Submitted by Sruti Chaganti on Sun, 04/17/2011 - 23:00
Notes from the field in Jharkhand and Andhra Pradesh
I OVERVIEW
From early days in discussions with the Knowledge Commission when a unique identity was thought necessary to consolidate the many ways in which a person is identified by the state (such as the Voter ID, Driving License, PAN Card, Passport, etc.), the Unique Identification (UID) project of the Government of India has evolved significantly. While consolidation or aggregation of information across various domains of state action will eventually indeed become possible with the UID, the key to understanding the socio-economic-cultural transformation the UID is a potential harbinger of, lies in its own deeply rooted impulse for disaggregation.
The UID, or the AADHAAR number, does not substitute for any other identifying mechanism either in existence or that could potentially be introduced in the future – for example, the ration card as it exists now, or the smart ration card that various state governments plan to introduce after AADHAAR. The AADHAAR number is issued against a finite (and rather thin) set of demographic information (resident’s name, address, gender, age, name of parent/guardian in case resident is below 5 years of age) and rather extensive biometric information (photograph, two iris scans, ten fingerprints; as biometric technologies evolve and become more cost-efficient these fields could potentially be replaced by other biometric indices such as heart rate, genetic fingerprint and so on). Enrolment into AADHAAR thus is not the accession to a good, claims to which can be made and disputed in terms of the latter – i.e. it does not enable one as a citizen, or in the manner a driving license enables one to drive – rather, it merely links the resident to a number via her biometrics. Unique identity is thus established every time the resident accesses a service by verifying her AADHAAR number against the biometrics linked to said number. The novelty of the UID lies in this premise, that the value of AADHAAR lies in its repeated authentication, and its generative potential bears closer investigation.
II AADHAAR ENROLMENT
A. De-centralised Enrolment: UIDAI – Registrar – Enrolment Agency
While the UIDAI is charged with the responsibility of coordinating enrolment procedures across the country, with setting up the technological processes for enrolment, data processing and maintenance, and for prescribing technological processes for authentication, coordinating enrolment in constituent units, defined not by geography but by service delivery, is a function of various Registrars. UIDAI enters into a Memorandum of Understanding with individual state governments and with various pan-Indian agencies (for example, the State Bank of India, Canara Bank, LIC, Department of Posts, IGNOU, Ministry of Petroleum and Natural Gas, and so on) for the enrolment of all residents into a single database; Registrars are thus multiple, with the same geographical area often being the field of operation of more than one Registrar.
Where the MoU is with a state government, the Registrar is typically a department or an agency of the state government; thus, Registrars in Jharkhand are the Rural Development and Urban Development departments, while in Andhra Pradesh it is the Commissioner for Food and Civil Supplies. The task of physically enrolling residents is that of Enrolment Agencies appointed by the Registrar, either by inviting tenders from private enterprises empanelled for the purpose with the UIDAI, or through its own agencies (such as fair price shops). In Jharkhand and AP, private agencies have been enlisted for the task.
Enrolment Agencies, in turn, set up enrolment centres with separate stations comprising of a computer, a fingerprint capture device, an iris capture device and a digital camera at a minimum. The Enrolment Agency is responsible for the establishment and maintenance of enrolment centres, for the procurement of certified biometric devices, for the employment and training of enrollers, for physical enrolment, and for data transfers.
B. Financial Assistance to Registrars
The enrolment of residents is under a financial incentive model, with the incentives provided partly by the UIDAI and partly by the Ministry of Finance. For the first 10 crore enrolments, the UIDAI remunerates the Registrar Rs. 50 for each resident enrolled and issued with the AADHAAR number. Enrolment Agencies quote price per enrolment in the tenders submitted to the Registrar – prices quoted can vary from Rs. 23 per enrolment (Smart Chip Limited’s price for Hyderabad district) to Rs. 40 (Smart Chip Limited’s price for enrolling on behalf of State Bank of India). The profitability of operations for the Enrolment Agencies depend on the number of enrolments in a day, and as we witnessed in the enrolment centres we visited in Hyderabad, every effort is made to complete an enrolment within 4-6 minutes.
