October 04, 2010
Ruchi
Ruchi
S Sharma (DG, UIDAI) in his article “Identity and the UIDAI: A Response” (EPW, Aug 28, 2010) claims that Usha Ramanathan’s article “A Unique Identity Bill” (EPW, July 24, 2010) reflects some “fundamental misunderstandings on the objectives of the UIDAI, the features of the identity number and the impact it will have on privacy”. In his rebuttal, he makes four broad points:
UIDAI has been deeply consultative and transparent, having “undertaken a wide range of consultations […] [with] economists who have worked on welfare design, civil society activists and scholars, academics, law experts as well as biometric experts […][and] with several stakeholders at various levels across the country”;
Data convergence is not unique to the UID project, “The UID database is not what makes convergence of information possible – this is fully possible, even today, without Aadhaar” and concerns of this nature will be addressed through the personal data protection framework being developed by the DoPT;
UIDAI is not a part of the national security focus of the GoI, “suggestion of links to the NATGRID/DNA data banks is pure conjecture, meant to create apprehensions on the UIDAI project”;
Profiling, tracking and surveillance are not possible and/or supported in the UID system
A review of some facts – the reader may come to own conclusions.
Consultative and Transparent?
“Consultation” must feed into the project design and scope if it is to be meaningful and not just a PR exercise. However UIDAI was ready with its approach and design document in less than three months (leaked[i] in November 2009) after Mr. Nilekani joined as Chairman and first employee[ii] in July 2009. Further despite widespread dissent and without addressing any concerns, the Authority has solidified project details by releasing tenders and signing MoUs with virtually all the important players such as state governments, rural development and petroleum ministries, LIC, state banks etc. This unilateralism was most evident in the way UID was linked to NREGA through an MoU with the Rural Development ministry without consulting the CEGC[iii], the statutory body to oversee NREGA’s implementation.
A consultative approach also mandates an inclusive engagement process, which allows all interested stakeholders to participate (each resident is a stakeholder in the UID project). Finally the proceedings of consultations must be detailed and publicly accessible to ensure that diversity of opinions and transparency of motives of involved parties are reflected. All of this irrespective of tedium must be adhered to especially for a project that mandatesuniversal inclusion.
The actual approach by UIDAI meets none of the above criteria: despite multiple explicit demands, open public meetings were summarily rejected. Proceedings of “consultation with stakeholders” (ministries, state governments, banks, industry representatives etc) are not available. Some of these consultations[iv] are with organizations (SVP National Police Academy, NASSCOM, Forward Markets Commission, venture capitalists etc) whose connection to the stated purpose of efficient and transparent delivery of state services is not apparent.
Only proceedings of “civil society organization” meetings are available, which have been summarily and/or misleadingly transcribed. For instance, in the Shimla-IIAS consultation[v], dissent is reduced to “The two sides of the debate were ably represented, with Prof. Sanjay Palshikar, Prof. Zoya Hasan, and Dr. Ramakumar presenting a civil liberties perspective”. One wonders if it’s a Freudian slip that CSO consultations have been split from “meetings with stakeholders”, given that the vehement objections of the former have not affected the project design or the Authority’s functioning at all.
A last word on transparency: Public estimates of the project cost range widely between Rs. 70,000 crores to Rs. 150,000 crores. The Authority has not made its budget public despite having functioned for almost two years and having received two budget allocations. This is especially ironic since the Authority derives justification in part by promising to save the exchequer money by eliminating leakages but resists a simple cost-benefit analysis by giving its own price tag.
National Identification Authority of India Bill
Many provisions of the draft NIA Bill are antithetical to civil society’s concerns, and their inclusion here can only amount to complete disregard for civil society consultations. First, the overall bill is aimed at achieving statutory status for the Authority not its regulation, thereby containing no details of implementation (summarily covered by the phrase, “as may be specified by regulations”). Irrelevant to the stated purpose of improving delivery of welfare services, the Authority plans to store transaction records (Clause 32(1)) to disclose for “national security” (Clause 33(b)) thus reinforcing concerns of state surveillance. Equally egregiously, the Authority seeks to reserve sole locus standing to move court (Clause 46) in a bid to evade accountability.
