A tale of errors
R. RAMAKUMAR
Contrary to the claims of the UIDAI, fingerprints are a highly inappropriate tool to uniquely identify individuals.
Case 1: “There are nine checks on visa nationals arriving into the U.K. [United Kingdom]. The fingerprint matching check is the most recent. It is the least reliable. It is the least effective in terms of delivering against our requirements….”
So stated Brodie Clark, the former head of the United Kingdom Border Force, to a stunned Home Affairs Committee on November 15, 2011. Clark was giving oral evidence to the committee on why he had authorised the suspension of fingerprint checks during busy hours at U.K. airports. Pressed further, Clark said, “I knew of it, and I approved it because it was a very sensible thing.”
Case 2: “The FBI [Federal Bureau of Investigation] apologises to Mr Mayfield and his family for the hardships that this matter has caused.”
The FBI’s apology came in a public statement, dated May 24, 2004. Brandon Mayfield was an attorney in Oregon and a Muslim convert who was held as a material witness in the Madrid bombing of March 11, 2004. The Spanish police had located a latent fingerprint on a bag that contained explosives and sent it to the FBI. The FBI shortlisted potential matches from its fingerprint database. Two fingerprint experts, one internal and another external, concluded that the latent fingerprint belonged to Mayfield; one expert termed the match as “100% identification”. Mayfield was jailed on the basis of the fingerprint match. Two weeks later, the Spanish police informed the FBI that they had independently matched the latent print with Ouhnane Daoud, an Algerian national living in Spain.
The FBI’s fingerprint gaffe on Mayfield was not the first in the U.S. A few years earlier, Stephen Cowans had to serve a jail sentence of more than six years in Boston on the basis of a false fingerprint match. He was exonerated on the basis of DNA evidence.
For years, the infallibility of fingerprints as a mark of uniqueness has been some sort of a fairy tale. But with increasing cases of fingerprint mismatches leading to human rights violations like prison detentions, the confidence is waning. Indeed, it was such loss of confidence that contributed to the shelving of national identity projects in the U.K. and many other countries.
If the confidence is waning globally, in India there appears to be a deeply intriguing faith in the use of fingerprints in establishing unique identity for a population of 120 crore. The Aadhaar project is a classic example. Biometrics – particularly fingerprints – is a central feature of the Aadhaar project. That a Parliamentary Standing Committee had torn apart the robustness of the fingerprint technology – calling it “untested and unreliable” – is dismissed by the government. While time will indeed prove this faith misplaced, some immediate respect for the sceptical voice appears to be long overdue.
The entry of biometrics into Aadhaar is characteristic of how governments evade laws and misrepresent expert opinion to insert untested ideas into policy. In 2009 itself, the Biometric Standards Committee (BSC) of the Unique Identification Authority of India (UIDAI) was circumspect about using fingerprints in Aadhaar. It had stated that “retaining efficacy while scaling the database size… to a billion has not been adequately analysed”. The BSC also stated that “fingerprint quality, the most important variable for determining de-duplication accuracy, has not been studied in depth in the Indian context”. The reason: a large share of the population is dependent on hard manual labour, leading to worn-out fingerprints. This was an early note of caution, which the UIDAI ignored.
Even the BSC had failed to list out the problems of fingerprints comprehensively. For instance, the BSC was silent on the issue of “template ageing”, that is, an increase in “false rejection rates” as people age and sensor characteristics of fingerprint devices change. According to Kevin Bowyer of the University of Notre Dame, physical ageing of fingers results in decreased suppleness of the skin, more wrinkles, lesser flexibility of joints, and accumulated cuts and scars, all of which change the fingerprint itself. This implies the need to re-enrol a large proportion of people almost annually, making the system vulnerable to fraud.
There was another note of caution on fingerprints, which too was ignored. A report from 4G Identity Solutions, a supplier and consultant for the UIDAI, had mentioned in 2009 itself that about 15 per cent of the Indian population may fail to enrol because of unreadable fingerprints. It specifically noted that “people above 60 years and young children below 12 years may have difficulty enrolling in a fingerprinting system”.