In accordance with the recommendation of the XIII Finance Commission, to incentivise BPL residents to enrol with the UIDAI, the Ministry of Finance disburses Rs. 100 to state governments for every BPL person enrolled and issued with the AADHAAR number. State governments can choose to either pay the money out directly to the individual or use it to create facilities for minimising cost of registration to the enrolled. Additionally, the UIDAI provides a top-up grant to state governments for enrolling BPL+ residents, defined for the purpose as Rashtriya Swasthya Bima Yojana (RSBY) beneficiaries.
The UIDAI also provides state governments with assistance towards building ICT infrastructure for correlation of existing systems and databases of Registrars with the UID database and for their inter-se integration. The costs supported include: (i) the procurement of hardware and software, (ii) the engagement of consultants to advise on integrating systems, standardizing data elements and seeding AADHAAR numbers in them to collate and correlate the various databases, (iii) the engagement of software companies to perform the actual task of integration, and (iv) the development of cloud applications at the national level for social sector schemes. Each state government can thus apply for ICT assistance upto Rs. 10 crore (calculated at Rs. 2 crore for 5 applications) while the Central government is entitled to assistance upto Rs. 100 crores (calculated at Rs. 20 crore for 5 applications). The criteria for a proposal from states or the centre qualifying for support include the number and profile of beneficiaries of the scheme sought to be made ‘UID ready’, its financial outlay, spin-off effect and potential for use of UID authentication services.
Registrars are also permitted to generate additional revenues by collecting information in the enrolment process on behalf of other governmental agencies; thus, the AP Registrar earns Rs. 40 from the Ministry of Petroleum and Natural Gas on every family’s LPG connections it secures details of at the time of enrolling residents.
C. Enrolment Process
(a) Data Capture
Demographic Data
The difference between the enrolment process in Jharkhand and Andhra Pradesh lies in the nature of the pre-existing database upon which the UID database is built – while in the former there isn’t one, the latter has a fairly comprehensive ration card database that was updated and digitised in 2004, with cards issued against iris biometrics of cardholders. Said biometrics, not having been de-duplicated at the time of their collection, constitutes an idle database held, but not used, by the government.
Where there is a pre-existing database, as in the Andhra Pradesh instance, demographic data from the same is imported into the AADHAAR application software and checked for any corrections by the operator at the Enrolment station. Where there is no pre-existing database, residents fill out their demographic data in Enrolment Forms containing KYR fields as prescribed by the UIDAI, comprising of information regarding (i) name of resident, (ii) name of mother/father/husband/guardian, (iii) date of birth/age, (iv) gender and (v) residential address.
In addition to demographic data, two additional sections on the Enrolment Form pertain to (a) Financial Inclusion and (b) the National Population Register (NPR). Thus, every resident being enrolled for an AADHAAR number is asked if she wants to either open a UID enabled bank account or link her existing bank account with her AADHAAR number. If the resident has been surveyed for census, then she is also asked to provide her NPR receipt no. in the Enrolment Form.
Registrars are also permitted to require residents enrolling for AADHAAR numbers to furnish additional information for their own purposes – these additional data fields are referred to as KYR+ In the Andhra Pradesh instance, KYR+ includes information regarding caste membership, NREGS Job Card No., SHG No., Pension Card No., bank account details, LPG connections, etc. KYR+ may contain some mandatory fields and some non-mandatory fields. However, from what we witnessed at the enrolment centres we visited, residents do not seem to distinguish between the two, nor are they appropriately advised at the Enrolment Centre. Thus, while in the UIDAI mandated Enrolment Form, the resident is asked to volunteer her bank details, in the AP KYR+, residents are asked to furnish their bank account details, without any discernible distinction between it being a mandatory or a voluntary field.
