July 29, 2010 03:21 PM |
Ram Krishnaswamy & Vickram Crishna
Unique Identity Authority of India (UIDAI) will assign unique numbers to all people in India (‘Aadhaar’ is the brand name chosen by the for its flagship scheme), to serve as a single reference point to help establish identity. We found over 200 articles extolling the merits of the project and gathered them on the blog aadhararticles.blogspot.com. Rather than reassure, however, they raise several questions about the worth of the project. Ram Krishnaswamy & Vickram Crishna address three key questions in this article—the first in a series that will be published only in Moneylife
The Aadhaar scheme proposes to assign each Indian resident a unique 12-digit number, thus enumerating a Unique IDentity for all. India’s current population stands at around 1.2 billion. In addition, millions of foreigners are temporarily based here. UIDAI has set an initial target of issuing 600 million unique numbers within five years (by 2015) (read more at Making Uinque Impressions )
This seems an ambitious target, considering the scale and cost (Rs45,000 crore) of the project. Through this series of articles, we will provide the information needed to understand this massive project and its potential consequences for us as Indians and as global citizens.
Q1. Will the intended beneficiaries truly be people who live below the poverty line?
The primary purpose of Aadhaar is avowedly social welfare: dividing wealth equitably. Of course, ‘wealth’ is not really in the picture; India is trying to guarantee everyone the bare minimum needed to live healthily. Benefits in cash or kind are distributed under various schemes, such as the National Rural Employment Guarantee Scheme (NREGS), Sarva Shiksha Abhiyaan, National Rural Health Mission and Bharat Nirman.
One of the problems with such schemes is the difficulty of ensuring that their benefits accrue only to the targeted population—typically, persons living below the poverty line. Such people are easily disenfranchised by an endless cycle of verification of records, ruining the efforts made to ensure fair distribution and causing real delivery rates to falter between 6% and 15%, as estimated by the late prime minister Rajiv Gandhi and others.
With Aadhaar, this problem is expected to be resolved. Aadhaar is a one-time verification system to which all records will be inextricably linked (read more at Unique Identification number project ) With UID, beneficiaries of any scheme can be verified by just checking a few critical details—for instance, name, fingerprints and, now, perhaps, iris scans—in order to quickly confirm their identity. However, largely due to the additional requirement of iris scans to reduce error rates, the per-user cost estimate has shot up from Rs31 to Rs450.
Now, here’s an interesting statement: “The UID will become the single source of identity verification” (read more at Unique identification project Law )
It means that once residents are enrolled, they can use the number in many places—they will be spared the hassle of repeatedly providing supporting identity documents for each service they wish to access.
However, it is pertinent to note that the services that will actually be simplified in the near term by the Aadhaar numbers include: opening a bank account, obtaining a passport, driving licence, etc. The public distribution system (PDS), NREGS and other such public-benefit services have neither budgets nor plans to integrate their systems with Aadhaar referrals.
It seems clear that, after spending a huge amount of money and putting in all this effort, the UID will, in the initial few years, primarily benefit people who access relatively sophisticated and upmarket services.
Q2. Will UID meet the needs of the poor ?
If a poor person gets money that is due to him directly in his bank account, he will have no reason to plead with tyrannical local officials or grovel before his elected representatives (read more at
against insecurity-uid is a good idea )
Sadly, banking in India barely scratches the surface: the total number of bank branches as of March 2002, the latest figures we could find on the Reserve Bank of India’s website, was just over 66,000, and less than half of these were in rural areas which account for around 70% of the population.
A back-of-the-envelope calculation shows that each rural branch would need to service over 22,700 account-holders—clearly beyond their reach in a land where urban customers struggle to get decent and timely banking services from branches which need to cater to only around 9,000 customers each. If money is to be mandatorily disbursed directly into bank accounts of the recipients under various schemes (the process to be simplified using UID), it definitely won’t target the poorest of the poor.
One emerging solution is micro-banking, but micro-banking organisations will need to upgrade their technology considerably to deliver services, if UID referrals are to be included. Micro-banks are also not included within the broad banking framework, meaning that existing security measures ensure that they cannot access clearing-house operations and other such enablers of modern banking.
