10686 - Revisiting foundations of Aadhaar - Governance Now

Revisiting foundations of Aadhaar

Apart from being one of the most ambitious identity projects in the country, it has also been one of the most misunderstood

RS Sharma | December 6, 2016 | New Delhi

- See more at: http://www.governancenow.com/gov-next/egov/revisiting-foundations-aadhaar#sthash.Ap59rk0n.dpuf

(Illustration: Ashish Asthana)

1.1 The Unique Identity Project of India, now called Aadhaar, was started in July 2009. The first Aadhaar number was issued on September 29, 2010. As on date, Unique Identification Authority of India (UIDAI), the agency responsible for implementing this project, has issued more than 1 billion numbers and continues to inch towards universal coverage. However, there have been controversies and confusions about Aadhaar since the beginning and some of these continue even today. In the meanwhile, Aadhaar has become quite central to India’s public service delivery reforms agenda. 

1.2 It is true that many aspects of the unique identification (UID) project are at variance from the typical identity systems existing either in India or elsewhere in the world. It has also introduced some new paradigms, which have not yet become fashionable. It also breaks some long-established stereotypes about ID systems. It is largely due to these reasons that many of its design and operational aspects have come in for heavy criticism.

1.3 Right from the start, there were many who were questioning the basic design principles. As the implementation progressed, many of these criticisms have become somewhat muted. Nevertheless, there remain a few aspects that are not yet fully appreciated.

Why is it a number, not a card?

2.1 When UIDAI issued its strategy paper in August 2009, it declared that UID will issue only numbers and not cards. When this statement was made, many were surprised. Traditionally, identities are always issued in the form of ID cards; never heard of an identity number. Now, UIDAI is saying that it is a number and not a card. What is the significance and implication of this statement?

2.2 One of the most important reasons is that Aadhaar has been designed to be next-generation online identity platform. As against this, a card (which normally connotes a smart card) is an offline token. In an online and connected world, tokens lose their value.

