In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Saturday, March 17, 2012

2443 - On outrageous lies, collective fears and hopeless dreams of Unique Identification Authority of India (UIDAI) by Taha Mehmood




Thursday 15 March 2012

1. UIDAI is lying to a billion Indians. And the plain truth is that people running the show at UIDAI are aware of the humongous scale of social catastrophe, which a project like UID could unleash in India. Behind the mask of a cool and confident exterior, some UIDAI officials seems to be constantly grappling with feelings of immense insecurity and uncertainty. We can get a sense of their feelings by closely reading the draft National Identification Authority of India Bill 2010.

In the coming years India will see hundreds of thousands of cases related to its citizens impersonating other citizens of the country to get a portion of ten trillion rupees direct-cash-transfer subsidy scheme. Cases of Indian citizens intentionally appropriating identities of persons dead or alive, real or imaginary could become common just as during license quota-permit raj it was common to forge a license, produce a company out of thin air. Just as during every election tens of thousands of Indian citizens discover to their utter dismay either they do not exist on the voter list or someone impersonating them has cast their votes. On any given day tens of hundreds of unauthorized people could possibly be roaming around India knocking on doors of unsuspecting citizens collecting personal biometric information on behalf of UIDAI. After all in a vast country like India how can a citizen prove whether a person who claims to work for UIDAI is actually working for that organization? Remember UIDAI has subcontracted its entire enrolment process to private companies unlike other data gathering exercises like the census, which usually works with a government or government-affiliated workforce. By the year three of its data collection exercise UIDAI wants to hire fifteen thousand enrollment stations all across India. So how can one ascertain the identity of a group of persons if five men donning some grave uniform, carrying some official looking documents start banging the doors of a plush housing society at Malabar Hill claiming that a UID updating camp is on in the area and you need to submit all your personal and private details once again.

Hundreds of private agents acting as enrollers, data-collectors, data-transporters will have a potential to make a quick buck by selling UID data to market players. These enrollers could intentionally disclose, transmit, copy or disseminate private biometric data in electronic form very easily. The ease of translation of digital data is a fantastic gift of our modern age. The Central Identities Data Repository (CIDF) the main memory of UIDAI is going to be the site for much contestation between operators belonging to private players. CIDF does not even exist now but plans are underway to create its infrastructure. Ernst and Young, the global accounting firm that has been cautioned in many countries around the world for fudging confidential data is currently giving advice to UIDAI to procure the best available technology for the cheapest price. CIDF operators will have a mix of highly dedicated private and public sector employees, but who can prevent these people to access or secure an access or download, copy or extract data and store it in any device before releasing it in the market. Current information about biometric details, bank account numbers, telephone number of potential customers has a huge market demand. Registrars working at enrollment stations are supposed to courier data loaded on memory sticks to CIDF from all across India. UIDAI will give 50 rupees per enrollment but who can insure that data will not be lost or downloaded, copied or destroyed during the transfer process? There is of course no provision to account for loss of data during transfer via memory sticks.

