THE UID Aadhaar PROJECT
System design and security considerations
By
S.G.Vombatkere
The Unique Identification (UID) project, also known as Aadhaar, has been pushed into implementation by creation of a UID Authority of India (UIDAI) in 2009. It is slated to spend Rs.45,000 to 1,50,000 crores with a sanctioned budget of Rs.3,000 crores without approval of Parliament. Mr. Nandan M. Nilekani has been nominated to head the UIDAI and accorded cabinet minister rank [Note 1]. This is not unconnected with the publication of his book “Imagining India” in 2009, and his former position as CEO of Infosys Technologies, India's software leader. The Aadhaar project has been cogently criticised with doubts raised on several counts including its legality that have neither been addressed in the information put out by UIDAI, nor in Mr.Nilekani's public interactions in various fora. The result is that public skepticism is deepening into mistrust. When Aadhaar has thus been imposed upon the public, there is need for genuine transparency to dispel public doubts regarding compromise of fundamental rights and freedoms. This is especially so because obtaining the Aadhaar number is stated to be not mandatory whereas various government entities are insisting upon it. However, a National Identification Authority of India (NIAI) Bill that seeks to regularize UIDAI is scheduled to be tabled in Parliament soon.
According to declared policy of the Union government, growth is meant to be inclusive and Aadhaar is meant primarily to reach benefits to the poor. Aadhaar claims advantages especially in further enabling the existing NREGA and PDS schemes to reach beneficiaries more quickly and surely. These claims have been systematically addressed by Reetika Khera [Ref.1], who has brought out that while some of UIDAI's claims are practical, others are not. While Khera's analysis addresses several aspects, it does not adequately touch upon the national security aspect of Aadhaar. The present article discusses the system design, implementation and security aspects, beginning with a critique of the planning process or arbitrariness in decisions concerning the Aadhaar project.
The planning process for national projects
Any large, extensive, long-term, high-cost national project should be preceded by a benefit-cost analysis to assess its socio-techno-economic feasibility. This should begin with a clear statement of what precisely is the problem to be solved or the aim to be achieved (sometimes called the “design problem”), the terms of reference, and the fundamental assumptions on which the design problem is based. The detailed design of any system adopted has to be based upon clearly defined design assumptions. This is because an error in design assumptions can produce a flawed or unworkable design, or a faulty system that is untenably expensive to operate and maintain. The successful social, technical and economic functioning of the completed system implies that its performance conforms to the design, which in turn depends upon the validity of the raw and processed data on which the design was based and the knowledge, skill and experience of the designer(s).
But before the detailed design of any system, a comparative study of available systems is necessary, to decide which system to adopt to solve the problem or achieve the desired aim. That is, the various options are listed and each examined from social, economic and technical angles. A rational planning process would begin with listing all options including upgradation or combination of existing systems (upon which capital investment has already been made), and proposals for new systems based upon updated or new technology. The comparative examination of the listed options in terms of the social, technical and financial costs of each would then provide a short-list of feasible options. Detailed comparative analysis of the short-listed options by experts in the field would reveal the inter se priority of these options, which would then be presented for final choice.
At this stage, there is a political decision to be made, which may not necessarily choose the “least-cost” option. The experts would make their recommendations but the responsibility for choice of option remains with the political executive. It would be a deviation from good practices if one or other option were to be chosen without transparent comparison of the available options; it would bring into question whether at all a systematic process of planning was applied, and whether there had been extraneous influence brought to bear on the political decision, and the possible quid pro quo involved.
Briefly, a systematic planning process at the national level should (1) define the aim and the terms of reference, (2) list out all possible or available options to achieve the aim, (3) remove the implausible or politically undesirable options, and (4) subject the remaining options to analysis using previously identified and weighted social, technical and economic criteria. This analysis will provide an inter se priority among the options considered, forming the basis for the final (political) decision of which option to implement. Such a transparent process would obviate political sniping, accusations and inquiries at a later date. It appears that a national project of magnitude, gravity and long-term national consequences like Aadhaar has been arbitrarily chosen without considering alternatives.
