March 18, 2011 03:59 PM |
Moneylife Digital Team
Moneylife Digital Team
According to test results of UIDAI’s biometrics-based Aadhaar project, there could be up to 15,000 false positives for every Indian resident. Moreover, this figure is just for identification and not for verification
The Indian government and its de-facto tagging institution, the Unique Identification Authority of India (UIDAI), have not only ignored privacy concerns but also ignored sample test results of its pilot project. Both the government and UIDAI have been in such a hurry that they have neglected the basic principle of pilot testing and size of sample. For over 1.2 billion UID numbers, they have used data from just 20,000 people, in pairs, as the sample and have on the basis of the results gone ahead with the UID number through the 'Aadhaar' project.
UIDAI conducted a proof of the concept trial of the Aadhaar project between March and June 2010. In the results, it said, "The matching analysis was done on two sets of 20,000 biometrics, for a total of 40,000. However, the number of comparisons was several orders of magnitude more than 40,000, since each set of fingerprints would be matched against every other set of fingerprints in the data set".
On the false positive identification rate (FPIR), the authority said, "We will look at the point where the FPIR (i.e. the possibility that a person is mistaken to be a different person) is 0.0025%". This means, for every 1 lakh comparisons, there would be two and a half false positives. On a large scale, it means for a population of over 120 crore, there would be 18 lakh crore false positives, or, for every single Indian resident there would be 15,000 false positives! (Click to see the calculations)
David Moss, who spent eight years campaigning against the UK's National ID (NID) card scheme, has questioned the logic of the UIDAI and the government to depending on biometrics to produce the UID number. In a report titled, "India's ID card scheme-drowning in a sea of false positives", Mr Moss said, "those (the FPIR) conclusions do not follow from the evidence reported. Nothing in UIDAI's surprisingly low quality report suggests that it would be feasible to prove that each electronic identity on the Central ID Repository (CIDR) is unique. Not with a billion plus people on the database. Far from it, India can be confident, from the figures quoted in UIDAI's proof of concept trial report, that de-duplication could never be achieved."
Speaking about the UK's NID scheme, Mr Moss said, "There were many problems with the UK scheme. Not just biometrics. But biometrics is the easiest problem to understand and to discuss objectively and on which to reach an agreed decision, as it's quantifiable, there are no difficult value judgements to make and it's just technology. But it's not a very good technology, for, whenever there is a large-scale field trial, mass consumer biometrics prove to be too unreliable for the ID card schemes that depend on them, as opposed to the mere computer modelling exercises favoured by the US National Institute of Standards and Technology (NIST)."
In addition, there are issues like the reliability of biometric identification for a large population like in India. For the record, no one has ever issued IDs to such a huge population anywhere in the world. And whoever has tried to issue biometrics-based Ids, even for a small size, had to abandon or discard the idea altogether. Like the UK government abolished its NID scheme citing higher costs, impracticality and ungovernable breaches of privacy as reasons for cancelling the NID project.
The UK government spent around £250 million on developing the national ID programme over eight years. However, its abolition means that the government will avoid spending another £800 million over a decade. The NID was launched in July 2002 and as of February 2010, its total costs rose to an estimated £4.5 billion.
For the biometrics-based ID cards, there was one study done at Seoul in Korea. The study was done for ID cards issued for driver licences. It was designed in such a way that by swiping fingers, the drivers were able to access services like paying parking charges and redeeming a ticket. However, after one year, it was found that 5% to 13% users could not use the system. The tests were conducted with four different manufacturers, with drivers being white collar workers and housewives in acceptable quality criteria. In the end the study recommended frequent re-enrolment of users.
According to JT D'Souza, who analysed the pilot study conducted by the UIDAI, given the well-known lacunae in our infrastructure and massive demographics, biometrics as an ID will be a guaranteed failure and result in denial of service. He said, "The sum of false acceptance rate and false rejection rate (EER) reveals only part of the problem, which is rejection or acceptance within a short duration of enrolment. The bigger problem is ageing, including health and environment factors, which causes sufficient change to make biometrics completely unusable and requires very frequent re-enrolment."
The International Biometric Group (IBG) testing also shows that performance can vary drastically within technologies-some fingerprint solutions, for example, had next to no errors during testing, while others rejected nearly 1/3rd of enrolled users. "Most interestingly, the testing shows that over time, many biometric systems are prone to incorrectly rejecting a substantial percentage of users. Verifying a user immediately after enrolment is not highly challenging to biometric systems. However, after six weeks, testing shows that some systems' error rates increase ten-fold," according to the research, consulting and integration firm, which works closely with the biometric industry. The report is titled "Real-World Performance Testing".
Despite all the issues, the UIDAI and the Indian government are pressing hard to implement the UID number scheme across the country. While maintaining that the UID number is not compulsory, both of them are making efforts to make it mandatory using backdoor methods. Nobody is even ready to pause and think about the possible consequences of the failure to identify some poor person from a remote place. It may be a technical glitch for the authorities, but could be a question of life and death for the 'aam admi', who would be denied food and other benefits due to the failure.
"By the time the stillborn (NID) scheme was finally cancelled, the UK's Home Office had lost all credibility, it was totally demoralised and it is now excluded from discussions of the new, and still unspecified, Digital Delivery Identity Assurance project. Having given their unsolicited testimonials to the biometrics industry and its unreliable products, UIDAI will be left to clean up the expensive mess left in India as best they can when 'Aadhaar' is cancelled, while the biometrics industry road-show moves on to the next country and repeats the trick," Mr Moss concluded.