The culture of sub-contracted work introduced by UIDAI will unleash breakneck competition in the market and empanelled firms will use any trick in the book to downplay each other for lucrative UID contracts. We already saw the evidence of fierce corporate battles in the run up to initial disbursement of contracts. After all UIDAI will certainly reward those firms with more responsibility who have done efficient work. Firms, which do not perform will be eased out. But how can UIDAI prevent an anonymous sub-contracted employee of a firm to introduce a virus in a system, which features database collected by a rival firm, to create more value for its original employer. In such a situation sub-contracted workers could possibly damage data, disrupt or cause disruption of the access or deny access or provide some assistance in accessing data stored at CIDF or could potentially destroy or delete or alter some crucial, sensitive, biometric information related of a group of citizens belonging to a certain place. The potential to creatively contaminate digital data will increase stupendously. Furthermore citizens of India could have to deal with new forms of postmodern anxieties as one day some of them may realize that they do not exist in UIDAI database. All or some of biometric details of Indians could be modified. A UID operator will certainly not trust anybody else except the data, which he sees on his screen. The dataset appearing on the screen of UID operators all across India will introduce a new frame of interpreting reality. The UIDAI on its part cannot punish anybody but can only take those people who have been caught to a court of law. That legal system in India is inefficient needs not to be told. It could possibly take years before the guilty could be punished. Additionally during the process of getting an Aadhar number through the much-touted Know Your Resident process how can UIDAI know that an introducer is not collaborating with someone, who is not a genuine citizen for an inducement of some money by giving biometric information that does not belong to that person. In case a company is found liable of offences UIDAI proposes to severely punish those found guilty. This is certainly laudable. But Indian law treats company as a legal person ( I still cannot understand this absurd fundamental legal fiction how can anyone treat a firm as a legal person). But for the sake of argument how can UIDAI prevent a legal person to change its identity, in other words, say for instance, a company x is found guilty of improper practices and is debarred from carrying business with UIDAI, what prompts individuals who run that company to dissolve that firm legally therefore dissolving the legal identity of that firm and create a new firm, a new legal identity in the name of their close family members and apply for empanelment for UIDAI. The UIDAI has provisions to punish the director, manager, secretary or any officers of a company if such a company violates any provision of the law. However, there’s a small but significant rider here, the punishment will only take place if and only if, it could be proved in a court of law that the offence committed by an employee of the company is in consent or connivance of the top management. In other words under the NIDAI law if the state can prove the members of a firm conspires to cheat UIDAI they can be punished. By the time the guilty are brought to book the private confidential biometric information belonging to millions of Indian could be circulating in the market. The NIDAI bill has no provision for punishing, apprehending, or debarring those people who buy, sell, trade, barter, exchange biometric information. Even if there were such provisions I wonder what effect could have in India. The Indian state does not allow over the counter purchase of arms and armaments. On paper at least one needs to be a license holder to trade in arms but does it prevent anyone to deal in arms or to use arms for killing or coercion purposes. Of course none of the scenarios, which I have listed above exist. Therefore these are at best figments of my paranoid imagination. And of course my version of what could happen in India is an extrapolation of clauses of punishments and offences listed under the proposed National Identification Bill of India 2010. But I wonder why would the legal team of UIDAI put such provisions had they not anticipated the ways in which private confidential biometric data of Indian citizens could be tampered with. And if they do not anticipate any such crime to take place, why would they put provisions of severe punishment ranging up to three years of imprisonment. Why do Indians want to appear stupid by not having any debate on consequences of a project like UID in India. The parliamentary committee on finance, on grounds that it was contradictory and ambiguous, summarily rejected the NIDAI bill. Now perhaps the UIDAI legal team is working hard to prepare an even more thorough bill.
The lack of a legal cover however does not prevent the UIDAI to pursue its illegal agenda. Currently an illegal exercise of biometric data collection is on in India. 

But not everyone is taking part in it. A friend recently told me a anecdote about what happened when one day some UIDAI officials went to the house of a retired Supreme Court judge of India in Delhi. I record below my impressions of the anecdote.

(Retd) Supreme Court judge: Who are you?
UIDAI official: Sir I have come from UIDAI.
(Retd) Supreme Court judge: What do you want?
UIDAI official: Sir I want your biometric data.
(Retd) Supreme Court judge: Why?
UIDAI official: Sir we are collecting data to give UID numbers.
(Retd) Supreme Court judge: Okay. What do you want me to do?
UIDAI official: Sir we want your fingerprints for this exercise.
(Retd) Supreme Court judge: WHAT!!! (he is furious) What utter nonsense!! Fingerprints are for under-trails and convicts.
UIDAI official: But Sir! UIDAI is a Government of India exercise. It is as per rules.
(Retd) Supreme Court judge: What rules! Show me the damned rules.
UIDAI official: Sir you might not remember but ever since you retired they have appended the Citizenship act. Now all of us have to give our fingerprints.
(Retd) Supreme Court judge: Really!! Show me the rules and take my fingerprints.
UIDAI official: Okay sir.
(The UIDAI official goes to get the rule book but never returns because no such rule exists in constitution of India which says that one has to give ones fingerprint to a UIDAI official)

2. If the draft NIDAI bill partially represents the collective fears UIDAI handlers, the UIDAI’s Communication and Awareness report represents their hopeless dreams. In February 2010 the UIDAI got together a team of corporate propaganda managers, also known as ‘communications experts’ in trade jargon to sell the idea of UIDAI to India. Kiran Khalap the Infosys brand development consultant was given the responsibility to head an eight member team to ‘recommend the awareness and communication strategy for achieving the UIDAI purpose and communication goals most effectively’.