Having drafted a contentious bill, the Authority provided only a short two-week window for public feedback, which in spite of multiple demands, it has not made public (leaving individual groups to make their comments accessible in a scattered manner). Further in direct contravention to the process of public feedback, the draft Bill was listed for introduction in the Lok Sabha 2010 monsoon session.
Data Convergence, Privacy and State Surveillance
UIDAI has oft argued that data convergence is possible even without the UID project and thus responsibility for protection against it is not its problem. RS Sharma claims that “mobile numbers, PAN card numbers and passport numbers can all be used to profile, identify and converge data on individuals by agencies”. UIDAI contradicts itself – its biggest self-proclaimed USP is the ability to de-duplicate databases to ensure that there is only one of each person in the database. The very elimination of these vast numbers of duplicates is supposed to lead to tens of thousands of crores in savings. It stands to reason then that any convergence of this duplicate-infested erroneous data will be both highly problematic (given the inability to do reliable one-to-one matching) and will yield bad data. Plus no other number is linked to biometrics or envisioned for use across all major transactions of the individual’s life as UID numbers are. Thus what is game changing for efficient delivery of government services will also be game changing for other more intrusive purposes.
Furthermore the individual data protection framework in the works by DoPT does not address civil liberties concerns. By focusing on individual privacy and explicitly taking the state out of the picture on pretext of national security (as with the amended Information Technology Act 2008, defense and intelligence agencies’ exemptions from the RTI Act etc), no checks or regulation will be applied on state power at all (the predominant cause of concern against UID facilitated data convergence). In fact this focus on individual privacy is the perfect foil to dilute the RTI Act and evade accountability of public officials.
Regarding the assertion that the UID project is not part of the national security focus of the GoI, there are many unanswered questions, some of which include:
If the purpose of UID is wholly and solely to deliver government services efficiently and transparently, then why is “national security” part of the legislation? Does any legislation related to these individual welfare schemes (NREGA, PDS, RTE, NRHN etc) contain a similar “national security” provision? Then why should legislation for an Authority restricted solely to these schemes worry about national security since it seems unlikely that a cross border combatant will want to pilfer some low quality subsidized grain
Why is the Home Ministry installing fingerprint readers in all the police stations of the country under the Automated Finger Print Identification Systems[vi] (AFIS) project?
Finally, for a project whose benefits are premised on removing duplicates and “convergence” of social sector schemes, it appears counter-intuitive that overlapping and synergistic projects like UID and NATGRID (cross-linked government databases) will be independently duplicated instead of “converged”.
RS Sharma claims that the Authority clearly restricts the collection of any data that could be used to profile individuals/communities; however data convergence will render such provisions irrelevant. Further storing “details of every request for authentication of the identity of every aadhaar number holder and the response provided thereon by it in such manner and for such time as may be specified by regulations” (Clause 32(1), Draft NIA Bill 2010) is the equivalent of tracking, especially given the fact that each authentication request represents the physical presence of the individual at that location (for biometric verification). Merely saying that the Authority will retain “authentication records in a manner similar to the retaining of credit cards record” does not lessen the seriousness of this provision. Plus anyone who’s seen a credit card statement knows that there is no dearth of information with the credit card companies about each transaction.
Changing the Problem to Fit the Solution
UIDAI has time and again asserted that the “inability to prove identity is one of the biggest barriers preventing the poor from accessing benefits and subsidies.” Framed thus, the UID project seems like the obvious answer.
The reality though is different. In rural areas, the ability to prove identity is not the problem. How would a purely notional (and oppressive) concept like caste be so ingrained if one’s identity were so nebulous? Inability to access government services is one of lack of information and distorted power structures and introducing an opaque process consisting of fingerprint readers, mobile connectivity and centralized verification will not empower the disenfranchised.
