UID at the Core
UID is an enabler that will create robustness. The tagging of UID number with different domains will ensure that the right individual gets the benefits, says Sunil R Chandiramani, Partner & National Leader – Government Services, at global consultancy Ernst & Young in an exclusive conversation with Inclusion
Q: There is a view that India has got far too many cards. What is the need for UID?
A: I view unique identity akin to creation of the circle. The power of UID is such that it creates an absolute basic core DNA that can be put to multiple uses. There is a big difference between cards that currently exist and what UID is all about. All existing identity cards have limited objective or purpose, and the possibility of building on them is very low. On the contrary UID attempts to create with the best technology available in hand a very simple way to authenticate an individual based on biometrics. UID is not a card but an identity and that is what makes it different.
Q: Somehow the packaging and the communication that comes out of UID is that it is going to solve all the problems. How do you think UID is going to help solve problems, and what are the real benefits of it?
A: UID now gives you the ability of doing a huge amount more on it. Let me share with you an example. In the entire PDS distribution chain you will find that leakages could happen through several different means and routes. Leakages can happen with (i) the quality of the product when delivered by the supplier; (ii) the correct beneficiary not getting the advantage; or, (iii) the PDS distributor delivering incorrect quantity or quality of the product. Today UID can help plug leakage no. (ii) i.e. to control whether it is the right individual getting the benefit or not. In order to control other leakages other systems will need to be devised which include direct deposit of benefits into the recipients’ accounts and strong checks on what is delivered or sold in the marketplace. UID is not the solution to all problems, however, with the use of further analytics and other systems you can deliver better services and reduce leakages resulting in very large savings.
Q: When ministry of IT was setting up e-Governance, pretty much before they set up an infrastructure, it also started solving all the problems. A marketing machinery said it would give financial inclusion, it will take care of PDS and then in fact some village level entrepreneurs. UID seems to be going in the same direction. Isn’t it?
A: Projects that are transformational require people to see the entire picture and move forward to achieve the vision. One could consider sequential progression i.e. issuing the card first to all and then start deploying application in use. Given the sheer scale of the program, then everyone would have questioned the advantage and use of the UID number. Hence it is important that issuance and usage of this moves hand in hand.
All states have started off on this, some are doing it faster, and some are doing it slower. Once several departments start using the UID in their operations and see the advantage, they will be encouraged to push for greater use. These departments will be able to deliver better services and also be more economical in their service delivery.
Q: The first set of cards was distributed to residents of a village in Nandurbar district in Maharashtra in September last year. What difference has it made there?
A: UID is not an event, but a process; it has to achieve critical mass and adoption to measure benefits. There are multiple parallel things that need to be done. For e.g. UID is currently assisting in the process of financial inclusion. It has assisted in opening of banked accounts and enabling MGNERGS transactions. Similarly, UID is in the process of being adopted by the PDS system and Oil marketing companies. Once people start putting it into play the demand of it will only go up.
Q: We are distributing the number but who will make use of it?
A: The number is expected to be used by the recipient of public and private services and service providers alike. We expect various departments of the government, financial and telecom sectors to use it initially. As the pace of enrollments and authentication increases, more agencies will join the use. We need to understand that UID is an enabler - it can facilitate, but it is for these departments to conceptualise and implement.
Q: When the UID is taking its own technology calls, how would anybody else build his application on it?
A: The only thing that UID insists is standard formats for the data to be interoperable. It allows the user community to choose their own technology and I don’t see it as being the limiting factor.
Q: If you look at a project like MCA 21, a very successful project. The choices are left to vendor because you are supposed to run it and you decide what technology you are most comfortable with?
A: Given the sensitive nature of the project, data stored and the implications of anything going wrong with the entire database, is the reason that the Government or the UID has taken a very active stand on how they would participate in the whole process, to make sure that if tomorrow they had to change a vendor or make any other changes then they have the ability of managing that change. The intent is not to force any single vendor to be the sole supplier of technology but to promote open technology standards so long as it meets the requirements designed by the UIDAI.
Q: What is the role of Ernst & Young?