Almost three years before collaborating on the UID communication report Kiran Khalap collaborated with his team at Chlorophyll, a branding agency, on a report about brand identity. This report titled, ‘Ideantity, a unique perspective on brands and brand identities’ provide a range views on what Chlorophyll understands by branding. So according to Chlorophyll, a brand is an unchanging idea and branding is a process of aligning all aspects of a business to that unchanging idea. I think it is important for us to get a glimpse at the way in which propaganda managers like Kiran Khalap understands reality, because it gives us an idea about how they intend to alter or change it. Chlorophyll believes that a key to a successful marketing lies in communicating an idea to its target audience in a most comprehensive manner. The notion of ‘target audience’ entered branding language via the cold war. The propaganda machinery of the empire started to use the term ‘target audience’ to refer to anyone who was seen as under the influence of communism for instance population of eastern bloc countries and former USSR. The brief of imperial propaganda managers was to change the mindsets of target audience. People like Kiran Khalap believe branding is a process, which helps a firm in changing the mindsets of target audience. Chlorophyll’s trademarked word, ideantity is a summation of a brand line, a visual and a name. 

The name denotes an unchanging idea, the brand line is a textual reference and the visual provides a pictorial reference to that unchanging idea. In May 2010 kiran Khalap presented his report to UIDAI. Around that time officials of UIDAI started calling their number (UID number) by a new name- Aadhar, which means a root or base or a foundation, a sub-structure or an understructure. In other words the plan was to make an arbitrary random 12 digit number the foundation of one’s identity and of all state to citizen interface in India. It is a pity that enrollment for this number is voluntary. And a greater pity that UIDAI seeks to cover only just over a half of Indian population. None of this is of course any fault of Kiran Khalap. Kiran Khalap and his able team suggested ways and means to develop the personality of Aadhar. A section in UIDAI’s communication strategy gives pointers to deconstruct the personality of Aadhar. Brand managers believe in magical transformations. In the eyes of a brand manager if toothpaste magically transforms into a human being by smiling and talking to a customer again and again, the customer will start to feel about that toothpaste. The key question is how to make a customer feel about an object.

Kiran Khalap’s strategy is to project Aadhar in human terms. A citizen is meant to experience Aadhar. Aadhar is a friend who has been with her since an early age. Indians families will not only just know Aadhar but like him as they like a friend. Aadhar like all superheroes will have great strength and integrity in character. Aadhar is comfortable with technology yet it is not geeky (see, Aadhar- Communicating to a Billion, An Awareness and Communication report, 2010, p-18, 19) In Chlorophyll’s handbook about branding, there is a guideline about set of questions that one should never ask about a branding strategy. The first question is- Does it work?

3. ‘In 1984 Indira Gandhi the then Prime Minister of India was shot dead by two Sikh bodyguards in Delhi. Leaders of Congress (I), the political party to which Indira Gandhi belonged, decided to take ‘revenge’ of her assassination by killing Sikhs. In the days that followed hundreds of Sikhs were killed in many cities of India. Delhi, however, remained the site where largest pre-meditated acts of murder took place. A human rights group investigating the consequences of anti-sikh riots recorded the testimony of a survivor as thus:

“On 1st November 1984 at about 1:00 pm, many trucks and tractors with trolleys full of stones came to Nangloi from the direction of Bahadurgarh. This happened at a time when the Delhi-Haryana border was said to have been sealed. The drivers and passengers let loose a rein of terror in the area. They first stoned the houses, then broke open and looted them, and finally dragged out the men and killed them.”

But how did rioters know who is a Sikh and where does he lives? Before rioters could stone a house, drag a Sikh man to kill or set his body on fire, before a Sikh woman could be raped, a house or a person had to be targeted correctly. Rioters used a variety of ways to garner information about Sikh people. Someone would do an impromptu survey of a place by marking all houses belonging Sikh community with an –X- sign. Few local people acting as native informants would help rioters by giving them information about a shop or a house owned by a Sikh family. But the most common method to identify a Sikh person was to use data available in voter registration and ration lists.

Voter registration and ration lists answer a crucial question of targeting while planning a riot - who lives where. State does not consider this data as confidential. These records are therefore public. Information available in electoral rolls can be used for spatial targeting. For instance, during the Gujarat genocide of 2002 many eyewitnesses gave accounts of rioters carrying printouts of electoral rolls of a place before carrying out an planned operation.

