By Korath V Mathew
The Unique Identification project, named ‘Aadhaar’, initiated by the Prime Minister under the chairmanship of renowned Nandan Nilekani has caught the imagination of the nation like never before. While the UID in itself is harmless and purely optional, the far reaching impact on empowerment of the citizens and prevention of impersonation has evoked much of the debate on the topic. Recently there have been many articles in the media against launch of UID in India.
As we know, the project is in the most critical stage. So far over forty million UIDs have been processed. Six hundred thousand UID enrolments take place everyday nationwide. Some of the criticism has the potential to derail the whole project. UID is one of the most path breaking initiatives aimed at empowering the citizens of the nation. Technologically, UID project is a challenge because of its sheer size and character. The stakeholders face formidable adversities because of its potential to root out corruption by enabling transparency and preventing benami transactions (Transactions carried out in fake names). The fight against corruption has never been easy. Some of the myths that are put forward against the project are discussed in detail:
Myth No.1: Giving Biometrics for purpose of UID will result in loss of Private data
UID is all about identifying a person with respect to one's biometrics. One’s photo or profile has comparatively very less significance and all of that can be changed by applying again, except the biometrics and the linked UID. Hence it is only natural that some citizens are worried about losing sensitive data, namely, personal biometrics. But why is there no criticism when biometrics is being taken for Driving License, CHIS (Comprehensive Health Insurance Scheme) health cards or for many other applications; the only additional data being captured now is iris. The outrageous criticism against UID is unjustified; yet the underlying reason is easy to guess.
Secondly, the so called biometrics collected was never as securely kept as in the case of Central Identities Data Repository (CIDR). This is the first time the biometrics’ data is being kept safely, far better than other contemporary applications and the critics will agree too. Yet they feel that private data can be lost from even though the data is kept under secure encryption and state of the art technology firewall, which was not the case in the past. It is pertinent to note that the biometrics has been in use in the past and especially where the citizen has signed using his thump impression. UK, Western countries and even UAE captures one’s biometrics before entry into their country. In above cases the safe custody of biometrics is never ensured. But till date there has been no complaint or debate. However, when biometrics is being used for creating a UID, to empower the citizens’, to prevent impersonation, duplication and exploitation there is anger and criticism, even though it is kept under tight security. Again, the UID system does not allow any biometrics data available to any other agency. The UIDAI system only verifies the identity of a citizen by giving a monosyllable ‘Yes’ or ‘No’ as an answer. Despite all these security measures, why is there an outburst against UID from some section of public? Is empowering our citizens and preventing impersonation affecting someone's interest? Who will benefit if the UID does not take off? Are vested interests trying to sabotage this project?
Myth No.2: UID project is too costly for the nation
The allegation on financial impact of the project is much easier to handle, especially when the country is dealing with black money to the tune of over a hundred lakh crores (2 Trillion USD) and dishing out huge bailout packages for Air India. UID project will only cost a fraction. But let us compare with similar instruments like PAN card which is already available in the country. Cost of getting a PAN card is Rs.100/- while the cost of enrolment for UID is Rs.50/-. The recurring expenditure towards maintenance of all the data and application is expected to be less than Rs.500 Crore annually. Hence in comparison to PAN card it is less expensive. It is a matter of choice whether the nation is bearing it or the citizen. UID is truly empowering the citizen and also has far reaching ramifications on national security. It is a very small amount to pay in that context. In future UID will replace the multiple identity cards in the country, and also be an alternative to the VISA and Mastercard. The cost savings for each citizen and collectively for the nation is going to be high, leading to lower production costs and over all efficiencies. It is a quantum jump over other countries that do not have such a system. It is also a good demonstration of use of technology for driving down costs.
Myth No. 3: De-duplication using Biometrics may fail due to illegible finger prints
De-duplication is the process of comparing each one's biometrics with the other and issuing a unique identification number. De-duplication may throw up some errors when we are limiting finger prints capture to just one or two fingers. Also there are illegible finger prints. But very seldom are all the ten fingers illegible. Again, we are taking the iris along with the finger prints. Since the de-duplication process involves comparing ten finger prints and irises the chances of errors are almost nil. But enrolment could pose a problem as the enrolment devices and software application insists for quality of all the ten finger prints and Iris. However, the enrolment client software has undergone refinements and presently there is in built correction mechanisms to accommodate such variances during enrolment.