The only data verified at the time of enrolment are that of identity and address. Verification is either through the provision of documents establishing the same, scrutinized and signed by the Registrar’s representative at the Enrolment Centre, or through Introducers authorized by the Registrar to authenticate the identity and address of a resident not having documentary proof of the same. In Jharkhand, the government has authorized all district, block and panchayat officials as Introducers, whereas in Andhra Pradesh, MPs, MLAs, MLCs, gazetted officers of state and central governments, elected representatives in panchayati raj institutions, mandal revenue inspectors, village revenue officers, postmen in their respective jurisdictions with the concurrence of postal department, authorized representatives of reputed NGOs and civil society outreach organizations to cover the homeless, street children, beggars and such disadvantaged sections of society are capable of being Introducers. To be able to perform the function of an Introducer, however, the person has to be enrolled into the UID database and issued with her AADHAAR number.
Biometric Data
Biometric data collected at the time of enrolment includes the resident’s facial image, ten fingerprint impressions and two iris scans. While provision is made to record the fact of a resident missing a finger or an eye, in the enrolment centres we visited in Jharkhand and Andhra Pradesh, we witnessed high rates of failure in recording accurate biometric data. Age, abrasions, dirt, oil stains, etc. impeded the recording of fingerprint impressions – the software requires a high level of clarity in impression before it is recorded, but after four failures in obtaining a clear impression it can be manually overridden to record impressions with very low clarity (sometimes as low as 20-30% of the standards used by the software as measure). The successful recording of iris scans is often impeded, as we saw in Jharkhand, by the resident’s discomfort in looking into the scanner at the appropriate angle.
(b) Data Custody and Transfer
The enrolment process for the resident comes to a close with the generation of a summary of the data collected which is to be verified and consented to by the resident. This Acknowledgment Receipt bears the Enrolment No. of the resident, which number, unlike the randomly generated AADHAAR number, bears the unique code of the Enrolment Agency, the Enrolment Centre and the Enrolment Station and the date and time at which the enrolment took place.
The Registrar is entitled to retain all data collected, including biometric, and a copy of the same is transferred to the UIDAI either via memory sticks sent through India Post or by its direct uploading to the CIDR. Internet connectivity at every enrolment station is thus available at periodic intervals. After de-duplication of the data, the CIDR issues AADHAAR numbers and makes these numbers available to the Registrar against the Enrolment Nos. recorded in the data retained for its use.
Further sorting of the data occurs when individual AADHAAR numbers and the data collected against them are aggregated into family units in the Registrar’s database – thus in the enrolment Centres we visited in Andhra Pradesh, common bar codes are attached to the acknowledgment forms of individual members of a family which are then used to sort family membership in the data retained for the use of the Registrar. Where a Registrar is a department implementing a social sector scheme, this aggregation of family membership is deemed necessary for its purposes, since the basic unit of all social security schemes is the family and not the individual.
Thus, at least three copies of all data generated exist: one copy is sent to the UIDAI, one copy is sent to the Registrar and the third is maintained with the Enrolling Agency. While the UIDAI’s Handbook for Registrars states that biometric data is to be encrypted upon collection to ensure their integrity and security, we understand from the enrolment centres we visited in AP that residents can ask for corrections in demographic data upto 48 hours after enrolment. When data is extracted for the UIDAI and the Registrar it is automatically encrypted, however, the system on which the enrolment took place appears to retain unencrypted data.
III AADHAAR Authentication
A. Delivery of Citizen Services
The implementation of the UID is one ‘Mission Mode Project’ among 27 identified in the National e-Governance Plan (NeGP) stemming from the recommendations of the Second Administrative Reforms Commission (ARC) and funded by a loan from the World Bank. While earlier e-Governance initiatives in the ‘80s and ‘90s focused on automation of internal government functions with some limited citizen interfaces, the NeGP focuses on integrated service delivery across government departments and jurisdictional barriers (such as central, state and district administrative divisions) to citizens and businesses.