In urban areas, the real issue is one of exclusionary state policy and not inability to prove identity. Shaloo, my household help has a Delhi based bank account, medical records and school report cards dating from 2001. However she cannot get a gas connection or a ration card because she lives in a jhuggi[vii]. She is also not eligible for rehabilitation when her slum will be demolished (as slated for CWG 2010) because she is unable to prove residency before the cut-off date of Dec 31, 1998. This is clearly a matter of policy, which cannot be addressed by a UID number. For the truly identity-less (e.g., beggar community), UID approach is weak relying on “introducers”.
It also bears mention that formalization/regulation is a good thing only when the state is genuinely attempting to be inclusive (which cannot be assumed to be universally true). Anonymity allows those on the fringes of society to get their work done through informal channels, an option that will be closed with the regimentation envisioned by UIDAI.
Another example of this kind of conceptual chicanery of changing the problem for a force-fit solution is the article “A Unique Way to Ensure Learning” (Livemint, Aug 19, 2010) by the Akshara Foundation. In this the authors argue that “it is necessary to gather enough data at the child level so that the right levels of interventions are focused on the appropriate target groups” and that “a universal and unique identification system will help in improving quality outcomes in a significant manner.” The article further cites a potential example of UID at work: “Remedial interventions are required to bring what the system calls “slow learners” to mainstream levels. This means that we need to know who needs help: This is possible only by administering diagnostic baseline tests and logging this data on a child-by-child basis, and then initiating the remedial interventions to wipe out specific legacy problems”. World over learning outcomes are overwhelmingly linked to the quality of teachers, but this article mentions teachers just once – predictably where UID can be used – to track attendance in government schools (who will make them teach?). Further the idea of tracking individual as opposed to aggregate learning outcomes is useful when only a few children are slipping through the cracks, so as to direct supplementary child specific interventions. However when the education system is failing almost all our children (in Karnataka, only 11% children in classes III to V can read English sentences; around 40% of the children between classes I and VIII can read a class II-level text and less than 20% could do simple division in mathematics), the obvious need is to fix the system and not run around logging data on a child-by-child basis.
The UID project comes in benevolent packaging; however claims of good intentions can be sustained only with complete transparency of objectives and participatory processes instead of trying to push through projects with PR and stealth
UID Resources – For Other UID updates
UIDAI has been deeply consultative and transparent, having “undertaken a wide range of consultations […] [with] economists who have worked on welfare design, civil society activists and scholars, academics, law experts as well as biometric experts […][and] with several stakeholders at various levels across the country”;
Data convergence is not unique to the UID project, “The UID database is not what makes convergence of information possible – this is fully possible, even today, without Aadhaar” and concerns of this nature will be addressed through the personal data protection framework being developed by the DoPT;
UIDAI is not a part of the national security focus of the GoI, “suggestion of links to the NATGRID/DNA data banks is pure conjecture, meant to create apprehensions on the UIDAI project”;
Profiling, tracking and surveillance are not possible and/or supported in the UID system
A review of some facts – the reader may come to own conclusions.
Consultative and Transparent?
“Consultation” must feed into the project design and scope if it is to be meaningful and not just a PR exercise. However UIDAI was ready with its approach and design document in less than three months (leaked[i] in November 2009) after Mr. Nilekani joined as Chairman and first employee[ii] in July 2009. Further despite widespread dissent and without addressing any concerns, the Authority has solidified project details by releasing tenders and signing MoUs with virtually all the important players such as state governments, rural development and petroleum ministries, LIC, state banks etc. This unilateralism was most evident in the way UID was linked to NREGA through an MoU with the Rural Development ministry without consulting the CEGC[iii], the statutory body to oversee NREGA’s implementation.
A consultative approach also mandates an inclusive engagement process, which allows all interested stakeholders to participate (each resident is a stakeholder in the UID project). Finally the proceedings of consultations must be detailed and publicly accessible to ensure that diversity of opinions and transparency of motives of involved parties are reflected. All of this irrespective of tedium must be adhered to especially for a project that mandatesuniversal inclusion.
