In 2009, I became extremely concerned with the concept of Unique Identity for various reasons. Connected with many like minded highly educated people who were all concerned.
On 18th May 2010, I started this Blog to capture anything and everything I came across on the topic. This blog with its million hits is a testament to my concerns about loss of privacy and fear of the ID being misused and possible Criminal activities it could lead to.
In 2017 the Supreme Court of India gave its verdict after one of the longest hearings on any issue. I did my bit and appealed to the Supreme Court Judges too through an On Line Petition.
In 2019 the Aadhaar Legislation has been revised and passed by the two houses of the Parliament of India making it Legal. I am no Legal Eagle so my Opinion carries no weight except with people opposed to the very concept.
In 2019, this Blog now just captures on a Daily Basis list of Articles Published on anything to do with Aadhaar as obtained from Daily Google Searches and nothing more. Cannot burn the midnight candle any longer.
"In Matters of Conscience, the Law of Majority has no place"- Mahatma Gandhi
Ram Krishnaswamy
Sydney, Australia.

Aadhaar

The UIDAI has taken two successive governments in India and the entire world for a ride. It identifies nothing. It is not unique. The entire UID data has never been verified and audited. The UID cannot be used for governance, financial databases or anything. It’s use is the biggest threat to national security since independence. – Anupam Saraph 2018

When I opposed Aadhaar in 2010 , I was called a BJP stooge. In 2016 I am still opposing Aadhaar for the same reasons and I am told I am a Congress die hard. No one wants to see why I oppose Aadhaar as it is too difficult. Plus Aadhaar is FREE so why not get one ? Ram Krishnaswamy

First they ignore you, then they laugh at you, then they fight you, then you win.-Mahatma Gandhi

In matters of conscience, the law of the majority has no place.Mahatma Gandhi

“The invasion of privacy is of no consequence because privacy is not a fundamental right and has no meaning under Article 21. The right to privacy is not a guaranteed under the constitution, because privacy is not a fundamental right.” Article 21 of the Indian constitution refers to the right to life and liberty -Attorney General Mukul Rohatgi

“There is merit in the complaints. You are unwittingly allowing snooping, harassment and commercial exploitation. The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a court for the purpose of criminal investigation.”-A three judge bench headed by Justice J Chelameswar said in an interim order.

Legal scholar Usha Ramanathan describes UID as an inverse of sunshine laws like the Right to Information. While the RTI makes the state transparent to the citizen, the UID does the inverse: it makes the citizen transparent to the state, she says.

Good idea gone bad
I have written earlier that UID/Aadhaar was a poorly designed, unreliable and expensive solution to the really good idea of providing national identification for over a billion Indians. My petition contends that UID in its current form violates the right to privacy of a citizen, guaranteed under Article 21 of the Constitution. This is because sensitive biometric and demographic information of citizens are with enrolment agencies, registrars and sub-registrars who have no legal liability for any misuse of this data. This petition has opened up the larger discussion on privacy rights for Indians. The current Article 21 interpretation by the Supreme Court was done decades ago, before the advent of internet and today’s technology and all the new privacy challenges that have arisen as a consequence.

Rajeev Chandrasekhar, MP Rajya Sabha

“What is Aadhaar? There is enormous confusion. That Aadhaar will identify people who are entitled for subsidy. No. Aadhaar doesn’t determine who is eligible and who isn’t,” Jairam Ramesh

But Aadhaar has been mythologised during the previous government by its creators into some technology super force that will transform governance in a miraculous manner. I even read an article recently that compared Aadhaar to some revolution and quoted a 1930s historian, Will Durant.Rajeev Chandrasekhar, Rajya Sabha MP

“I know you will say that it is not mandatory. But, it is compulsorily mandatorily voluntary,” Jairam Ramesh, Rajya Saba April 2017.

August 24, 2017: The nine-judge Constitution Bench rules that right to privacy is “intrinsic to life and liberty”and is inherently protected under the various fundamental freedoms enshrined under Part III of the Indian Constitution

"Never doubt that a small group of thoughtful, committed citizens can change the World; indeed it's the only thing that ever has"

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden

In the Supreme Court, Meenakshi Arora, one of the senior counsel in the case, compared it to living under a general, perpetual, nation-wide criminal warrant.

Had never thought of it that way, but living in the Aadhaar universe is like living in a prison. All of us are treated like criminals with barely any rights or recourse and gatekeepers have absolute power on you and your life.

Announcing the launch of the # BreakAadhaarChainscampaign, culminating with events in multiple cities on 12th Jan. This is the last opportunity to make your voice heard before the Supreme Court hearings start on 17th Jan 2018. In collaboration with @no2uidand@rozi_roti.