Myth No. 4: Cyber criminals may misuse UID Database
Let us ask, what will Cyber criminals get from CIDR even if they manage to hack into the sophisticated firewall and encryption? No emails or mobile numbers are mandatory for UID enrolments. If they want biometrics it is freely available in other applications, especially at the visa issuing embassies. The NPR (National Population Register) seeks to issue an identity card where the biometrics and all data will be available in the chip of the card. So if they want biometrics or people's data there are other easy options. The case of UID enrolments is much different. Once the biometrics gets registered through UID then it is difficult to misuse them. Each one’s biometrics is getting patented in the process. Impersonation will become close to impossible. Hence, contrary to the belief; UID will prevent cyber crimes related to identity theft.
Myth No. 5: Anyone can get enrolled for UID using fake documents
A UID enrolment necessitates every individual to have a proof of address and a proof of Identity. In case these documents are not available then he or she needs to have an introducer. An Introducer has to be authorized by the enrolling Registrar and registered in CIDR as an ‘Introducer’ and should have a valid UID number. So any Indian citizen can get enrolled for UID by following any of the above procedure. In case of a scenario where falsified document is used for enrolment’s then it will result in false identity. It is true that many people have multiple ration cards, passports, licenses etc and these can be used as identification for UID enrolment. But when they come for enrolments they will be able to get only one identity or one UID, subsequent enrolment will be automatically rejected; rather if any one attempts for a second UID by impersonation then he will be caught at the time of de-duplication. This will desist people from giving false identity during enrolment and the system will automatically clean up duplicates and prevent impersonation. Subsequently, linkages will start taking place between UIDs of parents and children. In due course of time all personal certificates, bank account numbers, etc will start getting linked to UID number. The future road map is thus clear; an India free of benamis.
Is UID going to be a Game changer?
UID enabled India is at the tipping point for emergence of a new future founded on truth. The answers to following questions are a revelation of the impending transformation.
The Unique Identification project, named ‘Aadhaar’, initiated by the Prime Minister under the chairmanship of renowned Nandan Nilekani has caught the imagination of the nation like never before. While the UID in itself is harmless and purely optional, the far reaching impact on empowerment of the citizens and prevention of impersonation has evoked much of the debate on the topic. Recently there have been many articles in the media against launch of UID in India.
As we know, the project is in the most critical stage. So far over forty million UIDs have been processed. Six hundred thousand UID enrolments take place everyday nationwide. Some of the criticism has the potential to derail the whole project. UID is one of the most path breaking initiatives aimed at empowering the citizens of the nation. Technologically, UID project is a challenge because of its sheer size and character. The stakeholders face formidable adversities because of its potential to root out corruption by enabling transparency and preventing benami transactions (Transactions carried out in fake names). The fight against corruption has never been easy. Some of the myths that are put forward against the project are discussed in detail:
Myth No.1: Giving Biometrics for purpose of UID will result in loss of Private data
UID is all about identifying a person with respect to one's biometrics. One’s photo or profile has comparatively very less significance and all of that can be changed by applying again, except the biometrics and the linked UID. Hence it is only natural that some citizens are worried about losing sensitive data, namely, personal biometrics. But why is there no criticism when biometrics is being taken for Driving License, CHIS (Comprehensive Health Insurance Scheme) health cards or for many other applications; the only additional data being captured now is iris. The outrageous criticism against UID is unjustified; yet the underlying reason is easy to guess.
Secondly, the so called biometrics collected was never as securely kept as in the case of Central Identities Data Repository (CIDR). This is the first time the biometrics’ data is being kept safely, far better than other contemporary applications and the critics will agree too. Yet they feel that private data can be lost from even though the data is kept under secure encryption and state of the art technology firewall, which was not the case in the past. It is pertinent to note that the biometrics has been in use in the past and especially where the citizen has signed using his thump impression. UK, Western countries and even UAE captures one’s biometrics before entry into their country. In above cases the safe custody of biometrics is never ensured. But till date there has been no complaint or debate. However, when biometrics is being used for creating a UID, to empower the citizens’, to prevent impersonation, duplication and exploitation there is anger and criticism, even though it is kept under tight security. Again, the UID system does not allow any biometrics data available to any other agency. The UIDAI system only verifies the identity of a citizen by giving a monosyllable ‘Yes’ or ‘No’ as an answer. Despite all these security measures, why is there an outburst against UID from some section of public? Is empowering our citizens and preventing impersonation affecting someone's interest? Who will benefit if the UID does not take off? Are vested interests trying to sabotage this project?