The core infrastructure envisaged for such integrated service delivery comprises of the establishment, in each state and union territory, of:
SWAN or State Wide Area Network to extend connectivity for voice, video and data communications linking State Headquarters with each District Headquarter and the latter to each Block Headquarter.
SDC or State Data Center to integrate government applications and databases in a central data repository and to provide an integrated user interface for the online delivery of services. (In addition, a National eGovernment Data Center is also under construction.)
CSC or Common Service Center to bridge the last mile in service delivery. More than 1,00,000 internet-enabled CSCs serving over 6,00,000 villages are envisaged as access points for users requiring services from the government. These services include those provided by revenue departments (copies of record of rights, mutation certificates, caste and income certificates, etc.), municipalities (birth/death certificates, water and sewerage connections, utility payments, etc.), and under the various social sector schemes of the government (run by the rural and urban development, health, family and women welfare, food and civil supplies departments among others). The NeGP is envisaged as a public-private partnership with the government bearing the cost of the fixed infrastructure envisaged under it while private agencies undertake the task of building its different components. CSCs are intended as composite service points run by village level entrepreneurs and providing not only access to government services for a fee but also a range of telecom enabled social services in agriculture, education and health, and private services such as financial products, entertainment, etc.
UID based biometric authentication is considered crucial at two points in service delivery: (i) at point of access in the CSC to verify the identity of the person requiring a service and (ii) at the point of interfacing with the SDC via the Service Delivery Gateway (used to route messages across applications and databases) to maintain a transaction log.
B. Biometric Authentication Applications for state and private enterprise
That the UID only guarantees identity and “not rights, benefits or entitlements” is by now rather well-known. And yet, the UID is supplemental (for now at the very least) to other forms of identification, whether documentary or biometric. Unlike the latter however, the UID has the potential to create a feedback loop wherein information is aggregated in its every use. In order for the UID to function as an identifier at all, and therefore for such a feedback loop to come into existence, various service providers need to adopt UID based biometric authentication procedures. And here the UID creates a level playing field – authentication applications can be built into any level of service provision, by any service provider (whether state or market). Thus market applications for UID authentication could be built for mobile phone companies, credit card agencies, airline ticketing counters, corporate offices, hotels, etc.
Authentication applications can be built for the state at various levels of its operation. In Jharkhand, for example, UID based authentication is sought to be introduced for five social security schemes at the outset: NREGA, Pensions, School Stipends, PDS and Mid-day Meals. While the first three are envisaged as direct UID linked bank transfers (more on this in Section C below), the latter require authentication applications to be integrated at points of access to these subsidies, such as the fair price shop (to authenticate identity and establish entitlements in case of PDS) and in primary schools (to record attendance of BPL students in case of MDM). Authentication applications are also sought to be integrated at pre-payment stages, as for instance in the case of NREGA, to record attendance at work-sites.
UIDAI primarily envisages that AADHAAR numbers will be authenticated online by the CIDR on a real-time basis. However authentication applications can potentially also be smart card based, as is in fact the case in Andhra Pradesh. Well before UID enrolments commenced in the state, the government had already adopted biometric based smart card payments for NREGS and Social Security Pensions. These payments are disbursed after matching the fingerprint of the beneficiary with the fingerprint recorded in the smart card. The state government, after commencing work on UID enrolments, now proposes to issue a multipurpose AADHAAR linked smart card for offline biometric authentication at point of sale/service delivery. In the first instance, the smart cards will incorporate PDS entitlements along with names and three fingerprint biometrics (right thumb, left index finger, right index finger) of all family members. A pilot project is underway in Maheshwaram mandal in Ranga Reddy District to test the point-of-sale biometric card readers. From what we saw in the Tukkuguda fair price shop, smart cards issued by the Food and Civil Supplies Department differentiate between BPL card holders (white smart cards) and AAY card holders (yellow smart cards). It is expected that the Rural Development Department will be the next to integrate its benefits with the multi-purpose smart cards.
