized people. But the focus appears to be shifting… Now, it is now being projected as a development-oriented initiative, lest it ruffle any feathers. People would be unwilling to give up their right to privacy.”[vii] This is not a human rights activist speaking – it is A.K. Doval, former Intelligence Bureau Chief. And he would know.

It is unlikely that the UPA government would want to be caught on the back foot promoting a surveillance programme initiated by the NDA government. And so begins the consistent effort to manoeuvre and position UID as an unavoidable solution for deep social problems and systemic challenges.

Q. 5. What is “Aadhaar”? 

“Aadhaar” is another name for UID – a sort of “brand name” for the UID project. In Hindi, aadhaar means “foundation” – nothing less!

Q. 6. Does getting a UID number entail getting a card?

It’s a common misconception that getting a UID number means having a legit card with the number. This is not the case. According to some sources, all you get is a UID number on a sheet of paper with personal details. However, various government agencies may or may not, subsequently, issue smart cards using the UID data.[viii]

Q. 7. Who is in charge of UIDAI? 

On 2nd July 2009, the Government of India appointed Mr. Nandan Nilekani as Chairman of UIDAI, with the rank and status of a Cabinet Minister, for an initial tenure of five years. Further, the “Prime Minister’s Council of UIDAI Authority of India”, set up on 30 July 2009, is to “advise the UIDAI on programme, methodology and implementation to ensure co-ordination between Ministries/Departments, stakeholders and partners”. The first meeting of the Council took place on 12 August 2009”

Q. 8. What is the timeline for this project?

The timeline for this project has changed a few times. Initially, the target was to start in August 2009. However, this was delayed. The first set of numbers were issued on 29 September 2010, when the UID project was officially flagged off by Prime Minister Manmohan Singh  and Congress President Sonia Gandhi in Tembhali village, in Maharashtra’s Nandurbar district. The programme plans to provide UID numbers to 600 million people (about half of India’s population) in the next four years.

However, progress has been slow. By July 2011 (almost a full year after the project was launched), about 25 million people – 2 per cent of the population – had been enrolled under UID. Most of the enrolment happened in just three states: Andhra Pradesh, Maharashtra and Karnataka.[ix] Having said this, monthly enrolment figures are now growing rapidly.

Q. 9. What is the UID project expected to cost?

There does not seem to be much clarity on this crucial question. According to some reports, the cost of UID enrolment has risen from Rs 31 per person to somewhere between Rs 450 and Rs 500 per person. By this estimate, this entire exercise will end up costing close to Rs 1,50,000 crores.[x]

Late last year, at a public meeting, Mr. Nilekani stated that the per person enrolment cost is approximately Rs 100.[xi] “It costs the Unique Identification Authority of India (UIDAI) Rs.100 to generate each aadhaar number, which will help address the challenges of inclusion,” said Nilekani. Even this is an incomplete answer, because several other agencies are also incurring a cost to enrol each person. Because of the way the system of issuing numbers is set up (see below), there is no transparent way to calculate the cost of this project.

According to the Budget documents, Rs100 crores was approved in 2009-2010 to fund the agency for its first year of existence. This shot up to Rs 1,900 crores in 2010-11. According to columnist Praful Bidwai, the Planning Commission is allocating Rs 35,000-45,000 crores over the next five years – to cover only half the population.

There are also reports that the fund allocation for the first phase is about Rs 3,000 crores. It is a bit worrying that the public can find out about the UID only in phases…

Q. 10. Is your UID number a proof of citizenship?

No. Since it is not restricted to Indian citizens, and is meant for all residents of India, the UID number is no proof of citizenship.

Q. 11. Is it compulsory to enrol under UID?

“Yes and no” seems to be the answer. The UIDAI claims that UID is a “voluntary facility” – no one is obliged to enrol. However, government agencies are free to make UID compulsory for their own purposes. For instance, nothing prevents the government from requiring NREGA workers to have a UID number in order to get paid. So life without a UID number may end up being quite miserable very soon. As one commentator pointed out, “This is like selling bottled water in a village after poisoning the well, and claiming that people are buying water voluntarily”.[xii]

An important point to be noted is that UID’s assurance of casting out “ghost” beneficiaries in programmes like PDS or NREGA can work out only if there is compulsory enrolment, or else both systems of authentication (identity card and Aadhar-based) must coexist – in which case, people with multiple cards may prefer to stay out of the purview of UID.[xiii]

Q. 12. What if a person doesn’t have a UID number?

The UIDAI has been on a Memorandum of Understanding (MoU) signing spree with a range of agencies including banks, state governments and the Life Insurance Corporation of India (LIC) to be “Registrars”, who then may insist that their customers enrol on the UID to receive continued service.

Clause 3 of the draft NIAI Bill, mentioned earlier, declares that “every resident shall be entitled to obtain” a UID number, but nowhere in the Bill is there a clause saying that no agency may refuse services to a person because they do not have such a number. Thus the field is wide open for compulsion.

(A quick aside: Even in the United States, privacy law categorically states that the Federal, State or government agencies cannot deny benefits to individuals who do not possess or refuse to disclose their Social Security Number, unless specifically required by law.[xiv])

B. The Enrolment Process 

Q. 13. Who will issue the UID number? 

The enrolment process is a multi-step process described below. The numbers will be issued through various agencies authorized by the UIDAI across the country, called “Registrars”. The Registrars, in turn, typically sub-contract the enrolment work to “enrolment agencies”.

Q. 14. Who is a “Registrar”?

According to the draft NIAI Bill, “Registrar” means any entity authorized or recognized by the Authority (i.e. UIDAI/NIAI) for the purpose of enrolling individuals under the Act. Potential Registrars include government departments or agencies, public sector undertakings, and other agencies that interact with residents in the regular course of implementing their programmes or activities. Registrars include government, public sector and private sector organizations.  For instance, Rural Development Departments (implementing NREGA), Civil Supplies Departments (implementing the PDS), insurance companies such as Life Insurance Corporation, and banks are some of the Registrars currently working on UID enrolment.[xv]

So far, the UIDAI has mainly engaged with state governments, central ministries and public sector organizations. The UIDAI has entered into MoUs with state governments, who select the specific departments they would like to appoint as Registrars for the enrolment process.

A Registrar is required to ensure the security and accuracy of data (particularly biometric data) collected from residents. The Registrar must retain the “Proof of Identity/Proof of Address/Consent” for enrolment documents in proper custody for the time period defined in the guidelines issued by UIDAI. They will be held responsible for loss, unauthorized access or misuse of data in their custody. In case of enrolment-related disputes, the Registrar is required to cooperate with the Authority in resolving the matter and provide access to all necessary documents and evidence. As this biometric and demographic data will pass through many hands, the UIDAI will face no action if it fails to protect this sensitive data. If an individual parts with the necessary information, he/she will face penalties. What isn’t clear is how people will know if their data has been breached and privacy violated.

Q. 15. What kind of information does one have to provide to get a UID number?

UIDAI expects all Registrars to collect the following information at the enrolment stage:

Name

Date of birth

Gender

Father’s/Husband’s/ Guardian’s name and UID number (optional for adult residents)

Mother’s/ Wife’s/ Guardian’s name and UID number (optional for adult residents)

Introducer’s name and UID number (in case of lack of documents)

Address

All ten fingerprints, digital photograph and both iris scans

In addition, Registrars may collect other information for their own purposes. For instance, if the Registrar is a bank, it could ask for your telephone number at the time of enrolment.

Q. 16. What are acceptable identification documents for UID enrolment?

The “Handbook for Registrars”, prepared by the UIDAI, lists documents that can be accepted as valid identity for UID enrolment, such as the ration card, PAN Card, Voter ID etc. (see Appendix 1 for full list).

Those who do not have any of these documents can also apply for a UID number (Aadhaar). In such cases, authorised individuals, who already have an Aadhaar, can introduce residents who don’t possess any of the requisite documents and certify their identity. Such persons are called “introducers”. 

Q.17. How does enrolment proceed?

Enrolment is a three-step operation. First, applicants are enrolled by a Registrar or enrolment agency, after recording the information mentioned earlier (name, address, etc.) and collecting the biometrics – photographs, all 10 fingerprints and iris scan. At present, Registrars have been instructed to enrol all persons above the age of five years. Second, the information so gathered is stored in a database called the Central Identities Data Repository (CIDR). Third, this repository is used for de-deplication and, later on, to provide authentication services.

De-duplication will be done by the UIDAI, using the biometrics, to make sure that no-one gets two UID numbers. The UIDAI will also issue the UID number to persons enrolled by Registrars. If any of the personal details (e.g. name and address) recorded at the time of enrolment change, it is the responsibility of the concerned person to alert UIDAI so that the database can be updated – more on this below.

Other types of identity cards already in use in India

Identity Card Concerned groups/recipients
PAN Card Every person with taxable income
Election Photo Identity Card Indian citizens above 18
Employee Provident Fund Org Employees in the formal sector
Multi-Purpose National Identity Card Citizens of India
Rashtriya Swasthya Bima Yojana Card BPL families
MGNREGA Job Card Rural residents aged 18 and above
Driving Licence Citizens aged 18 and above
Passport Citizens who travel abroad
Ration Card Families eligible for PDS

Q. 18. Will marginalised persons such as the homeless get a UID number?

In principle, yes. To refer to the UID website, “the mandate of the Unique Identification Authority of India (UIDAI) includes taking special measures to ensure that Aadhaar is made available to poor and marginalised sections of society, such as street/orphaned children, widows and other disadvantaged women, migrant workers, the homeless, senior citizens, nomadic communities including tribal, and the differently-abled”. However, it is not as simple as it sounds. Recently, an NGO’s homeless shelters were shut down by the Delhi government after it pointed out flaws in UIDAI’s registration of the homeless. The NGO, Indo Global Social Service Society (IGSSS), stopped the enrolment process of the homeless after they realized that there was no clarity on what the NGO’s liability would be.  Not only were the homeless being registered at the NGO’s address, their volunteers were asked to be the “introducers”. After one of its employees got questioned by the police for the death of a homeless person because a survey slip was found in the deceased’s pocket, the NGO decided to seek detailed information about the programme from the government, but their queries were not answered.[xvi] This story is also a useful reminder of the dangers of initiating UID enrolment without a clear legal framework. 

C. Benefits of UID

Q. 19. What are the claimed benefits of enrolling under UID? 

UID is supposed to act as a general identification facility: “Once residents enrol, they can use the number multiple times – they would be spared the hassle of repeatedly providing supporting identity documents each time they wish to access services such as obtaining a bank account, passport, driving license, and so on.”[xvii] How useful this “facility” is (and whether it is itself hassle-free) remains to be seen. Aside from this, it is claimed that the UID project is a powerful tool to fight corruption in welfare programmes, enhance inclusiveness in government schemes, and so on. Tall claims have been made, e.g., “the project possesses the power to eliminate financial exclusion, enhance accessibility, and uplift living standards for the majority poor.”[xviii] Some of the specific areas where the benefits of UID are supposed to flow are the National Rural Employment Guarantee Act (NREGA), the Public Distribution System (PDS), public health, financial inclusion, etc. How this is supposed to happen is explained in a series of concept notes posted on the UIDAI website. Three of these concept notes are critically discussed below. The intention is not to say that UID is necessarily useless, but to debunk exaggerated claims and point out that the real benefits are yet to be clearly identified.

