Prakash Chandra Sao
Abstract
The issues of concern around the UID scheme, I believe, are largely based on the issues of principles and practicalities. The issues of principles, I argue, are basically the rationale to carry out an identification scheme and its possible repercussions on certain abstract notions such as privacy. The issues of practicalities specifically refer to the infallibility of the biometrics technology to fix identity beyond doubt. It is also about the functioning of the technology in its application areas primarily in the social security schemes like the Public Distribution System. The contextualising of the UID scheme makes a firm case for the study of the global experiences of identification projects. The study of international experiences of such projects puts into perspective the nature, objectives, causes and challenges of the scheme.
Introduction
Overview of the Scheme
‘A crucial factor that determines an individual’s well-being in a country is whether their identity is recognized in the eyes of the government. Weak identity limits the power of the country’s residents when it comes to claiming basic political and economic rights. The lack of identity is especially detrimental for the poor and the underprivileged, the people who live in India’s “social, political and economic periphery”. Agencies in both the public and private sector in India usually require a clear proof of identity to provide services. Since the poor often lack such documentation, they face enormous barriers in accessing benefits and subsidies.’ [1]
The excerpt cited above reflects the insight of the Government of India for initiating the Unique Identification (henceforth UID) project in 2009. The project aims to uniquely identify every resident of the country by providing a 12 digit unique identification number, popularly known as the Aadhaar number. On January 28, 2009 the Unique Identification Authority of India (henceforth UIDAI or Authority) was constituted as an attached office under the aegis of Planning Commission and was entrusted with issuing the Aadhaar numbers and maintaining the demographic and biometric database of the residents. Soon after, on July 2, 2009 Nandan Nilekani, former co-Chairman of Infosys Technologies was appointed as the first Chairman of the UIDAI with the status of a Cabinet Minister. The Authority started functioning on July 23, 2009, the day Nandan Nilekani assumed charge (UIDAI Strategy Overview, 2010).
Thereafter, the UIDAI has partnered with the government (Central and State) and private sector agencies like LIC and Oil Ministry, which have come to be known as Registrars. The Authority has entered into Memoranda of Understanding (MoU) with each Registrar to facilitate the enrolment process. Yet another fact is it is neither the UIDAI nor the Registrars but the Enrolment agencies that are interacting with residents and collecting their demographic and biometric information. Most of the enrolment agencies empanelled with the UIDAI are either IT or online marketing companies (refer to 1).
The data collected, both demographic and biometric, is being stored in the Centralised database known as the Central Identities Data Repository (CIDR). The CIDR is also entrusted with carrying out the de-duplication of the demographic and biometric information thus ensuring that the data stored is clean. Moreover, the CIDR is also responsible for issuing the UID numbers. The fields of information that is being collected during the enrolment process are: name, address, gender, date of birth, introducers’ name and UID (in case of lack of documents), photographs, all ten fingerprints and both iris scans (refer to 1).
While stating the purpose of the exercise ‘UIDAI Strategy Overview’, one of the initial official documents released by the authority, states: ‘The purpose of the UIDAI is to issue a unique identification number (UID) to all Indian residents that is (a) robust enough to eliminate duplicate and fake identities, and (b) can be verified and authenticated in an easy, cost-effective way’ (refer to 1).
The document also highlights the benefits of having a unique number for identification. It states that any such mechanism would; (a) ensure instant identification and verification (b) help bringing down the transaction costs for the poor as identity has to be proven only once (c) transform the delivery of social welfare programmes by making them more inclusive of communities that are deprived of seeking benefits from such programmes due to the lack of identification (d) help government to shift from indirect to direct benefits and verify whether intended beneficiaries are receiving the subsidies (refer to 1).
The stated objectives evidently manifests that the project holds an utterly developmental angle. It has now been more than three years since the project’s implementation with the UIDAI has claimed the enrolment of 200 million residents in the first phase. The second phase of enrolments which sets to enrol 400 million residents has begun and makes a case to study the debates around it and the glitches in the large scale implementation of one of the Government’s most ambitious projects.
Background
Interestingly, the critics trace the origin of the UID project to the Multipurpose National Identity Cards (MNIC) project introduced during the NDA regime, whereas the UIDAI documents link its origin to a scheme titled ‘Unique ID for BPL families’ initiated by the Department of Information and Technology in 2006. Here, I have only argued the case put forward by the critics, while the UIDAI’s version of its origin can be found in the UIDAI documents.
R. Ramakumar, one of the close observers of the UID project argues:
‘The first steps to issue unique ID cards began with the controversial report of the Kargil Review Committee in 1999, appointed in the wake of the Kargil War between India and Pakistan. In its report submitted in January 2000, this Committee had noted that immediate steps were needed to issue ID Cards to villagers in border districts, pending its extension to other parts of the country’(Ramakumar, 2010, P.154).
Further, while putting the events chronologically to establish the origin of the MNIC project he says that in 2001 a report titled ‘Reforming the National Security System’ was submitted to the government by a Group of Ministers (GoM). This report which mainly relied on the findings of the Kargil Review Committee noted that:
‘Illegal migration has assumed serious proportions. There should be compulsory registration of citizens and non-citizens living in India. This will facilitate preparation of a national register of citizens. All citizens should be given a Multi-purpose National Identity Card (MNIC) and non-citizens should be issued identity cards of a different colour and design’ (Ramakumar, 2010, P.154-155).
Finally, while providing evidences to draw the links between the UID and the MNIC project he argues that in 2003 the NDA government decided to link the creation of the national register of the citizens with the decennial census surveys and that register was to form the basis for the preparation of MNIC cards. However, the Census Act of 1948 has strict provisions for privacy (see the section on Surveillance). Thus, as per Ramakumar, in order to dilute the privacy provisions of the Census, the Citizenship Act of 1955 was amended in 2003 to bring in the Citizenship (Registration of Citizens and Issue of National Identity Cards) Rules of 2003 (Ramakumar, 2010).
Subsequently, as per Ramakumar the MNIC project of the NDA government, initiated with purposes of combating illegal immigration and enhancing internal security, was replaced by the UID project of the following UPA government and the project witnessed a shift from the security to the development angle (Ramakumar, 2010).