C. Financial Inclusion and Direct Cash Transfers
I OVERVIEW
From early days in discussions with the Knowledge Commission when a unique identity was thought necessary to consolidate the many ways in which a person is identified by the state (such as the Voter ID, Driving License, PAN Card, Passport, etc.), the Unique Identification (UID) project of the Government of India has evolved significantly. While consolidation or aggregation of information across various domains of state action will eventually indeed become possible with the UID, the key to understanding the socio-economic-cultural transformation the UID is a potential harbinger of, lies in its own deeply rooted impulse for disaggregation.
The UID, or the AADHAAR number, does not substitute for any other identifying mechanism either in existence or that could potentially be introduced in the future – for example, the ration card as it exists now, or the smart ration card that various state governments plan to introduce after AADHAAR. The AADHAAR number is issued against a finite (and rather thin) set of demographic information (resident’s name, address, gender, age, name of parent/guardian in case resident is below 5 years of age) and rather extensive biometric information (photograph, two iris scans, ten fingerprints; as biometric technologies evolve and become more cost-efficient these fields could potentially be replaced by other biometric indices such as heart rate, genetic fingerprint and so on). Enrolment into AADHAAR thus is not the accession to a good, claims to which can be made and disputed in terms of the latter – i.e. it does not enable one as a citizen, or in the manner a driving license enables one to drive – rather, it merely links the resident to a number via her biometrics. Unique identity is thus established every time the resident accesses a service by verifying her AADHAAR number against the biometrics linked to said number. The novelty of the UID lies in this premise, that the value of AADHAAR lies in its repeated authentication, and its generative potential bears closer investigation.
II AADHAAR ENROLMENT
A. De-centralised Enrolment: UIDAI – Registrar – Enrolment Agency
While the UIDAI is charged with the responsibility of coordinating enrolment procedures across the country, with setting up the technological processes for enrolment, data processing and maintenance, and for prescribing technological processes for authentication, coordinating enrolment in constituent units, defined not by geography but by service delivery, is a function of various Registrars. UIDAI enters into a Memorandum of Understanding with individual state governments and with various pan-Indian agencies (for example, the State Bank of India, Canara Bank, LIC, Department of Posts, IGNOU, Ministry of Petroleum and Natural Gas, and so on) for the enrolment of all residents into a single database; Registrars are thus multiple, with the same geographical area often being the field of operation of more than one Registrar.
Where the MoU is with a state government, the Registrar is typically a department or an agency of the state government; thus, Registrars in Jharkhand are the Rural Development and Urban Development departments, while in Andhra Pradesh it is the Commissioner for Food and Civil Supplies. The task of physically enrolling residents is that of Enrolment Agencies appointed by the Registrar, either by inviting tenders from private enterprises empanelled for the purpose with the UIDAI, or through its own agencies (such as fair price shops). In Jharkhand and AP, private agencies have been enlisted for the task.
Enrolment Agencies, in turn, set up enrolment centres with separate stations comprising of a computer, a fingerprint capture device, an iris capture device and a digital camera at a minimum. The Enrolment Agency is responsible for the establishment and maintenance of enrolment centres, for the procurement of certified biometric devices, for the employment and training of enrollers, for physical enrolment, and for data transfers.
B. Financial Assistance to Registrars
The enrolment of residents is under a financial incentive model, with the incentives provided partly by the UIDAI and partly by the Ministry of Finance. For the first 10 crore enrolments, the UIDAI remunerates the Registrar Rs. 50 for each resident enrolled and issued with the AADHAAR number. Enrolment Agencies quote price per enrolment in the tenders submitted to the Registrar – prices quoted can vary from Rs. 23 per enrolment (Smart Chip Limited’s price for Hyderabad district) to Rs. 40 (Smart Chip Limited’s price for enrolling on behalf of State Bank of India). The profitability of operations for the Enrolment Agencies depend on the number of enrolments in a day, and as we witnessed in the enrolment centres we visited in Hyderabad, every effort is made to complete an enrolment within 4-6 minutes.
