Wednesday, February 01, 2012 at 16 : 17
UID, NPR and all that Jazz
Some three months ago, my wife, her sister and their parents drove seven odd kilometers from where we live, to register for a Universal Identity or UID number. They've all got one now. Strangely, my wife got it about a month after the rest of the family did, even though they'd all enrolled together.
I was working that day, so about a month later, I hopped across to an apartment complex just ten minutes from our place, where I'd heard there was a UID camp in progress. I stood in line for maybe half an hour, then got myself photographed, fingerprinted and my iris scanned.
Curiously, the young lady who took all those records, couldn't even type properly. She'd pound the keyboard with one finger - I remember wondering if she was determined to destroy it. As if in revenge, the computer refused to accept my full address. She banged it in at least thrice and the computer would mysteriously change it to something else.
Another chap came across and if I remember right, he deliberately didn't fill in the PIN CODE. That's when the software accepted my address. But even then, in a short hand sort of way - I'm not sure if it's intelligible enough for Mr Nilenkani's team to actually post me a letter with my UID number.
I checked with my parents who'd registered themselves just two days before at the same camp. They told me the attendants made it a point to record their email addresses and even filled in details of their existing bank accounts. Just two days later, in my case, they didn't ask for either. But they automatically ticked a box which said I'd like to open a new bank account. Without even asking me - though the UIDAI guidelines, quoted in various articles on the web, apparently say they must.
A month after that, I discovered there was a UID camp happening right within my apartment. For such a supposedly hi-tech, project, couldn't the registration process have been just a wee bit more sorted out? How hard would it have been to tell the residents of an area when and where these camps would be held?
Messers Chidambaram, Nilenkani and Ahluwalia have just decided all of us will have to do all of this all over again - this time for the National Population Register (NPR). This is a compulsory scheme, part of the Indian government census apparently.
And so this Sunday, my mom and brother walked to a NPR camp at a government school very close to home, to enroll for NPR. It was painless. But essentially they redid all the scans they'd done earlier.
The rest of the family will probably follow suit, once we know when and where the next NPR camp is being held. But my father's been working in the northeast for sometime now. If he can't attend the next camp in Delhi - will he be enrolled at a camp in the NE? And what complications might that entail?
But let's put aside a single family's minor discomfort and confusion. What exactly are all those brainy folks in the government aiming at? First they scan everyone twice, using two separate teams, with separate sums of money - tax payers money.
Then they spend some more cash comparing the scans from both teams. If there's any mismatch, the National Population Register's biometric scans are used and the Universal Identity biometric scan discarded. But that doesn't mean the UID team will give back any of the money they spent, if they get any of the scans wrong. Not fair? Well - life's not fair.
But what do I get after all this spending? I get a silicon chip embedded in a smart card, with a UID number embossed on it. What's the card good for? It proves I'm Indian. But don't my Passport, voter I card, PAN card, driver's license, ration card all do the same thing? Why spend all that money on something they've already proved?
What's the UID number good for? In itself - nothing. Turns out it wasn't even compulsory to sign up for it. But Nilenkani and team are slowly dreaming up schemes where everything in India - from hospital bills to school certificates, from bank accounts to your monthly ration, will all be generated only if you have a UIDAI number. So might as well get it.
Only problem is, nobody's told me what they'll do with all the computer data they get, when I log in with my UID number. Let me explain. We're all sick of marketing calls and pesky SMSs right? Why do we get them?
Because marketing guys went out and collected our phone numbers. Where did they get them from? Who knows - from our emails, Twitter messages, from door to door surveys, from cell phone shops, from service providers like Airtel and Vodaphone?
It doesn't matter - they probably paid money to get our cell numbers. Why? Because they could individually send ads to each of us. And once they started, the government, despite its best intentions hasn't been able to shut them up.
Now imagine a word where I "log" in with my UID number for anything I need. For medicines at a chemist, for a doctors appointment, to open a bank account. In an age of smartphones, I'll have smart apps that use my UID number to order Pizza from the neighbourhood store or book train tickets. Every time I use my number, there's a computer trace of where I was, what I was doing. Seems harmless.
But the devil's in the detail. There's no law yet, that prevents smart marketing guys from reading those computer traces. And for tailoring ads for me based on what they think I'm most interested in.
Here's an obviously farcial example. Let's call it science fiction right now. Something I dreamed up. But something that I'm still a wee bit worried about.
Let's say I have a bout of erectile dysfunction a few years from now. Nothing unusual - male menopause does strange things to people. But it's not something I'd want everyone to know.