The actual approach by UIDAI meets none of the above criteria: despite multiple explicit demands, open public meetings were summarily rejected. Proceedings of “consultation with stakeholders” (ministries, state governments, banks, industry representatives etc) are not available. Some of these consultations[iv] are with organizations (SVP National Police Academy, NASSCOM, Forward Markets Commission, venture capitalists etc) whose connection to the stated purpose of efficient and transparent delivery of state services is not apparent.
Only proceedings of “civil society organization” meetings are available, which have been summarily and/or misleadingly transcribed. For instance, in the Shimla-IIAS consultation[v], dissent is reduced to “The two sides of the debate were ably represented, with Prof. Sanjay Palshikar, Prof. Zoya Hasan, and Dr. Ramakumar presenting a civil liberties perspective”. One wonders if it’s a Freudian slip that CSO consultations have been split from “meetings with stakeholders”, given that the vehement objections of the former have not affected the project design or the Authority’s functioning at all.
A last word on transparency: Public estimates of the project cost range widely between Rs. 70,000 crores to Rs. 150,000 crores. The Authority has not made its budget public despite having functioned for almost two years and having received two budget allocations. This is especially ironic since the Authority derives justification in part by promising to save the exchequer money by eliminating leakages but resists a simple cost-benefit analysis by giving its own price tag.
National Identification Authority of India Bill
Many provisions of the draft NIA Bill are antithetical to civil society’s concerns, and their inclusion here can only amount to complete disregard for civil society consultations. First, the overall bill is aimed at achieving statutory status for the Authority not its regulation, thereby containing no details of implementation (summarily covered by the phrase, “as may be specified by regulations”). Irrelevant to the stated purpose of improving delivery of welfare services, the Authority plans to store transaction records (Clause 32(1)) to disclose for “national security” (Clause 33(b)) thus reinforcing concerns of state surveillance. Equally egregiously, the Authority seeks to reserve sole locus standing to move court (Clause 46) in a bid to evade accountability.
Having drafted a contentious bill, the Authority provided only a short two-week window for public feedback, which in spite of multiple demands, it has not made public (leaving individual groups to make their comments accessible in a scattered manner). Further in direct contravention to the process of public feedback, the draft Bill was listed for introduction in the Lok Sabha 2010 monsoon session.
Data Convergence, Privacy and State Surveillance
UIDAI has oft argued that data convergence is possible even without the UID project and thus responsibility for protection against it is not its problem. RS Sharma claims that “mobile numbers, PAN card numbers and passport numbers can all be used to profile, identify and converge data on individuals by agencies”. UIDAI contradicts itself – its biggest self-proclaimed USP is the ability to de-duplicate databases to ensure that there is only one of each person in the database. The very elimination of these vast numbers of duplicates is supposed to lead to tens of thousands of crores in savings. It stands to reason then that any convergence of this duplicate-infested erroneous data will be both highly problematic (given the inability to do reliable one-to-one matching) and will yield bad data. Plus no other number is linked to biometrics or envisioned for use across all major transactions of the individual’s life as UID numbers are. Thus what is game changing for efficient delivery of government services will also be game changing for other more intrusive purposes.
Furthermore the individual data protection framework in the works by DoPT does not address civil liberties concerns. By focusing on individual privacy and explicitly taking the state out of the picture on pretext of national security (as with the amended Information Technology Act 2008, defense and intelligence agencies’ exemptions from the RTI Act etc), no checks or regulation will be applied on state power at all (the predominant cause of concern against UID facilitated data convergence). In fact this focus on individual privacy is the perfect foil to dilute the RTI Act and evade accountability of public officials.
Regarding the assertion that the UID project is not part of the national security focus of the GoI, there are many unanswered questions, some of which include:
If the purpose of UID is wholly and solely to deliver government services efficiently and transparently, then why is “national security” part of the legislation? Does any legislation related to these individual welfare schemes (NREGA, PDS, RTE, NRHN etc) contain a similar “national security” provision? Then why should legislation for an Authority restricted solely to these schemes worry about national security since it seems unlikely that a cross border combatant will want to pilfer some low quality subsidized grain
Why is the Home Ministry installing fingerprint readers in all the police stations of the country under the Automated Finger Print Identification Systems[vi] (AFIS) project?