A: Our role has essentially been to help them design the Central Identity Repository (CIDR) and other key technology infrastructure. As part of the mandate, we are expected to design the overall architecture of the system in its fully functional state adhering to design principles that adequately address the complexity and leading practices.
Also, we are engaged in helping them float RFPs and walking them through the evaluation process, drafting of SLA terms and other legal contractual obligations and help them program manage it in terms of ensuring that the vendors are delivering as per contract what they have committed to deliver.
Q: You are also consultants for NPCI, is there any linkage with that and how does it impact Visa, Master Card?
A: That’s completely separate and not linked to what Aadhaar is trying to do. NPCI is all about creating a payment gateway to manage local transactions.
Q: Where would that leave opening up of the market? Now we are saying we are going to nationalise all this, and there is going to be this sarkari solution?
A: Even today in the open world there isn’t only Master and Visa. There are number of players. The question is if today I am SBI. I create my own network of ATMs. I choose to also participate in the national ATM network. Similarly here a network is being created to manage local payments, however networks will compete with each other and the one offering the best rates and services at the end of the day will win.
Q: It is expected to get masses into the banking network and those guys are going to get benefits from the Government only through RuPay card. So there is no level playing field for the competition.
A: In contrast, through the common authentication service it creates a perfect level playing field. This is particularly true in the financial system where the institutions are often worried about the cost of identification and authentication services to expand the outreach. Those with deep pockets or Government support have extended these services, but with wide spread of UID, every service provider in the financial sector will be able to expand their operations without having to worry about the cost of underlying technology infrastructure.
Q: What are the biggest challenges that UID project faces in terms of technology?
A: The challenges are multifold. Firstly, no known biometric algorithms are available with a gallery size of a billion plus. We hardly find these with a couple of hundred million gallery size. So it has to be a constant endeavour for service provider to fine tune the algorithm to ensure accurate de-duplication and authentication. Secondly, biometric algorithms are known to have imperfections in minute percentages, which is a limitation of science. Thirdly, to design a system to support de-duplications of a billion plus and to support authentications which could run into few billions a day. Luckily, all of the above challenges have mitigation strategies available and are being considered actively along the implementation cycle.
Q: Why has Europe not done UID? Why has any business organization in the world not done it?
A: It is essential for us to understand and appreciate the spirit behind the project. Every solution and system has evolved or is constantly evolving solutions to provide a platform for identity and entitlement. The climatic conditions, literacy levels, perceptions of identify, social cultural approval, method of access, integrity of people and system vary in every country and society. It is really up to us to accept and embrace a system which will meet the expectations of billions.
Q: I have a credit card. It works on any ATM. They know who I am? (Besides) I have a PIN. I am putting in that PIN. Is it not unique?
A: “They know who you are” is an incorrect statement. All they know is that a transaction is occurring with the card and with the PIN, which you can’t refute. If I had your PIN and card and if I went out and did a transaction, under no circumstances can the transaction be refused.
Q: Why can’t we use biometrics on PAN?
A: It is not a great idea; especially when there is concern over number of duplicate PAN numbers, set in individual names. In future, I am confident that we will have Aadhaar enabled PAN accounts.
Q: For biometrics people say it’s over architected. You have all the ten fingers plus you have the hands and iris. Why?
A: In the villages particularly because of hard labour etc. the quality of finger prints i.e. the ridges and valleys in finger prints is very poor and this poses data quality issues for de-duplication and subsequent authentication. As this ID was to be used for authentication and technology enabled capture of more than one biometric a call was taken to capture all data points. Given the sheer size of the exercise it was thought best to capture all the elements required rather than have to repeat the exercise. In addition, it also brings down the probability of errors while de-duplicating the biometrics for unique identity.
Q: De-duplication is a major issue. I believe you already have some four and a half million records. What if you are not able to scale and there are some errors still?
A: There are three vendors operating right now. Similar de-duplication is being performed by them to ensure accuracy and also test the capability of the algorithms. Vendors are also constantly fine-tuning algorithms to improve their efficiency and effectiveness. These multiple tests also ensure that the system will be able to scale and deliver results and is not dependent on a single vendor or technology. UID as a project has no margin of error for failure.