In accordance with the recommendation of the XIII Finance Commission, to incentivise BPL residents to enrol with the UIDAI, the Ministry of Finance disburses Rs. 100 to state governments for every BPL person enrolled and issued with the AADHAAR number. State governments can choose to either pay the money out directly to the individual or use it to create facilities for minimising cost of registration to the enrolled. Additionally, the UIDAI provides a top-up grant to state governments for enrolling BPL+ residents, defined for the purpose as Rashtriya Swasthya Bima Yojana (RSBY) beneficiaries.
The UIDAI also provides state governments with assistance towards building ICT infrastructure for correlation of existing systems and databases of Registrars with the UID database and for their inter-se integration. The costs supported include: (i) the procurement of hardware and software, (ii) the engagement of consultants to advise on integrating systems, standardizing data elements and seeding AADHAAR numbers in them to collate and correlate the various databases, (iii) the engagement of software companies to perform the actual task of integration, and (iv) the development of cloud applications at the national level for social sector schemes. Each state government can thus apply for ICT assistance upto Rs. 10 crore (calculated at Rs. 2 crore for 5 applications) while the Central government is entitled to assistance upto Rs. 100 crores (calculated at Rs. 20 crore for 5 applications). The criteria for a proposal from states or the centre qualifying for support include the number and profile of beneficiaries of the scheme sought to be made ‘UID ready’, its financial outlay, spin-off effect and potential for use of UID authentication services.
Registrars are also permitted to generate additional revenues by collecting information in the enrolment process on behalf of other governmental agencies; thus, the AP Registrar earns Rs. 40 from the Ministry of Petroleum and Natural Gas on every family’s LPG connections it secures details of at the time of enrolling residents.
C. Enrolment Process
(a) Data Capture
Demographic Data
The difference between the enrolment process in Jharkhand and Andhra Pradesh lies in the nature of the pre-existing database upon which the UID database is built – while in the former there isn’t one, the latter has a fairly comprehensive ration card database that was updated and digitised in 2004, with cards issued against iris biometrics of cardholders. Said biometrics, not having been de-duplicated at the time of their collection, constitutes an idle database held, but not used, by the government.
Where there is a pre-existing database, as in the Andhra Pradesh instance, demographic data from the same is imported into the AADHAAR application software and checked for any corrections by the operator at the Enrolment station. Where there is no pre-existing database, residents fill out their demographic data in Enrolment Forms containing KYR fields as prescribed by the UIDAI, comprising of information regarding (i) name of resident, (ii) name of mother/father/husband/guardian, (iii) date of birth/age, (iv) gender and (v) residential address.
In addition to demographic data, two additional sections on the Enrolment Form pertain to (a) Financial Inclusion and (b) the National Population Register (NPR). Thus, every resident being enrolled for an AADHAAR number is asked if she wants to either open a UID enabled bank account or link her existing bank account with her AADHAAR number. If the resident has been surveyed for census, then she is also asked to provide her NPR receipt no. in the Enrolment Form.
Registrars are also permitted to require residents enrolling for AADHAAR numbers to furnish additional information for their own purposes – these additional data fields are referred to as KYR+ In the Andhra Pradesh instance, KYR+ includes information regarding caste membership, NREGS Job Card No., SHG No., Pension Card No., bank account details, LPG connections, etc. KYR+ may contain some mandatory fields and some non-mandatory fields. However, from what we witnessed at the enrolment centres we visited, residents do not seem to distinguish between the two, nor are they appropriately advised at the Enrolment Centre. Thus, while in the UIDAI mandated Enrolment Form, the resident is asked to volunteer her bank details, in the AP KYR+, residents are asked to furnish their bank account details, without any discernible distinction between it being a mandatory or a voluntary field.