UIDAI's security seems to be founded on four time tested pillars of security idiocy

1) Denial

2) Issue fiats and point finger

3) Shoot messenger

4) Bury head in sand.

God Save India

Tuesday, June 26, 2012

2636 - A Tale of Errors - R.Ramakumar

GOVERNANCE
A tale of errors
R. RAMAKUMAR


Contrary to the claims of the UIDAI, fingerprints are a highly inappropriate tool to uniquely identify individuals. 
K. MURALI KUMAR 


Nandan Nilekani, UIDAI Chairman. In an interview he said the Biometric Standards Committee had “recommended the inclusion of iris to the biometric modalities”, which is not true.

Case 1: “There are nine checks on visa nationals arriving into the U.K. [United Kingdom]. The fingerprint matching check is the most recent. It is the least reliable. It is the least effective in terms of delivering against our requirements….”

So stated Brodie Clark, the former head of the United Kingdom Border Force, to a stunned Home Affairs Committee on November 15, 2011. Clark was giving oral evidence to the committee on why he had authorised the suspension of fingerprint checks during busy hours at U.K. airports. Pressed further, Clark said, “I knew of it, and I approved it because it was a very sensible thing.”

Case 2: “The FBI [Federal Bureau of Investigation] apologises to Mr Mayfield and his family for the hardships that this matter has caused.”

The FBI’s apology came in a public statement, dated May 24, 2004. Brandon Mayfield was an attorney in Oregon and a Muslim convert who was held as a material witness in the Madrid bombing of March 11, 2004. The Spanish police had located a latent fingerprint on a bag that contained explosives and sent it to the FBI. The FBI shortlisted potential matches from its fingerprint database. Two fingerprint experts, one internal and another external, concluded that the latent fingerprint belonged to Mayfield; one expert termed the match as “100% identification”. Mayfield was jailed on the basis of the fingerprint match. Two weeks later, the Spanish police informed the FBI that they had independently matched the latent print with Ouhnane Daoud, an Algerian national living in Spain.

The FBI’s fingerprint gaffe on Mayfield was not the first in the U.S. A few years earlier, Stephen Cowans had to serve a jail sentence of more than six years in Boston on the basis of a false fingerprint match. He was exonerated on the basis of DNA evidence.

For years, the infallibility of fingerprints as a mark of uniqueness has been some sort of a fairy tale. But with increasing cases of fingerprint mismatches leading to human rights violations like prison detentions, the confidence is waning. Indeed, it was such loss of confidence that contributed to the shelving of national identity projects in the U.K. and many other countries.

If the confidence is waning globally, in India there appears to be a deeply intriguing faith in the use of fingerprints in establishing unique identity for a population of 120 crore. The Aadhaar project is a classic example. Biometrics – particularly fingerprints – is a central feature of the Aadhaar project. That a Parliamentary Standing Committee had torn apart the robustness of the fingerprint technology – calling it “untested and unreliable” – is dismissed by the government. While time will indeed prove this faith misplaced, some immediate respect for the sceptical voice appears to be long overdue.

The entry of biometrics into Aadhaar is characteristic of how governments evade laws and misrepresent expert opinion to insert untested ideas into policy. In 2009 itself, the Biometric Standards Committee (BSC) of the Unique Identification Authority of India (UIDAI) was circumspect about using fingerprints in Aadhaar. It had stated that “retaining efficacy while scaling the database size… to a billion has not been adequately analysed”. The BSC also stated that “fingerprint quality, the most important variable for determining de-duplication accuracy, has not been studied in depth in the Indian context”. The reason: a large share of the population is dependent on hard manual labour, leading to worn-out fingerprints. This was an early note of caution, which the UIDAI ignored.

Even the BSC had failed to list out the problems of fingerprints comprehensively. For instance, the BSC was silent on the issue of “template ageing”, that is, an increase in “false rejection rates” as people age and sensor characteristics of fingerprint devices change. According to Kevin Bowyer of the University of Notre Dame, physical ageing of fingers results in decreased suppleness of the skin, more wrinkles, lesser flexibility of joints, and accumulated cuts and scars, all of which change the fingerprint itself. This implies the need to re-enrol a large proportion of people almost annually, making the system vulnerable to fraud.

There was another note of caution on fingerprints, which too was ignored. A report from 4G Identity Solutions, a supplier and consultant for the UIDAI, had mentioned in 2009 itself that about 15 per cent of the Indian population may fail to enrol because of unreadable fingerprints. It specifically noted that “people above 60 years and young children below 12 years may have difficulty enrolling in a fingerprinting system”.