On iris scans, the BSC was even more circumspect. It did not even provide error estimates for iris scans owing to the “absence of empirical Indian data”. It suggested the use of iris scans only “if they [UIDAI] feel it is required”. This stance of the BSC did not dissuade the UIDAI from deciding to scan irises too at enrolment. In fact, in a clear case of fudge, UIDAI Chairman Nandan Nilekani stated in an interview to PlanetBiometrics (July 5, 2010) that the BSC had “ recommended the inclusion of iris to the biometric modalities”. This was wrong; the BSC never made such a recommendation.
Biometrics appears at two stages in the Aadhaar project. The first stage is “enrolment”, where three sets of biometrics are collected from each resident: a photograph, fingerprints of all 10 fingers and iris scans of both eyes. The fingerprints and iris scans are used to uniquely identify (or “de-duplicate”) each resident and allot a unique Aadhaar number. The second stage is “authentication”; here, a service would be provided to residents only upon confirmation that his/her fingerprint “matches” the fingerprint stored against his/her name in the enrolment database. Iris scans are not used at the stage of authentication.
I shall try to argue here that at both the stages – enrolment and authentication – the quantum of errors associated with biometrics is too large to be ignored.
Errors in enrolment
Let us first take enrolment. Facts emerging from the ground reveal that there have been widespread errors at this stage and that biometrics has been of little help.
First, in Hyderabad, a data entry supervisor by the name of Mohammed Ali – a former employee of the Infrastructure Leasing and Financial Services Limited (IL&FS) – was shown to have enrolled more than 30,000 residents in a short span of three months. According to reports, all the 30,000 applicants had been issued Aadhaar numbers. There were two interesting aspects with respect to biometrics in this scam.
(a) Out of the 30,000 residents enrolled, about 870 people were enrolled as physically disabled (“biometric exceptions” in the UIDAI parlance). Their biometric information was not recorded. It is unclear as to how many of these 870 were actually disabled because most of their addresses were fake. It is also unclear as to how many thousands of such fake enrolments have already taken place across India.
(b) A large proportion of the 30,000 residents enrolled were not enrolled by Ali (because Ali had left IL&FS in between). Instead, these enrolments were done across 17 enrolment centres by other supervisors who used Ali’s login and password. While logging into the system, along with the login and password, supervisors have to submit their fingerprints. Typically, if the supervisor’s fingerprints were not matched as Ali’s, the system should have rejected access. Yet, all the supervisors could gain access to the system using their fingerprints. Clearly, the system was not able to identify the supplied fingerprints as not Ali’s.
Secondly, in what has been the most hilarious Aadhaar number provision to date, one Aadhaar number (4991-1866-5246) was issued in Anantapur district of Andhra Pradesh to a person named Mr Kothimeera (that is, coriander), with his father’s name as Mr Palav (biryani) and address as Gongura Tota, Mamidikaya Vooru (Mango village), Jambuladinne, Anantapur, Andhra Pradesh - 515731. To top it, the date of birth of Mr Kothimeera was recorded as 1887, and the photograph on the card was that of a mobile phone. It is as yet unclear as to what biometric records were supplied with “Mr Kothimeera’s” demographic details and how it passed the test of biometric de-duplication.
Thirdly, the Department of Posts is on record that across India, as on April 20, 6.46 lakh Aadhaar letters posted were returned because the addresses did not exist. In Andhra Pradesh itself, about 50,000 Aadhaar letters were lying undelivered because the addresses were fake. In Karwar, Ankola, Kumta, Honnavar and Bhatkal taluks of Karnataka, about 7,000 Aadhaar letters were lying undelivered because the addresses were fake. While fake addresses have nothing to do with biometrics per se, they provide corroborative evidence to the widespread fraud that takes place at enrolment.
In sum, biometrics has not been able to prevent large-scale errors at the enrolment stage itself. Available evidence itself is persuasive, and it may be logically suspected that unreported errors are of a far larger magnitude.
Errors in authentication
Interestingly, while three sets of biometrics are collected at the time of enrolment, only one set – fingerprints – is used for authentication. As R.S. Sharma, the Mission Director of the UIDAI, confirmed in an interview to Frontline in 2011, “fingerprint is the basic mode of authentication”. According to Nandan Nilekani, iris scans are not used at authentication because “it’s not a mature technology”. For the moment, we shall postpone asking the reasons for tweaking expert opinion and deciding to use an immature technology at the stage of enrolment.