Existing identification systems
There are several existing photo-identification systems co-existing in India, each having its own scope and limitations, that have been created by huge expenditure of public money and physical effort over decades. Below are four of the important ones:
(1) Personal Account Number (PAN) of the Income Tax Department – not all citizens are tax payers,
(2) the Ration Card – not all people hold Ration Cards and these are not transportable across states,
(3) Bank Account Number – not all citizens have bank accounts, and
(4) the Elector's Photo Identity Card (EPIC) – not issued to persons ineligible to vote for reasons of age or citizenship, but accepted as proof of identity and address across the country.
The UID Aadhaar project has been started up without considering existing systems that already provide unique identity to people, though sectorally. The existing EPIC provides proof of citizenship, and includes photograph, full name, full address, sex, date of birth, father's/mother's/husband's name and a unique 10-character alphanumeric string. The personal details are verified by local government authority before preparing the EPIC. Though an EPIC does not make the holder eligible to vote in another constituency, it still provides a unique identity with several details.
Alternatively, using selected features of the four existing identification systems mentioned above (there could be more since this list is not comprehensive but only demonstrative), an option that may be suggested to provide the cardholder with a unique identity could be the EPIC re-issued (to obviate fresh data-entry errors) with additional fields for ration entitlement, reservation entitlement (SC/ST or not), income tax number (if an IT assessee), bank account number(s), citizenship category (resident Indian citizen or NRI or foreigner), biometric information and any other information parameters considered necessary, plus blank fields for more data if considered essential at a later date, and integrating the data of different states. The existing EPICs could be used without interruption for voting, and as and when re-issued with the additional data, would also serve the purpose of unique identification. The system would still allow extension by utilizing the blank fields. Such a card would call for easily achievable inter-system communication and system integration between the various data bases holding information, such as the Food and Civil Supplies Departments, Urban Local Bodies and Panchayats, IT Department, banks, and Passport Offices.
It is not necessary for the present article to go into more detail since that is the task of planning bodies such as the Planning Commission. The above suggestion is only indicative of one available option for consideration at the preliminary planning stage.
Planning methodology
A rational approach to planning national mega-projects such as the Aadhaar project even while there are existing identification systems in place (howsoever inadequate in different ways), would need planners to consider
(1) adapting one or more of the options mentioned in the previous section,
(2) an upgraded or re-worked combination of the best features of two or more of them,
(3) the proposed Aadhaar project, and perhaps
(4) some out-of-the-box proposal(s).
Each of the options would be examined against pre-defined and weighted social-economic-technical criteria in a comparative study, and the options arranged in order of priority. If the Aadhaar project turns up as priority number one, then the political choice of adopting it would be unquestionable. But if the Aadhaar project turns up as number two or three, the political chief executive would still have the option of exercising his personal and political discretion to choose the Aadhaar project for adoption with full responsibility.
However, the present choice of the Aadhaar project is without system rationale. The public is acutely aware of the recent frequently surfacing huge scams, and cannot be faulted if there is scepticism or suspicion regarding motives that have led to the Aadhaar project being chosen in spite of arguments, objections and protests on various counts. That this elementary systems aspect was neglected by an engineer-businessperson of Mr.Nilekani's eminence is more than merely strange.
Security considerations
Security considerations concern not only national security but also citizens' constitutional liberties, including the right to privacy. After the reprehensible September 9, 2001, Al Qaeda attack on the WTC and Pentagon in USA, there were attempts in all countries to tighten security. In USA, the Homeland Security Act and the Patriot Act were passed, marking formal commencement of public surveillance in USA. Similarly in 2003 Government of India modified the Citizenship Act, later called the National Population Register (NPR), to authorize the Registrar General of India to hold personal including biometric information of all citizens. That this was primarily a security consideration was affirmed by Mr.Nilekani in response to the question “Isn’t the main purpose security?” concerning the Aadhaar project. True, also affirmed that government's initiative for a unique ID was also for developmental purposes and that UIDAI came out of that initiative [Ref.1]. While there may be no reason to doubt Mr.Nilekani on this score, the fact remains that there was an initiative to create a data base for national security, and the Aadhaar data base would be eminently suited for that purpose. It is noteworthy that Aadhaar is apparently linked with the National Intelligence Grid (Natgrid) [Note 2] and the National Population Register (NPR).