Last year Aruna Roy, a social activist, looking at the UID enrollment process around India, observed, “The UID is a dangerous thing. I’m shocked minorities and other communities are not boycotting it.” Why are minorities of India not boycotting or at least critically thinking about UID? Why are the rest of Indians not questioning legality of UID just like the supreme-court judge. Why no one seems to mind the immense potential of people working for UIDAI to help in illegally providing biometric data in the public domain, which could be used to organize and aid communal violence.


4. Mandate for Unique Identification Authority of India (UIDAI) came from the state. UIDAI was formed in February 2009. According to Government of India, the foundational reason for UIDAI was that it did not know whom to target for subsidies. UIDAI’s role was to identify a person as that person. Verify his or her entitlement for citizenship. And give a number as an acknowledgement receipt. Afterwards various departments of Indian state can interact with him or her through their number. UIDAI commissioned number task forces, studies, and committees to examine various aspects of state-to-citizen interface. The role of these groups was to review state-to-citizen interface, find out challenges, which the state faces, and suggest corrective measures. Between February and November of 2009 UIDAI assigned men (yes these were mostly men) overseeing these groups to do a survey of challenges, which the state was facing in public health, education, public distribution system and national rural employee guarantee scheme.

One by one these groups started presenting their reports. Proper targeting of citizens emerged as a big challenge in all reports. The report on public health highlighted that a major hurdle for the state to disburse medical services is, ‘lack of detailed denominator (ie target population to be covered) focussed services delivery by the government’s rural and urban healthcare systems at district and sub-district levels. A workgroup’s view on PDS was not different either, ‘targeting is not serving its real purpose, as the beneficiaries do not get food grains in accordance with their entitlements.’ A group thought that ‘The present strategy of targeting such children at source can be used simultaneously with strategy of targeting them at destination also. Provision of UIDs at birth will also help the planners of elementary education system in terms of planning for the schools, teachers and other logistics.’

While looking at NREGS scheme, a task force observed that, ‘The ability of UID to positively establish and authenticate the identity of every individual can overcome many of the challenges faced by targeted benefit programs.’

By December 2009 the focus of UIDAI shifted to planning biometric information architecture. The report on Biometrics Design Standards for UID application was the first guideline in this direction. Director General of National Informatics Center Dr. BK Gairola chaired the committee on Biometric Design standards. On the question-how to identify a person as that person, the committee relied heavily on views of American National Standard for Information Systems (NIST)— Data Format for the Interchange of Fingerprint, Facial, & Other Biometric Information reports of 2004, 2005, 2006, 2007 and 2008. The 2004 NIST report was written in the context of evaluation of verification and identification of a new technology using two index fingers. Two critical issues in biometric identification are image quality and correctness of identified matches. 2004 NIST report for instance, was presented as a result of testing samples of new technology developed by Cogent Inc in co-operation with Lockheed Martin, a defense equipment manufacturer. 

Cogent Inc had developed a proprietary method for calculating image quality called Image Quality Measure (IQM). IQM ranks an image based on scales 1 to 8. Where scale 1 stands for the best while scale 8 representing the worst image quality of fingerprints. NIST evaluators found out that Cogent image quality is a good rank statistic for all the algorithms tested for all available proprietary databases. But 2004 NIST report also mentions how NIST has developed an open (non-proprietary) algorithm for fingerprint matching. This algorithm is called NIST Fingerprint Image Quality (NFIQ). According to the 2004 report, NIFQ discriminates image quality much more significantly between its five quality levels than does Cogent IQM across its eight levels. The NIST data was for two fingers. Citing NIST report, the fingerprint sub-committee concluded that if UIDAI were to take just two fingers into account, the False Acceptance Rate would come at 14%. False Acceptance Rate is a probability that a system will falsely accept an image of a fingerprint pattern to a non-matching template in its database. The False Rejection Rate of NIST database was at 4%. The False Rejection Rate is a probability that a system will reject a fingerprint pattern as false even though it is true. The database, which NIST used to study was derived from three sources i.e. the US department of state (DoS) Mexican Border Crossing data and US-VISIT data from Ohio and Atlanta. The total data size of these tests was around 6 million. The population of India is 1.2 billion or 200 times the size of the sample data. The NIST report clearly states, ‘The false accept rate (FAR) using index finger pairs is linearly increasing with database size.’