This phenomenon is quite visible in many areas. Take airline tickets. We used to get tickets kept in very attractive jackets. Now you do not get any ticket. You can print it online. In fact, now you do not even need to print. You can just get it on your mobile. Hence, in a connected world, there was no need for a smart card. 2.3 You can authenticate online even if you just have the number. UIDAI issues a letter to communicate the number to the resident. This letter has a perforated portion which can be torn and laminated. It is true that these letters have durability issues, and plastic cards should have been better. (We later tried for a plastic card but the finance ministry told us: You said number and not card. Now why do you want a card! We could not convince them that a plastic card is different from a smart card. Anyway, that story some other time!) A plastic card should be differentiated from the smart card which has a chip embedded in it. Each smart card costs about '100, while the plastic card would cost less than five rupees. 2.3 Smart cards also have several lifecycle management issues. Cards can be lost. Update of demographic or biometric data will require issuance of new cards, etc. Smart cards will also need smart card readers. 2.4 Another reason is that if Aadhaar was proposed as a card, then it would have become another ID card like driving licence, ration card or the voter ID card. All these cards are essentially eligibility cards authorising one to drive, get ration or vote. Aadhaar has no eligibility attached with it. Hence by itself, the Aadhaar card would not have any value except probably enabling the holder of the card to enter airports or on trains or prove their identity for checking into a hotel. These things are already enabled by the existing ID cards. As this was meant to be an ID that could be combined with any transaction and could work as an ID proof for getting access into any formal system, it is best that it is promoted as a number which could be linked to existing systems like PDS, PAN cards, EPIC cards, MNREGA job cards, RSBY insurance cards, pensions and other databases. This could then work as a cleansing agent to eliminate duplicates and fakes from these databases. 2.5 Thus, Aadhaar has been developed as a tokenless digital identity number which can be embedded in any database and authentication could enable digital transactions. In other words, being a tokenless number with data residing on the cloud, it is possible for Aadhaar to work as a trusted and common ID authentication for any system, which requires ID authentication for transactions. Example of such systems are banking, proof of presence and lifting of ration from PDS shop and getting mobile SIMs, etc. 2.6 Now that Aadhaar has started being used for several transactions, people are realising that the Aadhaar system is working as a trusted third-party authenticator of identities in digital transactions and its utility as a number, and not a card, is being appreciated. Why is it a random number? 3.1 Another issue on which people ask questions is why the Aadhaar number should be a random number consisting of 12 digits. Why should it not be constructed so as to have some intelligence? It could have codes for states, gender and districts, etc. embedded into it so that the number itself makes some sense. For example, we could construct numbers like UP09/12345. This could be a number belonging to a person from Agra district of UP. 3.2 While having an alpha-numeric number may make the numbers small in length, as each alpha will be able to accommodate 26 values as against 10 for a digit, it was not found feasible for a multi-lingual society like ours that also has a high level of functional illiteracy. There are several other reasons why Aadhaar is designed as a digit-only number. Some of them are: a digit is something which everybody understands, arabic numerals are already there on the keypad of mobile phone, etc., and it is also there on all the keypads. Digit-only numbers are also easy to remember like phone numbers. 3.3 The UID numbering scheme was designed after a careful consideration of all the options and trade-offs. An internal report titled ‘A UID Numbering Scheme’ (Hemant Kanakia, 2010) became the basis of designing the structure of the Aadhaar number. Some of the findings of this report are summarised below. 3.4 The number should be large enough to accommodate future requirements. Internet address schemes in version 4 and Y2K are some of the examples which show that you may run out of space at some point of time in future and then will have to make changes at a substantial cost and time. Imposing a structure in the format also results in unnecessary waste of space (IPv4 is again a case in point). Hence 12 digits, with the 12th digit being a check digit, will be able to accommodate 100 billion numbers! Even with a few restrictions relating to use of the first digit, you are left with 80 billion numbers. 3.5 Embedding intelligence in a number was prevalent and useful in an unconnected world where you had no access to information relating to the number. However, Aadhaar is designed from the beginning itself as an online digital ID and therefore you have real-time online access to the information associated with the number. Hence, there is no need to embed intelligence in the number. 3.5 The UID number has also been designed not to disclose any personal information. Embedding some intelligence would violate this principle. US social security number (SSN) suffers from this problem wherein it is possible to guess information about a person from his/her SSN. Similarly, the patterns in the SSN enable a person to guess the number from the personal details of the concerned individual. Designing UID as a random number makes it impossible to guess the identity and it does not disclose any information about its holder. 3.6 Hence, a semantics-free 12-digit number where the last digit is check digit (to minimise data entry errors) and the first digit was reserved for denoting the number type was chosen. The rest of the digits are generated in a random manner. Considering that the space can accommodate 80 billion numbers and we will initially use only about a billion plus, the ‘density’ is just a little more than one percent. This also makes guessing almost impossible. 