UID is an enabler that will create robustness. The tagging of UID number with different domains will ensure that the right individual gets the benefits, says Sunil R Chandiramani, Partner & National Leader – Government Services, at global consultancy Ernst & Young in an exclusive conversation with Inclusion
Q: There is a view that India has got far too many cards. What is the need for UID?
A: I view unique identity akin to creation of the circle. The power of UID is such that it creates an absolute basic core DNA that can be put to multiple uses. There is a big difference between cards that currently exist and what UID is all about. All existing identity cards have limited objective or purpose, and the possibility of building on them is very low. On the contrary UID attempts to create with the best technology available in hand a very simple way to authenticate an individual based on biometrics. UID is not a card but an identity and that is what makes it different.
Q: Somehow the packaging and the communication that comes out of UID is that it is going to solve all the problems. How do you think UID is going to help solve problems, and what are the real benefits of it?
A: UID now gives you the ability of doing a huge amount more on it. Let me share with you an example. In the entire PDS distribution chain you will find that leakages could happen through several different means and routes. Leakages can happen with (i) the quality of the product when delivered by the supplier; (ii) the correct beneficiary not getting the advantage; or, (iii) the PDS distributor delivering incorrect quantity or quality of the product. Today UID can help plug leakage no. (ii) i.e. to control whether it is the right individual getting the benefit or not. In order to control other leakages other systems will need to be devised which include direct deposit of benefits into the recipients’ accounts and strong checks on what is delivered or sold in the marketplace. UID is not the solution to all problems, however, with the use of further analytics and other systems you can deliver better services and reduce leakages resulting in very large savings.
Q: When ministry of IT was setting up e-Governance, pretty much before they set up an infrastructure, it also started solving all the problems. A marketing machinery said it would give financial inclusion, it will take care of PDS and then in fact some village level entrepreneurs. UID seems to be going in the same direction. Isn’t it?
A: Projects that are transformational require people to see the entire picture and move forward to achieve the vision. One could consider sequential progression i.e. issuing the card first to all and then start deploying application in use. Given the sheer scale of the program, then everyone would have questioned the advantage and use of the UID number. Hence it is important that issuance and usage of this moves hand in hand.
All states have started off on this, some are doing it faster, and some are doing it slower. Once several departments start using the UID in their operations and see the advantage, they will be encouraged to push for greater use. These departments will be able to deliver better services and also be more economical in their service delivery.
Q: The first set of cards was distributed to residents of a village in Nandurbar district in Maharashtra in September last year. What difference has it made there?
A: UID is not an event, but a process; it has to achieve critical mass and adoption to measure benefits. There are multiple parallel things that need to be done. For e.g. UID is currently assisting in the process of financial inclusion. It has assisted in opening of banked accounts and enabling MGNERGS transactions. Similarly, UID is in the process of being adopted by the PDS system and Oil marketing companies. Once people start putting it into play the demand of it will only go up.
Q: We are distributing the number but who will make use of it?
A: The number is expected to be used by the recipient of public and private services and service providers alike. We expect various departments of the government, financial and telecom sectors to use it initially. As the pace of enrollments and authentication increases, more agencies will join the use. We need to understand that UID is an enabler - it can facilitate, but it is for these departments to conceptualise and implement.
Q: When the UID is taking its own technology calls, how would anybody else build his application on it?
A: The only thing that UID insists is standard formats for the data to be interoperable. It allows the user community to choose their own technology and I don’t see it as being the limiting factor.
Q: If you look at a project like MCA 21, a very successful project. The choices are left to vendor because you are supposed to run it and you decide what technology you are most comfortable with?
A: Given the sensitive nature of the project, data stored and the implications of anything going wrong with the entire database, is the reason that the Government or the UID has taken a very active stand on how they would participate in the whole process, to make sure that if tomorrow they had to change a vendor or make any other changes then they have the ability of managing that change. The intent is not to force any single vendor to be the sole supplier of technology but to promote open technology standards so long as it meets the requirements designed by the UIDAI.
Q: What is the role of Ernst & Young?