The fingerprint Sub-committee, chaired by Prof. Phalguni Gupta who works at IIT Kanpur, found that ‘A single finger will be sufficient to provide the minimum standard of accuracy requirements.’ (see: Biometric Design Standards for UID Application, Version 1.0, Dec 2009, p-38) It is not clear however, what does UIDAI mean by ‘minimum standard’. The NIST data was for two fingerprints but I think after looking at the high false acceptance rate UIDAI people must have come to a conclusion that all ten fingerprints will necessarily result in a robust fingerprint match. No empirical exists anywhere to suggest that ten fingerprints are good for a biometric match. UIDAI’s fuzzy logic seems to rest on an assumption that ‘one can ballpark a 1,000 improvement in FAR between two-finger matching and ten-finger matching (all other things being equal)’ (see: Biometric Design Standards for UID Application, Version 1.0, Dec 2009, p-45). The UIDAI report relies on a hypothetical scenario, which is achieved by scaling the tiny NIST data to a huge Indian population. Furthermore the UIDAI reports states ‘NIST data indicates de-duplication accuracy (TAR) greater than 95% is achievable for ten-finger matching against a database size of one billion.’ (see: Biometric Design Standards for UID Application, Version 1.0, Dec 2009, p-45). NIST data, INDICATES, what does the word INDICATES means, is it an expression or does it convey a sense of reality. NIST data is clearly untested and surely no empirical evidence exists anywhere to assure that a technology is out there, which could clearly identify a person as he claims to be, by running his biometric information to a database of a billion plus entries. Nowhere in NIST report is it mentioned that the results of their tests could be applicable to capture and verify images of a database of 1.2 billion entries. On the other hand NIST report suggests more testing and more verification before Cogent’s IQM technology could be introduced in the US. The target audience of the UIDAI report was ‘Any person or organization involved in designing, testing or implementing UID or UID compatible systems for the central government, state government or commercial organization’.

When the time came to choosing vendors for fingerprint capturing devices the UIDAI appointed Cogent Inc as its official vendor (By 2010, 3M, a US conglomerate, took over Cogent Inc). The vendors for Facial and Iris technology too use proprietary algorithms. The UIDAI biometric sub-committee clearly mis-interprets NIST data in a certain way to suggest that Cogent Incorporated’s technology could be used for capturing fingerprints. Cogent’s IQM technology was based on NIST’s standardization; the UIDAI on the other hand relies on ISO standardization. Does Cogent’s technology work equally well with ISO, why is UIDAI pushing for purchasing proprietary software when non-proprietary software exists, why UIDAI was eager to purchase Cogent’s under-developed application-these questions remain unanswered.


5.  Within five months after a hodge-podge presentation of the biometric sub-committee report in December 2009, the UIDAI rushed to advertise for Empanelment of enrolling agencies. By May 2010 the UIDAI was preparing targets for enrollees and enrollments. The UIDAI wants to cover 60% of Indian population by 2014.

After Nandan Nilekani was appointed as the chairman of UIDAI in 2009 he went around India boasting how by 2014 UIDAI will issue UID numbers to 600 million Indians. I often wonder who are those unlucky 400 million people that are going to be ignored by UIDAI. Why UIDAI wants to enroll only 600 million people.
Nandan Nilekani’s dream of capturing biometric details of 600 million Indians was based on an idea that a web of enrollment agencies will cover India, collecting, verifying, capturing biometric data in a time bound manner. Each agency will take care of a place by establishing an enrollment centre. Each enrollment station will have multiple enrollment stations comprising of enrollment booths or enclosures inside these centers. Enrollment stations could be mobile or stationary. According to UIDAI’s calculations it needed a total of 1,321 enrollment centers with 6,604 stations stationed across India to record data in year one of its operations (see: Request For Empanelment, Empanelment for Enrolling Agencies for undertaking demographic and biometric data collection for UID enrolment, May 2010, p-74). In the subsequent years the number of centers and stations were slated to increase dramatically. As of 14th January 2012, according to The Economist magazine, UIDAI had issued just one third of projected 600 million numbers.