The upgrade cost is not factored into UID budgets, nor is UIDAI mandated to drive the changes that are needed in the banking system without which the UID referral is irrelevant.
Q3. How will UID contribute to the country’s economy?
This is a big-vision project (read more at Unique ids for Indians-Boon or Bane ) through which government services can be provided, tracked and accounted for, together with enabling a multitude of private-sector products and services that rely on accurate identification of consumers. Various departments, based on their needs, will refer to the UID number. This will help remove duplicate names from their service lists. While this would help clean up lists for NREGS, senior citizen pension schemes, PDS, etc, it may also help clean up benami bank accounts, etc. Informally, the Income Tax Department is known to have projected an additional tax collection of about Rs40,000 crore annually!
These claims may hold, if the scheme were intended to act against the continuing use of unaccounted money for trading. In that case, the target community would only be the economic arrivistes—people who already have enough money to regularly feel the need to spend or acquire it by underhand means. This would include all government officers, their extended families, politicians, businesspeople, agriculturists controlling upwards of 25-50 hectares of land, and so on.
In fact, the projected gains, in terms of enhanced income-tax collection, simplifying transactions with government agencies for cash-related activities and so on, are primarily beneficial to this economically stable or upwardly mobile class.
However, the scheme is sought to be justified on the basis of deliverables to the downtrodden. It is doubtful whether Aadhaar will boost the country’s economy directly or help reduce the outgo on avoidable subsidies; or whether it will provide a combination of these benefits; or whether the true objective depends on who asks the question.
It seems far more likely that the unstated purpose of the scheme is to target the upwardly mobile class, but to do that, all Indian residents will have to be induced, by one means or another, to register themselves ‘voluntarily’.
A closer look at what appeared to be basic questions raises some worries. Next fortnight, we will look at the uncomfortable questions that arise as a result of the technology itself being insufficiently explained, at least in the media.
August 11, 2010 01:47 PM
This is the second article in a series where we examine the government’s ambitious ‘Aadhaar’ scheme, under which the Unique Identity Authority of India (UIDAI) plans to assign each Indian resident a unique 12-digit number.
Q1: Is enumeration via a single reference archive the best way to reduce inefficiencies and prevent money leakages in subsidy programmes? Most articles on Aadhaar harp on the superior quality of technology to be used and that this will significantly cut the cost, time and hardship of necessary verifications.
The reality is somewhat different; to suggest that the UID assignation process will be robust enough to eliminate duplicate and fake identities and can be verified and authenticated in an easy, cost-effective way, is somewhat premature, if not simply hype.
Some of the potential flaws in the process are listed briefly.
(a) Digitally-stored fingerprints are not image scans of real fingerprints, they are digital maps, reduced to a finite number of ‘points’. This computerised system was designed decades ago to cut down the time and effort needed to manually match thousands of prints of previously convicted criminals with a criminal suspect, not to provide perfect identifiers;
(b) Digital representations of biometrics invariably allow for both false positives and negatives, as the original purpose is either to facilitate security pass-through for a relatively small number of people (convenience), or to rapidly filter through large numbers of images by pre-matching each image to a reduced set of digital markers;
(c) The value-addition of iris scanning is unknown for testing on such a scale. The immediate cost is stupendous: per-identity costs go up from about Rs31 to about Rs450, but the results are not known, since such testing has never been done. This is quite different from scaling up a relatively reliable known procedure; iris scanning may well be quick and reliable (even after optimising it with a digital shortcut and securing it from man-in-the-middle attacks during data transfers), but this is currently untested.
Again, it must be emphasised that the purpose is mission-critical; every single genuine person must be allowed to move ahead with whatever activity is being filtered, without fail, else the expenditure on UID is wasted. Similarly, every single fraudulent attempt must be detected and stopped, without fail. Neither achievement is even claimed.
By the time the database is created and verification scanners become commonplace, we could end up with a database of a population that exceeds the census figures, and UIDAI will have to spend again for de-duplication, which would involve knocking on the doors of suspected fraudsters (and genuine applicants who may have failed one of the tests or another, for a host of reasons) for identification. This is the present problem, that databases of applicants cannot be absolutely verified.