A: Our role has essentially been to help them design the Central Identity Repository (CIDR) and other key technology infrastructure. As part of the mandate, we are expected to design the overall architecture of the system in its fully functional state adhering to design principles that adequately address the complexity and leading practices.
Also, we are engaged in helping them float RFPs and walking them through the evaluation process, drafting of SLA terms and other legal contractual obligations and help them program manage it in terms of ensuring that the vendors are delivering as per contract what they have committed to deliver.
Q: You are also consultants for NPCI, is there any linkage with that and how does it impact Visa, Master Card?
A: That’s completely separate and not linked to what Aadhaar is trying to do. NPCI is all about creating a payment gateway to manage local transactions.
Q: Where would that leave opening up of the market? Now we are saying we are going to nationalise all this, and there is going to be this sarkari solution?
A: Even today in the open world there isn’t only Master and Visa. There are number of players. The question is if today I am SBI. I create my own network of ATMs. I choose to also participate in the national ATM network. Similarly here a network is being created to manage local payments, however networks will compete with each other and the one offering the best rates and services at the end of the day will win.
Q: It is expected to get masses into the banking network and those guys are going to get benefits from the Government only through RuPay card. So there is no level playing field for the competition.
A: In contrast, through the common authentication service it creates a perfect level playing field. This is particularly true in the financial system where the institutions are often worried about the cost of identification and authentication services to expand the outreach. Those with deep pockets or Government support have extended these services, but with wide spread of UID, every service provider in the financial sector will be able to expand their operations without having to worry about the cost of underlying technology infrastructure.
Q: What are the biggest challenges that UID project faces in terms of technology?
A: The challenges are multifold. Firstly, no known biometric algorithms are available with a gallery size of a billion plus. We hardly find these with a couple of hundred million gallery size. So it has to be a constant endeavour for service provider to fine tune the algorithm to ensure accurate de-duplication and authentication. Secondly, biometric algorithms are known to have imperfections in minute percentages, which is a limitation of science. Thirdly, to design a system to support de-duplications of a billion plus and to support authentications which could run into few billions a day. Luckily, all of the above challenges have mitigation strategies available and are being considered actively along the implementation cycle.
Q: Why has Europe not done UID? Why has any business organization in the world not done it?
A: It is essential for us to understand and appreciate the spirit behind the project. Every solution and system has evolved or is constantly evolving solutions to provide a platform for identity and entitlement. The climatic conditions, literacy levels, perceptions of identify, social cultural approval, method of access, integrity of people and system vary in every country and society. It is really up to us to accept and embrace a system which will meet the expectations of billions.
Q: I have a credit card. It works on any ATM. They know who I am? (Besides) I have a PIN. I am putting in that PIN. Is it not unique?
A: “They know who you are” is an incorrect statement. All they know is that a transaction is occurring with the card and with the PIN, which you can’t refute. If I had your PIN and card and if I went out and did a transaction, under no circumstances can the transaction be refused.
Q: Why can’t we use biometrics on PAN?
A: It is not a great idea; especially when there is concern over number of duplicate PAN numbers, set in individual names. In future, I am confident that we will have Aadhaar enabled PAN accounts.
Q: For biometrics people say it’s over architected. You have all the ten fingers plus you have the hands and iris. Why?
A: In the villages particularly because of hard labour etc. the quality of finger prints i.e. the ridges and valleys in finger prints is very poor and this poses data quality issues for de-duplication and subsequent authentication. As this ID was to be used for authentication and technology enabled capture of more than one biometric a call was taken to capture all data points. Given the sheer size of the exercise it was thought best to capture all the elements required rather than have to repeat the exercise. In addition, it also brings down the probability of errors while de-duplicating the biometrics for unique identity.
Q: De-duplication is a major issue. I believe you already have some four and a half million records. What if you are not able to scale and there are some errors still?
A: There are three vendors operating right now. Similar de-duplication is being performed by them to ensure accuracy and also test the capability of the algorithms. Vendors are also constantly fine-tuning algorithms to improve their efficiency and effectiveness. These multiple tests also ensure that the system will be able to scale and deliver results and is not dependent on a single vendor or technology. UID as a project has no margin of error for failure.
