INDIA'S NATIONAL MAGAZINE
from the publishers of THE HINDU
GOVERNANCE
Setback to UID USHA RAMANATHAN
The Parliamentary Standing Committee on Finance finds the UID project to be “conceptualised with no clarity” and “directionless”.
GOVERNANCE Setback to UID USHA RAMANATHAN
 At Tembhli village in Nandurbar district, a day before the launch of the UID in 2010.The village received the first numbers under the project. THE Parliamentary Standing Committee on Finance has dealt a body blow to the Unique Identification (UID) project. The Unique Identification Authority of India (UIDAI) was set up under the Planning Commission by an executive order on January 28, 2009. The scheme involves the collection of demographic and biometric information to issue ID numbers to individuals. The first numbers were handed to the tribal residents of Tembhili village in Nandurbar district of Maharashtra on September 29, 2010. The National Identification Authority of India Bill, 2010, was introduced in the Rajya Sabha on December 3, 2010. On December 10, 2010, it was referred to the Standing Committee. Over the next year, the Standing Committee received suggestions, views and memoranda, and heard from various institutions, experts and individuals. It was briefed by representatives of the Planning Commission and the UIDAI. News reports were considered and clarifications sought from the Planning Commission. The Standing Committee adopted the report on December 8, 2011. On December 13, 2011, it was placed before Parliament. The report is a severe indictment of the UID project. It found the project to be “conceptualised with no clarity of purpose” and “directionless” in its implementation, leading to “a lot of confusion”. The overlap between the National Population Register (NPR) and the UID is unresolved. The structure and functioning of the UIDAI had not been determined before beginning the exercise. The methodology of collection of data is built on shifting sands. There is no focussed purpose for the resident identity database. Nandan Nilekani, chairman of the UIDAI, in his talks and interviews, calls it “open architecture”. The UID project is only about producing a number and linking an identity to the number. What could be done with that identity infrastructure will depend on who uses it and for what purpose. It leaves the field open for those who have the power to use, or abuse, the data and for those who use the number to converge on data about individuals. Even as it is claimed that obtaining the UID number is voluntary, apprehensions have grown that services and benefits will be denied to those without the number. This is an inversion of the idea of inclusion, which is a key element in the image-building exercise done for the project. The lack of preparation before launching a project of this dimension is striking. As the Planning Commission admitted to the Standing Committee, no committee had been constituted to study the financial implications of the project. There is no comparative analysis of costs of the UID number and the various extant ID documents. No comprehensive feasibility study was carried out at any time. In fact, the Detailed Project Report was done as late as April 2011. On September 28, 2010, a day before the launch, a group of eminent citizens, including V.R. Krishna Iyer, Romila Thapar, Upendra Baxi, A.P. Shah, Aruna Roy, Nikhil Dey, S.R. Sankaran, Bezwada Wilson, and nine others released a statement reflecting just these concerns. This statement was later submitted to the Standing Committee. In the time that elapsed between the expression of concern by the group of eminent citizens and the report of the Standing Committee, the situation had hardly changed. The Standing Committee has found the project to be “full of uncertainty in technology as the complex scheme is built upon untested, unreliable technology and several assumptions”. This is a serious concern given that the project is about fixing identity through the use of technology, especially biometrics. As early as December 2009, the Biometrics Standards Committee set up by the UIDAI had reported adversely on the error rate. Since then, neither the Proof of Concept studies nor any assessment studies done by the UIDAI have been able to affirm the possibility of maintaining accuracy as the database expands to accommodate 1.2 billion people. The estimated failure of biometrics is expected to be as high as 15 per cent. Critics of the project have referred to studies such as the 2010 report of the National Research Council in the United States (cited in Frontline December 2, 2011: “How reliable is UID?”), which concluded that “human recognition systems” are “inherently probabilistic and hence inherently fallible”. In India, a report from 4G Identity Solutions, which is a consultant to the UIDAI and supplies it with biometric devices, suggested that children under 12 years and persons over 60 years would find their fingerprints to be undependable biometrics. Most damaging to the credibility of using fingerprints for authentication – which is what is proposed and currently seen as practical in terms of cost and technology – is what Ram Sevak Sharma, Director-General and Mission Director of the UIDAI said in an interview to Frontline (December 2, 2011, page 8): “Capturing fingerprints, especially of manual labourers, is a challenge. The quality of fingerprints is bad because of the rough exterior of fingers caused by hard work and this poses a challenge for later authentication…. Issuing a unique identity with iris scans to help de-duplication will not be a major problem. But authentication will be because fingerprint is the basic mode of authentication.” The Standing Committee has taken this admission on board. Enrolment requires an individual to produce documents that the enroller accepts as sufficient proof of person and address. When documents do not exist, or they are inadequate for the purpose, a person may find a “verifier” to establish their identity. Or, especially in the case of the poor, they may be introduced to the system by approved introducers. In practice, these two methods have been shown to be irrational and prone to error. The Home Ministry had questioned this erratic method of enrolment and its implications for national security. These concerns have resonated with the Standing Committee. Nilekani has been talking about enrolling 600 million residents before he completes his term in 2014. However, it seems that the Cabinet Committee on UID had, in the first instance, given its approval to let him enrol 10 crore residents, which was later increased to 20 crores. The UIDAI does not currently have