It is to be mentioned here that the National Population Register of the Home Ministry is being carried out under the Citizenship Act of 1955 and the Citizenship Rules of 2003 and with the clear purpose of enhancing security.
A report in the Telegraph noted that;
‘…. residents already enrolled for Aadhaar will not have to give their biometric data again for NPR. They will be asked for the Aadhar number and their biometric data sourced from the UID authority. The smart card the ministry will issue to all Indian residents will carry the Aadhaar number for those who have it’ (Dholabhai, 2012).
Given the fact that the UID data is going to be shared with the NPR this assumption cannot be discarded that the UID is indeed serving purposes of surveillance and some questions on the objectives of the scheme still needs to be answered.
Criticisms
Since its origin the UIDAI has claimed that Aadhaar will be a single proof of identity that could be used to seek benefits from across public and private sector agencies. Moreover it has also been claimed that UID would serve a variety of purposes: ‘better targeting of government’s development schemes, regulatory purposes (including taxation and licensing), security purposes, banking and financial sector activities, etc’ (Ramakumar, 2010, P.155).
On contrary of these claims, since its very onset the critics of the project have argued about the UIDAI’s weak understanding of the functioning and challenges of the development schemes particularly the National Rural Employment Guarantee Scheme (NREGS) and the Public Distribution System (PDS). Similarly, on the basis of the international experiences of identity projects and biometric based authentication it has been argued that the technology used has so far been untested on a population scale of more than a billion. Moreover, concerns have also been raised on protection of privacy and civil liberties, again similar to global experiences. In the following parts of the paper I have tried to explore all these concerns and debates around the UID project through the arguments of the critics and the clarifications of the UIDAI authorities.
Moreover, in the above mentioned context the recommendations of the Parliamentary Standing Committee on Finance on the National Identification Authority of India Bill (NIDAI) 2010 must be considered. In its report the Committee has shown severe restrictions to the bill and the functioning of the UIDAI. To mention here, some of the important ones are:
- No Comprehensive Feasibility Study including cost benefit analysis has been carried out.
- Absence of data protection law would make it difficult to deal with issues relating to the misuse of personal information, profiling, tracking and linking of databases.
- The provision of verification of information of individuals by the registrars to ensure that no fake residents get enrolled into the system may lead to adverse consequences as far as national security is concerned.
- There is lack of clarity of purpose in the scheme and is being implemented in a directionless way and may get dependent on private agencies in future.
- There is uncertainty of the technology which is also untested, unreliable and built on several assumptions. The UIDAI is collecting biometrics information in spite of the adverse observations regarding the error rates of biometrics by the UIDAI’s biometrics standards committee.
- There is lack of coordination among the government agencies which is leading to duplication of efforts and expenditure.(Economic Times, December 10;s 2011)
Furthermore, the absence of any Parliamentary approval for carrying out a scheme of a scale of UID is also questionable. Although, the Government and the UIDAI has repeatedly argued that this is well within the powers of the executive, the arguments have not satisfied the Standing Committee and while reviewing the NIDAI bill the Committee has made following observation in this regard:
‘The clearance of the Ministry of Law & Justice for issuing aadhaar numbers, pending passing the Bill by Parliament, on the ground that powers of the Executive are co-extensive with the legislative power of the Government and that the Government is not debarred from exercising its Executive power in the areas which are not regulated by the legislation does not satisfy the Committee. The Committee are constrained to point out that in the instant case, since the law making is underway with the bill being pending, any executive action is as unethical and violative of Parliament‟s prerogatives as promulgation of an ordinance while one of the Houses of Parliament being in session’ (Standing Committee on Finance, Forty Second Report, 2011-12, P.28).
On the basis of the reservations observed by the Standing Committee, the NIDAI bill 2010 was discarded by the Committee in December 2011. The Committee also recommended the Government to bring forth a fresh legislation. However, this event was followed by the Cabinet sanctioning the mandate for the UIDAI to enrol another 400 million residents in the second phase.
The UK Experience
In the United Kingdom, the idea of an identification scheme first gained momentum in the backdrop of the First World War. This led to the creation of a population register in accordance with the first National Registration Bill (Agar, 2005 in Hosein and Whitley, 2010). A similar kind of register was introduced during the Second World War but it was then assigned with a variety of purposes like coordinating national service, national security and the administration of rationing (Thompson, 2008 in Hosein and Whitley, 2010).
After the two wartime identity cards several attempts were made by various Home Secretaries to introduce some sort of national identity document but none of them managed to make their way. Then, in 2002 the then Home Secretary David Blunkett came up with the proposal of “entitlement cards”. The Office of Government Commerce (OGC) reviewed the proposal several times between June 2003 and November 2004 and also made a number of detailed recommendations (Hosein and Whitley, 2010).
On 29 November 2004, following a two and half years of discussions and reviews of the proposal the Government introduced and published the Identity Cards Bill and changed the name of entitlement cards to identity cards. “The Bill outlined an identity policy that was very similar to that envisaged in the original consultation document and the OGC Reviews, based on a central register and the use of biometrics” (Hosein and Whitley, 2010).
The National Identity Scheme
The National Identity Scheme was proposed to be implemented as per the provisions of the Identity Cards Act 2006. As per the London School of Economics Identity Project Report the key components of the Identity Cards Bill 2004 were:
- The National Identity Register which is the information hub of the system. This sets to establish a central population register containing a wide range of details of every UK citizen and resident aged from 16years and 3 months.
- The Code: Every individual must be given a unique number, to be known as National Identity Registration Number (NIRN). This number will become the “key” for government and private sector organizations to access information on the register and, in certain circumstances, to share that information.
- Biometrics: Every individual must have to submit to fingerprinting and “other” means of physical identification which could be electronic facial recognition, signature and iris recognition.
- The Card: every individual must be issued an identity card, generated from and containing part of the information in the Register.
- Legal Obligations: Every individual must be required to produce the card in order to obtain public services.
- Administrative Convergence: The number and the card register will be used by a variety of agencies and organizations both for access and disclosures.
- Cross Notification: Agencies will be required to notify each other of changes to a person’s details. Clause 19 authorises the Secretary of State to disclose details from the register to other agencies without the consent of the individual.