The only data verified at the time of enrolment are that of identity and address. Verification is either through the provision of documents establishing the same, scrutinized and signed by the Registrar’s representative at the Enrolment Centre, or through Introducers authorized by the Registrar to authenticate the identity and address of a resident not having documentary proof of the same. In Jharkhand, the government has authorized all district, block and panchayat officials as Introducers, whereas in Andhra Pradesh, MPs, MLAs, MLCs, gazetted officers of state and central governments, elected representatives in panchayati raj institutions, mandal revenue inspectors, village revenue officers, postmen in their respective jurisdictions with the concurrence of postal department, authorized representatives of reputed NGOs and civil society outreach organizations to cover the homeless, street children, beggars and such disadvantaged sections of society are capable of being Introducers. To be able to perform the function of an Introducer, however, the person has to be enrolled into the UID database and issued with her AADHAAR number.
Biometric Data
Biometric data collected at the time of enrolment includes the resident’s facial image, ten fingerprint impressions and two iris scans. While provision is made to record the fact of a resident missing a finger or an eye, in the enrolment centres we visited in Jharkhand and Andhra Pradesh, we witnessed high rates of failure in recording accurate biometric data. Age, abrasions, dirt, oil stains, etc. impeded the recording of fingerprint impressions – the software requires a high level of clarity in impression before it is recorded, but after four failures in obtaining a clear impression it can be manually overridden to record impressions with very low clarity (sometimes as low as 20-30% of the standards used by the software as measure). The successful recording of iris scans is often impeded, as we saw in Jharkhand, by the resident’s discomfort in looking into the scanner at the appropriate angle.
(b) Data Custody and Transfer
The enrolment process for the resident comes to a close with the generation of a summary of the data collected which is to be verified and consented to by the resident. This Acknowledgment Receipt bears the Enrolment No. of the resident, which number, unlike the randomly generated AADHAAR number, bears the unique code of the Enrolment Agency, the Enrolment Centre and the Enrolment Station and the date and time at which the enrolment took place.
The Registrar is entitled to retain all data collected, including biometric, and a copy of the same is transferred to the UIDAI either via memory sticks sent through India Post or by its direct uploading to the CIDR. Internet connectivity at every enrolment station is thus available at periodic intervals. After de-duplication of the data, the CIDR issues AADHAAR numbers and makes these numbers available to the Registrar against the Enrolment Nos. recorded in the data retained for its use.
Further sorting of the data occurs when individual AADHAAR numbers and the data collected against them are aggregated into family units in the Registrar’s database – thus in the enrolment Centres we visited in Andhra Pradesh, common bar codes are attached to the acknowledgment forms of individual members of a family which are then used to sort family membership in the data retained for the use of the Registrar. Where a Registrar is a department implementing a social sector scheme, this aggregation of family membership is deemed necessary for its purposes, since the basic unit of all social security schemes is the family and not the individual.
Thus, at least three copies of all data generated exist: one copy is sent to the UIDAI, one copy is sent to the Registrar and the third is maintained with the Enrolling Agency. While the UIDAI’s Handbook for Registrars states that biometric data is to be encrypted upon collection to ensure their integrity and security, we understand from the enrolment centres we visited in AP that residents can ask for corrections in demographic data upto 48 hours after enrolment. When data is extracted for the UIDAI and the Registrar it is automatically encrypted, however, the system on which the enrolment took place appears to retain unencrypted data.
III AADHAAR Authentication
A. Delivery of Citizen Services
The implementation of the UID is one ‘Mission Mode Project’ among 27 identified in the National e-Governance Plan (NeGP) stemming from the recommendations of the Second Administrative Reforms Commission (ARC) and funded by a loan from the World Bank. While earlier e-Governance initiatives in the ‘80s and ‘90s focused on automation of internal government functions with some limited citizen interfaces, the NeGP focuses on integrated service delivery across government departments and jurisdictional barriers (such as central, state and district administrative divisions) to citizens and businesses.