Myth No.2: UID project is too costly for the nation
The allegation on financial impact of the project is much easier to handle, especially when the country is dealing with black money to the tune of over a hundred lakh crores (2 Trillion USD) and dishing out huge bailout packages for Air India. UID project will only cost a fraction. But let us compare with similar instruments like PAN card which is already available in the country. Cost of getting a PAN card is Rs.100/- while the cost of enrolment for UID is Rs.50/-. The recurring expenditure towards maintenance of all the data and application is expected to be less than Rs.500 Crore annually. Hence in comparison to PAN card it is less expensive. It is a matter of choice whether the nation is bearing it or the citizen. UID is truly empowering the citizen and also has far reaching ramifications on national security. It is a very small amount to pay in that context. In future UID will replace the multiple identity cards in the country, and also be an alternative to the VISA and Mastercard. The cost savings for each citizen and collectively for the nation is going to be high, leading to lower production costs and over all efficiencies. It is a quantum jump over other countries that do not have such a system. It is also a good demonstration of use of technology for driving down costs.
Myth No. 3: De-duplication using Biometrics may fail due to illegible finger prints
De-duplication is the process of comparing each one's biometrics with the other and issuing a unique identification number. De-duplication may throw up some errors when we are limiting finger prints capture to just one or two fingers. Also there are illegible finger prints. But very seldom are all the ten fingers illegible. Again, we are taking the iris along with the finger prints. Since the de-duplication process involves comparing ten finger prints and irises the chances of errors are almost nil. But enrolment could pose a problem as the enrolment devices and software application insists for quality of all the ten finger prints and Iris. However, the enrolment client software has undergone refinements and presently there is in built correction mechanisms to accommodate such variances during enrolment.
Myth No. 4: Cyber criminals may misuse UID Database
Let us ask, what will Cyber criminals get from CIDR even if they manage to hack into the sophisticated firewall and encryption? No emails or mobile numbers are mandatory for UID enrolments. If they want biometrics it is freely available in other applications, especially at the visa issuing embassies. The NPR (National Population Register) seeks to issue an identity card where the biometrics and all data will be available in the chip of the card. So if they want biometrics or people's data there are other easy options. The case of UID enrolments is much different. Once the biometrics gets registered through UID then it is difficult to misuse them. Each one’s biometrics is getting patented in the process. Impersonation will become close to impossible. Hence, contrary to the belief; UID will prevent cyber crimes related to identity theft.
Myth No. 5: Anyone can get enrolled for UID using fake documents
A UID enrolment necessitates every individual to have a proof of address and a proof of Identity. In case these documents are not available then he or she needs to have an introducer. An Introducer has to be authorized by the enrolling Registrar and registered in CIDR as an ‘Introducer’ and should have a valid UID number. So any Indian citizen can get enrolled for UID by following any of the above procedure. In case of a scenario where falsified document is used for enrolment’s then it will result in false identity. It is true that many people have multiple ration cards, passports, licenses etc and these can be used as identification for UID enrolment. But when they come for enrolments they will be able to get only one identity or one UID, subsequent enrolment will be automatically rejected; rather if any one attempts for a second UID by impersonation then he will be caught at the time of de-duplication. This will desist people from giving false identity during enrolment and the system will automatically clean up duplicates and prevent impersonation. Subsequently, linkages will start taking place between UIDs of parents and children. In due course of time all personal certificates, bank account numbers, etc will start getting linked to UID number. The future road map is thus clear; an India free of benamis.
Is UID going to be a Game changer?
UID enabled India is at the tipping point for emergence of a new future founded on truth. The answers to following questions are a revelation of the impending transformation.
1. Is UID ubiquitous? Yes
2. Will every Indian citizen having UID be able to prove his identity any time, anywhere in the India? Yes
3. Is it possible for somebody to impersonate? No
4. Is it possible for anyone to get two passports, birth certificate or any duplicate certificates in different names? No.
5. Is it possible for anyone to operate bank accounts in another person's name? No
6. Will the transactions and bank accounts of one individual be interlinked? Yes.
7. Will a UID enabled banking system be deterrence to black money generation? Yes
8. Is every citizen who has a UID be safe from impersonation and misuse of his identity? Yes.
9. Can anyone impersonate and break through a UID mandatory security system? No
10. Can a UID based security system ensure a safer tomorrow? Yes.
About the Author
Korath V Mathew is an ICT Specialist providing consulting services in IT projects especially in the field of e-Governance. He has worked on projects of ADB, DFID (UK) and World Bank, besides private firms. He is presently the Director of Akshaya, Kerala’s flagship e-Governance programme. About 80% of the UID enrolment in Kerala is done by Akshaya. He can be contacted on kvmathew @ gmail.com.