Before we proceed, it is worth noting that the UIDAI’s concern with welfare schemes like NREGA and the PDS is not entirely disinterested. There is a catch: imposing UID on welfare schemes is a way of promoting UID enrolment. As one analyst (who is “working on the project but did not want to be identified”) put it, “the foremost priority for UIDAI right now is to get people hooked on to using its applications”.[xix] Since NREGA and the PDS are some of the biggest welfare schemes, covering most of the rural population, it is no wonder that they were identified early on as potential channels of mass enrolment. Sometimes, it looks like UIDAI needs NREGA and the PDS more than the other way round.

UID and NREGA: Claims and clarifications*

Unsuspecting readers of the UIDAI’s concept note on “UID and NREGA” may be bowled over by the power of Aadhaar.[xx] However, a closer look suggests that scepticism is in order.

Muddled thinking: “Once each citizen in a job card needs to provide his UID before claiming employment, the potential for ghost or fictitious beneficiaries is eliminated.” Elimination of ghost beneficiaries would be an important contribution, but as the same sentence makes clear, it requires compulsory and universal enrolment. Yet public statements convey that UID enrolment will be voluntary.

Poorly informed: “In many areas the wages continue to be paid in the form of cash.” In fact, the transition to bank payments is largely complete (83% of NREGA job card holders have an account). Tamil Nadu is the only “area” where wages continue to be paid in cash (retained for the sake of speed). [xxi] The introduction of payments through bank or post office accounts has made corruption quite difficult, but three ways of siphoning off money remain – extortion, collusion and fraud. Extortion means that when “inflated” wages are withdrawn by labourers from their account, the middleman turns extortionist and takes a share. Collusion occurs when the labourer and the middleman agree to share the inflated wages that are credited to the labourer’s account. Fraud means that middlemen open and operate accounts on behalf of labourers, and pay them cash. Biometric-enabled UID to authenticate identity can only help to prevent “fraud”, but is of little use in preventing collusion or extortion.

Financial inclusion: Payment of NREGA wages through banks and post offices have been made mandatory since 2008. Transition from cash to bank or post-office payments is presently complete to a large extent. In fact, over 9 crore NREGA accounts (covering 83% of NREGA job card holders) were opened by 2009-10, without UID in the picture.

What about corruption in material purchase: UID can address only some of the wage-related fraud in NREGA; it can do little about material-related corruption, a serious concern in recent years.[xxii]

Theft from beneficiaries: Benefits of the UID project are contingent on beneficiary verification at the point of service. Therefore delivery of service will depend on functional biometric equipment. This creates the following issues: (1) Every single point of service must be equipped with a biometric reader e.g., all NREGA worksites – there are about 600,000 and the simplest biometric readers cost at least Rs 2,000 each. (2) Damage of biometric readers, due to normal wear and tear or other causes (including possible sabotage), will disrupt service delivery. Any contingency measures that bypass biometric authentication will be vulnerable to fraud. (3) Corruption is rampant and requires comprehensive safeguards; a static single-point mechanism is likely to be unreliable in the medium to long-term.

Disruptive potential: Last but not least, UID could easily disrupt NREGA’s fragile processes. The UIDAI plans to involve “service providers” who will enrol individuals for UID. Later, they will be involved in authentication of workers at worksites. The result of such changes will be drastic for NREGA. Payments will come to a halt if workers are still waiting for their Aadhar number. And “service providers” are all set to invade NREGA, outside the framework of the Act, without any safeguards.

Because of this potentially disruptive role of UID in NREGA, nearly 200 scholars and activists signed and circulated a petition called “Keep UID Out of NREGA!” in December 2010.[xxiii] The concerns raised in that petition are yet to be answered.

Will UID Fix the PDS?

Similar reservations apply to the UIDAI’s concept note on “UID and PDS System”.[xxiv] Again, tall claims are made without an adequate understanding of how the PDS works.

Dealing with exclusion from social benefits: The UIDAI claims that the project can help to deal with the fact that many poor people do not benefit from government welfare schemes such as the PDS. The reason behind this, according to the UIDAI, is that people do not have an identity. However, in the case of the PDS, the two main reasons for the poor being excluded are that (a) the government is willing to provide subsidized food to too few people (“low coverage”) and (b) there is “misclassification” of households. This means that because the government’s criteria for identifying the poor, and the implementation of these guidelines, are faulty, many poor families are excluded. UID can do nothing about these two problems.

Bogus cards and de-duplication: One of the main claims is that UID will eliminate “bogus” cards. The UIDAI seems to be unable to distinguish between the various types of bogus cards: (a) “ghost” cards, i e, where cards exist in the names of non-existent or deceased persons; (b) “duplicates” where one person or household, entitled to one card, manages to get more through unfair means; and (c) “misclassified” cards, when ineligible households or persons claim benefits (or, inclusion errors). The UID can help deal with the first two, but not the third type of bogus cards (on that see “classification errors” below).

The next question then is, how large is the problem of “ghost” or “duplicate” cards. That question is not easy to answer. It is not clear how large the problem of duplicate or bogus BPL cards actually is. If the recent example of Tamil Nadu weeding out bogus cards is any evidence, then it is only 2% (Planning Commission, 2004). Chhattisgarh tried to achieve de-duplication by computerizing the database of ration card holders and distributing ration cards with holograms, without relying on UID. Eight per cent of cards were found to be “duplicate”.

Further, the elimination of ghost and duplicate cards requires that UID enrolment be compulsory and universal. This is best explained by Nandan Nilekani himself (in an interview to Outlook Business in October 2010): “You can’t make it mandatory in the first instance. Let’s say a particular state decides to issue fresh ration cards from 1 May 2011. Now, they may decide to have Aadhaar numbers on all these cards. For some time, in parallel there will be the earlier cardholders who will not have Aadhaar. We can’t completely eliminate duplication. But over time, as Aadhaar numbers in ration cards become nearly universal, they can then say ‘from now onwards, only Aadhaar-based ration cards will be accepted’. At which point, duplication will cease to exist.”

Classification errors: One of the major problems with the existing, targeted PDS is that of classification errors: many poor families are not identified as poor (“exclusion errors”) and better-off families often get the benefits (“inclusion errors”). According to Drèze and Khera (2010), nearly half of the poorest 20 percent did not have BPL cards in 2004-5. UID will not be able to correct this as it will only verify if the beneficiary exists and is unique. Consequently, the UID number won’t be able to solve the problem of misclassification.

“Last mile” problem: Another common problem is that PDS dealers “short-change” their customers: they give them less than their entitlement, and make them “sign” for the full amount. Again, UID will be of little help here. If customers can be duped into signing (or giving their thumbprint) for more than what they are given, they can surely be convinced to give their UID number for the same purpose.

Upstream Leakages: A large part of the PDS leakages happen before the foodgrains reach the PDS dealer. For example, much of PDS grain used to be diverted between government godowns and the village ration shop. The UID project is not designed to deal with upstream leakages in the distribution and delivery systems.

Portability: The UIDAI also makes a claim of “portability of benefits”, i e, that with a UID, beneficiaries can claim their benefits wherever they are. A PDS that allows beneficiaries to draw their rations from anywhere in the country would indeed be a desirable improvement over the present system. The portability argument is perhaps the most enticing aspect of the UID programme as fas as the PDS is concerned. However, this too is not very well thought through. Though the UID is portable, benefits may not be, because the latter present operational issues that cannot be solved by the UID.

A more plausible contribution of UID to “PDS reform” is that it would facilitate the transition to cash transfers (instead of food entitlements), advocated by many economic advisers and policy-makers. This move, however, is itself fraught with dangers.[xxv]

UID and Public Health

A study by Oxford University holds that in India, more than a million people die every year due to lack of adequate healthcare. Also, 700 million people have no access to specialist care, as 80 per cent of the specialists live in urban areas.[xxvi]

Against this background, the UIDAI shrewdly identified public health as a “killer application” (sic) for UID. As the UIDAI’s concept note on “UID and Public Health” states:

“Existing data bases would probably still leave a large percentage of the population uncovered. Therefore every citizen must have a strong incentive or a “killer application” to go and get herself a UID, which one could think of as a demand side pull. The demand and pull for this needs to be created de novo or fostered on existing platforms by the respective ministries. Helping various ministries visualise key applications that leverage existing government entitlement schemes such as the NREGA and PDS will (1) get their buy-in into the project (2) help them roll out mechanisms that generate the demand pull and (3) can inform a flexible and future-proof design for the UID database. It will also build excitement and material support from the ministries for the UID project even as it gets off the ground.”[xxvii] The game plan could hardly be more explicit.

Mohan Rao, a professor at the Centre of Social Medicine and Community Health (JNU, New Delhi) articulated a scathing critique of UIDAI’s lofty claims about uplifting the public health situation in the country.[xxviii]

“The UID working paper on public health would have us believe that these changes occurred because of a lack of ‘demand’ for healthcare, as it sets out what it calls a ‘killer application’ to provide citizens an incentive to obtain a UID card in order to meet health needs. This unfortunate language apart, the fact that we have not built a health system is hardly fortuitous. It is true that we do not have good quality health data or indeed even vital statistics; it is true that this should come from integrated routine health system and not ad-hoc surveys.”

He asserts that UID is not devised to deal with the public health challenges of our country. “On the contrary, given that many diseases continue to bear a stigma in this country, the UID scheme has the unique potential of increasing stigma by breaching the anonymity of health data collected. It thus violates the heart of the medical encounter, namely confidentiality. By making this information potentially available to employers and insurance companies, the scheme bodes further gross violations of health rights.”

Referring to the NGO reports about the Delhi government’s “Mission Convergence” scheme, under which biometric health insurance cards were issued to slum dwellers by which they could avail free treatment, Rao holds that there have been a lot of complaints about malfunctioning fingerprint readers, despite multiple swipes. He advises the Health Ministry to hold back on their support for UID until a conclusive study of the costs and risks of this project is undertaken.