So I visit a sex specialist who has a clinic on the other end of town. Where no one knows me. Before giving me an appointment he asks for my UID number and feeds it into his computer - because he isn't allowed to entertain any patients who don't have UID.
The computer rings up the UID server, the central database - to check if I really am who I say I am. The server says yes and has no further part in this story.
Doctors being what they are - my specialist insists I come back for more tests. So over a period of two months, I rack up say four visits. So that's about four calls by the doctor's computer to the UID server.
That's where the private companies come in. To verify my identity, the computer sent data over the internet. That data can be tracked, either on the web, or on the doctors PC. Once they know I visit a sex specialist often, how long do you think it'll be before I start getting ads for Viagra? Or worse - how long before massage parlours start calling me up with "Best, international models!"
I think both the UID and NPR teams claim the data exchange between computers is going to be encrypted. But technology being what it is, how long before hackers break that encryption? But anyway, that's still science fiction.
Science reality says one can't trust computers to be 100 per cent accurate when reading biometric data. The technology is simply not mature enough. You'd have experienced that every time you log in to office - notice how the fingerprint reader refuses to recognize you and makes you try again and again?
Apparently, the device used to scan your eye's IRIS - can take different readings in different levels of light. Some international airports have had that problem, they're very brightly lit and the readings their IRIS scanners take often play havoc at the immigration counters.
A study carried out by the UID team on 40,000 people in rural Karnataka, Andhra Pradesh and Bihar discovered an error margin of 0.0025 to 0.25 per cent in recognizing people by their biometric identity. Obviously, a very small number.
But place that error margin on a population of 1.2 billion people and you'll get millions of people who are wrongly identified. Who the computer refuses to recognize as a bonafide, registered citizen. Imagine being told by a computer, that you don't exist.
Privacy, Google and the world wide web
Why do we expect to dictate terms to companies we've never paid a paisa to? The righteous outrage in the media, over how Google will handle our data from now on, would make you think we've been giving it our hard cash - like we pay for our water, electricity and telephone calls.
It sounds unbelievable - but many internet companies claim they earn their living from online advertising, not subscriptions.
Unbelievable - because in about five years of dedicated broadband internet use, I don't remember clicking on a single web advertisement.
Even assuming I've clicked - I don't remember actually buying a product based on an internet ad. So I'm curious how Google, Twitter, Facebook and all the rest of them earn enough money to run huge server farms across the globe, thanks to just online advertising. They offer very valuable services - but how they make money is beyond me.
Some Tech Pundits say Google isn't changing its privacy policy merely to make it shorter and simpler. It's so they can show us cooler ads. But over the years, we've learnt not to click anything on the web we didn't specifically ask for - for fear of it being a computer virus or malware. Many newbie web users will still fall to temptation - but still, would they be enough to bankroll huge corporations like Google?
Anyways, while this online advertising angle is something we'll have to read up more on, the fact remains that come March, Google will collate information about you from all the different Google services you sign in to. YouTube, Gmail, Picassa photo Albums, your write-ups on Blogger, Google Plus, Latitude.
And of course all those web searches you do on Google. And oh, if you use an Android phone, it demands you sign into Google anyway - so yes, Google will be watching what you do on your phone too.
Actually Google's been watching what we do online for years - I checked Google Dashboard to see what dope they had on me. From obsessive searches for girls I had crushes on in school and college, to surprising doses of porn, Google had a worrying dossier on my daily internet activity right from late 2004.
I tried deleting as much as I could - but who's to say Google's servers really wiped it all away? I mean why go to so much trouble collecting and storing so much data on a subject, if the nincompoop could just walk in and scrub it all clean one day. Doesn't make sense.
Tech Pundits say it could get even more uncomfortable from March. Folks who exchange racy emails with people they meet in chat rooms, or surf for Silk Smitha clips on YouTube will probably wisen up quickly when ads for sex accessories begin to pop up on their screens.
But Google could just as well take information from your emails, which say you'll be at a meeting someone at a certain place and a certain time - and use that info to show you ads about restaurants in that area. An unblinking digital eye might know where you'll be, who you'll meet and even what you'll eat. Eerie!
All this is done by an old piece of web technology. A small digital file, called a cookie, that every internet company places in your web browser. On one hand, it makes your browsing faster, helps the computer guess what web address you're trying to type in and even sets the web page to a magnification and font size you're most comfortable with.
On the other, it regularly sends information back to its parent company, on the websites you visited, what you did on them, the time you spent and so on.
Which makes me wonder - if their software is smart enough to collect, store and sort through huge Petabytes of our personal data and smart enough to suggest advertisements, why isn't it smart enough to watch out for "Blasphemous, offensive and derogatory" content - the way India's IT Minister Kapil Sibal wants?