Kerala IT News
-----------------------------------------------------
2. Will every Indian citizen having UID be able to prove his identity any time, anywhere in the India? Yes
3. Is it possible for somebody to impersonate? No
4. Is it possible for anyone to get two passports, birth certificate or any duplicate certificates in different names? No.
5. Is it possible for anyone to operate bank accounts in another person's name? No
6. Will the transactions and bank accounts of one individual be interlinked? Yes.
7. Will a UID enabled banking system be deterrence to black money generation? Yes
8. Is every citizen who has a UID be safe from impersonation and misuse of his identity? Yes.
9. Can anyone impersonate and break through a UID mandatory security system? No
10. Can a UID based security system ensure a safer tomorrow? Yes.
About the Author
Korath V Mathew is an ICT Specialist providing consulting services in IT projects especially in the field of e-Governance. He has worked on projects of ADB, DFID (UK) and World Bank, besides private firms. He is presently the Director of Akshaya, Kerala’s flagship e-Governance programme. About 80% of the UID enrolment in Kerala is done by Akshaya. He can be contacted on kvmathew @ gmail.com.
Kerala IT News
-----------------------------------------------------
Response to Article:
AADHAAR; Lies Retold by Jijeesh.P.B AADHAAR;( How a Nation is Deceived)
This is in response to an article appeared in Kerala IT times on 13/11/2011 titled “ Busting Myths against aadhaar” written by Sri. Korath V Thomas, Director of Akshaya, Kerala’s flagship e governance programme. In Kerala 80% of UID enrollment is through Akshaya. Repeat a lie thousand times, it becomes a truth'' this was Geobbelsian rule. People at the helm of AADHAAR project are doing just the same. No wonder Justice V R Krishna Iyer said that "the project sounds fascist.”
I have been a keen follower of the project Aadhaar and read your article with great interest. . I would have surely appreciated the project if it was really like what you say in the article. But my research on the subject for the last 1 ½ years taught me other ways. I will just list out the points for you to rethink before formulating an opinion on the subject, examining your claims in the article.
- Is aadhaar voluntary?
You say aadhaar is optional. But as admitted by the UIDAI Aadhaar is linked with National Population register (NPR). Cards issued by NPR registrar would bear Adhaar number on it. And NPR is mandatory by Citizenship Rules 2003. Then how can you say that UID is mandatory. Even otherways various service providers can make aadhaar mandatory for different schemes making aadhaar de facto mandatory for everybody.
2. Giving Biometrics for UID will result in loss of private data
How can the government refuse the rights given even to prisoners under Prisons act 1920, to its citizen? Making personal data a public property as Justice V R Krishna Iyer said amounts to an assault on privacy and basic rights of individuals. Centralised storage of individual profiles of every residents of a country sounds fascist. Hope you know how data kept by IBM Company was used by Hitler during holocaust. It surely is anti democratic. How do you account for information stored by private players? What is status of data stored at Information Utilities?
- Is CIDR secure?
More secure than US diplomatic cables? More secure than Japanese defense establishment (hacked by anonymous group)? Safer than CIA data (hacked by anonymous group)? Haven’t you seen the reports about how Germany’s national Bio-metric ID cards were hacked by Chaos Computer club Live on TV.
- comparison with UK and US justified?
You compare UID with biometrics captured at airports in UK and UAE don’t you understand that UID is a different concept altogether. Aadhaar like projects proposed in US and UK were abandoned. The Real ID of the US and The U K ID project. Wipro, who prepared vision document for UID cited the UK I D Project as a justification for Aadhaar, but now that the UK has abandoned the project after a study by London School of economics found it not feasible economically and technically. The report said the project can only increase security threats and fraud. In 2010, the UK Home Office withdrew the project and dismantled the hard disks used for the project in an industrial shredder. Even China recently decided against incorporating biometrics in their national identity cards.
- Can’t Loss of data could be fatal?
You boast about UID replacing VISA and Master cards. In Oct 2011, 111 men were arrested in the US for data theft. They forged debt and credit cards of thousands across US and Europe and emptied their accounts. What if UID is hacked. It will be fatal for we cannot change our biometric characteristics at will as we can change the password of our ATM card or replace the old card with a new one. That is even if we come to know that our details are out, we cannot do anything. Why don’t the Mater card or VISA card proposing biometric transaction in Europe or US?
- Is Impersonation is made impossible by UID?