On iris scans, the BSC was even more circumspect. It did not even provide error estimates for iris scans owing to the “absence of empirical Indian data”. It suggested the use of iris scans only “if they [UIDAI] feel it is required”. This stance of the BSC did not dissuade the UIDAI from deciding to scan irises too at enrolment. In fact, in a clear case of fudge, UIDAI Chairman Nandan Nilekani stated in an interview to PlanetBiometrics (July 5, 2010) that the BSC had “ recommended the inclusion of iris to the biometric modalities”. This was wrong; the BSC never made such a recommendation.

T. VIJAYA KUMAR 
An elderly woman being assisted in getting her fingerprinting done by the staff of the Aadhar biometric enrolment centre at Don Bosco School in Guntur, Andhra Pradesh, in February 2011. The elderly constitute a group that will be massively excluded because of the fallibility of the fingerprint technology.

It is becoming increasingly clear that the decision to include biometrics in Aadhaar had no scientific basis and flew in the face of available evidence (see “How Reliable is UID?”, Frontline, November 19, 2011). Recent evidence suggests that the chickens are indeed coming home to roost.

Biometrics appears at two stages in the Aadhaar project. The first stage is “enrolment”, where three sets of biometrics are collected from each resident: a photograph, fingerprints of all 10 fingers and iris scans of both eyes. The fingerprints and iris scans are used to uniquely identify (or “de-duplicate”) each resident and allot a unique Aadhaar number. The second stage is “authentication”; here, a service would be provided to residents only upon confirmation that his/her fingerprint “matches” the fingerprint stored against his/her name in the enrolment database. Iris scans are not used at the stage of authentication.

I shall try to argue here that at both the stages – enrolment and authentication – the quantum of errors associated with biometrics is too large to be ignored.


Errors in enrolment

Let us first take enrolment. Facts emerging from the ground reveal that there have been widespread errors at this stage and that biometrics has been of little help.

First, in Hyderabad, a data entry supervisor by the name of Mohammed Ali – a former employee of the Infrastructure Leasing and Financial Services Limited (IL&FS) – was shown to have enrolled more than 30,000 residents in a short span of three months. According to reports, all the 30,000 applicants had been issued Aadhaar numbers. There were two interesting aspects with respect to biometrics in this scam.

(a) Out of the 30,000 residents enrolled, about 870 people were enrolled as physically disabled (“biometric exceptions” in the UIDAI parlance). Their biometric information was not recorded. It is unclear as to how many of these 870 were actually disabled because most of their addresses were fake. It is also unclear as to how many thousands of such fake enrolments have already taken place across India.

(b) A large proportion of the 30,000 residents enrolled were not enrolled by Ali (because Ali had left IL&FS in between). Instead, these enrolments were done across 17 enrolment centres by other supervisors who used Ali’s login and password. While logging into the system, along with the login and password, supervisors have to submit their fingerprints. Typically, if the supervisor’s fingerprints were not matched as Ali’s, the system should have rejected access. Yet, all the supervisors could gain access to the system using their fingerprints. Clearly, the system was not able to identify the supplied fingerprints as not Ali’s.

Secondly, in what has been the most hilarious Aadhaar number provision to date, one Aadhaar number (4991-1866-5246) was issued in Anantapur district of Andhra Pradesh to a person named Mr Kothimeera (that is, coriander), with his father’s name as Mr Palav (biryani) and address as Gongura Tota, Mamidikaya Vooru (Mango village), Jambuladinne, Anantapur, Andhra Pradesh - 515731. To top it, the date of birth of Mr Kothimeera was recorded as 1887, and the photograph on the card was that of a mobile phone. It is as yet unclear as to what biometric records were supplied with “Mr Kothimeera’s” demographic details and how it passed the test of biometric de-duplication.

Thirdly, the Department of Posts is on record that across India, as on April 20, 6.46 lakh Aadhaar letters posted were returned because the addresses did not exist. In Andhra Pradesh itself, about 50,000 Aadhaar letters were lying undelivered because the addresses were fake. In Karwar, Ankola, Kumta, Honnavar and Bhatkal taluks of Karnataka, about 7,000 Aadhaar letters were lying undelivered because the addresses were fake. While fake addresses have nothing to do with biometrics per se, they provide corroborative evidence to the widespread fraud that takes place at enrolment.

In sum, biometrics has not been able to prevent large-scale errors at the enrolment stage itself. Available evidence itself is persuasive, and it may be logically suspected that unreported errors are of a far larger magnitude.