- New Crimes and penalties: The Bill establishes a large number of new crimes and penalties to ensure that people comply with the ID requirements (The Identity Project Report, LSE, 2005).
The Stated Objectives of the UK Government
As per the Governments’ Identity Card website, the National Identity Scheme aims to
- protect people from identity fraud and theft;
- strengthen security and improve public confidence;
- tackle illegal working and immigration abuse;
- disrupt the use of false and multiple identities by organised criminals and those involved in terrorist activity;
- ensure free public services are only used by those entitled to them;
- make travelling in Europe easier;
- provide a secure way of applying for financial products and making financial transactions, including those made over the internet;
- allow the police to identify suspects and people they arrest more quickly (Hosein and Whitley, 2010).
It is evident from the Government’s declaration of its objectives that it sets to serve multiple purposes with a mix of developmental and security issues. While the UK Government aimed to achieve a variety of purposes through a single scheme, most of the criticisms were severely sceptical at the time. While commenting on the objectives of the scheme Edgar Whitley and Gus Hosein, Research Coordinator and Project Mentor respectively of the LSE Identity Project observe:
- ‘It is interesting to note that many of the aims and benefits of the Scheme have a strong Government rather than citizen-centric perspective, with very different technological infrastructures underlying them. For example, a government-centric identity policy which addresses border control issues would need a very different on-line, identity checking facility from a user-centric one for enabling secure electronic commerce transactions on-line……’ (Hosein and Whitley, 2010, P.99).
Technological Intervention
As stated above, the Identity Cards Bill 2004 which, followed by a few amendments, gives way to the Identity Cards Act 2006, explicitly mentions the collection of biometrics i.e. facial image, finger prints and iris images as an integral part of the scheme (Refer to Clause 5(5), Identity Cards Bill, 2004). This particular provision refers to the immense use of technology in the entire scheme. At the initial stage the Government seemed to be quite a proponent of the biometrics technology:-
‘The Governments’ faith in biometrics was remarkable. Repeated statements from Ministers and even the Prime Minister indicated that they believed that biometrics made the entire scheme not only possible, but necessary’ (Office of Government Commerce, 2003 in Hosein and Whitley, 2010; 148).
This belief of the Government was questioned in the LSE report that draws attention to certain potential glitches in the proposed biometrics within the Scheme which was supposed to be implemented on a population scale of more than 50 million. The suggestions made in the report were primarily based on the analyses of the scientific evidences and existing studies available.
On the basis of the study undertaken, the LSE report suggested an alternative blueprint that avoided relying on biometrics to help achieve a perfect, unique identification and enrolment process but this was discarded by the Home Office. However, the following years witnessed an unprecedented alteration in the Governments’ policy in the wake of further consultation on the collection of biometrics. Iris Scans were decided to be dropped from the Scheme in 2006 (Hosein and Whitley, 2010, P.149, 152).
In its concluding remarks on biometrics the LSE report says:
‘It is important not to perceive technology as a panacea for social troubles. It is also important to understand that there is no perfectibility of technology; technology can be improved, but the notion of achieving perfection is at best misguided, at worst dangerous. Technology may be scientific, but once outside of the laboratory, it involves engineering’ (The Identity Project Report, LSE, 2005; 185).
The Projected Cost and the LSE Analysis
It is believed that the cost involved in the implementation of the National Identity Scheme is among the key causes of the Scheme being scrapped. While the Identity Cards Bill was being discussed in the Parliament, the LSE researchers have repeatedly argued that the Government was reluctant to share the projected costs of the Scheme on the grounds of commercial confidentiality (Hosein and Whitley, 2010; 171).
In the earliest version of the Bill i.e. in 2004 the Government’s Regulatory Impact Assessment estimated per annum cost of £415 million which was observed to rise by £169 million to become £ 584 million in the year 2005. This trend shows a considerable increase in the Governments’ estimation of the projected cost (Hosein and Whitley, 2010; 170).
The LSE Identity Project undertook an in-depth analysis of the Government’s projected cost and also reviewed the expenses covering the biometric equipment, validity period, enrolment, card replacement, developing, maintaining and updating the national register, administrative costs and public and private sector costs. The LSE researchers suggested that considering the above factors the ‘national identification schemes’ implementation and running costs together with direct associated costs and compliance, will be in the range of £10.6 billion – £19.2 billion during the implementation (operation of the first ten years) of the scheme’ (The Identity Project Report, LSE, 2005, P.245). This estimate, of the lowest figure being £10.6 billion and the highest £19.2 billion with a median of £14.5 billion was much higher than the Government projections.
On the costs involved in biometric usage, the LSE report says:
“The government has substantially underestimated the cost of biometric readers. Because of physical irregularity or mental impairment, a significant number of people are unable to provide a stable biometric unless expensive equipment is used” (The Identity Project Report, LSE, 2005; 11).
The LSE Identity Project Report
As discussions on the Bill began it was felt that many of the governments’ claims about the science and technology behind the scheme (i.e. the design of the Register and the use of biometrics for verification purposes) were being accepted at face value. For instance, in 2005 the then-Prime Minister Tony Blair said that identity cards were “an idea whose time has come” (Hosein and Whitley, 2010; 79). Later in 2006, he also linked the idea of introducing identity cards with modernity as he said, ‘the case for ID cards is a case not about liberty, but about the modern world’. (Ramakumar, 2011).
As a result of the increasing scepticism on the Identity Cards Bill and other Government proposals a group of researchers based at the LSE undertook an analysis of the bill to develop policy discussions around it. The ‘LSE Identity Project’, as the research team was called, released an Interim Report in March 2005 to seek feedback of the analysis put forward (LSE Identity Project, 2005). The key conclusions of the LSE Identity Project were:
- Multiple Purposes: The multiplicity of objectives in the UK Scheme suggests that that it has been “gold-plated” to justify the hi-tech scheme.
- Will the technology work? The operability of biometrics and other technologies involved has never been tested at such a large scale.
- Is it legal? In its current form, the Identity Cards Bill appears to be unsafe in law. A number of elements potentially compromise privacy of individual’s data.
- Security: The National Identity Register will create a very large data pool in one place that could be an enhanced risk in case of unauthorised accesses, hacking or malfunctions.