D. Concerns: Biometrics, Privacy, Data security, Surveillance 

Q. 20. What are biometrics?

Biometrics is the science of identifying persons based on their physical (e.g. fingerprints) or behavioural (e.g. voice) traits. It builds on the fact that individuals are physically and behaviourally unique in many ways. Technically, biometrics has been defined by experts as “the automated recognition of individuals based on their behavioural and biological characteristics. It is a tool for establishing confidence that one is dealing with individuals who are already known (or not known)—and consequently that they belong to a group with certain rights (or to a group to be denied certain privileges).”[xxix]

Post “9/11”, many countries have overhauled their surveillance mechanisms through legislations and technological upgrades, and subjected the public to scrutiny. When this revamp began, the use of biometrics came to be seen as inevitable. Fierce debates emerged, as opponents have raised strong arguments against intensive monitoring, profiling and invasion of privacy. Though some of these objections stem from exaggerated fears of being victimised by government agencies wielding excessive power, others are not unjustified.

Q. 21. What are the technological concerns that face UID?

Many concerns have been expressed about the technological feasibility, reliability and safety of the UID project. Here are some.

A recent NASSCOM document, prepared by Dr. Kamlesh Bajaj, points out that since the UID database has to be accessible over networks in real time, it involves major operational and security  risks –  as with any such applications.[xxx] If networks fail or become unavailable, the entire identification system may collapse. Biometric and other data may become a target for hackers and other malicious entities. “Such a system is also prone to functional creep (secondary uses) and insider abuse. There is also a significant risk of transmitting biometric data over networks where they may be intercepted, copied, and actually tampered with, often without any detection”.

Another concern is the reliability of biometrics. For instance, since iris development does not take place till the age of 7 years and children do not have sharp patterns of fingerprints till they are 15, giving children UID numbers is a huge challenge. Also, worn-out fingers of farmers and manual labourers will be difficult to scan, and an iris scan can’t be done on people with corneal blindness or corneal scars. Some experts also argue that manufacturers have not been able to put into practice a fingerprint system that can effectively distinguish human fingers and artificial fingers of silicon, rubber, acrylic, paint, etc.[xxxi]

Aside from the costs of employing such a system, inclusive of not just the financial expenditure, but also of the time and effort it takes to enrol individuals and collect their biometric data, 100% reliability in authentication can never be guaranteed. A large proportion of biometric trials have been conducted in the “frequent traveller” setting, among volunteers who are primarily white male professionals in the 20-55 age groups.[xxxii] Diverse conditions will throw up more challenges to such a system.

Q. 22. Does UIDAI currently function under the purview of a law?

Ironically enough, UIDAI has been on an enrolling spree since September 2010 without a law sanctioned by the Parliament. However, as we saw, the proposed NIAI Bill seeks to establish the National Identification Authority of India (NIAI) as a statutory authority and lay down rules, processes and safeguards concerning Aadhaar. The NIAI would consist of a chairperson and two part-time members. The bill also authorizes the creation of an Identity Review Committee, designed to monitor usage patterns of UID numbers.

The Bill states the date of the Act coming into force as being subject to its notification by the Central Government in the gazette once the Parliament passes it. Now what is problematic here is that the collection of biometric and personal data and issuing of UID cannot and do not have any statutory sanction until the bill is passed by Parliament. Demographic and biometric information to be recorded have been left to regulations, empowering the NIAI to collect additional information without prior approval from Parliament.

Additionally, Clause 3(1) of the bill does not make it compulsory for individuals to enrol, but, as mentioned before, nothing prevents service providers or government agencies from positioning UID as a pre-requisite for availing services.

Though the information gathered by the NIAI may be shared with other agencies with the consent of the UID number holder, in this bill, the safeguards for protection of privacy of individuals are weak. Under Clause 33 (b), the NIAI is required to disclose identity information in the interest of national security, if so directed by an authorised officer of the rank of Joint Secretary or above in the central government. The safeguard for protection of privacy differ from the Supreme Court guidelines on telephone tapping; these permit phone tapping under threat of “public emergency” for a period of six months, while information gathered by UID can be shared in the interest of national security, offering no review mechanism.

This leaves space for profiling and surveillance of individuals by intelligence agencies, as nothing in the bill prevents them from using the UID to “link” various databases (such as telephone records, air travel records, etc.). This kind of a system could lead to persecution of innocent individuals who may get tagged falsely as potential threats.

As far as “Offences and Penalties” are concerned in this bill, it holds that no court shall acknowledge any offence except on a complaint made by the NIAI. This effectively exempts NIAI of any public accountability. This heavy concentration of power in a single authority is alarming and raises grave doubts about just how transparent this system really is.

*

Biometrics: Reliable or Fallible?

 

Over the years, biometrics are being used more and more for a wide variety of purposes, such as to “recognize individuals and regulate access to physical spaces, information, services, and to other rights or benefits, including the ability to cross international borders.”

Here’s why biometric systems have a shaky base:

  • Variation within persons: Biometric information may be affected by changes in age, environment, disease, stress, occupational factors, training and prompting, intentional alterations, socio-cultural aspects of the situation in which the presentation occurs, changes in human interface with the system, etc.
  • Sensors: “Sensor age and calibration, how well the interface at any given time mitigates extraneous factors, and the sensitivity of sensor performance to variation in the ambient environment (such as light levels) all can play a role.”
  • Feature extraction and matching algorithms: “Biometric characteristics cannot be directly compared but require stable and distinctive ‘features’ to first be extracted from sensor outputs”. For example, every finger of an individual will generate a different image due to external factors such as dirt, moisture, etc. Therefore these multiple impressions from one finger can be matched by good algorithms to the correct finger source.
  • Data integrity: “Information may be degraded through legitimate data manipulation or transformation or degraded and/or corrupted owing to security breaches, mismanagement, inappropriate compression, or some other means.”

Also, social, cultural and legal factors come to have a bearing on such a system’s acceptance by its users, its performance, or whether a system like this should be adopted in the first place. Such factors need to be unequivocally taken into consideration while designing the system. That is to say, the effectiveness and accuracy of the system is contingent on user behaviour which in turn is shaped by the larger social, cultural and legal context.

“When used in contexts where individuals are claiming enrolment or entitlement to a benefit, biometric systems could disenfranchise people who are unable to participate for physical, social, or cultural reasons. For these reasons, the use of biometrics— especially in applications driven by public policy, where the affected population may have little alternative to participation—merits careful oversight and public discussion to anticipate and minimize detrimental societal and individual effects and to avoid violating privacy and due process rights.” (p. 10)

Another disquieting aspect of biometric systems is the potential for misuse of power. Many experts have suggested that such fears must be addressed with all seriousness.

Although biometric systems have penetrated many areas, like identifying terrorists, criminals, personalization of social services, better control of access to financial accounts, etc, yet, a number of unsettled questions remain regarding the effectiveness and management of systems for biometric recognition, as well as the appropriateness and societal impact of their use. It looks set to expand into more areas but the intrinsic concerns of such a system have clearly not been adequately addressed. Not even close.

Source: Biometric Recognition: Challenges and Opportunities, Joseph N. Pato and Lynette I. Millett (eds.); Whither Biometrics Committee, National Research Council, 2010.

*

Q. 23. How does UID impact privacy concerns in India?

Internationally, there is growing concern about privacy and its protection. In India, however, paying lip service to this issue once in a while is as good as it gets. (Although in May 2000, the Indian government passed the Information Technology Act, a set of regulations meant to provide a comprehensive regulatory environment for electronic commerce).

Despite all assurances about protection of sensitive information on mass scale, it must be acknowledged that any database that stocks up such personal information brings with it the risk of misuse by various agencies be it public or private, impinging on an individual’s privacy. Even UIDAI chief Nandan Nilekani has conceded, on record, that the country needed well-defined privacy laws to prevent any malicious use of data. Regarding the possibility of data being misused, he said that the only service provided by the UIDAI was that of authentication.

In the NIAI Bill, there are sketchy descriptions of offences like “intentionally” accessing the UID database and damaging, stealing, altering or disrupting the data. But it provides no means for a person whose data is stored to know that such an offence has been committed; and it does not allow prosecution to be launched except on a complaint made by the authority or someone authorised by it.

So, given the lack of privacy laws in India, “convergence” of the UID database with other systems could spell a lot of trouble.

A related danger is “tracking”. This stands to alter the relationship between the state and the citizen. With the integration of databases, the state would have enormous power to track people’s movements and communications, or to profile them.

Q. 24. Is there a redressal mechanism?

It is unclear as to how errors and inaccuracies in the UID database will be corrected as they emerge. Under the proposed NIAI Bill, if someone finds that his/her “identity information” is wrong, he/she is supposed to “request the Authority” to correct it, upon which the Authority “may, if it is satisfied, make such alteration as may be required”. So although there is a legal compulsion to alert the Authority, there’s no right to correction.[xxxiii] 

E. UID and Other Databases


Q. 25. What is NATGRID?

In a lecture he gave at the 22nd Intelligence Bureau Centenary Endowment in December 2009, Home Minister P. Chidambram announced that the central government had decided to create a National Intelligence Grid (NATGRID). “Under Natgrid, twenty-one sets of databases will be networked to achieve quick seamless and secure access to desired information for intelligence and enforcement agencies,” he said.[xxxiv] Under this, the UID number of each individual will become the link between the different databases. These databases would be integrated with information available not just with government agencies and public sector, but also private organizations such as banks, insurance companies, stock exchanges, airlines, railways, telecom service providers, chemical vendors, etc. This would give security agencies the power to access sensitive personal information such as bank account details, market transactions, websites visited, credit card transactions etc.

In the 2011-2012 budget, NATGRID got an allocation of Rs. 41 crores. With an estimated overall budget of Rs 2,800 crores and a staff of 300, NATGRID is supposed to be a “world-class” measure for combating terrorism and dealing with internal security threats. NATGRID is headed by Captain Raghu Raman, former Chief of Mahindra Special Services Group.[xxxv]

Telecom and internet service providers will be obligated by regulations to link up their databases with NATGRID: “The databases so far identified for being linked in the grid include those of rail and air travel, phone calls, bank accounts, credit card transactions, passport and visa records, PAN cards,  land and property records, automobile ownership and driving licences.” In India, a citizen has virtually no legal protection against government surveillance. In a petition filed by People’s Union for Civil Liberties (PUCL) in 1996, the Supreme Court ruled against arbitrary surveillance. This was overturned by Parliament with the passage of the Information Technology (Amendment) Act 2008. No political party raised any objections when the government passed this Act, which removed certain safeguards against surveillance.

In a case pertaining to invasion of privacy, pending before the Delhi High Court, the Court observed: “We have no clear definition of what is meant by ‘invasion of privacy’ within the RTI Act.”

Then in February 2010, the Cabinet Committee on Security expressed its reservations to the Home Ministry about protection of individuals’ privacy within NATGRID and its zealous goals, and held up its development till the ministry prepared a detailed report on “inbuilt safety mechanism.”[xxxvi]

That wasn’t the only hiccup. Even Finance Minister Pranab Mukherjee adopted a cautious tone in a hand-written note addressed to NATGRID’s CEO, Raghu Raman. “Intrusion into privacy of the bank depositors is just not acceptable as it will discredit the banking system and the people will start using other modes for securing their funds and carry on transactions,” said Mukherjee.[xxxvii] This was a reaction to Raman’s efforts at giving directives to the Reserve Bank of India (RBI) to allow his organisation access to individual savings accounts through the district magistrates to identify the “terror money trail”.