As UIDAI was inviting private firms to apply for empanelment in May 2010, Sanjay Nadhamuni, the head of Technology at UIDAI was busy writing a document explaining how UIDAI wants to work out the idea of financial exclusion. Central to Sanjay Nadhamuni’s belief is an idea that once UIDAI has a person’s unique identity number, his phone number and his bank account, state’s money, reserved for direct cash transfer subsidy can be immediately transferred to his account through ID Mapper. The ID Mapper is an algorithm that links various identities of a person into one dataset. According to Sanjay, ‘Now it is easy to target payments to a UID since the ID Mapper can resolve a UID to a specific Bank Account and infact a SMS can be sent to the person’s mobile number which is also available in the ID Mapper.’ A UID number, in Sanjay’s view, is going to last for centuries. Of course there are minor issues in managing a database which is this big in scale, for instance, one does not know what will happen to a number if a person dies because most deaths in India are either unreported or under reported. People will only report a death of a kin if they have something to gain. Why would a person close to a direct-cash-transfer subsidy beneficiary be interested in reporting her death to UIDAI so long as he could continue to get monetary benefits? Close to a million people die in India every year. These figures relate to reported deaths. Sanjay Nadhamuni had a unique solution for this problem. Ques: So how would UID know if a person has died? Answer: if the account is not used for ten years, it means that person has died and his or her account will be deactivated. Sanjay provides some more solution to foreseen problems such as death or disappearance of a person. In order to authenticate a person’s identity, UID, it appears, is not aiming for a complete match of all biometric markers. The idea is to match the biometric up to certain threshold. Who will decide this threshold, how would this threshold work out, Sanjay Nadhamuni’s document does not answer these questions. However by not choosing to go for a complete match of a person’s claim for an identity, the UIDAI, it seems, is allowing a culture of technological arbitrariness to set in, an arbitrariness, which could result in greater false acceptance rate. Moreover if you lose your UID number, you will be at fault and UIDAI will charge money from you to find your number.

UIDAi intends to distribute direct-benefit-transfer scheme in the name of financial inclusion by providing mobile ATM’s and asking local Kirana stores to act as Business Correspondents. This arbitrary assigning of Kirana (Grocery shops, which are mostly run by members of Vaishya or merchant caste) stores located in over 6,00,000 villages of India as Business Correspondents could create social problems. The citizens of India, which in UIDAI’s documents are often referred to as “customers”, belonging to remote areas will withdraw money and make deposits using UID numbers at a local Kirana store. I wonder why is it that, in a classic state plus corporate managerial model of governance, which UIDAI embodies, any potential of a Bania manning a kirana store and using additional powers of a Business Correspondent acting on behalf of UIDAI, to reinforce rigid local caste hierarchies is not taken into account.


6. The Indian state’s view is that it wants financial inclusion for all. Yet it wants to enroll only 600 million Indians, possibly leaving out 400 million because they are ones with weakest trail of documentary history. The state does not know who are the poor people of India therefore it has created UIDAI to ensure that everyone especially the poor are correctly identified. The fact of the matter is that no technology exists in the world, which can correctly identify a person as he claims to be and work at the scale of a large population. It is true small populations could be identified correctly, for instance patients of a hospital, or a small prison population. But currently no state has a technology to correctly identify all its citizens. In most countries citizenship itself is highly contested socio-legal category. The system, which UIDAI is currently putting in place, is beset with faulty technology. Such a system, as UIDAI documents show, has a potential to either falsely accept a fake claimant as genuine or genuinely reject an original claimant as false. The percentages, it is true, for such a thing to happen are small. But when we translate even a small percentage figure like 4 to Indian population, it means 40 million people could face unwanted problems related to UIDAI on a daily basis. If this is going to be an everyday scenario the percentages cease to be small. Forty million people getting affected from systemic faults on a daily basis is not a small problem in any state, anywhere in the world. The second and highly disturbing aspect of giving a UID number to 600 million Indians is the process itself. The current process stupidly allows itself to become vulnerable to injuries caused by the ease with biometric data traveling in memory sticks could be copied, downloaded, tampered with and destroyed. And finally the floating liquid biometric data can potentially act as a huge asset for communal forces in India in planning, profiling, detailing and executing pogroms and genocides or minor communal conflicts for immediate electoral, political or economic gain. The deafening silence of the far right, which is usually extremely critical of federal programs, about UIDAI scheme is perhaps a good pointer to start thinking about consequences of ignoring UIDAI in India.