In his Frontline interview, Sharma admitted that the “quality of fingerprints… poses a challenge for later authentication”. He also stated that “for manual labourers, this authentication will be difficult because only one or two of the 10 fingerprints may be good”. It would appear that Sharma was foretelling what the UIDAI’s Proof of Concept (PoC) studies published in 2012 were to reveal. The PoC studies reveal that fingerprint-based authentication of large populations is largely a non-starter, and point towards enormous risks of exclusion.
The PoC studies were internal studies on small populations conducted by the UIDAI to test the robustness of real-time, fingerprint-based authentication. There was no external review. In Phase 1, a small sample of 14,220 residents was studied in Tumkur district of Karnataka. In Phase 2, about 35,000 Aadhaar holders were covered across four States.
First, the results confirm the fear that most people in rural areas have unreadable fingerprints. There was also significant variation of quality across the fingerprints of each individual. However, the UIDAI does not admit this in as many words. Instead, the PoC report says: “Certain fingers were observed to provide better authentication accuracy due to good fingerprint ridges and hence better image quality.” Further, it says that “providing multiple attempts of the same finger was seen to improve resident’s chances of successful authentication”. Finally, “senior residents (60+) had the highest rejection rates”; age-wise rejection rates, however, are not provided.
Let us paraphrase the above three results: (a) only some fingers of residents showed best authentication accuracy; (b) even when fingerprint quality was good, authentication was not always successful at the first try; and (c) residents above the age of 60 years showed poor authentication accuracy.
Secondly, to bypass the pervasive problem of poor fingerprint quality, the PoC study defines a “best finger”. It is the finger that “provides the highest chance of successful authentication”. The idea of a “best finger” is a cop-out from the real problem of poor fingerprint quality. Only 93.6 per cent of the residents possessed at least one best finger. Thus, for 6.4 per cent of the residents authentication was not possible with a single finger. In absolute terms, when extrapolated to the population of 120 crore, a 6.4 per cent share translates to 7.2 crore persons. While the use of more than one finger improves authentication accuracy, the figure of 93.6 per cent provides an insight into the potential extent of exclusion due to fingerprint authentication.
Thirdly, authentication was possible only in the case of 93.5 per cent of residents with a single finger at the first attempt itself (see figure). In other words, in the case of about 6.5 per cent of residents (translating to 7.8 crore residents, when applied to 120 crore) authentication was not possible at the first attempt with a single finger. Even when three attempts were allowed, only 96.5 per cent of residents were able to be authenticated.
In India, even a small share of exclusion from authentication can imply the actual exclusion of crores of individuals. Further, when applied to larger populations, the share of residents without one best finger is likely to rise sharply. At 120 crore people, it is impossible to forecast what this share would explode into.
Contrary to the claims of the UIDAI, fingerprints will be a highly inappropriate tool to uniquely identify individuals. Given multiple errors during enrolment and the potentially high error rates at authentication, the use of fingerprint authentication is likely to foster a regime of misidentification and exclusion. Worse still, exclusion will be most acute among poor manual labourers. The poor record of fingerprint readers in U.K. airports and frequent fingerprint mismatches in the U.S. were also a result of fallibilities in the fingerprint technology.
The elderly is another group that would be massively excluded. As the PoC reports admit, those above 60 years had the “highest rejection rates” at authentication. Yet, the Mid-Term Review of the Eleventh Plan by the Planning Commission has recommended the use of Aadhaar fingerprints to pay pension to the elderly through the National Social Assistance Programme (NSAP). The recommendation is to use “banking correspondents”, who would carry handheld fingerprint devices, to make “payments at the doorstep”. A sure recipe for exclusion, it would appear.
In fact, the only group that appears certain to gain from the Aadhaar project is the global biometric industry. As Nandan Nilekani suggested in an interview, “the Unique Identification Project is creating new opportunities for biometric technology…. Our success can, therefore, determine the course the industry will take, since these technologies will be tested in India on an unprecedented scale.” On the other hand, the losses are likely to be felt mostly by the poor. It would be an irony that a project that is marketed in the name of “including the poor” would end up excluding them massively from whatever meagre provisions they obtain from the state today.
R. Ramakumar is Associate Professor at the Tata Institute of Social Sciences, Mumbai.