3.7 The number will also be extensible with backward compatibility to have more decimal digits should a need arise in future. We have reserved the first digit as ‘1’ for entity related UIDs, should such a need arise in future. Hence, excluding 0 and 1 in the first digit leaves a clear space of 80 billion numbers available for allocation as of now. 3.8 Aadhaar is for lifetime. Hence, once a number is assigned to a person, it will remain with him and will not be reused even after his death. This will avoid confusion regarding the ownership of the number at different times. Why did Aadhaar not collect more info? 4.1 One of the suggestions which have been around since the beginning is the need to collect all relevant details relating to a resident at the time of enrolment into the UID system. For example, why should we not collect details regarding a person’s driving licence number, PAN, EPIC number, BPL card number, ration card number, etc. at the time of enrolment itself, so that all these numbers could be linked then and there itself? 4.2 Firstly, the only function of UIDAI is to establish identity (uniquely, to be more specific). It is the world’s first identity without eligibility. Hence, UIDAI does not need these extra attributes for performance of its functions. However, UIDAI had no objections if this extra information was also collected by the registrars for their own usage. This extra information was called ‘know your resident plus’ (KYR+), the basic information for Aadhaar enrolment being called KYR. 4.3 Aadhaar registrars are typically state governments and they may find linking this information with Aadhaar relatively easy if they collect it at the time of enrolment itself. Many state governments also notified collection of many attributes under KYR+. However, the results were not very encouraging. The residents typically came with only minimal documents just sufficient to prove their identity and address for their enrolments. The result was that while the enrolment agencies were contracted for collecting KYR+ data also from the residents, effectively very little data was collected. In this work, enrolment agencies also did not cooperate. As they could not return the resident if he did not bring KYR+ documents at the time of enrolment, they did not capture the information even if the resident probably got the papers as they would have to do this extra data entry. Instead, they took the line that the residents do not bring in the extra papers and they could not refuse Aadhaar enrolments to them and hence no collection of KYR+ data. Of what use is Aadhaar without benefits? 5.1 One of the basic statements which UIDAI had put out in its strategy document was ‘UIDAI will only provide the identity number and this will not ensure any entitlements, rights or guarantees’. People often asked if Aadhaar does not provide anything, then what its use. Why should people enrol for it? 5.2 Aadhaar, from the beginning, was built as a digital identity platform. This is a fundamental shift from the traditional method of ID projects. In fact, this is also one of the misunderstood aspects of Aadhaar. 5.3 For the first time in India, and probably the world, a new paradigm was introduced: a pure identity without any eligibility attached with it. All existing documents which we normally use as identity documents (voter ID cards, driving licences, PAN cards, ration cards, etc.) are essentially eligibility documents and ID is an implicit attribute of these. Every eligibility attribute must have an eligible person and that person uses these eligibility documents as his/her ID proof. The voter ID card is a document whose primary purpose is to serve as a certificate that you are a voter. You use it as an ID proof for all other purposes since ID is an underlying attribute of this document. Similarly, a driving licence is an authorisation/certificate to the effect that you can drive a motor vehicle and a ration card makes you eligible for getting ration at subsidised rates. 5.4 As ID is a common, implicit and underlying attribute of all the existing eligibility documents, these can be used as de-facto ID documents. However, there are various problems associated with such documents. Some of these are: (i) There is no guarantee of their uniqueness. There are examples of people having multiple PAN cards and ration cards (it is advantageous to have many as it gives you more ration!). (ii) There is no guarantee of uniformity of information. As an example, you may have different age in different documents. Changing attributes suitably is advantageous to avail benefits from as many domains as possible – you become a senior citizen for railway travel and a young man for insurance purposes. (iii) These can be easily faked as there is no way to verify the authenticity of these documents without following a long and time-consuming procedure. (iv) These are not universal. For example, voter ID cards can be issued for people of 18 years of age or above. (iv) Some of these documents (eg., ration cards) are family documents as opposed to individual IDs.  5.5 Hence, UIDs were designed as basic ID documents which are just necessary (as also sufficient) to prove the ID of a person and which can be used by all the domains which issue eligibility documents. In other words, it can work as an ID platform on which eligibility applications can be built. Its availability on the digital platform makes it amenable and pluggable for use by various domains. 5.6 Pure identity which is online and digital gives it the flexibility to participate in any digital transaction. Various service delivery domains can now be absolved of the responsibility of identity verification and UIDAI can work as a trusted third-party authenticator. What is the use of authentication and eKYC? 6.1 Authentication is also one of the most misunderstood aspects of Aadhaar. It is only now that people have started understanding the usefulness of authentication in banking transactions, in PDS delivery mechanisms and, more trivially, in biometric attendance systems. Similarly, electronic KYC (‘know your customer’) is another product whose value is not fully understood. Not yet. 6.2 Aadhaar authentication, as specified by UIDAI, is the process wherein the Aadhaar number, along with other attributes (demographic/biometrics/OTP) is submitted to UIDAI’s central identities data repository (CIDR) for verification; the CIDR verifies whether the data submitted matches the data available in CIDR and responds with a ‘Yes/No’. No personal identity information is returned as part of the response [UIDAI, 2014]. Similarly, e-KYC is the process where UIDAI issues a digitally signed electronic ID document after biometric authentication and authorisation of the individual. 