- Will ID cards benefit businesses? Compliance with the terms of the Identity Cards Bill will mean even small firms are likely to have to pay for specialist readers which, together with other requirements, will add to the administrative burdens firms face (Hosein and Whitley, 2010; 81).
How the National Identity Scheme got scrapped?
The Identity Cards Act 2006 enacted during the Labour party regime which provided the framework for the National Identity Scheme was repealed by an act of the UK Parliament in 2010. On 26 May 2010, the David Cameroon-Nick Clegg led coalition Government introduced the Identity Documents Bill in the House of Commons that received the Royal Assent on 21 December 2010 to become the Identity Documents Act, 2010. The Act repeals the Identity Cards Act 2006 that primarily entails to cancel all existing ID cards and the National Identity Register and destroy the data held on the register within one month of Royal Assent, remove the statutory requirement to issue ID Cards, close the Office of the
Identity Commissioner and give no refunds to existing cardholders (Identity Documents Bill, 2010).
The international experience of identity projects illustrates the fact that the stated objectives of most of the countries were similar, be it combating illegal immigration or the extension of social security services through the identity cards. Inversely, the issues concerning privacy and civil liberties or technology vary according to the cultural and historical context. On that note, I believe that the study of the global experiences of identity projects makes a firm basis to study the issues of privacy and civil liberties in India in the backdrop of the Unique Identification project.
Privacy and Civil Liberties Debates
Is Privacy a Western Concept?
Since the debates around the UID project have gained momentum and privacy concerns have been raised by the critics it has been frequently argued by the proponents of the project that western notions of privacy have no meaning for a country like India and its culture. This belief alone questions the idea whether India actually possess some values of privacy in its culture. If yes, then how is it different from the western understanding? Or, is it the case that we draw our notions of privacy from the western countries? These questions need to be answered before moving ahead into the privacy debates around the Unique Identification scheme.
Martha C Nussbaum, the renowned philosopher and feminist argues this concern in her paper titled ‘Is Privacy Bad for Women?’ She observes, ‘assuming that there is such a thing as “Indian culture”….India draws certain concrete lines in different places than does America’ and she is also of the view that ‘if we consider the general meanings of “privacy” typically acknowledged as most salient in American discussions, India also marks each of the notions as salient, and ascribes value to protecting the concerns that fall under them’. (Nussbaum, 2000)
In support of her argument she cites three cases. One, she argues, like in the United States or in any other part of the world, in India also people ‘recognise that certain types of information about oneself are privileged, and that it is bad for outsiders to publicise them without consent’. Secondly, she believes that ‘in India, as in the US, there is a deep concern for keeping certain parts of the body, and certain bodily acts, hidden from the sight of others –and also a more general concern that, whatever one is doing, one should not be watched without one’s consent’. Thirdly, she puts that there is an ‘interest in decisional autonomy or liberty in certain areas, especially definitive of the person’, and by saying so she further suggests that interest in self-governed choice is not an outcome of “Western Individualism” and is also not alien to non-Western cultures. All these aspects of privacy, Nussbaum believes, are ‘among the most ancient and deeply traditional concerns of both Hindu and Muslim cultures’. (Nussbaum, 2000)
Another question is: how are the notions of privacy prevalent in India different than the western one? Seemingly, Nussbaum answers this query with a brief example which reads; ‘any American visitor to India is likely to feel, at some time, a longing for a “room of one’s own,” and a feeling that this culture is strange in its lack of regard for personal solitude- – one of the things that is called, not too misleadingly, by the name “privacy”’. But she further argues, ‘differences of class, sex and region construct major internal differences within each nation,’ and finally her argument rests in the assertion that, ‘of course, lines are drawn in different places’. (Nussbaum, 2000)
Privacy as a “Right” in the Constitution
Prior to analysing the privacy issues around UID, it is important to examine the significance of privacy in the Indian Constitutional tradition. The Constitution of India does not explicitly recognise the right to privacy but time and again its existence has been accepted through several Supreme Court rulings. To elaborate this stance, I would quote a couple of judgements of the Supreme Court, the final interpreter of the Constitution, from A.G. Noorani’s write up on privacy published in the Frontline. He writes, ‘In the Nakheeran case [R. Rajagopal vs State of Tamil Nadu (1994) 6 SCC 632], the court said:
‘The right to privacy is implicit in the right to life and guaranteed to the citizens of this country by Article 21. It is a ‘right to be left alone’. A citizen has a right to safeguard the privacy of himself, his family, marriage, procreation, motherhood, child-bearing and education, among other matters’ (Noorani, 2011).
The judgement of the Supreme Court in the second case– Ram Jethmalani vs Union of India, is the most recent one. The case is popularly known as the Black Money case and the judgement as Black Money judgement of 2010. In that, Justices P. Sathasivam and H. L. Gokhale observed:
‘Right to privacy is an integral part of right to life. This is a cherished constitutional value, and it is important that human beings be allowed domains of freedom that are free of public scrutiny unless they act in an unlawful manner….’ (Noorani, 2011).
The Supreme Court rulings cited above makes clear that the right to privacy is an implicit part of the Article 21 of the Constitution that states, “No person shall be deprived of his life or personal liberty except according to procedure established by law”(Kashyap, 2001, P.133). It means that any violation of the right to privacy must be considered as an infringement of a fundamental right.
UID and Data Security
The Parliamentary Standing Committee on Finance, while reviewing the National Identification Authority of India Bill 2010 (referred as the NIDAI bill by the Committee), has considered the bill as unsafe in the lack of any privacy and data protection law. Furthermore, in this regard the Ministry of Planning had been asked by the Committee to comment on the proposal that the NIDAI bill be produced only after passing legislation on privacy and data protection to ensure no conflict between the two laws (Standing Committee on Finance, Forty Second Report, 2011-12, P. 21).