Could it be that internet giants act only when it suits them - when it makes economic sense? Do they bend over backwards if that means unlocking a huge market and getting millions of new users? And when it doesn't, do they fall back on spouting human rights and privacy or simply tell people to take a hike?
But then again - why hold that against them? It's not like you or I ever paid them a single paisa. We've been freeloading on their services for a long, long time. And they do have a business to run. No?
I know what you'll do five summers from now
This January, IBM put out a list of what it thinks will be the top five technology trends over the next five years. One look at it and you'd probably cry - "What were they smoking!" Because the list reads a lot like science fiction.
1) You'll power your home with energy you create yourself
2) You'll never need a password again
3) You'll control computers with just your mind
4) Every one will be connected to the internet
5) Junk mail will become priority mail
Another PR stunt I thought. Until Dr Manish Gupta - Director, IBM Research - India; Chief Technologist, IBM India/South Asia told me calmly IBM spends approximately $6 billion annually on research and development. This not only includes this list - but a much longer, more complicated one with a huge clump of business trends that together suggest those five things will actually happen.
And then he said IBM's already working towards those goals. Putting in place new technologies, kicking off research, fine tuning product assembly lines. I still am not sure what to make of this. But recent events suggest the last of those pointers is already well on its way to fruition.
Junk Mail? Turns out it was a bit of creative license. According to Dr Manish Gupta, what that actually means is stuff we currently consider junk will soon become useful. Like advertising. Currently - web advertisements are either a painful nuisance or something safely avoided. Soon, it will become so targeted, so precisely tailored to our needs it will become something we look forward to.
Put that way, it just sounds believable. Google's already announced a revamp of its privacy policies. Facebook did that a while back. Tech pundits say both companies are moving to watch us more carefully on the net. To find out what we are interested in, what we need. And then show us ads to fulfill those needs.
The second last point? Another seemingly impossible goal. In India alone, we've got 1.2 billion people. Hardly ten per cent of us are connected to the web. How can the rest possibly get online in just five years?
But IBM's Dr Manish Gupta says PCs aren't going to drive the web in India. Instead, cell phones and wireless internet will. More than half of all Indians already own a cell phone. At the current rate of growth, five years is ample time for the rest to get one.
Instead of fancy smart phones, most phones in India will be dirt cheap, basic voice and messaging models. Lots of companies are perfecting technologies that'll help them grab information from the world wide web. A young start up in Kerala called Innoz already has a system running. You SMS their server a request for information on just about anything under the sun. Their computers do a quick web search, automatically compress that information into small packets of information and then send you short, simple SMS messages with the dope you wanted.
IBM itself has polished something called the Spoken Web. It's a two year old technology perfected here in India. Even people who've never learnt to read and write just dial a number and listen to posted information or ask a question. That question is saved as an audio file, which others in the network can hear whenever they are free. Something like a voice message. Those folks, often experts in the field, respond to the question with a recording of their own, which is posted on the site or sent back to the person who first made the query.
Think of what that could do for a farmer curious what next month's weather could do to his crops. Or the best prices his produce could get at next week's wholesale market in town. He won't need formal education to get precise information from a network of experts.
IBM plans to use the technology to create a full blown system analogous to the world wide web using a technology most of us all have in common - "speech", with all the info our conventional text and video based web has.
Point number two on that list - about never needing a password again? IBM thinks your biometrics will be enough to get the job done. Your finger prints, Iris scans, facial characteristics and so on. That's more or less what the UID (Aadhar) project and now the National Population Register (NPR) also seem to claim.
That your unique biological markers will be enough to identify you correctly among millions of others. And deliver the services you deserve with the minimum fuss.
To the layperson like me, that's a worrying thought. Because there are enough experts out there who say that your biometrics can be faked.
A scamster who steals your conventional password can be taken care of. At worst, you change your password.
But how do you handle someone who's stolen everything that's unique about you? Who's copied your fingerprints, your eye patterns and everything else about you down to the last detail? IBM seems to believe that's not possible.
Especially if their system cross checks a variety of biometrics before it gives anyone access. You could copy one or two markers they say. But not everything. The system is sure to trip a scamster up, they say.
The other two points - lighting up your home with your own energy (via a treadmill, exer-cycle, whatever) and controlling your PC with just your brain, they do seem far out. But there have been successful experiments with both ideas in labs around the globe.
If common folk like you and me will actually use them regularly within five years remains to be seen. But one thing seems clear. There are interesting times for Technology up ahead.