The core infrastructure envisaged for such integrated service delivery comprises of the establishment, in each state and union territory, of:
SWAN or State Wide Area Network to extend connectivity for voice, video and data communications linking State Headquarters with each District Headquarter and the latter to each Block Headquarter.
SDC or State Data Center to integrate government applications and databases in a central data repository and to provide an integrated user interface for the online delivery of services. (In addition, a National eGovernment Data Center is also under construction.)
CSC or Common Service Center to bridge the last mile in service delivery. More than 1,00,000 internet-enabled CSCs serving over 6,00,000 villages are envisaged as access points for users requiring services from the government. These services include those provided by revenue departments (copies of record of rights, mutation certificates, caste and income certificates, etc.), municipalities (birth/death certificates, water and sewerage connections, utility payments, etc.), and under the various social sector schemes of the government (run by the rural and urban development, health, family and women welfare, food and civil supplies departments among others). The NeGP is envisaged as a public-private partnership with the government bearing the cost of the fixed infrastructure envisaged under it while private agencies undertake the task of building its different components. CSCs are intended as composite service points run by village level entrepreneurs and providing not only access to government services for a fee but also a range of telecom enabled social services in agriculture, education and health, and private services such as financial products, entertainment, etc.
UID based biometric authentication is considered crucial at two points in service delivery: (i) at point of access in the CSC to verify the identity of the person requiring a service and (ii) at the point of interfacing with the SDC via the Service Delivery Gateway (used to route messages across applications and databases) to maintain a transaction log.
B. Biometric Authentication Applications for state and private enterprise
That the UID only guarantees identity and “not rights, benefits or entitlements” is by now rather well-known. And yet, the UID is supplemental (for now at the very least) to other forms of identification, whether documentary or biometric. Unlike the latter however, the UID has the potential to create a feedback loop wherein information is aggregated in its every use. In order for the UID to function as an identifier at all, and therefore for such a feedback loop to come into existence, various service providers need to adopt UID based biometric authentication procedures. And here the UID creates a level playing field – authentication applications can be built into any level of service provision, by any service provider (whether state or market). Thus market applications for UID authentication could be built for mobile phone companies, credit card agencies, airline ticketing counters, corporate offices, hotels, etc.
Authentication applications can be built for the state at various levels of its operation. In Jharkhand, for example, UID based authentication is sought to be introduced for five social security schemes at the outset: NREGA, Pensions, School Stipends, PDS and Mid-day Meals. While the first three are envisaged as direct UID linked bank transfers (more on this in Section C below), the latter require authentication applications to be integrated at points of access to these subsidies, such as the fair price shop (to authenticate identity and establish entitlements in case of PDS) and in primary schools (to record attendance of BPL students in case of MDM). Authentication applications are also sought to be integrated at pre-payment stages, as for instance in the case of NREGA, to record attendance at work-sites.
UIDAI primarily envisages that AADHAAR numbers will be authenticated online by the CIDR on a real-time basis. However authentication applications can potentially also be smart card based, as is in fact the case in Andhra Pradesh. Well before UID enrolments commenced in the state, the government had already adopted biometric based smart card payments for NREGS and Social Security Pensions. These payments are disbursed after matching the fingerprint of the beneficiary with the fingerprint recorded in the smart card. The state government, after commencing work on UID enrolments, now proposes to issue a multipurpose AADHAAR linked smart card for offline biometric authentication at point of sale/service delivery. In the first instance, the smart cards will incorporate PDS entitlements along with names and three fingerprint biometrics (right thumb, left index finger, right index finger) of all family members. A pilot project is underway in Maheshwaram mandal in Ranga Reddy District to test the point-of-sale biometric card readers. From what we saw in the Tukkuguda fair price shop, smart cards issued by the Food and Civil Supplies Department differentiate between BPL card holders (white smart cards) and AAY card holders (yellow smart cards). It is expected that the Rural Development Department will be the next to integrate its benefits with the multi-purpose smart cards.
C. Financial Inclusion and Direct Cash Transfers