Q. 26. What is Crime and Criminal Tracking Network and Systems (CCTNS)?

The Crime and Criminal Tracking Network and Systems (CCTNS), on the other hand, with an outlay of Rs 2,000 crores, aims at creating a comprehensive and integrated system for enhancing the efficiency and effectiveness of policing at the police station level through interlinking CCTNS with UID. It would facilitate exchange of data on criminals. Around 20,000 police stations, courts, fingerprint bureaus, forensic laboratories etc., will be linked on a national databank, thereby helping people to lodge and track complaints on line. Linking of UID with such e-governance projects will lead to consolidation of data and greater profiling by the state.

Q. 27. What is the National Population Register (NPR) and how is it linked to UID?

The arduous task of providing over a billion people with a UID number also overlaps with the mandatory Census of 2011, which will ultimately lead to the establishment of the National Population Register (NPR). The NPR project has not been initiated under the Census Act, 1948. It is being carried out under the Citizenship Act of 1955 (after an amendment was made) and the Citizenship (Registration of Citizens and Issue of National Identity Cards) Rules 2003.

After a cabinet meeting in March 2010, chaired by Prime Minister Manmohan Singh, the creation of NPR was approved. “The project would cover an estimated population of 1.2 billion and the total cost of the scheme is Rs 3,539.24 crores,” Information and Broadcasting Minister Ambika Soni told reporters.[xxxviii] She said the creation of a digital database with identity details of all individuals along with their photographs and finger biometrics “will result in the creation of a biometrics based identity system in the country… will enhance the efficacy of providing services to the residents under government schemes and programmes, improve the security scenario and check identity frauds in the country”.

Data for the NPR will be collected along with the house listing and housing census which started in April 2010, and was supposed to be completed by September 2010. The NPR database, on being finalized, is to be sent to the UIDAI for biometric de-duplication and allocation of a UID number. “This number will be added to the NPR database,” Soni said.

Little is known about how the government plans to integrate UID with NPR. In the village of Tembhali, both were meant to work together in capturing biometrics. The Census Office (also known as the Registrar General of India) has been given the authority to collect the biometric data through an Act of Parliament. But the information recorded by the private enrolment agency working for UIDAI is different from the details captured by the census enumerators. Unique identity numbers were meant to be issued by the agency based on the information recorded for NPR.  This meant that while every Indian resident would have an NPR card and a UID number, the enrolment was meant to be carried out by the Census office[xxxix].

But for now it looks like the private registrars working on behalf of UIDAI do not have access to the digitised NPR information and have started the collection process again. In a recent report, it was found that in Sahada, a tehsil in Nandurbar (Maharashtra), the residents were being enrolled again even though they were the first recipients of UID cards in the country last September. Tera Software Limited, the registrar in Sahada, has been collecting information which doesn’t match with the details collected by the census office. While the census captured demographic data such as name, address, educational qualifications etc, the UID enrolment form has been asking residents to fill up information such as voter card number, PAN number, LPG connection number, etc.

Recently, UIDAI put forward a request to the government for an additional Rs. 15,000 crores to enrol the population by capturing the biometric data by using its own agents.

This means that if both Census and UIDAI carry out their own enrolments, it would cost the government an additional Rs 10,000 to 40,000 crores.[xl] Also, while the UID is doling out incentives for people to register, NPR has no such plans. Because of this, states such as Rajasthan, Madhya Pradesh and Gujarat have opted out of NPR. While UIDAI has relied on 209 registrars as part of its “outsourced service oriented” infrastructure, concerns have been raised about private enrolment agencies handling personal data such as bank account details.

The risk of misuse gets greater as some of the enrolment agencies such as Alankit Assignments, Alankit Finsec and Alankit Lifecare have a stake in the healthcare and insurance sectors. Some private enrolment agencies such as Tera Software have been found sub-contracting the work to other firms without government approval.[xli] A group of central public sector firms and the Department of Information Technology are responsible for capturing biometric data for NPR. Concerns were raised by the Standing Finance Committee of the Parliament for the Ministry of Planning about UIDAI collecting biometric data without any legal approval.

There are critical arguments against such linking of data. Says law researcher and rights activist Usha Ramanathan: “There is an express provision regarding ‘confidentiality’ in the Census Act, which is not merely missing in the Citizenship Act and Rules but there is an express objective of making the information available to the UIDAI for instance, which marks an important distinction between the two processes. Section 15 of the Census Act categorically makes the information that we give to the census agency ‘not open to inspection nor admissible in evidence’. The Census Act enables the collection of information so that the state has a profile of the population; it is expressly not to profile the individual.”[xlii]

She continues, “The information gathered in the house-to-house survey, and the biometrics collected during the exercise, will be fed into the UID database. This will provide the bridge between the ‘silos’ of data that are already in existence, and which the NPR will also bring into being.”

And now to briefly turn to UK’s experience when the proposal of initiating a National ID system was in consideration. It saw a multitude of arguments from civil society activists and the media about the issue. “The government wants to reassure us. It says it’s trustworthy; it says there’s a lot of scattered data out there about us anyway – surely it’s just common sense to link it up? Yet security experts know that the linking and aggregation of detailed personal information on this gigantic scale will be unstable and dangerous to everyone, because of the depth of what it reveals, because of its secrecy and because it will present a vulnerable target for electronic attack, whether by hostile governments, by international terrorism, or by your spiteful colleague,” says Christina Zaba, a journalist and activist.[xliii]

Q. 28. How is UID related to NATGRID, CCTNS, NPR and other databases?

The UID number will be fed into a database to be shared with NATGRID, which includes 11 security and intelligence agencies (Intelligence Bureau, Research and Analysis Wing, CBI, Central Boards of Excise and Direct Taxes, etc). This kind of cross agency interlinking will enable them “to detect patterns, trace sources for monies and support, track travellers, and identify those who must be watched, investigated, disabled and neutralized”.[xliv]

“There are presently various pieces of information available separately, and held in discrete ‘silos’. We give information to a range of agencies; as much as is necessary for them to do their job…The ease with which technology has whittled down the notion of the private has to be contained, not expanded. The UID, in contrast, will act as a bridge between these silos of information, and it will take the control away from the individual about what information we want to share, and with whom,” says Usha Ramanathan.[xlv]

Q. 29. Is there a role for private sector firms in the UID project?

There’s a good reason why the UID project is getting a unanimous thumbs up from the corporate sector. Initial estimates suggest that the project will create 1,00,000 new jobs in the country, and business opportunities worth Rs 6,500 crores  in the first phase.[xlvi]

The UID project, built on the PPP model, is a complicated system that depends on complex technology. Aside from issuing UID numbers, the UIDAI is expected to act as a regulatory authority, manage a Central Identities Data Repository (CIDR), update resident information and authenticate the identity of the residents as required.

UIDAI has awarded four consortia (Accenture, Mahindra Satyam, Morpho and L1-Identity Solutions) to implement core biometric identification systems in support of the Aadhaar programme. Essentially these four agencies would design, supply, install, commission, maintain and support the biometric identification subsystem. They would also be involved in the development of a software development kit (SDK) for client enrolment stations, the verification server, manual adjudication and monitoring functions of the UID application.[xlvii]

As far as Accenture is concerned, the terms of its initial contract will run up to two years or until 200 million enrolments have been registered (whichever comes first). Along with Accenture, the team includes Daon, a leading global provider of biometric technologies, and MindTree, a Bangalore-based global IT company that delivers innovative technology solutions. L-1 Identity Solutions is a large American defense contractor in Connecticut. It was formed in August 2006 from a merger of Viisage Technology and Identix Incorporated. It specializes in selling face recognition systems, electronic passports such as Fly Clear, and other biometric technology to governments such as the United States and Saudi Arabia. It also licenses technology to other companies internationally, including China.

Also, the contracts for purchase of biometric devices have been bagged by Tata Consultancy Services (TCS), HCL Info Systems Ltd, Base Systems Pvt Ltd, 4G Identity Solutions Pvt Ltd, e-Smart Systems Pvt Ltd.

Private players are set to reap the benefits. “We considered 2009 as a launch year for the expo entirely focused on homeland security and we saw over 130 companies from 15 countries participate. Next year we expect larger participation, especially from the US and European countries including France and Russia,” Mehul Thakkar, marketing manager of INDESEC, said. 

Q. 30. More than meets the eye?

With regard to L1 Identity Solutions, it is interesting that former Central Intelligence Agency (CIA) and other American defense organisations’ officers are now working in the capacity of directors and other positions in the top management of the company. While that is not exactly illegal, it has overtones of inappropriateness.  George Tenet, former director, CIA, is on the board of directors of L1 Identity Solutions, among other similar organizations, and has been accused, not without reason, of profiting from the involvement of such companies in the Iraq war.[xlviii] Also Safran, a French company, acquired L-1 Identity Solutions following the sale of L-1’s intelligence services businesses to BAE Systems. After giving effect to the BAE Systems transaction, L-1 will consist of Secure Credentialing Solutions, Biometric and Enterprise Access Solutions and Enrolment Services.

In the United States, L-1 not only manages the state driver’s license business but is also engaged in the production of all passports, provides identification documents for the Department of Defense and has contracts with nearly every intelligence agency in the government. L-1 was rejected by US government agencies on grounds of low quality of its biometric cards. In June 2010, a support contract unit of L-3 Communications Corp said it was de-listed from providing service to any federal agencies in the US. The support contract unit was providing aircraft maintenance and logistic support to the US Air Force. The unit allegedly used government computer networks to collect data to promote its own business. In September 2010, the company received US$ 24 million for the project from the UIDAI. The company has already shipped some units of the Agile TP fingerprint slap devices and mobile iris cameras. In a Forward Looking Statement the company said it hopes to complete the remainder of the shipment by March 2011.[xlix]

Mark Lerner, who is with the Constitutional Alliance (an American non-profit educational organisation) and is also the author of the book Your Body is Your ID, says: “To a large extent it is fair to say that your personal information is L-1’s information. L-1 is the same company that thinks our political party affiliation should be on our driver’s license along with our race.” Commenting on L-1’s acquisition by Safran, he continues: “Just think about how happy you can feel now knowing that your personal information including your social security number and biometric information (fingerprints, iris scans and digital facial images) may soon be available to a French company. The federal government must sign off on the deal before the deal can be sealed. All this brings us back to the topic of the revolving door that exists between government and corporations.” [l]

The prospect of such companies having a deep reach into the massive sensitive UID database would make any person weary.

Q. 31. Are there any other business interests in UID we should be concerned about?

Yes. For instance, there is a vast potential for UID applications in the field of marketing. UID seems set to facilitate charting of consumption patterns to an integrated pan India database which “would work towards promoting India as an accessible market place for banking, financial and other institutions”.[li] This is possibly going to alter the idea of citizenship drastically in the end.