Errors in authentication


Interestingly, while three sets of biometrics are collected at the time of enrolment, only one set – fingerprints – is used for authentication. As R.S. Sharma, the Mission Director of the UIDAI, confirmed in an interview to Frontline in 2011, “fingerprint is the basic mode of authentication”. According to Nandan Nilekani, iris scans are not used at authentication because “it’s not a mature technology”. For the moment, we shall postpone asking the reasons for tweaking expert opinion and deciding to use an immature technology at the stage of enrolment.


In his Frontline interview, Sharma admitted that the “quality of fingerprints… poses a challenge for later authentication”. He also stated that “for manual labourers, this authentication will be difficult because only one or two of the 10 fingerprints may be good”. It would appear that Sharma was foretelling what the UIDAI’s Proof of Concept (PoC) studies published in 2012 were to reveal. The PoC studies reveal that fingerprint-based authentication of large populations is largely a non-starter, and point towards enormous risks of exclusion.

The PoC studies were internal studies on small populations conducted by the UIDAI to test the robustness of real-time, fingerprint-based authentication. There was no external review. In Phase 1, a small sample of 14,220 residents was studied in Tumkur district of Karnataka. In Phase 2, about 35,000 Aadhaar holders were covered across four States.

First, the results confirm the fear that most people in rural areas have unreadable fingerprints. There was also significant variation of quality across the fingerprints of each individual. However, the UIDAI does not admit this in as many words. Instead, the PoC report says: “Certain fingers were observed to provide better authentication accuracy due to good fingerprint ridges and hence better image quality.” Further, it says that “providing multiple attempts of the same finger was seen to improve resident’s chances of successful authentication”. Finally, “senior residents (60+) had the highest rejection rates”; age-wise rejection rates, however, are not provided.

Let us paraphrase the above three results: (a) only some fingers of residents showed best authentication accuracy; (b) even when fingerprint quality was good, authentication was not always successful at the first try; and (c) residents above the age of 60 years showed poor authentication accuracy.

Secondly, to bypass the pervasive problem of poor fingerprint quality, the PoC study defines a “best finger”. It is the finger that “provides the highest chance of successful authentication”. The idea of a “best finger” is a cop-out from the real problem of poor fingerprint quality. Only 93.6 per cent of the residents possessed at least one best finger. Thus, for 6.4 per cent of the residents authentication was not possible with a single finger. In absolute terms, when extrapolated to the population of 120 crore, a 6.4 per cent share translates to 7.2 crore persons. While the use of more than one finger improves authentication accuracy, the figure of 93.6 per cent provides an insight into the potential extent of exclusion due to fingerprint authentication.

Thirdly, authentication was possible only in the case of 93.5 per cent of residents with a single finger at the first attempt itself (see figure). In other words, in the case of about 6.5 per cent of residents (translating to 7.8 crore residents, when applied to 120 crore) authentication was not possible at the first attempt with a single finger. Even when three attempts were allowed, only 96.5 per cent of residents were able to be authenticated.

In India, even a small share of exclusion from authentication can imply the actual exclusion of crores of individuals. Further, when applied to larger populations, the share of residents without one best finger is likely to rise sharply. At 120 crore people, it is impossible to forecast what this share would explode into.

Contrary to the claims of the UIDAI, fingerprints will be a highly inappropriate tool to uniquely identify individuals. Given multiple errors during enrolment and the potentially high error rates at authentication, the use of fingerprint authentication is likely to foster a regime of misidentification and exclusion. Worse still, exclusion will be most acute among poor manual labourers. The poor record of fingerprint readers in U.K. airports and frequent fingerprint mismatches in the U.S. were also a result of fallibilities in the fingerprint technology.

The elderly is another group that would be massively excluded. As the PoC reports admit, those above 60 years had the “highest rejection rates” at authentication. Yet, the Mid-Term Review of the Eleventh Plan by the Planning Commission has recommended the use of Aadhaar fingerprints to pay pension to the elderly through the National Social Assistance Programme (NSAP). The recommendation is to use “banking correspondents”, who would carry handheld fingerprint devices, to make “payments at the doorstep”. A sure recipe for exclusion, it would appear.

In fact, the only group that appears certain to gain from the Aadhaar project is the global biometric industry. As Nandan Nilekani suggested in an interview, “the Unique Identification Project is creating new opportunities for biometric technology…. Our success can, therefore, determine the course the industry will take, since these technologies will be tested in India on an unprecedented scale.” On the other hand, the losses are likely to be felt mostly by the poor. It would be an irony that a project that is marketed in the name of “including the poor” would end up excluding them massively from whatever meagre provisions they obtain from the state today.

R. Ramakumar is Associate Professor at the Tata Institute of Social Sciences, Mumbai.