The most debated argument so far on privacy is the security of the data collected by the UIDAI, considering that the agencies involved in the process of data collection are mostly private companies. On the question of how is the UIDAI ensuring the data security of millions of people, Ashok Pal Singh, the Deputy Director General (Admin), UIDAI, says:
‘The moment the data is keyed in it is encrypted with the highest level of security, so we believe that it is not possible for that agency to extract that data even a second after it is encrypted. That is one. Secondly, there are definite conditions for the enrolment agency that for how long it can even keep the encrypted data package and they are not allowed to replicate it. So, the agency has absolutely no control over it.’ [2]
However, it has been reported in the media that the Home Ministry was not satisfied with the quality of data collected by the UIDAI with the Home Minister, in one occasion, stating the UID data was not secure and that ‘the possibility of fake identity profile in the UID data is real’ (Jain, 2011).
Surveillance
Another alarming concern expressed in association with the Unique Identification project is indeed surveillance. Although it could be assumed that the UID cannot have a direct implication on surveillance, its critics have rigorously argued that it could facilitate cross linkages of databases, more conveniently understood as the convergence of databases. Here, for the critics the matter of concern is that such a convergence could account for rising surveillance based on technologies which could not be assumed fool proof and hence reliable (see the section on Technological Determinism).
The Home Ministry is building a National Population Register with the purpose of enhancing internal security through combating identity theft and illegal immigration. Interestingly, this exercise is being carried out not as per the provisions of the Census Act 1948 but under the Citizenship Act of 1955 and the Citizenship (Registration of Citizens and Issue of National Identity Cards) Rules 2003 which surprisingly lack the terms of confidentiality of the data unlike the census. Evidently, ‘Section 15 of the Census Act categorically makes the information that we give to the census agency “not open to inspection nor admissible in evidence”’ (Ramanathan, 2010; 12). The NPR sets to strictly enrol only the citizens of India thus excluding the non-citizens. More importantly it is to be mentioned here that enrolment under the NPR is mandatory and every individual and the ‘head of the family’ is expected to provide updated information about the family members along with the biometrics, and failure to do so will lead to penalty (Ramanathan, 2010).
Now, the question is what are the links between the NPR and the UID? To answer this, R. Ramakumar argues:
“The Census of India website quotes, ‘data collected in the NPR will be subjected to de-duplication by the UIDAI. After de-duplication the UIDAI will issue a UID number. This UID number will be a part of the NPR and the cards issued by the NPR will bear this UID number.” [3]
Basically his argument is that since enrolment in the NPR is compulsory and the NPR data have to bear UID number of individuals, it makes the UID compulsory by law. The entire argument is despite the claims of the UIDAI that they only intend to provide individuals with identity; its linkage with the NPR manifests it being used for surveillance purposes.
In the light of the controversies over the quality of the UID data and on the basis of its review of the NIDAI bill, the Parliamentary Standing Committee made the following observation and recommendation with regard to the data protection and convergence:
‘….Considering the huge database size and possibility of misuse of information, the Committee are of the view that enactment of national data protection law, which is at draft stage with the Ministry of Personnel, Public Grievances and Pensions, is a pre-requisite for any law that deals with large scale collection of information from individuals and its linkages across separate databases’ (Standing Committee on Finance, Forty Second Report, 2011-12; 32-33).
One of the lessons that can be drawn from the global experiences of identity projects is indeed the protection of privacy from abuses and consequently preventing the violations of civilian rights and liberties. Information about people has always been seen as a medium of controlling the population by the ruling elites. Sometimes the objectives have been stated as policy making while most of the other times it is carried out for security reasons. Modern states are known to have approached its citizens for collecting their information and it has become difficult to assume the real intent. The situation becomes alarming in cases when the purposes are ambiguous or when there is multiplicity in it, as observed by the LSE report in the UK National Identification Scheme. In such cases, I assume the possibility of breaches of privacy becomes high, as the State is not very clear about what it wants to achieve and hence it goes on exerting its power on the citizens.
Also, it must be clear here that breaches of privacy are closely associated with violations of other liberties and rights of the citizens. For instance, if citizens have to forcibly share some personal information with any state agency which they would rather not prefer to do, there will always be a fear in their mind of the disclosure of that information. Such cases of privacy invasion could easily end up affecting other liberties enjoyed by them.
In the current context of UID, the matter of concern is that it seems to act as a bridge between the silos of information, further facilitating the convergence of databases. It is quite possible that the information will become vulnerable to access by the state and private agencies, thus leading to privacy breaches. Such information, on the one hand can become a tool of surveillance for the security agencies of the state, while on the other hand it can also be used as a commodity by the profit targeting private players of the market. In a neo-liberal economy where the private players are equal participants in the basic service deliveries, this is indeed an issue of concern.
Aadhaar and Service Delivery
Since its inception, the Government of India and the Unique Identification Authority of India (UIDAI) has been casting the project as a pro-poor approach. The idea is that since the poor lack an effective mechanism to prove their identity, they fail to access the social welfare schemes of the government. The other pro-aadhaar argument is that the technology based verification and authentication of potential beneficiaries will help check corruption in the social security programmes. This belief in technology makes a firm case to scrutinise the nitty-gritty of the technological elements in the entire UID process.
Technological Determinism
The ICTs (Information and Communication Technologies) have always been seen as an effective tool of governance across the world. Since it is an idea which came up with modernity, the modern state has used it widely in governance and administration, also sometimes with immense interference of market forces. There cannot be any other recent, well suited example of ICT initiative in India other than the ongoing UID project. Along with providing the residents with a 12 digit unique identification number, it also envisages to maintain a centralised database of individual’s demographic and biometric information. The argument behind the collection of biometrics is its requirement in the de-duplication process, henceforth assuring that the data stored in the central database i.e. CIDR (Central Identities Data Repository) is clean and unique. In this context, it must be clear that the biometrics is referred to as the facial image, finger prints and iris scans.
What is Biometrics?