Addressing the Nielsen Company’s “Consumer 360” event in New Delhi on 25 November 2010, UIDAI Chairman Nandan Nilekani said that over a third of India’s 1.1 billion “consumers” had been largely overlooked in areas such as banking and social services.[lii]

“The (unique identification) number will create a much more open marketplace, where hundreds of millions of people who were shut out of services will now be able to access them,” he told business leaders, adding that the poor find it difficult to reach the market. “Their anonymity limits agencies from providing them services that are remotely available, and that could be accessed through a mobile phone,” he said.

There is a definite move in the industry to co-opt the public on the use of sensor technology and how it can radicalize everyday life. According to Infosys’s chief executive officer S. Gopalakrishnan, sensor technologies integrated with IT networks, cloud computing, and the mobile internet “will drive investment, and change how companies automate business processes in the future”.[liii] Integrated sensor technologies are attuned to identifying a customer entering a store and offer her new products and customized discounts based on her prior buying behaviour, he adds.

The use of biometrics in consumer ID applications worldwide are projected to grow at a Compound Annual Growth Rate (CAGR) of around 27% between 2010 and 2012.[liv] With advancements in sensor technology and algorithms, biometrics seem to have become a choice for the financial services industry as well.

F. Similar Initiatives across the World 

Q. 32. How have other countries approached such projects?

Debates about systems of national identification have been taking place worldwide for a long time, but with a growing intensity in the last few years. Technological progress and the current socio-political scenario have led to growing support for complex ID systems from governments and particular sections of the population. Below is a brief description of similar projects across the world (for country-specific details, see Appendix 2).

Some of the most prolific examples of National ID programmes and their subsequent outcomes can be seen in Australia, UK and the US. Australia witnessed perhaps the fiercest opposition to national ID cards. In 1985, there was a proposal to introduce these cards (mostly for curbing tax evasion) but due to severe backlash from activists and citizens, backed by strong media support, it was withdrawn in 1987.

The Real ID Act passed by the US in 2005 has also been opposed by many states on grounds of privacy and threat to data security. As a compromise, the Obama administration, in 2009, introduced Pass ID in the Congress. The Pass ID Act sets strong security standards for identification cards and driver’s licenses. However, it does not collect personal information of individuals and store it in a centralized database, accessible by any state authority, as the UID project does.

After many deliberations and public debates, the “UK National Identity Card Scheme” was scrapped in 2011 by the Conservative-Lib Dem Coalition. Some of the primary reasons cited were the cost of implementing the scheme (£4.5bn) and the infringement of civil liberties. Among European nations, many have ID cards, voluntary or mandatory. An interesting case is that of Germany. Starting in November 2010, German ID cards were incorporated with RFID chips containing personally identifiable information including a biometric photo and, if desired, two fingerprints. After a group hacked the new national ID system, live on TV, Germany’s Federal Office for Information Security acknowledged that the card’s PIN can be cracked using trojan malware, similar to keylogging software.

Some Middle Eastern countries are planning to issue “smart” ID cards, with Oman taking the lead. The ID card in Oman stores fingerprints, but information on the card is not given to all government agencies nor the private sector.

In Asia, one country worth mentioning is Malaysia, which has made a successful transition to a smart card containing personal information including health details and driving licenses. Taiwan’s attempts to introduce a national ID card with fingerprints met with severe opposition due to privacy issues. In China, there was a system of providing ID cards, containing very basic information, since 1985. In 2003, the card was legally updated for law and order purposes and comprised of a chip storing additional information. By 2004, the government introduced the “second generation” mandatory ID cards, which had a small storage capacity, therefore restricting information to name, gender, ethnicity, residence and date of birth – but decided against it as this huge system was found to be very challenging to handle and of doubtful reliability.

Given this context, it becomes glaringly obvious just how pervasive and intrusive the UID system is set to be, far more than any of the systems that have been rejected elsewhere. Some people argue that just because countries like the US, UK and Australia were not able to implement or simply scrapped similar programmes, doesn’t mean India cannot do it – India can be a leader in implementing such an ambitious programme. But then again, isn’t it sensible for a “global” nation like India to learn from the experiences of other countries – the very same ones a section of the population believes India aspires to be like?

 

END NOTE

It is important to understand that implementing a national ID system of this magnitude is poised to alter the way we live as well as the relationship between the citizen and the state. As Graham Greenleaf, an Australian data protection expert and one of the pioneers of the anti-ID card movement, puts it: “Is it realistic to believe that the production of identity cards by children to adults in authority to prove their age will be ‘purely voluntary’? The next generation of children may be accustomed to always carrying their Cards, to get a bus or movie concession, or to prove they are old enough to drink, so that in adult life they will regard production of an ID card as a routine aspect of most transactions.”

The UID project has the potential of being a financially exorbitant and socially invasive debacle, given that it is the largest national ID card project in the world, in scale and scope. Instead of the government becoming more accountable to its citizens, this system lays the burden on the governed. Of course, if the project succeeds, it may have useful applications too. But does this justify the kind of intrusion that UID is set to create into people’s lives? Perhaps what would help is a meaningful dialogue with various sections of society, with ample space to debate the implications of such a project and even reconsider it.

References

Bidwai, Praful (2010), “Why Indians Should Fear the UID”, Rediff News, 12th October 2010.

Drèze, Jean (2010), “UID: Unique Facility or Recipe for Trouble?”, The Hindu, 25th November 2010.

Harlarnkar, Samar (2010), “Play it again, Sam”, Hindustan Times, 11 October.

Himanshu (2010), “The Foundations of Aadhaar”, Livemint, 5th September 2010.

Khera, Reetika (2010), “Not all that unique”, Hindustan Times, 30th August 2010.

Khera, Reetika (2011), “The UID Project and Welfare Schemes”, Economic and Political Weekly, 4th March 2010.

Lerner, Mark (2010), “The Revolving Door that Never Stops Turning”,  November 2010.

London School of Economics and Political Science (2005), The Identity Project: An assessment of the UK Identity Cards Bill and its Implications (London: London School of Economics and Political Science).

Mittal, Tusha (2009),“Falling Between the Bar Codes”,  Tehelka, 22nd  August.

Planning Commission (2004), “A Study of the Effectiveness of Public Distribution System in Rural Tamil Nadu”.

Ramanathan, Usha (2010a), “Implication of Registering, Tracking, Profiling”, The Hindu, 5th April.

Ramanathan, Usha (2010b), “A Unique Identity Bill”, Economic and Political Weekly, 24th July.

Ramanathan, Usha (2011), “The Personal is the Personal,”  Indian Express, 6 January.

Rao, Mohan (2010), “UID and Public Health: Magic Bullet or Poison Pill?”, The Asian Age, 24th  December.

Shorrock, Tim (2007), “George Tenet cashes in on Iraq”, 7th May 2007.

Shukla, Ravi (2010), “Reimagining Citizenship: Debating India’s Unique Identification Scheme”, Economic and Political Weekly, 9th January.

UIDAI, “UIDAI Strategy Overview: Creating a unique identity number for every resident in India”, available at http://uidai.gov.in

UIDAI, “Registrar FAQ’s: Summary of responses to Questions Frequently Asked by Registrars”, available at http://uidai.gov.in

UID Project (Aadhar) Issue Overview

Lockheed Martin ends association with Wipro in network centric warfare project”, Defenseworld.net, Februaury 11th, 2009

Lockheed Martin, Wipro To Light Ambar Jyoti In India”, EFYTimes.com, August 13th, 2007

UIDAI rolls out 10 Lakh ‘Aadhaar’ Numbers”, Times of India, January 13th, 2011

Additional Links:

Lockheed Martin Team Wins Role on Key Department of Defense Biometrics Contract Vehicle

Mahindra Satyam and Morpho selected to develop and maintain systems for Unique Identification Authority of India

Intel forms open data centre alliance,” Times of India, October 28th, 2010

Appendix 1

Valid Identification Documents

A range of identification cards/documents were in use before the UID came into the scene. They are listed below, along with the information they contain:

Documents Containing Name and Photo

1. Passport

2. PAN Card

3. Ration/ PDS Photo Card

4. Voter ID

5. Driving License

6. Government Photo ID Cards

7. NREGS Job Card

8. Photo ID issued by Recognized Educational Institution

9. Arms License

10. Photo Bank ATM Card

11. Photo Credit Card

12. Pensioner Photo Card

13. Freedom Fighter Photo Card

14. Kissan Photo Passbook

15. CGHS / ECHS Photo Card

16. Address Card having Name and Photo issued by Department of Posts

17. Certificate of Identify having photo issued by Group A Gazetted Officer on Letterhead

Documents Containing Name and Address

1. Passport

2. Bank Statement/ Passbook

3. Post Office Account Statement/Passbook

4. Ration Card

5. Voter ID

6. Driving License

7. Government Photo ID cards

8. Electricity Bill (not older than 3 months)

9. Water bill (not older than 3 months)

10. Telephone Landline Bill (not older than 3 months)

11. Property Tax Receipt (not older than 3 months)

12. Credit Card Statement (not older than 3 months)

13. Insurance Policy

14. Signed Letter having Photo from Bank on letterhead

15. Signed Letter having Photo issued by registered Company on letterhead

16. Signed Letter having Photo issued by Recognized Educational Instruction on letterhead

17. NREGS Job Card

18. Arms License

19. Pensioner Card

20. Freedom Fighter Card

21. Kissan Passbook

22. CGHS / ECHS Card

23. Certificate of Address having photo issued by MP or MLA or Group a Gazetted Officer on letterhead

24. Certificate of Address issued by Village Panchayat head or its equivalent authority (for rural areas)

25. Income Tax Assessment Order

26. Vehicle Registration Certificate

27. Registered Sale / Lease / Rent Agreement

28. Address Card having Photo issued by Department of Posts

29. Caste and Domicile Certificate having Photo issued by State Govt.

Proof of Date of Birth Documents

1. Birth Certificate

2. SSLC Book/Certificate

3. Passport

4. Certificate of Date of Birth issued by Group A Gazetted Officer on letterhead


Appendix 2

ID Systems and Debates across the World

Improvements in technology have radically altered the pace at which systems of identification have developed all over the world. Taking lessons from the experiences of other nations who’ve taken similar paths, or not, would serve well before the mammoth task of implementing UID amongst a population of over a billion, is undertaken.

European Countries

Most European Union members have voluntary and compulsory ID cards except Denmark, Latvia and Lithuania. In Sweden, information is stored on a chip in the card and not in any central database.

France

The national identity card (Carte Nationale D’identité Sécurisée or CNIS) of France is an official non-compulsory identity document consisting of a plastic card bearing a photograph, name and address.