Finally, for a project whose benefits are premised on removing duplicates and “convergence” of social sector schemes, it appears counter-intuitive that overlapping and synergistic projects like UID and NATGRID (cross-linked government databases) will be independently duplicated instead of “converged”.
RS Sharma claims that the Authority clearly restricts the collection of any data that could be used to profile individuals/communities; however data convergence will render such provisions irrelevant. Further storing “details of every request for authentication of the identity of every aadhaar number holder and the response provided thereon by it in such manner and for such time as may be specified by regulations” (Clause 32(1), Draft NIA Bill 2010) is the equivalent of tracking, especially given the fact that each authentication request represents the physical presence of the individual at that location (for biometric verification). Merely saying that the Authority will retain “authentication records in a manner similar to the retaining of credit cards record” does not lessen the seriousness of this provision. Plus anyone who’s seen a credit card statement knows that there is no dearth of information with the credit card companies about each transaction.
Changing the Problem to Fit the Solution
UIDAI has time and again asserted that the “inability to prove identity is one of the biggest barriers preventing the poor from accessing benefits and subsidies.” Framed thus, the UID project seems like the obvious answer.
The reality though is different. In rural areas, the ability to prove identity is not the problem. How would a purely notional (and oppressive) concept like caste be so ingrained if one’s identity were so nebulous? Inability to access government services is one of lack of information and distorted power structures and introducing an opaque process consisting of fingerprint readers, mobile connectivity and centralized verification will not empower the disenfranchised.
In urban areas, the real issue is one of exclusionary state policy and not inability to prove identity. Shaloo, my household help has a Delhi based bank account, medical records and school report cards dating from 2001. However she cannot get a gas connection or a ration card because she lives in a jhuggi[vii]. She is also not eligible for rehabilitation when her slum will be demolished (as slated for CWG 2010) because she is unable to prove residency before the cut-off date of Dec 31, 1998. This is clearly a matter of policy, which cannot be addressed by a UID number. For the truly identity-less (e.g., beggar community), UID approach is weak relying on “introducers”.
It also bears mention that formalization/regulation is a good thing only when the state is genuinely attempting to be inclusive (which cannot be assumed to be universally true). Anonymity allows those on the fringes of society to get their work done through informal channels, an option that will be closed with the regimentation envisioned by UIDAI.
Another example of this kind of conceptual chicanery of changing the problem for a force-fit solution is the article “A Unique Way to Ensure Learning” (Livemint, Aug 19, 2010) by the Akshara Foundation. In this the authors argue that “it is necessary to gather enough data at the child level so that the right levels of interventions are focused on the appropriate target groups” and that “a universal and unique identification system will help in improving quality outcomes in a significant manner.” The article further cites a potential example of UID at work: “Remedial interventions are required to bring what the system calls “slow learners” to mainstream levels. This means that we need to know who needs help: This is possible only by administering diagnostic baseline tests and logging this data on a child-by-child basis, and then initiating the remedial interventions to wipe out specific legacy problems”. World over learning outcomes are overwhelmingly linked to the quality of teachers, but this article mentions teachers just once – predictably where UID can be used – to track attendance in government schools (who will make them teach?). Further the idea of tracking individual as opposed to aggregate learning outcomes is useful when only a few children are slipping through the cracks, so as to direct supplementary child specific interventions. However when the education system is failing almost all our children (in Karnataka, only 11% children in classes III to V can read English sentences; around 40% of the children between classes I and VIII can read a class II-level text and less than 20% could do simple division in mathematics), the obvious need is to fix the system and not run around logging data on a child-by-child basis.
The UID project comes in benevolent packaging; however claims of good intentions can be sustained only with complete transparency of objectives and participatory processes instead of trying to push through projects with PR and stealth
UID Resources – For Other UID updates