As defined by the report of the Wither Biometrics Committee of the National Research Council of the United States, biometrics ‘is the automated recognition of individuals based on their behavioural and biological characteristics…..It relies on the presumption that individuals are physically and behaviourally distinct in a number of ways’ (Ramachandran, 2011). While explaining what biometrics means in scientific terms and how it has distinctive features, Indian biometric expert Jude D Souza observes:
‘In scientific terms biometrics is the measure of human characteristics that are part of a human being. So specific measurement systems of these traits and characteristics is what biometrics is all about. These have distinctive features; for example certain type of biometrics would be present in say humans and not in primates, certain type of biometrics would be present within humans of a specific race. So, Europeans would have certain distinguishing biometrics than Red Indians. In the current context of identification, biometrics usually refer to finger prints, face recognition, iris scans, retinal scans, voice imprints.’ [4]
However, he believes that biometrics are not fool-proof and there is a margin of error. An authoritative statement could be made that certain characteristics are unique to certain population of humans. Furthermore, as per D Souza the biometric system works under different set of principles. For instance, finger prints require high quality images, multiple capturing and also templates created from the images are required to be from a fixed template creation engine. Also, environmental factors like high humidity, high temperature in summer, dry and cold skin in winter and wet and moist palms in monsoon are responsible for variations in measurement. So he adds that it requires biometrics to be taken in varying conditions so that the varying conditions are represented in the data set. Apart from the environmental variations, he adds, being a part of living DNA biometrics keeps changing as we age (refer to 4).
Is biometrics a reliable technology?
As the UIDAI largely relies on the biometrics for the authentication of identity, it becomes significant in the supposition that any kind of technological error or failure specifically with biometrics could adversely affect the UID linked services importantly PDS. On the contrary, the limitations of biometrics in proving identity beyond doubt have been argued time and again by biometric and legal experts.
Interestingly, on the one hand the UIDAI looks quite certain about the infallibility of biometrics as the Biometrics Standards Committee of the UIDAI recognises that ‘a fingerprints-based biometric system shall be at the core of the UIDAI’s de-duplication efforts’ and also on question of whether such an extensive use of biometrics as an identification mechanism is a practical idea, A. P. Singh, the DDG, UIDAI says; ‘Today there is no doubt about it. We have enrolled 200 million people which is the largest database in the world and the failure rate is less than 0.5 percent. He further adds that ‘….Because we take ten finger prints, even one is good enough to de-duplicate and if none of them are… the iris is good enough to de-duplicate’. He also states that ‘except for 0.5 percent we have been able to de-duplicate everyone’ and ‘we are saying that 0.5 percent also we will tackle’ (refer to 2).
Whereas, Jude D Souza, through an interesting and simple example of how fingerprint technology can be spoofed, affirms that biometrics is actually not infallible. He says that any hygroscopic material that retains certain amount of moistures works absolutely well as a fingerprint medium like Fevicol and that medium when spread on a template (which is in the form of a negative) created by lifting a fingerprint from a glass or any clean surface becomes the positive and is able enough to spoof the fingerprint reader (refer to 4).
The problems arising due to the practices (in this case the enrolment exercise) and eventually the implementation accounts equally in the overall failure of the policy in comparison to the problems due to the policies and its underlying principles.
Figure 1: Azadpur Enrolment Camp in Delhi
Error rates and Accuracy
Several cases of eroded finger prints of manual labourers, those with accidental damage to hands and fingers from burns, chemicals and other agents have been extensively argued previously and to some extent the UIDAI has even admitted certain cases. The Director General of the UIDAI R.S. Sharma has admitted in an interview that ‘capturing fingerprints, especially of manual labourers, is a challenge. The quality of fingerprints is bad because of the rough exterior of fingers caused by hard work, and this poses a challenge for later authentication.’ Further he adds, ‘issuing a unique identity will not be a major problem. But authentication will be, because fingerprint is the basic mode of authentication’ (Srinivasan, 2011).
Prior to this the Biometrics Standards Committee of the UIDAI in one of its initial report has foreseen some challenges on the biometrics accuracy. The report says,
‘An accuracy rate (i.e., True Acceptance Rate) of 99% is reported in the test of commercial system performance. Two factors however raise uncertainty on the extent of accuracy achievable through fingerprints: First, the scaling of database size from fifty million to a billion has not been adequately analyzed. Second, the fingerprint quality, the most important variable for determining accuracy, has not been studied in depth in the Indian context’ (UIDAI Committee on Biometrics, 2009).
Further, in a report, 4G Identity Solutions, a supplier and consultant for the UIDAI, recognises that ‘people above 60 years and children below 12 years have difficulties in enrolling with fingerprints. Owing to such bad or noisy data, “the failure to enrol is as high as 15 per cent” in India; this involves a minimum of 180 million persons’ (Ramakumar, 2011).
The question that arises is that is the biometrics capturing of manual labourers going slickly in the enrolment camps? To answer this I must cite some observations from my visits to several enrolment camps in Delhi.
Being a highly technological driven process, the enrolments are encountering problems at the same rate. At Mongolpuri in Delhi, a Bengaluru based IT Company Strategic Outsourcing is carrying out the enrolment exercise. While explaining the enrolment process one operator of the company admitted that fingerprint capturing is difficult with manual labourers and children below 5 years of age. In such cases, he informed that they have been instructed to force capture after four attempts. ‘The best one of the four is selected to store into the central database during de-duplication’, he added.
As per my understanding this method of forcibly capturing biometrics could be troublesome in future, as it could deprive the people to seek benefits from the UID linked services. Say, if a manual labourer goes to the PDS shop to get subsidized grains and if his fingerprints mismatch the one in the stored data, he will not get the benefits, as the identity is not proved.
Yet another finding from my research is again an erroneous element in the technological proceedings in biometrics. A technical advisor of the same enrolment agency at Azadpur enrolment camp in Delhi revealed a severe glitch with the Aadhaar client software. He explained that every set of information (demographic and biometric) of individuals known as packets are needed to be sent for de-duplication. But prior to that, each packet needs to be verified by a live or active operator through his thumb print which is already stored in the database. Ideally the software should reject any other thumb print but this is not the case. This, he adds, ‘is a major software fault and could be misused in many ways’.
Figure 2: An operator verifying a packet through her thumb print
With regard to this technological malfunctioning the IT head of the agency is of the view that in such a case the packet will be rejected during de-duplication because of not having been verified by an authentic supervisor. Ashok Pal Singh, the DDG (admin) UIDAI, is also of the same view and further adds that the agency will not be paid for all such enrolments as they have a provision to pay only for successful transactions.