6.3 The purpose of authentication is to enable residents to prove their identity and for service providers to confirm that the residents are ‘who they say they are’ in order to deliver services and give access to benefits. 6.4 As UIDAI maintains only identity information about the residents, this information alone does not do anything much. However, every service delivery organisation needs to establish the identity of its customers before delivering the services. It is important so that the service intended to be provided to A is provide only to A and not to B. Now this work of establishing A’s identity is done by UIDAI. Hence, at the time of service delivery, UIDAI becomes the trusted third party to authenticate identities. This service can be combined in any digital transaction. In fact, it can also be used in a physical transaction also (like allowing access to somebody after proving his ID). However, it is very useful in digital transaction as it provides traceability and transparency of the transaction. 6.5 Let us take a typical example to illustrate the use-cases of authentication.  Public distribution system (PDS) is the largest distribution network in the world mandated to provide food grain and other items (ration) at subsidised rates – the level of subsidy varies with the income level of the beneficiary. The system is administered by about 5,00,000 fair-price shops (FPS) throughout the country. One of the complaints of the system is that the FPS dealers sell the ration items in the black-market and show it as having been distributed to the people. FPS dealers deny this allegation and people claim that they did not receive the ration, and when they had gone to the FPS they were turned back giving one excuse or the other. It becomes very difficult to objectively investigate in these situations and corruption prevails throughout the hierarchy of the officials of the PDS. There are also complaints of large-scale duplicates and ghost ration cards. 6.6 Uniqueness of Aadhaar helps in reducing the duplicates and ghost ration cards. If the entire database of ration cards is seeded with Aadhaar numbers, one can eliminate bogus ration cards. 6.7 Authentication helps in ensuring delivery of ration to the beneficiaries of PDS. The PDS shop owner has a biometric authentication device, which is connected to the entitlement database at the backend. Once a customer comes, he provides his ration card number. There may be many family members on the ration card. The shop owner selects the individual who has come. He fills in the items the individual would like to purchase and then the beneficiary authenticates his identity either through his fingerprint or iris. At the backend, the authentication packet is transmitted to UIDAI. UIDAI confirms the ID of the person and then the PDS backend allows the transaction of ration purchase to take place. In this scenario, there is a foolproof system where all the stakeholders, PDS shop owner, the beneficiary and the government are participating. The transaction is traceable and transparent. There will be fewer complaints now as there is a digital proof of this transaction. The most important advantage of this system is portability. Now a beneficiary should be able to go to any ration shop and get his entitlement. As the entitlements, identities and inventory of the ration at various FPS is online, one can manage things much more efficiently. 6.8 One can argue that such authentication systems could also be made by individual domains also. Yes, that is true. However, using the common ID infrastructure for doing a job (authentication), which is required by almost all the service delivery agencies, provides huge efficiencies and cost advantages. 6.9 More and more systems have now started using authentication services of UIDAI. Two of the most common examples are interoperable banking services and attendance systems. Aadhaar as a financial address is being leveraged for direct benefit transfer (DBT) in several domains such as DBT for LPG (‘PAHAL’) and scholarships and social security pensions (national social assistance programme – NSAP). Electronic KYC has also been used for opening bank accounts under Jan-Dhan and, more recently, for getting mobile SIMs. Digital life certificates (Jeevan Pramaan) for pensioners is another usage of authentication. Last year, the central government had also started online digital signature service e-Sign (CCA, 2015) and digital locker (DeitY, 2015) which uses Aadhaar authentication for ID verification before allowing access into the system. This is a part of the Digital India initiative which aims at transforming India as a digitally empowered society and knowledge economy. In fact, today India has a full suite of products based on Aadhaar authentication services for a paperless, cashless, presence-less, transparent and consent-based architecture what is commonly being described as India Stack. Summing up 7.1 Aadhaar has been one of the most ambitious ID projects in the world. But it has also been a controversial one. Many of its design aspects do not follow traditional concepts and have been misunderstood and criticised for several reasons. Now that Aadhaar has become central to the service delivery reforms in the country, a re-look at these aspects will help to clarify many of design principles which had appeared quite irrational and non-traditional in the beginning.   Sharma, chairman of TRAI, was the first director general and mission director (DG&MD) of Aadhaar project and held this position for about four years since the start of the mission. Citations and References Hemant Kanakia, S. N. (2010). A UID Numbering Scheme. New Delhi: Unique Identification Authority of India. Mahmood, T. (2008, December). http://www.sacw.net. Retrieved from South Asia Citizens Web: UIDAI. (2014). Authentication Overview. Retrieved from Unique Identification Authority of India: CCA. (2015, July). eSign – Online Digital Signature Service. Retrieved from Controller of Certifying Authorities: DeitY. (2015, July). Digital Locker. Retrieved from Digital Locker.   

- See more at: http://www.governancenow.com/gov-next/egov/revisiting-foundations-aadhaar#sthash.Ap59rk0n.dpuf