47 - Digital Identity Indian Summer By Dave Birch

Digital Identity Indian Summer
By Dave Birch posted Jan 11 2010 at 8:16 AM

The Indian government has ambitious plans to issue a billion Unique Identifiers (UIDs) in the next few years, thus creating a national population register. There were many reasons for this, but one was social inclusion.

The upper and middle classes have many forms of identity but the poor often have none

[From ‘The idea is to be inclusive. The upper and middle classes have many forms of identity but the poor often have none’]
This is something that can get overlooked in the discussion about identity cards. One of the reasons why an identity card of the type conceived by the British government is so uninteresting to people like me is that I already have plenty of other forms of primitive identity documentation (ie, identity documentation that doesn't work online)such as a driving licence. So the marginal benefit of an additional expensive mini-passport is vanishingly small. But if I didn't have something like a driving licence, then how could I prove who I am? This may not matter when my horizon extends no further than my village. But suppose I want to get a mobile phone, or a mobile money account, something that will improve my lot in life significantly? Then the lack of documentation is a real barrier and means exclusion. Yes, of course the security services and law enforcement agencies want an national ID register, but the issue about the relationship between identity and inclusion is genuine, and important.

Lamenting that lack of identity proof often resulted in harassment and denial of services to the poor and marginalised, Prime Minister Manmohan Singh on Wednesday urged all ministries and departments to support the initiative to provide a unique identity number to all Indian citizens in order to improve the delivery mechanism of the government’s pro-poor schemes and programmes.

[From Back UID scheme for sake of poor: PM to ministries]
A great deal of government help targeted at the poor never reaches the intended recipients.

digital identity electronic identity cards trust mobile, emerging markets, government, ID cards

The Indian ID scheme may not be the most privacy-sensitive, but I can understand their constraints. They need something that is cost-effective for a billion people, which rules out more sophisticated, privacy-enhancing schemes based on PKI, biometrics and smart cards. But I think they haven't worked hard enough on the revenue side. I think a more sophisticated solution is affordable.

Now, one way of funding such a system (to which I assert the moral right of authorship and therefore naturally anticipate bono-style royalties in perpetuity) is to allow people to buy vanity ID numbers. What Indian billionaire wouldn't cheerfully pay a billion dollars in order to get ID number "1", for example? The numbers aren't going to be secret and nor are they going to code any data about the individual, so why not just auction off the good numbers? Ten billion income from the auction will easily pay for a great system, so that villagers can rent mobile phones, initiate money transfers and vote in a very efficient manner. At the moment, the ID number is just random:

...when you apply for Unique Identification (UID) number... Computer would throw up a random 16-digit number and there is no way you can change it [according to] Chairman of the Unique Identification Authority of India (UIDAI).

[From No chance of getting number of your choice under UID project- Software-Infotech-The Economic Times]
It's fortunate that the ID number isn't going to be secret, because it's unlikely that the rest of the database will be either.

the database would be stored on a central server and enrolment of residents would be computerized... the data base management would be outsourced to the company (after the consultant helps UIDAI identify it) which would operate as a depository

[From UIDAI to appoint consultant to identify database management co- Software-Infotech-The Economic Times]
Setting aside the wisdom or otherwise of storing everyone's personal data in a single central database, the point I wanted to make here is that the major cost of an enterprise of this kind is actually the cost of enrolment, not the cost of the system, so we'll come back to that in a minute. The reason that I say it's unlikely that the database will remain secret is that project data has already found its way on the the interweb.

A confidential document of the Unique Identification Authority of India (UIDAI) got leaked on the Internet on Friday. The report acknowledges potential data vulnerabilities of the ambitious project.

[From Leaked UID plan on Net fuels data theft fears: India Today - Latest Breaking News from India, World, Business, Cricket, Sports, Bollywood.]
It's no secret that there have been some issues with personal data in India.

A criminal gang selling UK credit card details stolen from Indian call centres has been exposed by an undercover BBC News investigation.

[From BBC NEWS | UK | Overseas credit card scam exposed]
So it's not much of a prediction to say that the database won't remain secret. Personal data appears to be bought and sold in India fairly readily, and the ID database will be no different. Whether that matters or not is a question for another day: a few billionaires may well object to having their personal details freely available to all, but to the 700-800 million peasants, the net welfare will be hugely positive.

Anyway, back to my campaign of free advice for the Indian government. This costs are all to do with enrolment. The task of physically collecting one billion biometrics, photographs and other details in a short period of time is a logistics nightmare.

The UIDAI also needs to work out feasible enrolment strategies for rural and urban, literate and illiterate, rich and poor alike to ensure that no willing resident is left out of the project. In this context, the UIDAI has already floated the idea of roping in multiple registrars, ranging from government agencies to banks, oil companies and insurance firms for the task.

[From A crucial year for unique ID project]
Amongst this panoply of registration possibilities, the government has been looking at mobile operators (rather than banks, as tends to be the case in developed countries) as an enrolment (and, undoubtedly, enforcement) channel. Of the billion people that the country hopes to have in the database around 2012, an estimated 700m will have mobile phones.