Not quite certain of the de-duplication accuracy, the above stated software fault could have two possible drawbacks. One, if such packets get ahead of the de-duplication successfully the probabilities of fake identity creation goes up. Second, if they get rejected, the person fails to get a UID. The DDG’s assertion seems to be an effective measure in administering the process but the social costs of such technological glitches still remain unanswered.
Figure 3: A man giving iris scans as part of the enrolment exercise
UID and Social Welfare Schemes: the case of PDS
Whenever it comes to the impacts the UID would have on the flagship social welfare schemes of the government like the NREGS and PDS, the feasibility and practicality are doubted first. It has been argued by several scholars that the UIDAI working papers illustrate a poor understanding of the hitches in the functioning of the NREGS and PDS. The UIDAI’s assumption that the lack of an effective identity proving mechanism restricts the poor from accessing the benefits of government schemes is not acceptable to scholars and practitioners with a firm understanding of issues.
The Public Distribution System (hereafter PDS) was established in 1965 as a part of the national food policy with the main objectives of ‘(a) maintaining stability in the prices of essential commodities across regions; (b) ensuring food entitlements to all sections at reasonable and affordable prices; and (c) keeping a check on private trade, hoarding and black-marketing’ (Ramakumar, 2011). Under this, the two important features were procurement of food grains from the farmers at a minimum support price and distributing them through the PDS. However, in 1997 the universal PDS was abolished by the government and replaced with the TPDS (Targeted Public Distribution System) and since then it has been argued that the TPDS has resulted in– (a) narrow targeting through the classification of population into APL (above poverty line) and BPL (below poverty line) families; and (b) inclusion and exclusion errors occurring due to inefficient method of identification of poverty based on income (Ramakumar, 2011).
One fundamental argument of the UIDAI on linking the UID with social welfare schemes is that the poor’s inability to prove identity leads to exclusion from seeking benefits of government schemes. The working paper of the UIDAI on UID and PDS identifies certain areas of PDS reforms which include addressing beneficiary identification, addressing exclusion/inclusion errors, diversions and leakages etc. And the UIDAI envisions eliminating these limitations through adequate identification and authentication mechanism. [5]
But to scholars, academicians, economists and practitioners, having an understanding of PDS’ functioning, its merits and limitations, the UID does not address the real problems with in the PDS.
As per Reetika Khera, a development economist, the two important causes for the exclusion of a large number of people from welfare schemes are: one, poor coverage because of low allocation of funds and two, misclassification of people. This situation, Khera argues, leads the government to making the welfare programmes targeted schemes. In targeted schemes, benefits are conditional upon being classified, for instance selection of BPL families is based on census surveys which is conceptually flawed and poorly implemented (Khera, 2011).
As discussed earlier the transformation of the PDS into TPDS which is based on the income level of the households has seen exclusion of larger sections of society. On this note, R. Ramakumar argues that classification of APL or BPL households is based on a survey conducted in one year and that classification is followed for many years. Whereas, incomes of rural labour households fluctuate considerably due to uncertainties in the labour market. Such barriers to efficiency in the PDS cannot be solved through UID (Ramakumar, 2010).
Aadhaar also sets to address the issues of diversion and leakages by eliminating fake ration cards through aadhaar based authentication (Khera, 2011). In response to such claims of the UIDAI critics are of the view that the UIDAI has given over-emphasis on leakages caused due to bogus ration cards. In his article ‘PDS in Peril’, Ramakumar admits that fake ration cards do exist in many states but he argues that its proportion across the states is small, ranging from 2 to 13 percent. Moreover, he also highlights that many states have already identified and eliminated bogus cards. Further, he suggests:
‘The annual report for 2010-11 of the Department of Food and Civil Supplies notes that 208.57 lakh fake ration cards were eliminated across 26 States, as of December 2010. In many of these States, the issue of new ration cards and PDS operations are at advanced levels of computerisation. Some States have successfully introduced hologram-enabled technologies to eliminate duplicate ration cards’ (Ramakumar, 2011).
Chhattisgarh is one among those states where PDS has seen remarkable improvements in terms of plugging the leakages. With the objective of bringing transparency and consequently curbing corruption in the food grain supply chain, the government of Chhattisgarh has computerized the entire mechanism of Paddy procurement and the PDS. The idea behind this move is to reduce the rate of diversion and leakages and eliminate bogus cards. As per Reetika Khera, the issuing of hologram enabled cards has eliminated 8 percent duplicates (Khera, 2010) and diversion has declined from half to zero percent between 2004-05 and 2007-08 (Khera, 2011).
In a personal interview with me, Dr. Alok Shukla, Deputy Election Commissioner, Election Commission of India, who was formerly Secretary with the Food and Civil Supplies Department of the Chhattisgarh Government, shared some methods he used in reforming the PDS in Chhattisgarh.
While speaking on the structural problems within the PDS he stated that since the PDS is a subsidy scheme there is incentive to steal and incentives are larger in states that produce like Chhattisgarh. The nexus between the rice millers, fair price shop owners and corrupt officials results in the recycling of the PDS commodity. As a result, he explains, the rice which is given by the rice miller to the government gets recycled in the rice mill instead of reaching the beneficiaries. Also, he states that since there is a huge market outside India rice is stolen for the purpose of exporting outside. For instance, in countries like Bangladesh where the production is low with respect to the population, rice can be sold at a much higher price. With subsidies becoming enormous these days, the incentive to steal has also increased. As per him, this nexus is a real structural problem that leads to diversion and leakages. [6]
On the question of how could UID address problems of leakages, Dr. Shukla affirms:
‘Actually UID itself will not prevent leakage that is something that we must understand. All a UID does is to identify a person, that’s all, nothing more and nothing less. So by identifying a person leakage not stops because fake ration card is not the only reason for leakage. That’s one of the important ones. There are several other reasons for leakages which will not be plucked by UID’ (refer to 6).
The Chhattisgarh model of PDS reforms has been largely praised within the academia. While speaking on the measures taken to identify the ghost beneficiaries and fake ration cards, Dr. Shukla stated that the government cancelled the existing ration cards. Then data was collected and fed into a central server and new ration cards were printed from a centralized database. These ration cards were distributed in the presence of all the villagers so that fakes were identified (refer to 6).