Nobody objects to national security measures. But these cannot be at the cost of surveillance of law abiding citizens, restricting their freedoms or infringing on their privacy. This is reportedly happening in USA following implementation of the Homeland Security Act and the Patriot Act. In intelligence practice, national security is enhanced by maintaining surveillance on citizens in public places and linking this with personal information available in various data bases maintained by banks, income tax offices, airline and railway reservation offices, internet service providers, etc. Aadhaar can provide the link between various data bases and will inevitably be at the core of a system which will enable profiling and tracking any citizen useful to any of India's 11 security or intelligence agencies [Ref.2].
Linked with surveillance in public places and with all people registered with the Aadhaar system, tracking every activity of any or every citizen will be merely a matter of money and technology. This will irreversibly change the relationship between the State and its people, confirming the State as the master when the Constitution of India envisages precisely the opposite.
Thus, Aadhaar will enable and support surveillance and tracking whether or not it succeeds in its declared primary aim of enabling services for the poor. Aadhaar promoters claim that access to its data base will not be permitted to any agency, and will be secure from intelligence agencies that spy on citizens. However, this is vitiated since the Aadhaar project is contracted to receive technical support, presently for biometric capture devices, from L-1 Identity Solutions, Inc., a US-based intelligence and surveillance corporation whose top executives are acknowledged experts in the US intelligence community, as revealed in the corporation's website. According to UIDAI website, among other companies awarded contracts for collaboration in the Aadhaar project, are Accenture Services Pvt Ltd which works with US Homeland Security ( for implementation of Biometric Solution for UIDAI) and Ernst & Young (for setting up of Central ID Data Repository (CIDR) and Selection of Managed Service Provider (MSP)). It is difficult to imagine the security of sensitive national information when the technical provider or consultant is not a government body but a business corporation with strong connections to the intelligence organization of another country.
The risks are highlighted by the fact that a “retinue of U.S security and intelligence officials” accompanied US Secretary of State, Hillary Clinton, to India in July 2011 [Ref.3]. According to the same source, India has a “gaping appetite for homeland security expertise and technology”. India is racing ahead with a proposed Commercial, Homeland Security and Fire Technology Exhibition at Pragati Maidan, New Delhi in December 2011. It is big business that Natgrid is sure to buy into. Indeed, a document of ASSOCHAM titled “Homeland Security in India” states, “Given its increasing focus on Homeland security, the Government of India has initiated several steps...(one such) significant initiative is the ongoing drive to provide UID Number to all Indian citizens which is also aligned to the wider cause of intelligently networking the Indian ecosystem.” [Ref.4]. There appears to be a designed “homeland security” link with Aadhaar, and statements like “The UIDAI will not share resident data” could even be deliberately misleading. India is understood to be opposing CISMOA (Communications and Security Memorandum of Agreement) that USA has proposed for better military interoperability, but the supposed need to acquire technology may accept the cost of allowing inspection (end use monitoring) by US intelligence agencies, and thus compromise national security [Ref.5]. All these issues including the fact that since 2009, the Aadhaar project has been operating without legal sanction (including entering into contracts involving millions of dollars of public funds), only compounds doubts and apprehensions.
The recent case of the Indian Institute of Science (IISc), Bangalore, signing an agreement to set up a telecom laboratory with Huawei Technologies which has links with the Chinese government has been objected to by the Indian intelligence community, which had expressed prior disapproval. That the Indian intelligence community has tamely accepted business links with Accenture Services, Ernst & Young and L-1 Identity Solutions for national security may indicate the unabashed subservience of those who control the intelligence entities like IB, RAW, MoD, MHA, DoT, etc, to the policies of a particular foreign country.
The larger implications and ramifications of Aadhaar are best expressed in Usha Ramanathan's words: “[Data collection for the National Population Register] is set amidst NATGRID (National Intelligence Grid), the UID (the Unique Identification project), and a still-hazy-but-waiting-in-the-wings DNA Bank. Each of these has been given spurs by the Union Home Ministry, with security as the logic for surveillance and tracking by the state and its agencies. The benign promise of targeted welfare services is held out to legitimise this exercise” [Ref.2].