The fingerprints of the card holder are stored in paper file and are only accessible to judges in extreme circumstances. The information on the card is duplicated in a central database but access is limited by strict laws and is not linked to any other records. The card is often used to verify nationality and for travelling within the EU. Following a study launched in 2001, the government planned to introduce a new card the INES (carte d’identité nationale électronique sécurisée) also known as “secure electronic national identity card”, that would contain biometric fingerprints and photograph data on a chip which would be recorded on a central database. A group of French bodies initiated a report and petition against the plans. Although draft legislation was published in 2005, the government has yet to set a date for a discussion of the proposals in the Parliament. [lv]

Germany

In Germany, it is compulsory for all citizens, 16 years or above, to possess either a Personalausweis (identity card) or a passport, but it’s not necessary to carry one. While authorities have a right to demand to see one of those documents, the law does not state that it is necessary for one to submit the document at that very moment. But most Germans carry their Personalausweis with them as driver’s licences are not legally accepted forms of identification in Germany.[lvi]

Beginning in November 2010, German ID cards contain RFID chips with personally identifiable information including a biometric Photo and, if desired, two fingerprints. The German government’s new national ID card was publicly hacked on TV by members of the infamous Chaos Computer Club. Members of the Chaos Computer Club demonstrated how easy the cards were to crack live on the WDR TV channel. The hackers cracked the PIN system on the cards, which then allowed them to impersonate the cardholder online. Germany’s Federal Office for Information Security acknowledged that the card’s PIN can be cracked using trojan malware, similar to keylogging software.[lvii]

United Kingdom

The government’s attempts to impose compulsory ID cards sparked off fury early this year. The Home Affairs committee shot down the idea as its benefits outweighed the increased data protection risks. In July 2002, David Blunkett, Former Labour Home Secretary had initiated plans for an identity card scheme. By February 2010, the government scrapped the plan as the scheme’s overall cost massively inflated to an estimated £4.5bn. These cards were intended to hold biometric data such as name, fingerprints and a photograph on an encrypted chip. Apart from this, the National Identity Register was designed to hold up to 50 different types of personal information. These identity cards were aimed at tackling illegal immigration, fraud and identity theft – but eventually were abandoned after they were criticised for infringing civil liberties and being too expensive. After the plans were abandoned, personal information of 15,000 people who applied for an ID card before the scheme was cancelled, were systematically destroyed (not disabled) by the British government. [lviii]

Bosnia

The Bosnian government pushed for a national ID in 2002, with the stated intention of promoting unity. The technology under usage includes a bar code instead of a chip on the card along with a photograph, signature and a single fingerprint. It decided against using a smart card chip.

United States of America

The Social Security programme number is also used as the national identification number. But attempts at introducing biometric national cards have come under fire from rights groups.

45 organizations representing privacy, consumer, civil liberty and civil rights organizations joined together and launched a nation wide campaign to garner public support to stop America’s first national ID system: REAL ID. The Real ID Act of 2005 was the result of recommendations of the 9/11 Commission and was passed as part of anti-terrorism effort. This act would’ve allowed all driver’s licenses to be linked, leading to a person’s records to be accessible by officials in other states and federal agencies. Although initially it wasn’t mandatory for states to issue Real ID Cards, the Department of Homeland Security eventually wanted Real ID cards to be required for air travel and for receiving benefits such as Social Security. [lix]

This card would’ve included identity documents such as a photo ID, documentation of birth date and address, proof of citizenship or immigration status and verification of Social Security numbers. The states were required to hold digital images of each identity document for periods ranging from seven to 10 years. The groups opposing this measure were concerned about the increased threat of counterfeiting and identity theft, lack of security to protect against unauthorized access to the content, cost burden on the taxpayers, diversion of funds meant for homeland security, increased costs for obtaining a license or state issued ID card, and because Real ID would create a false image that it is secure and impenetrable.

Even a couple of the most vocal senators on implementing national ID, Sen. Charles Schumer (D-New York) and Sen. Lindsay Graham (R-South Carolina)  said that, “We would require all U.S. citizens and legal immigrants who want jobs to obtain a high-tech, fraud-proof Social Security card. Each card’s unique biometric identifier would be stored only on the card; no government database would house everyone’s information,” [lx]

Despite this, many civil society activists and citizens voiced their intense disapproval for such a measure. Jim Harper, Director of Information Policy Studies at the Cato Institute, believed that the plan would undoubtedly lead to a national database. He added that “there is no practical way of making a national identity document fraud-proof.”

By October 2009, 25 states approved resolutions not to participate in the programme. The resolution passed in Utah stated that Real ID is “in opposition to the Jeffersonian principles of individual liberty, free markets, and limited government.” It further states that “the use of identification-based security cannot be justified as part of a ‘layered’ security system if the costs of the identification ‘layer’–in dollars, lost privacy, and lost liberty–are greater than the security identification provides”.

As a compromise, the Obama administration introduced Pass ID in the Congress. The Pass ID Act sets strong security standards for the issuance of identification cards and driver’s licenses. On the other hand, it does not collect personal information of individuals and store it in a centralized database, accessible by any state authority. [lxi]

Canada

It had a short-lived deliberation over adopting national ID cards. But after an interim report the Canadian Government is moving to implement biometric passports. Although the national ID card plan was dumped officially in March 2004, in April 2004 the Government announced its plans for biometric passports.

Pakistan

Since the 1960s, Pakistan has been issuing National Identity Card (NIC) numbers to its citizens. Established in the year 2000, the National Database and Registration Authority (NADRA) is Pakistan’s state-owned IT services company that specializes in implementing multi-biometric national identity cards and e-passports, as well as secure access verification and control systems in both public and private sectors. In fact, what is not widelysome reports originating from the Planning Commission raised questions about UIDAI ignoring not just privacy concerns, but also the sample test results. So far, data results from just 20,000 people has been the basis for over 1.2 billion UID numbers known is that Pakistan is amongst the first few countries in the world to attempt to issue national ID biometric cards and e-passports to its citizens (Pakistan has also issued over 7 million e-passports to its citizens since October, 2004)[lxii]. In February 2006, the Authority had issued its 50 millionth Computerized National Identity Card. However, the picture ain’t as rosy as it seems. The NADRA is dogged with allegations about tricksters having a ball with this programme and getting away with creating fake ID cards in huge numbers. Another sticky issue is that of Afghan refugees living in Pakistan and what consequence giving them Pakistani nationality would lead to.[lxiii]

Malaysia

The country has always had a national ID card, but in 2001, moved to replace the existing card and driving licenses with a smart card containing a 64k chip called the MyKad or the Malaysian Card. This chip contains a thumbprint and other personal information, including basic health details. It is presently a world leader on identity systems. 

Japan

The government’s national ID plans took the form of Juki Net, a Basic Resident Registration Network in 1999(it was a voluntary card with a unique 11 digit number) that had a tumultuous start, and was faced with a lot of protests over security issues and had to deal with quite a few court cases filed on the basis of unconstitutionality. However in 2008, the ID system got the go ahead after its constitutionality was established by the Supreme Court

Taiwan

Taiwan had been trying to implement biometric identification system for quite some time. But a move to incorporate fingerprints in the card was met with fierce opposition. Aside from privacy implications, fingerprinting was deemed  indecisive in solving criminal cases. The Vice President of the time, Annette Lu, felt that the fingerprint condition in the ID was unconstitutional and would undermine the nation’s democratic credentials by stating that, “The government’s collection and storage of fingerprint records constitutes a collection of individual data and involves the questions of guarantees of the individual right of privacy and information autonomy.”

People’s Republic of China

The Chinese government had implemented a system of providing ID cards, containing very basic information to every citizen since 1985. In 2003, the card was legally updated to verify citizens’ identity and law and order purposes and comprised of a chip that stores additional information. By 2004, the government introduced the “second generation” mandatory ID cards, involving contact less chips containing a small storage capacity (4k- therefore, restricting information to name, gender, ethnicity, residence and date of birth).

They deliberated on incorporating fingerprints but decided against it as they found the system to be very challenging to handle and had reservations about its reliability. Seemingly, biometrics overwhelm a system of this nature. “Such an effort to introduce biometrics, the huge quantity (of cardholders), is not feasible,” said an official from the Chinese National Registration Centre.

Early this year, China began issuing smart cards to its citizens. The cards can also help identify those who use ATMs, enter a building with an electronic guard system or even pick up their children from kindergarten.

Australia
After the Second World war ended, the national cards were withdrawn. The issue of national ID cards was raised 30 years later and after a few government inquiry reports, dropped the idea. It resurfaced in 1985, when the government proposed Australian cards, mostly to curb tax evasion. Australia probably witnessed the most forceful protests and campaigns against a national ID proposal. Following a vigorous opposition campaign, the proposal was withdrawn in 1987. Though Australia is including biometrics in passports, it is limited to a digital photograph.

West Asia

According to reports, Oman, UAE, Saudi Arabia and Israel are drawing up plans of issuing “smart” ID cards, with Oman taking the lead and the card it issues will store fingerprints. The purpose behind issuing these cards in the country is primarily immigration management. Even though the Oman government is planning multiple applications on the card, however, information on the card cannot be disseminated to all government agencies nor to the private sector.

Notes


* The authors are graduate students at Jawaharlal Nehru University (JNU, New Delhi) and the Delhi School of Economics, respectively (contact address: uidfordummies@gmail.com). We thank Reetika Khera and Jean Drèze for their useful inputs and insightful comments.

* This section and the next draw on Reetika Khera, “Not all that unique”, Hindustan Times, 30 August 2010; see also Khera (2011).


[i] Srinivasaraju, Sugata, “Biometry Is Watching”, Outlook, 17th May, 2010.

[ii] Narendra Kaushik (2011), “Cards to Nowhere”, Inclusion, April-June 2011.

[iii] Gupta, Vishv, “What the UID project will not do”, Tehelka, 2nd June, 2011.

[iv] UIDAI, “UIDAI Strategy Overview: Creating a unique identity number for every resident in India.”

[v]  PRS India, “The National Identification Authority of India Bill, 2010”.

[vi] UIDAI, “UIDAI Strategy Overview: Creating a unique identity number for every resident in India”.

[vii]  Mittal, Tusha, “Falling Between the Bar Codes”, Tehelka, August 22nd, 2009.

[viii]  Moneylife.in, “No card, only a number despite Rs. 45,000 crore being spent on the UID project”.

[ix] See https://portal.uidai.gov.in/uidwebportal/dashboard.do

[x] Bidwai, Praful, “Why Indians Should Fear the UID”, Rediff News, October  12th , 2010.

[xi] Editor’s Guild of India’s Annual Rajinder Mathur Memorial Lecture attended by writers of this primer.

[xii] Dreze, Jean, Unique Facility or Recipe for Trouble, The Hindu, November 25th, 2010

[xiii] Sanyal, Kaushiki and Kumar, Rohit (2011), “The National Identification Authority of India Bill (2010)”, PRS Legislative Research, June 2nd, 2011.