the mandate to enrol more than that number. To meet his target of 600 million, Nilekani entered into memorandums of understanding with a multiplicity of entities, including State governments, banks, oil companies and insurance companies, to act as registrars. This may have helped in spreading the net wider to capture residents to get their demographic and biometric data. But it also meant that the chances of duplication of work increased. The Ministry of Home Affairs also alleged that some registrars had not adhered to the procedures laid down by the UIDAI, setting the MoUs to nought. This, it was feared, was also compromising the security and confidentiality of the information gathered. The Standing Committee found that issues relating to the process of data collection, the duplication of efforts and the security of data remained unresolved. The UIDAI says it is now developing a monitoring and evaluation framework. There are plans for periodic audits. The project has carried on so far without these essential safeguards. There has been speculation that the dissensions within are signs of a turf war. There could be something in that. Yet, the Standing Committee report reveals that the issues have been raised by a range of agencies and they are impossible to ignore. So: the Ministry of Finance (Department of Expenditure) has been concerned about the duplication of effort and expenditure among at least six agencies that collect information – the NPR, the Mahatma Gandhi National Rural Employment Guarantee Scheme (MNREGS), the BPL (below poverty line) Census, the Rashtriya Swasthya Bima Yojana (RSBY) and bank smartcards. The Ministry of Home Affairs has raised security concerns about “introducers”, the involvement of private agencies which could also have security implications, and the uncertainties in the revenue model of the UIDAI which proposes that a fee be imposed once a separate pricing policy is in place. The NIC has pointed out that privacy and security of UID data may be better handled if they were stored in a government data centre. The Planning Commission has voiced its reservations about the merits and functioning of the UIDAI. It has also questioned the necessity of collecting iris images, which has resulted in a steep escalation of costs. R. ASHOK  IRIS SCANNING AS part of the process to obtain biometric data at the Head Post Office in Madurai, Tamil Nadu, on December 5, 2011. Further, there is the matter of the number of government agencies collecting biometrics as part of different schemes that ought to give one pause. Setting a refreshing precedent, the Standing Committee has drawn on the research around the United Kingdom's Identity Project anchored at the London School of Economics and Political Science. While acknowledging that there are likely to be differences between one jurisdiction and another, it found it relevant to draw lessons regarding the factors of complexity; untested, unreliable and unsafe technology; possibility of risk to the safety and security of citizens; and requirement of security measures of a high standard, which is likely to result in escalating operational costs. In the UID project, every resident is entitled to a UID number. It is not a marker of citizenship. The Standing Committee's concern is that even illegal migrants can get the UID number. It favours restricting the scheme to citizens for the reason that this entails numerous benefits proposed by the government. What upset the Standing Committee most was the disdain shown to Parliament in proceeding with the project, on the premise that the “powers of the executive are coextensive with legislative power of the government”. What would happen if Parliament rejected the project and the law? In the Attorney-General's opinion: “If the Bill is not passed for any reason and if Parliament is of the view that the authority should not function and expresses its will to that effect, the exercise would have to be discontinued. This contingency does not arise.” This anticipation has been belied by the rejection of the project and of the Bill by the Standing Committee. The Standing Committee also considered “unethical and violation of Parliament's prerogatives” the continuance of the project while the framing of the law is under way. The government, as the Standing Committee records, had recognised the need for a law to deal with the security and confidentiality of information, imposition of obligation of disclosure of information in certain cases, impersonation at the time of enrolment, investigation of acts that constitute offences, and unauthorised disclosure of information. Yet the project was rolled out with no protections in place. The Standing Committee recognised the legitimacy of concerns raised about issues, including access and misuse of personal information, surveillance, profiling, linking and matching databases in securing confidentiality of information. A data protection law has to be debated and enacted before large-scale collection of information from individuals and its linkage across separate databases can be contemplated. The “concerns and apprehensions” voiced by the Standing Committee have led to its categorical rejection of the Bill. In conclusion, the committee has said that it will “urge the government to reconsider and review the UID scheme as also the proposals contained in the Bill in all its ramifications and bring forth a fresh legislation before Parliament”. The data already collected may be transferred to the NPR, if the government so chooses. That, however, is not all. The NPR, which came in for scrutiny because of its link with the UID project, has embarked on the collection of biometric data which is authorised neither by the Citizenship Act, 1955, nor by the Citizenship Rules of 2003. This, the report says, has to be examined by Parliament. Until then it is reasonable to assume that it should be suspended. The UID project has raised many questions about data convergence, imperfect technology, national and personal security, extraordinary expenditure, exclusion and inclusion, and the source of power to gather, hold and use data about individuals. This report raises unanswered questions about the biometric and data-gathering ambitions of the state. The association of the project with a corporate icon has tended to lull many into complacency. Yet, as is reflected in the Standing Committee report, the process, the technology and the consequences are deeply problematic. The report leaves no room for doubt that the UID project will have to be revisited and the NPR re-examined. Usha Ramanathan works on the jurisprudence of law, poverty and rights |