It is accepted that hacking into a system is most effectively done by paying, co-opting or honey-trapping individuals who have access to critical information. The recent instance of Union Finance Minister Pranab Mukherjee's office being bugged, shows how a device can be placed by gaining physical access to a high security office. Natgrid (which seeks to integrate 21 data bases) or some foreign intelligence agency could obtain access to the Aadhaar data base notwithstanding pious statements of UIDAI. (Incidentally, Capt Raghu Raman, CEO of Natgrid, was also CEO of Mahindra Special Services Group, a security services company. One view of this side-stepping is that he would bring to Natgrid his wealth of background experience but, without casting doubt on his personal integrity, the possible convergence of interests between his corporate background and national information security are undeniable). Obtaining a brief, one-time entry to the Aadhaar data base to permanently compromise its security would pose no serious problem to any efficient intelligence agency that has sufficient influence or funds to obtain that access. Even if Aadhaar can enable provision of services to the poor (which has been cogently argued elsewhere as unworkable) possibility of loss or breach of security of a national data base does not appear to have been examined.
Without in any manner casting aspersions on Mr.Nilekani's integrity, it should be noted that his Union Cabinet minister status as Chairman of UIDAI is without having taken formal oath of secrecy and abiding by the Constitution of India. He is free to take any measures that he deems fit with no accountability to the people or the Government of India; the multi-million-dollar contracts entered into bear witness.
Aadhaar project deserves review
The NIAI Bill is scheduled to be tabled in Parliament in the 2011 monsoon session. The Bill has several infirmities that have been pointed out to government, but it appears that no cognizance has been taken.
The UIDAI functions with only token transparency. Obtaining an Aadhaar number is stated to be not mandatory, but various government departments are insisting upon the Aadhaar number, causing skepticism and mistrust among the public. The Aadhaar project is an unconscionably expensive, unaccountable and virtually secret program that can hold the key to a total-surveillance-State, making the Constitution of India a dead document.
The claims made by the UIDAI to make social benefits available or accessible to the poor sections of Indian society have been questioned elsewhere, but the Aadhaar scheme itself has been formulated without due technical or administrative planning process. Thus, from system design and security considerations, the Aadhaar scheme deserves to be blocked with immediate effect and reviewed from scratch in the national best interest.
(2,944 words of text)
References
1. Reetika Khera; “UID Project & Welfare Schemes”; Economic & Political Weekly; Vol XLVI No.9 February 26, 2011.
2. Usha Ramanathan; “Implications of registering, tracking, profiling”; The Hindu, April 5, 2010.
4. Gopal Krishna; “NIAI Bill, Wikileaks, World Bank & L-1 Identities Solution”; <www.countercurrents.org>, January 22, 2011. 5. Vombatkere, S.G., “Deepening India-US Strategic Ties - Evidences and Repercussions”, Mainstream, New Delhi, Vol XLVIII No 40, September 25, 2010, p.13-15.
Notes
Note 1. The basis for selecting Mr.Nandan Nilekani for appointment as UIDAI Chairperson with cabinet rank is arbitrary and not beyond question. No doubt the UIDAI Chairperson should possess experience in systems engineering but he/she should also have experience in public administration since the UID project deals with government systems and the public, involving legal and constitutional issues. Transparent selection of an individual from a panel of eligible persons would have constituted due process of democratic governance. Avoidance of due process speaks poorly of governance and raises doubts about hidden agendas.
Note 2. Natgrid c/o Ministry of Home Affairs, will ensure that India has a world-class integrated national security database that can be accessed by the security agencies as required. This national security database is inter-operable with other relevant databases, so that all terror threats can be detected and acted upon in a timely manner. This ambitious project will be implemented without infringing upon the privacy of individuals whose details -- banking, insurance, immigration, income tax, telephone and internet usage -- will be on Natgrid. The data collected will also have to be safeguarded from hackers. The goal of Natgrid will be to achieve quick, seamless and secure access to desired information for intelligence/enforcement agencies in India.
**S.G.Vombatkere retired as major general after 35 years in the Indian military. He is engaged in voluntary social work, and is member of the National Alliance of People's Movements (NAPM) and People's Union for Civil Liberties (PUCL). As Adjunct Associate Professor of the University of Iowa, USA, he coordinates and lectures a course on Science, Technology and Sustainable Development for under-graduate students from USA and Canada. He holds a master of engineering degree in structural engineering from the University of Poona and a PhD in civil structural dynamics from I.I.T, Madras.
Contact details:
Maj Gen S.G.Vombatkere (Retd)
475, 7th Main Road
Vijayanagar 1st Stage
Mysore-570017.
Tel:0821-2515187