[xiv] Justice.gov, Overview of the Privacy Act of 1974, 2010 Edition.

[xv] UIDAI, “Registrar FAQ’s: Summary of responses to Questions Frequently Asked by Registrars”.

[xvi] Sethi, Nitin, “NGO’s shelter shut after it pointed out UID flaws”, Times of India, 4th July 2011.

[xvii] UIDAI, “UIDAI Strategy Overview: Creating a unique identity number for every resident in India”.

[xviii] UIDAI, “UID and NREGA”.

[xix] Agarwal, Surabhi,“UID Puts Revenue Stream on Hold”, Livemint, 16th February, 2011.

[xx] UIDAI, “UID and NREGA”.

[xxi] On the issue of corruption and the transition to bank and post office payment of NREGA wages, see Siddharth and Vanaik (2008), Dreze and Khera (2008), and Adhikari and Bhatia (2010).

[xxii] “UID Project (Aadhar) Issue Overview”,

[xxiii] See http://www.sacw.net/article1722.html.

[xxiv] UIDAI, “UID and PDS System”.

[xxv] See various documents posted on the website of the right to food campaign (www.righttofoodindia.org); also the recent “open letter” to the Prime Minister on this subject, based on a survey of the PDS in nine states.

[xxvi] Thaindian News, “Lacking Healthcare, A Million Indians Die Every Year”, 2nd February, 2009.

[xxvii] UIDAI, “UID and Public Health”.

[xxviii] Rao, Mohan, “UID and Public Health: Magic Bullet or Poison Pill”, The Asian Age, 24th December, 2010.

[xxix] Pato and Millette (2010), “Biometric Recognition: Challenges and Opportunities”.

[xxx] Dr. Kamlesh Bajaj, “Security and Privacy Challenges in the Unique Identification Project,” Project RISE (A NASSCOM initiative) 25th March, 2010

[xxxi] Ton van der Puetter and Jeroen Keuning “Biometrics and Fingerprints”,

[xxxii] London School of Economics and Political Science (2005), The Identity Project: An assessment of the UK Identity Cards Bill and its Implications (London: London School of Economics and Political Science).

[xxxiii] Also refer to Drèze, Jean (2010), “UID: Unique Facility or Recipe for Trouble?“, The Hindu, 25 November

[xxxiv]  Kakatkar-Kulkarni, Manasi, “Chidambaram proposes radical restructuring of India’s security structure”, Foreign Policy Association, December 23rd, 2009

[xxxv]  Pandey, Brijesh, “Natgrid will kick in from May 2011. Is the big brother threat for real?”, November 13th, 2010.  Also refer to this Rediff report.

[xxxvi] Times News Network, “CCS seeks tighter privacy safeguards in NATGRID proposal,” Times of India, February 11th, 2010

[xxxvii] Governance Now, “Fin min says no to Natgrid spying on bank account-holders”, 27th September 2010

[xxxviii] Hindustan Times, “Cabinet clears creation of National Population Register”, 19th March 2010

[xxxix] “Aadhar: Pied Piper of Technology”, Inclusion, April- June 2011
[xl] Dhoot, Vikas, “Nandan Nilekani’s UIDAI and Census’ NPR in role overlap for fingerprinting and other biometric data”, Economic Times, 11 August 2011
[xli] Rahman, Shafi, “Unique ID project hits legal hurdle”, India Today, 25th July 2010.

[xlii] Ramanathan, Usha, “Implications of registering, tracking and profiling”, The Hindu, 4th April, 2010.

[xliii] Zaba, Christina, “When the eyes don’t have it,” New Statesman, 30th May, 2010.

[xliv] Ramanathan, Usha, “A Unique Identity Bill”, Economic and Political Weekly, VOL XLV NO 30, July 24, 2010

[xlv] Ramanathan, Usha, “The Personal is the personal”, Indian Express, 6th January, 2011.

[xlvi] Soni, Raghav, “Govt Set To Create Massive Domestic IT Opportunities Through UID”, Watblog.com, 29th June, 2009.

[xlvii] Govindasswamy, Majoj, “Infosys, TCS, IBM, HCL … ? Who’s gonna build World’s largest biometric database? UID Software Tender!” Moneymint.in, 29th March, 2010.

[xlviii] Shorrock, Tim,“George Tenet cashes in on Iraq”, Salon.com, 7th May, 2007.

[xlix] Abraham, Jacob, “The Strange Case of Identity Outsourcing”, Zeebiz.com, 2nd February, 2011.

[l] , Mark, “The Revolving Door that Never Stops Turning”, American Policy Center, November, 2010.

[li] Shukla, Ravi, “Reimagining Citizenship: Debating India’s Unique Identification Scheme”, Economic and Political Weekly, VOL XLV NO 2, January 9th, 2010

[lii] Moneylife.in, “UID = more ‘consumers’, admits Nilekani”, 25th November 2010.

[liii] Chari, Sridhar, “Sensor technologies to be the new growth driver for Infosys”, Mint, 30th November 2010.

[liv] RNCOS, “Consumer ID to Drive Global Biometric Market”, prlog.org, March 2011. Also see http://www.uidaicards.com/?p=1624

[lv] Marzouki, Meryam, “French NGOs: no consensus possible on biometric ID-card”, INES, 29th June, 2005. Also refer to – http://www.servinghistory.com/topics/National_identity_card_(France) ; and http://news.bbc.co.uk/2/hi/uk_news/politics/2078604.stm)

[lvi]  Wessel, Rhea, “Germany Gets Set to Issue RFID ID Cards and Readers to Its Citizens”, RFID Journal, 6th October 2010.

[lvii] Infosecurity.com, “New German national ID card hacked by Chaos Computer Club”, 30th September 2010. Also see – http://boingboing.net/2010/09/02/german-secure-id-car.html

[lviii] Casciani, Dominic, “Q&A: Identity Cards”, BBC News, 27th May 2010. Also refer to -http://www.bbc.co.uk/news/uk-politics-11719764

[lix] The Privacy Coalition, “Over Forty Groups Announce National REAL ID Public Campaign”.

[lx] Kravets, David, “Lawmakers Eyeing National ID Card”, Wired.com, 23rd March, 2010. Also refer to – http://www.wired.com/threatlevel/2009/12/real_id/

[lxi] Jaikumar, Vijayan, “Privacy Groups Renew Push Against Real ID Bill”, PC World, 4th May 2010. Also refer to – (http://www.computerworld.com/s/article/print/9204858/Real_ID_alive_and_kicking_report_says); and (http://www.govtech.com/security/99354049.html )

[lxii] The Dawn, “Pakistan Has World’s Largest Biometric Citizen Database”, 1st November, 2009. Also see:   http://www.riazhaq.com/2011/05/pakistan-leads-asia-in-biometric-it.html

[lxiii] Ghumman, Khawar, “PAC to take up issue of fictitious ID cards today”, The Dawn, 19th March, 2011. Also: “Afghan refugees a problem for NADRA,” Dawn, 20 March 2011

(The authors are graduate students at Jawaharlal Nehru University (JNU, New Delhi) and the Delhi School of Economics, respectively (contact address: uidfordummies@gmail.com). We thank Reetika Khera and Jean Drèze for their useful inputs and insightful comments.) 

21 Comments leave one →
  1. September 12, 2011 6:11 PM

    Without calling any auctions Govt gave 50,000 crore UIDAI project to Forward caste Nilekani.

  2. Raju Rajan permalink
    September 12, 2011 9:55 PM

    Overall, an excellent and well-researched effort and I’m glad you took the effort Simi and Pratiksha. I learned a lot even where I disagreed (and agreed). I only wish you had taken a little more of an even-handed view of the matter touching upon the potentially positive aspects of IDs.

    For instance, one area of social value that you touched up on but did not explore fully with regards to Biometric IDs is in establishing “credit histories” or “reputation scores” of individuals for deepening networks of trust in trading, lending, or other commercial transactions.

    I wish you had also focused a section on that, though I’m afraid you would have pretty much concluded with your litany of conflicting fears and paranoias — “the poor will be excluded!”, “But everyone will be required to have one!”, “It will be useless as biometrics don’t work!”, “It will be used to charge higher interest for minorities with surgical precision!” …. etc.

    To step back for a moment, please ask yourselves what your attitude would have been towards “Photo IDs” — the previous generation of “biometric’ technology made possible by the mass availability of cheap photography enabling faces to be added to ID cards? If a time machine existed, I believe I could re-purpose your report with minimal changes to argue that Photo IDs will be the devil incarnate.

    And then, did the world end? Or was every problem regarding identity and fraud magically solved?

    As we know in retrospect, consequences are very mixed bags, but there is overall an increased degree of credibility and trust in transactions among individuals and institutions and the state for a certain period time … is that good or bad?

  3. Subash permalink
    September 12, 2011 10:12 PM

    After reading upto the part about costs to the government on UID. It may be substantially reduced if the 20 crore or so of the middle class of India are asked to pay (a nominal fee equal to cost of the UID) at the time of collection of their number. This would reduce the burden for the govt. – and the rich 2-3% of the people should be asked to pay even more.

  4. Voyeur permalink
    September 13, 2011 9:33 AM

    Really good work. Collects a lot of criticisms of the UID project together. @Raju Ranjan Credit histories are already collected and maintained by CIBIL. UID doesn’t add much to that. There was no ‘one photo ID for every resident of the country scheme’ ever.

  5. Srikant permalink
    September 13, 2011 11:56 AM

    Thank you for the well researched article. A few things however

    1.More information on the technology challenges that you mentioned might be useful. I imagine Nadan Nilekani knows a thing or two about this technology since he spent his lifetime implementing IT systems on a massive scale.
    2. Some tangible proof as to why it wont be beneficial in the social schemes like the PDS.

    Healthy skepticism is one thing, but this seems to be more of a end of the world prophecy. It is still in its fledgling phase, so let us not jump the gun with the conclusions that you have made.

  6. Nivedita Menon permalink*
    September 13, 2011 1:47 PM

    Thank you for this important intervention.
    I know that people in at least two localities of Delhi – Janakpuri and near JNU – have been standing in long lines, sometimes over two days, to get their “smart cards” (as they have begun to be referred to). The people I know (both middle class and working class) who are doing this, and urging us to go and get ours as well, believe that all other ID proofs will henceforth become unacceptable for any activity whatsoever, from sale of properties to getting rations. This may well be true.
    As this booklet points out, “UIDAI has been on an enrolling spree since September 2010 without a law sanctioned by the Parliament”.
    I wonder what happened to the concern for “parliamentary sovereignty” that was expressed in various quarters during the anti-corruption movement, when the UID is being implemented before the Bill has even been tabled!