Another crucial assertion of the UIDAI regarding the application of Aadhaar in PDS is its portability feature that would ensure the beneficiaries to withdraw their entitlements from any FPS (fair price shops) across the state; through Aadhaar based identification and authentication (refer to 5).
To this claim of the UIDAI, several economists and observers of the PDS functioning have raised operational issues regarding the practical barriers to such an idea of portability. On this note, Khera argues that UID is portable but benefits may not be. As suggested by the UIDAI if grain allocations to FPS shops are based on previous month’s sales matching supplies to an unpredictable demand would be difficult. Each state has a fixed allocation of food grains based on the number of ration cards. In such cases building interstate portability is challenging considering migration across the states (Khera, 2011).
The critics have argued that the desired portability could be achieved through various other existing means like using hologram enabled ration cards or smart cards (Ramakumar, 2011).
Dr. Shukla who has been awarded the Prime Minister’s award for his contribution in the team initiative in the ‘Computerisation of Paddy Procurement and Public Distribution System’ in Chhattisgarh is also against the provision of biometric identification to get PDS entitlements and considers it a completely impractical idea. Also, his views do not go along with the idea of replacing the present TPDS with introducing food stamps and direct cash transfers. He also believes that reforms through technologies are possible in many ways, as he says, ‘We used a lot of technology in the PDS in Chhattisgarh. We did the end to end computerization of the entire system, and then we introduced the SMS alerts to empower the villagers with information and thus check diversions’ (refer to 6).
It is to be considered that even people in the Government are not of the same view what the UIDAI envisages to improve the PDS and also the problems that the UIDAI observes in the present PDS functioning. The role of aadhaar in improving the PDS functioning as illustrated by the UIDAI has not satisfied the critics. Inversely, many of them believe that it could lead to narrower targeting resulting in augmented exclusion rates.
Conclusion
The Unique Identification scheme is a key public policy issue concerned with the lives of a billion plus people in the country. Being such a significant policy issue it needs to go through a well debated policy deliberation considering every claim of the UIDAI and the criticisms raised by the critics.
Moreover, I believe that appropriate lessons must be drawn from the international experiences of identity projects be it on the technological efficiency, centralised database or on issues like privacy and civil liberties.
The Parliamentary Standing Committee report has raised serious concerns while reviewing the NIDAI bill and has made several recommendations. The Government must take it seriously and should address the issues raised. As recommended by the Committee, alternatives to UID must be given a thought.
Considering the criticisms and issues raised by the critics, I am of the opinion that the Government must rethink before going ahead with the scheme as many processes have proved to be flawed and the purposes are still not clear.
Bio-note
Prakash Chandra Sao has studied M.A. in Media and Cultural Studies from Tata Institute of Social Sciences. He has studied the Unique Identification scheme and has submitted his dissertation on it as part of the course. He has also been a LAMP fellow and has worked with a Member of Parliament for a brief period.
References
Kashyap. S., (2001). Our Constitution. 5th ed. New Delhi: National Book Trust. P133
Khera. R., (2010). “Not all that unique”. Hindustan Times. August 30.
______. (2011a). “The UID Project and Welfare Schemes”. Economic and Political Weekly. 9, P39.
______. (2011b). “Trends in Diversion of grain from the Public Distribution System”. Economic and Political Weekly. 21, P110.
Lok Sabha Secretariat (Ministry of Planning). (2011). Forty Second Report. Standing Committee on Finance ‘The National Identification Authority of India Bill, 2010’ (http://www.prsindia.org/uploads/media/UID/uid%20report.pdf)
London School of Economics and Political Science. (2005). “The Identity Project: An assessment of the UK Identity Cards Bill and its implications” The London School of Economics and Political Science. Available at: is2.lse.ac.uk/idcard/identityreport.pdf [Accessed on 30 December 2012]
Noorani, A.G., (2011). A case for privacy. Available at: http://www.frontlineonnet.com/fl2824/stories/20111202282401300.htm. [Last accessed 25th December 2012].
Nussbaum, M. C. (2000). Is Privacy Bad for Woman? : What the Indian constitutional tradition can teach about sex equality. Available: http://bostonreview.net/BR25.2/nussbaum.html. Last accessed 25 February 2012.
Parliament, U.K., House of Commons. (2010). Identity documents bill. Available at: http://www.publications.parliament.uk/pa/cm201011/cmbills/001/2011001.pdf. Last accessed 14th January 2012.
Ramachandran, R., (2011). “How reliable is UID?” Frontline, 28.
Ramakumar, R. (2010a). The Unique ID Project in India: A Skeptical Note. Springer Berlin Heidelberg. 6005, 154-168.
______., (2010b).“Food insecurities”. Frontline, 27. Available at: (www.frontline.in/navigation/?type=static&page=flonnet&rdurl=fl2715/stories/20100730271513000.htm)
______., (2011b). “Identity Concerns”. Frontline, 28. Available at: (http://www.frontlineonnet.com/fl2824/stories/20111202282400400.htm)
Ramanathan, U. (2010). “A Unique Identity Bill”. Economic and Political Weekly. 30: 11-12.
______. (2009b). “Biometrics Design Standards for UID Applications”. Committee on Biometrics. Available at:
http://uidai.gov.in/UID_PDF/Committees/Biometrics_Standards_Committee_report.pdf
______. (2010). UIDAI Strategy Overview: Creating A Unique Identity Number for Every Resident in India. Available at: http://www.uidai.gov.in/UID_PDF/Front_Page_Articles/Documents/Strategy_Overveiw-001.pdf
Whitley, E. and Hosein, G. (2010). Global Challenges for Identity Policies. London. Palgrave Macmillan Publishers.
Photo Credits: Sharma, Ashish. Open Magazine
Footnotes
[1] UIDAI, 2010, UIDAI Strategy Overview, e-copy of the document accessible at http://www.uidai.gov.in/UID_PDF/Front_Page_Articles/Documents/Strategy_Overveiw-001.pdf
[2] Excerpt from the personal interview conducted on January 3, 2012
[4] Excerpt from the personal interview conducted on December 10, 2011.
[5] UIDAI, 2010, Working paper, Envisioning a role for Aadhaar in the Public Distribution System
[6] Excerpt from the personal interview conducted on December 23, 2011