You claim in your article that UID make impersonation impossible. Take a few seconds and google for the subject you can find out how fingerprint can be forged under a dollar. You will say Iris can compensate for it. But considering the cost of the equipment, do you really think that all points of service provisions will be equipped with Iris scan verification facility? Just spend some more time googling. You will find that Iris scan too is no elixir.
- Is de-duplication possible?
If biometric de-duplication is possible by current technology and equipments, why doesm’t the NIST of the US certify that? L1 Identity Solutions does not possess any certification for this large scale application. “For purpose of NIST PATRIOT Act certification this test certifies the accuracy of the participating systems on the datasets used in the test. This evaluation does not certify that any of the systems tested meet the requirements of any specific government application.” This is what NIST say. Citing impracticability, the bio-metric ID system proposed by 10 major B-schools in the world was abandoned. As Professor Davis Moss of London School of Business pointed out the error rate predicted by the Proof of the concept report of the UIDAI (0.0025%) itself would require 18,000,000,000,000 manual checks for de-duplication. A paper by Mr. James L Wayman (Office of graduate Studies and Research, San Jose University, San Jose, USA), Mr. Antonio Possolo (Chief, Information Technology laboratory, statistical engineering Division, NIST, USA), Anthony J Mansfield (National Physical Laboratory, Teddington, U K) titled “Fundamental issues in biometric performance testing: A modern statistical and philosophical framework for uncertainty assessment” shows that the uncertainty associated with biometrics is too huge that it could be hardly considered as a science in the conventional sense.
- Can criminals misuse biometrics?
Your answer was a blatant NO when the fact is other ways. As said above there could be abuse and misuse by the state, by the market, and by the antisocial elements. How can you compare biometrics collected at Airports with UID? Which airport in the world has 120crore personal profiles?
- Is there any protocols and Law enacted by parliament for protecting data in India?
No.
- Can anyone get enrolled for UID using fake documents?
The real answer is yes. We read a report in Times of India about How an approved introducer, a doctor, issues certificates to whoever comes to him on payment of Rs.100. with so many ways to forge finger prints and de-duplication so distant and unreal fake documents can be created. That is why the study by London School of economics said, the ID project would increase fraud.
- Can UID stop Black Money?
UID cannot stop black money because bio-metric de-duplication, especially in the Indian context is a quixotic concept. And most of the black money in the country is invested overseas and they don’t need UID to get bank accounts there.
- Is every citizen who has a UID safe from impersonation and misuse of his Identity?
The real answer must be ‘NO’. UID can aggravate the misuse of Identity for a centralized storage of this much data make things easier for hackers.
- Will every Indian having UID be able to prove his identity anytime, anywhere in India?
Answer must be a Big No. because even if de-duplication is made possible (just for argument) verification is possible only in those areas where there is 24hrs access to electricity, Broadband connectivity, Equipments for verification and people with technical know-how to operate them. How much area of India which is home to half of the world’s total poor qualify for this?
- Can the data in the CIDR be accessed by any other agencies?
Your article says that the data won’t be shared. But the proposed NIAI Bill 2010 explicitly states that intelligence and enforcement agencies can access the data by the order of a court or in pursuance of a direction to that effect issued by an officer not below the rank of Joint Secretary or equivalent in the Central Government after obtaining approval of the Minister in charge. Moreover the Planning Commission thinks that the data “This could also form the basis of a public-private-partnership wherein unique ID based data can be outsourced to other users, who would, in turn, build up their smart card based applications… …In the context of the unique ID, part of this data base could be shared with even purely private smart card initiatives such as private banking/ financial services on a pay-as-you-use principle…. These agencies [private utility services providers or financial and other institutions] can ‘borrow’ unique ID and related information from the managers of these data bases and load further applications in making specific smart-cards. While the original sources of data can be updated by the data managers, the updating of supplementary parts will remain the responsibility of the service providers.
- Is there any legal backing for the project?
There is no Law enacted by parliament in this regard.
- Is UID economically viable? Was there any prior-launching study justifying UID? Or any cost benefit analysis?
No! No! No!
UK Home Office abandoned their ID project finding it economically uvviable( even though they did conduct a study before launch).
Here UIDAI is implementing a project of at least 1,50,000crore rupees sans any study.
The scenario test and the Proof of the Concept Report came only after ther government made a decision. Results were published for only 40000 sets out of the total 6000sets of data collected. Even that, as Prof David Moss pointed out shows the project is impractical. There was no cost-benefit analysis in this regard.