And it is not even as though the government is blind to the problem. Recently, the rural development ministry launched its own revamped enumeration exercise to identify the poorest of the poor (who qualify for the designation ‘below the poverty line’ or BPL). This exercise is carried out every five years and the current process is being designed to eliminate the failures of previous surveys.
Q2: How effective are the pilot studies being carried out?
Reports indicate that the rural studies being undertaken in several states fall short of standards of both accuracy and confidence. The national census exercise, which has been merged this time with the National Population Register at the urging of the UIDAI, is also contentious.
It is crucial for a participatory democracy that those surveyed be honestly and fully informed about the purpose of collecting personal information on such an intrusive and massive scale. Unfortunately, this appears not to be the case, as respondents claimed later that they were told that they would get free photographs and eye tests, or that this survey would assure them subsidies or the supply of free essentials. Similarly, respondents of the census have been surprised to find that they are expected to reveal details of religion and caste, an enumeration that is against the letter and spirit of the Constitution of India. This has been sidestepped by replacing the census exercise with the creation of the National Population Register, a crucial component of the proposed UID database.
While doing this is evidently legal, it goes beyond the ambit of the census. As such, it compromises the integrity of an institution that has had an honourable and long history (the current census is the fifteenth).
Q3: Will adequate precautions be taken to safeguard the database?
No system is completely immune to attack or, for that matter, internal leakages, other than one completely sealed off from outside links. Since a centralised digital identity store can only work when incoming data can be matched to the information in the database, one must take for granted that it will be prey to such attacks. This is the bane of all e-governance scheme designs
Legally, there is no effective deterrent for such attacks. Worse, insiders (i.e., government personnel) are specifically protected by their sovereign work contracts from legal action, except with the specific permission of their superior officers. The existing laws on cybercrimes have not been tested against leakages in government systems, because their draconian provisions (search and seizure without warrant, massive penalties) do not apply to government servants.
There are three kinds of database faults: creational (deliberate or accidental falsification of identity, resulting in diversion of benefits from those entitled to them); design-based (incorrect verification due to compromise of the verification process, including man-in-the-middle attacks on data transfers); and procedural (for instance, when telecommunication faults or natural disasters create a need for rapid re-routing of verifications to alternate, or manual, methods). In the absence of an effective legal redressal framework, the process needs review and should not proceed beyond the research stage.
Even at the research stage, the lack of judicial protection for the Constitutional right to personal privacy deserves highlighting. The conduct of research and live pilot studies inevitably places citizens and residents of India at risk of loss of privacy, particularly with regard to sensitive personal information, including biometrics. Much of this information is needed to safeguard property, ownership, fixed and moveable assets, especially money itself, and the addition of UID must be wholly positive, or it can even put your property at risk.
UIDAI officials have repeatedly stated that such protection must be created but its lack does not daunt them in practice. The consequences of wrongful identity matching, once UID becomes the standard reference point, are really harsh on the individual and the current legal environment (civil cases take years and decades to resolve) is not up to the task of providing remediation.
For this reason alone, without completely foolproof systems in several areas of technology as well as law (idealistic at best, if not far-fetched), going ahead with the UID is a deplorable waste of money.
To summarise, we have asked six simple questions here, to clear doubts about the deliverable merits of the Aadhaar scheme. We find it is not likely to provide benefits to the poorest of the poor in India; secondly, is not even designed to do so, definitely not in its first phase. on the contrary, it is likely to benefit the upwardly mobile part of the population. As far as solving the terrible problems that plague the delivery of benefits to the poor is concerned, a single reference point for verifications is neither the best-known solution, nor is the exceeding difficulty of building and operating a centralised database achievable at a reasonable cost and effort. There is no clarity, therefore, on whether making the effort is sensible at all.
Also, there is no clarity on whether it will be possible to adequately safeguard the database, from its creation to its subsequent use as the ultimate reference. We found serious concerns with the methods being used to gather data in the pilot studies that point to the possibility of future abuse as well as manipulation of ill-informed people to make them cooperate.
(Ram Krishnaswamy is an IIT Madras alumnus and Vickram Crishna is an IIT Delhi alumnus)