Outlets will have to be nominated where people can go to have their data uploaded on to the database. Here again, the 10 million-strong mobile sales and distribution machinery may hold the key. This is because India has 97% mobile subscribers in pre-paid category who return month-after-month to renew the charge on their SIM cards.

[From Unique identity project to mine cellphone data - India - NEWS - The Times of India]
How can you make this even more cost-effective? Get people to enrol themselves. When a peasant goes into a mobile phone shop to buy a phone, they put their finger on the reader or they look into the iris scanner or whatever. If they're in the database, the UID is displayed, if they're not in the database... well, they are now, and the system can generate a UID on the fly. The UID can then be attached to the SIM.

The issue of storing personal details should be a logically separate issue, and should be managed separately, but that's for another day. The point I wanted to make was that the Indian government is planning to create a national identity register for a population twenty times bigger than the UK for a lower cost than the UK.

[UIDAI] will also be responsible for gathering and electronically storing their personal details, at a predicted cost of at least £3 billion.

[From India to issue all 1.2 billion citizens with biometric ID cards - Times Online]
So if it costs three billion quid to register one billion people, we should be able to do it in the UK for a fiver per person, or a quarter of a billion quid. But that's what the government's ludicrous Children's Index cost by itself and less than the Rural Payment Agency (*) spent on making an Excel spreadsheet with a list of all UK farmers in it.

* Note for foreign readers, I should point out that the Rural Payments Agency is a fantastic example of UK public sector information technology, hence my gratuitous reference to it:

The systems... were “cumbersome, overly complex and at risk of becoming obsolete” and continue to “soak up huge sums of money”... yet the data they offered was full of errors... the 100 consultants, working to maintain the system, constituted an “incredible” number considering the scheme only paid out to 106,000 farmers. The consultants earned on average over £200,000 a year

[From Rural IT disaster boss awarded annual bonus]
I would have been much, much cheaper to have paid the farmers to retrain as management consultants, wouldn't it? Anyway, UK taxpayers may wish to turn away at this point:

The chief executive at the heart of a failed £350 million farmer subsidy system has been awarded a substantial bonus on top of his six-figure salary. Tony Cooper, head of the Rural Payments Agency, was paid £134,000 in the last financial year, and awarded an additional £12,000 bonus... Other executives were paid even more, in an office with a quick management turnover. A temporary human resources director took home a salary of £460,000 over two years, and a finance director took £353,000 over a similar period. The existing chief operating officer earns around £260,000 annually.

[From Rural IT disaster boss awarded annual bonus]
I am definitely, definitely in the wrong job.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c4fd753ef0120a7c1f846970b

Listed below are links to weblogs that reference Indian summer:

Comments

One of the rules of thumb in macroeconomics (ok, maybe not the most inspiring guide at the moment) is only try to hit one target with one instrument. Maybe one of the main problems with identity cards is that govts are trying to achieve too many things at once. Well, our government anyway. The competence and waste issues are logically separate I think, albeit always gobsmacking.

Posted by: Diane Coyle | 11/01/2010 at 09:16 AM

Dave

For goodness sake. One minute the Indians need ID numbers to get mobile phones, according to you, then it turns out that 7 or 8 hundred million of them already have mobile phones, also according to you. Come on!

As you and I have established over the years, incontrovertibly, the mobile phone *is* an ID card equivalent. The Indians don't need an additional ID number, any more than the Brits do.

Which suggests that the Indian agency trying to flog the idea of UIDs is probably in the same class as the UK Rural Payments Agency -- an expensive con(sultancy).

And biometrics! When are you going to acknowledge the point? The present state of the art in mass consumer biometrics is pitiful. The biometrics industry cannot deliver on its promises to deliver one-for-one correspondence between people and their electronic ID. You know that. You've been told that. Several times. When are you going to stop pretending?

L-1 Identity Systems are working with the Infosys man to getUIDs up and running in India. Take a look at http://dematerialisedid.com/BCSL/Genealogy.html and then tell me you think biometrics will deliver.

Pah!

Next door in Pakistan, they have biometric ID cards. Result? Domestic calm? All state benefits getting to the intended recipient? I don't think so. And look at Africa. As you often do. Vodafone is the bank. You've argued that for years. I add that, in that case, the phone is the ID card. No different for India. Or the UK. QED.

Posted by: David Moss | 17/01/2010 at 10:18 AM

" One minute the Indians need ID numbers to get mobile phones, according to you"

I didn't say that, because they don't. However, if the Indian government wants to push UID then, as they themselves have already identified, requiring a UID against each SIM would be a way to do it.

"then it turns out that 7 or 8 hundred million of them already have mobile phones, also according to you"

Indeed. Which is why I am advocating attached the UID to the SIM. I'm not commenting on whether the UID will enhance the commonweal, just on what might be a practical way to do it. If it were up to me, then I would attached the UID to the SIM with local (SIM-based) authentication for Indians who want it, and leave the UID as a number (with no card or other token) for those who do not. The crucial distinction that I make, as always, is between using the UID to ensure uniqueness in other, existing databases (a good thing, I imagine, if you're trying to cut fraud) and using the UID as a single identifier across all database, which is generally a bad thing.