  7. September 13, 2011 2:21 PM

    With reference to the reaction to a national ID in other countries, it is telling that nobody among the educated in India gives a flying four letter word about privacy. Or perhaps it’s the general apathy towards politics in general (till Jesus Incarnate Anna Hazare appeared to magically wipe off corruption with a wave)

  8. Raman permalink
    September 13, 2011 8:55 PM

    For a much more balanced and better written analysis of UID refer to: http://www.prsindia.org/uploads/media/UID/Legislative%20Brief%20-%20UID%20Bill%202010_June%202.pdf

    • Nivedita Menon permalink*
      September 14, 2011 12:10 PM

      Take a look at this gem in the link above:
      “The Bill does not make it mandatory for an individual to enroll with the NIAI. However, it does not prevent any service provider from prescribing Aadhaar as a mandatory requirement for availing services.”
      It’s a Kafkaesque nightmare.
      Govt: Not mandatory from our side, but if service providers make it mandatory what can we do??
      What does “mandatory” mean? Can any public institution insist on particular forms of id that have not been cleared by parliament?

  9. aam aurat :) permalink
    September 14, 2011 12:23 AM

    1) Is it necessary that all schemes implemented by govt. should have sanction of the parliament or have a separate law for each of them- No. Most of the welfare schemes are done through administrative orders and allocation is made in the budget. If UID scheme has no allocation in the budget but still being carried out then that can be challenged. When the budget is passed by the parliament it is a de facto sanction for all the demands raised by the government in the budget. It is not necessary that parliament should debate and approve each and every scheme.These days most of the budgetary demands are passed in the parliament, particularly in Lok Sabha without any debate or guillotined in the parliamentary parlance. Still it is better that such a massive scheme is governed by an Act passed by parliament . But how many MPs have raised this demand.

  10. September 14, 2011 11:55 AM

    What if this UID is issued to all MPs and beaurocrats…making them accountable in a sense…’profiling’ them. What will the issues of privacy be then? The question of security? even development?
    Any policy has both sides of the coin to it, the jan lokpal bill did, so does the communal violence one…but they need good human hearts for execution. And in a capitalist democracy, that is almost a miracle.

  11. suresh permalink
    September 14, 2011 4:44 PM

    It’s a Kafkaesque nightmare.

    Without taking a position on the UID, I don’t see this problem. One sees variants of this situation in various places. You are not obliged to get a passport but without one, international travel is impossible. You are not obliged to register yourself on a website but without doing so, you cannot buy or comment. And so on and so forth.

    Of course, when most governmental service providers make the UID necessary, saying that the UID is not mandatory is meaningless. But even then, I don’t see why it is a Kafkaesque nightmare.

  12. September 14, 2011 7:25 PM

    We need to explain the fact that people are lining up for something hoping that it will finally give them essential ID paperwork; so we repeatedly claim that they fear *other* forms of ID will be meaningless. We have absolutely no basis for this understanding of peoples’ motivation, but we will repeat it anyway, because we don’t trust the UID for other reasons.

  13. September 14, 2011 7:31 PM

    Also, I fear this FAQ is guilty of misrepresentation. I checked the claim that “Even in the United States, privacy law categorically states that the Federal, State or government agencies cannot deny benefits to individuals who do not possess or refuse to disclose their Social Security Number, unless specifically required by law.” I checked because this claim directly contradicted my own memory and experience. Turns out that, in the link to which we’re sent, a large set of exceptions are explicitly listed, which completely nullify the larger claim — to the extent that state agencies are “expressly exempt” “to the extent that social security numbers are used “in the administration of any tax, general public assistance, driver’s license, or motor vehicle registration law within its jurisdiction.”
    Given this, I’m not sure I trust too many of the other claims the FAQ makes.

    “The Tax Reform Act of 1976, 42 U.S.C. § 405(c)(2)(C)(i), (iv) (2006), expressly exempts state agencies from this restriction to the extent that social security numbers are used “in the administration of any tax, general public assistance, driver’s license, or motor vehicle registration law within its jurisdiction.” See, e.g., Stoianoff v. Comm’r of the Dep’t of Motor Vehicles, 12 F. App’x 33, 35 (2d Cir. 2001) (finding that plaintiff’s Privacy Act claim would fail because § 405(c)(2)(C)(i) “expressly authorizes states to require the disclosure of social security numbers in the administration of driver’s license programs” and further provides that “any federal law that conflicts with this section is ‘null, void, and of no effect'”); Claugus v. Roosevelt Island Hous. Mgmt. Corp., No. 96CIV8155, 1999 WL 258275, at *4 (S.D.N.Y. Apr. 29, 1999) (considering housing management corporation to be state actor for Privacy Act purposes but finding that Privacy Act does not apply to income verification process for public housing program because of exception created by 42 U.S.C. § 405(c)(2)(C)(i)). Exemption from the social security number provisions of the Privacy Act is also provided for certain other government uses. See, e.g., 42 U.S.C. § 405(c)(2)(C)(ii) (authorizing state use of social security numbers in issuance of birth certificates and for purposes of enforcement of child support orders); 42 U.S.C. § 405(c)(2)(C)(iii) (authorizing use of social security numbers by Secretary of Agriculture in administration of Food Stamp Act of 1977 and by Federal Crop Insurance Corporation in administration of Federal Crop Insurance Act). “

  14. Santanu Biswas permalink
    September 15, 2011 3:03 PM

    Excellent article. Better than the UIDAI website I must say. However, I am disappointed with the way government is going about the process of UID application. There is little or no advertisement of the local UID centre. Most people don’t even know that there is already a UID centre near their home which is accepting applications. The word-of-mouth seems to be the main source of information about it. For example, sitting here in Delhi, I (and many neighbours of mine) did not even come to know that UID applications were being accepted at a nearby centre since 18th May (and it winded up on 30th August)! The list of UID application centres available on UIDAI website is outadated too!! The only option is to make a phone call to the call centre which tells you the location of the nearest UID application centre and that too they openly accept that they might not have the latest information!!
    If the government is really serious about UID, then they need to do much more than what they are doing. Just creating a system for UID is not enough. The implementation has to be well organized too.

  15. Nilanjan Mukhopadhyay permalink
    September 15, 2011 9:27 PM

    Just a factoid that may be useful if kept in the back of the mind:

    The National Identification Authority of India Bill was refered to Standing Committee On Finance on December 10, 2010.

    The standing Committee is under the Lok Sabha i.e. Chairman is from the Lower House – Yashwant Sinha at the moment. There are 20 members from LS and 10 from Rajya Sabha.

    The Congress has 11 member, BJP – 6. CPM, JDU, SP & BSP – 2 each. Nagaland People’s Front, CPI, BJD, AIADMK & NCP have one member each.

    The Standing Committee has had ONLY THREE meetings in which National Identification Authority of India Bill has been discussed. It does not discuss only this Bill because there are several pending with it and there is ‘paucity’ of time.

    The first meeting was on: Feb 11, 2011 at which there was a “preliminary briefing by the representatives of the Ministry of Planning / Unique Identification Authority of India on the National Identification Authority of India Bill, 2010.”

    The second was on: June 29 in which there was an “oral hearing of the representatives of National Human Rights Commission (NHRC), Indian Banks Association (IBA) and individual experts on the National Identification Authority of India Bill, 2010″.

    The last meeting was as recently as July 29 when the committee heard “oral hearing of experts on the National Identification Authority of India Bill, 2010″.

    Barring the Congress, the mood as discernible is that there is not much support for the UID project among political parties with the BJP almost sure to try stalling the Bill.

    Clearly, this is going to be an interesting Parliamentary tussle that would also generate constitutional questions as UID Authority has begun functioning under Executive Order without Parliamentary clearance.

  16. Simi and Pratiksha permalink
    September 15, 2011 10:11 PM

    Thank you for all your comments.

    @Raju Rajan- It’s good that you brought up the issue of “credit histories” or “reputation scores” of individuals in this discussion. In the process of researching for this article, we came across some alarming reports on microfinance, which made us question this sector’s overt enthusiasm regarding UID.  By extending loans to poor villagers, without even taking into account their ability to replay the loan, we feel that there needs to be a healthy bit of skepticism on how the microfinance sector might rely on UID . If we look at the Andhra Pradesh government’s decision to “arrest some lending agents for coercing defaulters” or their politicians urging borrowers not to repay loans. it shows how this for-profit social enterprise has started unraveling in India. We did make an attempt to comprehend all this, but there’s a bit of a grey area here, don’t you think? UID might help, but we also have to keep in mind a possibility where it’ll become easier for them to harass or coerce the borrowers.

    @Srikant- We should have probably mentioned this before, but the whole idea behind doing this was to make sense of the very complex issues at hand, for ourselves as students, and to keep the conversation on UID going. If you thought we were making ‘end of the world’ prophesies, you’re probably reading too much into it. That wasn’t the intention at all; just to take a moment and attempt to understand better. No one is questioning Mr. Nilekani’s capability or intention. But the logic of living in McLuhan’s village is that we can hardly ignore the experiences of other countries in this regard, who’ve attempted to implement similar technologies, and their outcomes. You could refer to Reetika Khera’s EPW paper here / HT article, ‘Not all that unique’ here for in depth information on your questions about UID and its impact on other social schemes.

    @ aam aurat : I think we can all agree that UID is not just any other ‘welfare/social scheme’ and the need to have, in the least, a strong piece of legislation in place, given how many different areas it would come to affect, including privacy, is all too important, no?

    @ MS: We’ve mentioned under Q.12 that, ‘Even in the United States, privacy law categorically states that the Federal, State or government agencies cannot deny benefits to individuals who do not possess or refuse to disclose their Social Security Number, unless specifically required by law‘. Clearly, they have their tracks covered for exceptions. We’re not in disagreement; sort of saying the same thing (without the deluge of legalese), if you read closely.

    • Raju Rajan permalink
      September 17, 2011 4:18 AM

      Thanks a lot for responding. You note that “UID might help, but we also have to keep in mind a possibility where it’ll become easier for them to harass or coerce the borrowers.”

      I am completely in agreement with you that harassing debtors should be discouraged by legal statute and its enforcement — irrespective of whether someone uses UID or photo ID or face recognition to identify the debtor!

      Making the state more efficient and cost-effective through a modern ID mechanism is a “good governance” imperative — I would urge you to support it, while completely agreeing with you on the need for robust privacy protections and accessibility mandates in the UID law.

      The alternative is an endless suspicion of state power coupled with a reflexive opposition to technological progress, while continuing with the same corrupt and ineffective mechanisms we have today.

      I’m sure you’d agree that we should fight for a more effective and just state, that is the best defense against NGO-ism or Neo-Liberalism.

  17. November 18, 2011 12:07 PM

    Well-researched, meaningful and comprehensive!

  18. Nitin Kamath permalink
    May 11, 2012 10:59 AM

    very insightful

Trackbacks

  1. Big Brother UID AADHAR Project by Nandan Nilekani Privacy Issues

We look forward to your comments. Comments are subject to moderation as per our comments policy. They may take some time to appear.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 56,763 other followers

%d bloggers like this: