5419 - Should Nandan Nilekani's Aadhaar project, for identity proof and welfare delivery, exist at all? - Economic Times

Should Nandan Nilekani's Aadhaar project, for identity proof and welfare delivery, exist at all?

M Rajshekhar, ET Bureau Apr 3, 2014, 11.59AM IST

The foundation of Aadhaar—a Congress flagship project to give every Indian a unique identity number and then use it to deliver services—has been under assault in the past three months.

Political, legal, reputational.

The political backlash is coming from leaders of BJP, the Congress' principal rival. Meenakshi Lekhi and Ananth Kumar are not, by any stretch of the imagination, the first or the last word on policy matters in the BJP, but they mince no words when they say that if their party forms a government, it will trash Aadhaar —a project that has delivered a unique ID to half of India and on which Rs 3,800 crore has been spent.

Even as BJP's loose cannons fired, the Supreme Court repeated on March 24 that the government cannot make Aadhaar mandatory to access welfare services like pensions and LPG subsidy. The same day, investigative journalism portal Cobrapost aired videos that allegedly showed agencies agreeing to enrol people from neighbouring countries for a bribe.

The BJP piled on. "It (Aadhaar) has served no purpose. They have issued cards to illegal migrants. We want citizenship cards," says Prakash Javadekar, spokesperson of BJP. His party does not have an official policy line on Aadhaar as yet, but another of its leaders, Yashwant Sinha, headed the Parliamentary panel that, in 2011, severely criticised and rejected the draft bill that provided the legal framework for Aadhaar. "We are for direct benefit transfer but not on the basis of Aadhaar, which is a very badly-designed scheme," Sinha told CNBC-TV18 on January 31. "We will give it to all citizens of India on the basis of NPR."

On the campaign trail in Bangalore, Nandan Nilekani, the chief architect and implementer of Aadhaar, defends his work as the chairman of Unique Identification Authority of India (UIDAI). "Aadhaar is a pro-development and an anti-corruption platform," says Nilekani, who was brought in by the Congress high command in 2009 and is contesting these elections on a party ticket against BJP's Kumar in Bangalore South. "It is a pity that some vested interests with narrow political and other motives are trying to stall the project."

Lost in those binaries are the objectives of Aadhaar, to universalise identity proof and to use it to plug leakages in delivery of welfare services. UIDAI, led by a hands-on Nilekani, pursued this agenda with a certain authority, great speed and an overriding emphasis on technology, all of which delivered outcomes.

But they also contributed to shortcomings that saw the project stumble on its way and for which it is now being critiqued. "This is the only way transformation takes place," says K Koshy, who was part of the team that conceptualised Aadhaar and is now with Ernst & Young. "When you know the ultimate system is workable, you sort out the problems as you go along."

Except, given the political winds blowing, it's anyone's guess what the new dispensation will feel about Aadhaar and UIDAI, from where Nilekani resigned on March 13 and which is seeing many officers who came from other parts of the government, on deputation, returning. Will the new dispensation see Aadhaar as an idea that is sound but with parts that need strengthening? Or, will they see it as an idea that is, by itself, fallacious? "I don't know where this is going," says Abhijit Sen, member, Planning Commission, under which UIDAI is housed.

5045 - Nilekani Caught on Wrong Foot on Biometric Data - New Indian Express

Nilekani Caught on Wrong Foot on Biometric Data

By Express News Service - NEW DELHI

Published: 27th December 2013 07:20 AM

Last Updated: 27th December 2013 07:40 AM

Contrary to Unique Identification Authority of India chairman Nandan Nilekani’s claim of the biometric system used for the the creation of Aadhar identity numbers being infallible, an RTI response related to one of its contracts to private parties revealed that the system was not completely accurate and that the uniqueness of the biometrics of a person is still an assumption.

The Contract agreement between Ernst & Young and the UIDAI raised serious questions over the entire process of the largest biometric identification scheme in the world, ambitiously storing data of over a billion persons.

The global consultancy firm Ernst & Young was given the responsibility of setting up the Central Identities Data Repository (CIDR) and selecting Managed Service Provider (MSP), by the UIDAI in 2010. The contract agreement was obtained through an RTI filed on December 6, 2013.

“The Primary claim of the whole exercise is that we are able to assign a unique ID to every individual who is enrolled in the system. However, the uniqueness of the biometrics of a person is still a postulate, albeit with very strong statistical evidence,” said the contract chapter on approach and methodology. In January last year, the Home Ministry had raised concerns over the collection of biometrics of residents saying that the biometric technology of the UIDAI could be flawed. However, the UDIAI was quick to rebut the apprehensions claiming that enrolment system had proven to be reliable, accurate and scalable.

There are other startling disclosures in the appendices of the contract, which reveals that there is also a possibility that the biometric data of two different individuals could be identical.

“The loss in information due to limitations of the capture setup or physical conditions of the body, and due the feature representation, there is a non-zero probability that two fingerprints or IRIS prints coming from different individuals can be called a match,” it stated.

Nilekani in a statement made in January 2012 had maintained that the “UIDAI biometric system is processing over 100 trillion biometric person matches with a high degree of accuracy each day, capable of issuing 10 lakh Aadhaars daily. This makes it not only one of the most accurate, but soon to be the largest biometric system in the world”.

Related Stories:

States be Told that Aadhaar is not Must: Panel

LGBT Community Worried over Availing Govt Schemes

UIDAI's French Deal Papers Go Missing?

Aadhaar scheme does not violate fundamental rights, says UIDAI

2508 UID at The Core - Inclusion

UID at the Core

UID is an enabler that will create robustness. The tagging of UID number with different domains will ensure that the right individual gets the benefits, says Sunil R Chandiramani, Partner & National Leader – Government Services, at global consultancy Ernst & Young in an exclusive conversation with Inclusion


Q: There is a view that India has got far too many cards. What is the need for UID?
A: I view unique identity akin to creation of the circle. The power of UID is such that it creates an absolute basic core DNA that can be put to multiple uses. There is a big difference between cards that currently exist and what UID is all about. All existing identity cards have limited objective or purpose, and the possibility of building on them is very low. On the contrary UID attempts to create with the best technology available in hand a very simple way to authenticate an individual based on biometrics. UID is not a card but an identity and that is what makes it different.

Q: Somehow the packaging and the communication that comes out of UID is that it is going to solve all the problems. How do you think UID is going to help solve problems, and what are the real benefits of it?
A: UID now gives you the ability of doing a huge amount more on it. Let me share with you an example. In the entire PDS distribution chain you will find that leakages could happen through several different means and routes. Leakages can happen with (i) the quality of the product when delivered by the supplier; (ii) the correct beneficiary not getting the advantage; or, (iii) the PDS distributor delivering incorrect quantity or quality of the product.  Today UID can help plug leakage no. (ii) i.e. to control whether it is the right individual getting the benefit or not. In order to control other leakages other systems will need to be devised which include direct deposit of benefits into the recipients’ accounts and strong checks on what is delivered or sold in the marketplace. UID is not the solution to all problems, however, with the use of further analytics and other systems you can deliver better services and reduce leakages resulting in very large savings.

Q: When ministry of IT was setting up e-Governance, pretty much before they set up an infrastructure, it also started solving all the problems. A marketing machinery said it would give financial inclusion, it will take care of PDS and then in fact some village level entrepreneurs. UID seems to be going in the same direction. Isn’t it?
A: Projects that are transformational require people to see the entire picture and move forward to achieve the vision. One could consider sequential progression i.e. issuing the card first to all and then start deploying application in use. Given the sheer scale of the program, then everyone would have questioned the advantage and use of the UID number. Hence it is important that issuance and usage of this moves hand in hand.

All states have started off on this, some are doing it faster, and some are doing it slower. Once several departments start using the UID in their operations and see the advantage, they will be encouraged to push for greater use. These departments will be able to deliver better services and also be more economical in their service delivery.

Q: The first set of cards was distributed to residents of a village in Nandurbar district in Maharashtra in September last year. What difference has it made there?
A: UID is not an event, but a process; it has to achieve critical mass and adoption to measure benefits. There are multiple parallel things that need to be done. For e.g. UID is currently assisting in the process of financial inclusion. It has assisted in opening of banked accounts and enabling MGNERGS transactions. Similarly, UID is in the process of being adopted by the PDS system and Oil marketing companies. Once people start putting it into play the demand of it will only go up.

Q: We are distributing the number but who will make use of it?
A: The number is expected to be used by the recipient of public and private services and service providers alike. We expect various departments of the government, financial and telecom sectors to use it initially. As the pace of enrollments and authentication increases, more agencies will join the use. We need to understand that UID is an enabler - it can facilitate, but it is for these departments to conceptualise and implement.

Q: When the UID is taking its own technology calls, how would anybody else build his application on it?
A: The only thing that UID insists is standard formats for the data to be interoperable. It allows the user community to choose their own technology and I don’t see it as being the limiting factor.

Q: If you look at a project like MCA 21, a very successful project. The choices are left to vendor because you are supposed to run it and you decide what technology you are most comfortable with?
A: Given the sensitive nature of the project, data stored and the implications of anything going wrong with the entire database, is the reason that the Government or the UID has taken a very active stand on how they would participate in the whole process, to make sure that if tomorrow they had to change a vendor or make any other changes then they have the ability of managing that change. The intent is not to force any single vendor to be the sole supplier of technology but to promote open technology standards so long as it meets the requirements designed by the UIDAI. 

Q: What is the role of Ernst & Young?
A: Our role has essentially been to help them design the Central Identity Repository (CIDR) and other key technology infrastructure. As part of the mandate, we are expected to design the overall architecture of the system in its fully functional state adhering to design principles that adequately address the complexity and leading practices.
Also, we are engaged in helping them float RFPs and walking them through the evaluation process, drafting of SLA terms and other legal contractual obligations and help them program manage it in terms of ensuring that the vendors are delivering as per contract what they have committed to deliver.

Q: You are also consultants for NPCI, is there any linkage with that and  how does it impact Visa, Master Card?
A: That’s completely separate and not linked to what Aadhaar is trying to do. NPCI is  all about creating a payment gateway to manage local transactions.

Q: Where would that leave opening up of the market? Now we are saying we are going to nationalise all this, and there is going to be this sarkari solution?
A: Even today in the open world there isn’t only Master and Visa. There are number of players. The question is if today I am SBI. I create my own network of ATMs. I choose to also participate in the national ATM network. Similarly here a network is being created to manage local payments, however networks will compete with each other and the one offering the best rates and services at the end of the day will win.

Q: It is expected to get masses into the banking network and those guys are going to get benefits from the Government only through RuPay card. So there is no level playing field for the competition.
A: In contrast, through the common authentication service it creates a perfect level playing field. This is particularly true in the financial system where the institutions are often worried about the cost of identification and authentication services to expand the outreach. Those with deep pockets or Government support have extended these services, but with wide spread of UID, every service provider in the financial sector will be able to expand their operations without having to worry about the cost of underlying technology infrastructure.

Q: What are the biggest challenges that UID project faces in terms of technology?
A: The challenges are multifold. Firstly, no known biometric algorithms are available with a gallery size of a billion plus. We hardly find these with a couple of hundred million gallery size. So it has to be a constant endeavour for service provider to fine tune the algorithm to ensure accurate de-duplication and authentication. Secondly, biometric algorithms are known to have imperfections in minute percentages, which is a limitation of science. Thirdly, to design a system to support de-duplications of a billion plus and to support authentications which could run into few billions a day. Luckily, all of the above challenges have mitigation strategies available and are being considered actively along the implementation cycle.

Q: Why has Europe not done UID? Why has any business organization in the world not done it?
A: It is essential for us to understand and appreciate the spirit behind the project. Every solution and system has evolved or is constantly evolving solutions to provide a platform for identity and entitlement. The climatic conditions, literacy levels, perceptions of identify, social cultural approval, method of access, integrity of people and system vary in every country and society. It is really up to us to accept and embrace a system which will meet the expectations of billions.

Q: I have a credit card. It works on any ATM. They know who I am? (Besides) I have a PIN. I am putting in that PIN. Is it not unique?
A: “They know who you are” is an incorrect statement. All they know is that a transaction is occurring with the card and with the PIN, which you can’t refute. If I had your PIN and card and if I went out and did a transaction, under no circumstances can the transaction be refused.

Q: Why can’t we use biometrics on PAN?
A: It is not a great idea; especially when there is concern over number of duplicate PAN numbers, set in individual names. In future, I am confident that we will have Aadhaar enabled PAN accounts.

Q: For biometrics people say it’s over architected. You have all the ten fingers plus you have the hands and iris. Why?
A: In the villages particularly because of hard labour etc. the quality of finger prints i.e. the ridges and valleys in finger prints is very poor and this poses data quality issues for de-duplication and subsequent authentication. As this ID was to be used for authentication and technology enabled capture of more than one biometric a call was taken to capture all data points. Given the sheer size of the exercise it was thought best to capture all the elements required rather than have to repeat the exercise. In addition, it also brings down the probability of errors while de-duplicating the biometrics for unique identity. 

Q: De-duplication is a major issue. I believe you already have some four and a half million records. What if you are not able to scale and there are some errors still?
A: There are three vendors operating right now. Similar de-duplication is being performed by them to ensure accuracy and also test the capability of the algorithms.  Vendors are also constantly fine-tuning algorithms to improve their efficiency and effectiveness.  These multiple tests also ensure that the system will be able to scale and deliver results and is not dependent on a single vendor or technology. UID as a project has no margin of error for failure. 

1297 - The trouble with big brother’s eye - Source - Tehelka

From Tehelka Magazine, Vol 8, Issue 20, Dated 21 May 2011

CURRENT AFFAIRS        
UID PROJECT

The company that will provide biometric solutions for the UID project employs former US intelligence officials. What does this mean for our security, asks Baba Umar

LAST YEAR, Tembhali, a hamlet of around 1,500 villagers in Maharashtra’s Nandurbar district, suddenly received a facelift — paved roads, painted walls and uninterrupted power supply. Not much was known about the village until 29 September when Prime Minister Manmohan Singh and Congress supremo Sonia Gandhi landed here to launch the world’s largest unique identity programme.

The idea was to create unique biometric identification cards for more than 1.2 billion Indians that will contain basic information such as name, a photograph, gender and date of birth plus a microchip to link the card to a biometric database that will have the cardholder’s fingerprints, iris scan, digital face image and address.

The project, which has already cost around Rs 3,170 crore, is slated to help the poor get access to welfare schemes and rid the PDS of grain diversion and the Mahatma Gandhi National Rural Employment Guarantee Act (MGNREGA) of pilferage.

Eye spy? 

A Delhi resident has his iris scanned
Photo: Shailendra Pandey

“The UID can be leveraged at various points in welfare schemes to improve the delivery systems by making them transparent and cost-effective,” says Unique Identification Authority of India (UIDAI) Director-General Ram Sewak Sharma.

However, for those working on issues of food security, migration, MGNREGA, civil liberties and human rights, the UID is an invasion of privacy, through which personal information will be stored in a database that could be used for profiling, tracking and surveillance.

And the involvement of companies such as American defence contractor L-1 Identity Solutions — which has names associated with the CIA and other US defence organisations in its top management — together with US-based Ernst & Young and Accenture raises queries about how much access they will have over Indian data.

“Can the government or the UIDAI assure the people that their details will not be shared with business enterprises, companies and political outfits?” asks Gopal Krishna of the Citizens Forum for Civil Liberties. Krishna, who has been aggressively campaigning against the UID, says the Nazi Party had hired IBM to profile people “leading to the Holocaust”. He says IBM was and remains in census business and is currently part of World Bank’s e-Transform Initiative of the developing world of which the UID scheme is a component.

Related
Why Nandan wants to tag You
UID is an Identity Crisis in the Making by Usha Ramanathan-Tehelka
Falling Between The Barcodes-Tehelka

The three foreign companies will be implementing biometric solutions for UIDAI that includes designing, supplying, installing, commissioning, maintaining and supporting the multi-modal automatic biometric identification subsystem.

AMONG THE names associated with L-1 Identity Solutions are former CIA director George Tenet and former Homeland Security deputy secretary Adm James Loy, also on the board of Lockheed Martin. The company’s links with the US military establishment is underscored by the fact that its board of directors include former Army Technology Science Board member BG Beck, former chairperson for the Secretary of the Army’s National Science Centre Advisory Board Milton Cooper.

It’s feared that the database can be used as a bulwark against India because all US based firms are subject to the Patriot Act that obligates American companies to share their data with Washington.

L-1 also mentions on its website its experience with Pakistan’s unique identity agency NADRA (National Database & Registration Authority), which, Krishna says ‘appears to be created on the same business model that is packed by people with intelligence and military links’.

“The UIDAI feared to have linked CIDR with the National Intelligence Grid — created to connect 21 existing databases with Central and state government agencies — and National Population Register and L-1 and Accenture who work in close affinity with US intelligence agencies,” he adds.

 Most Christian and Muslim Dalits are probably worse 

off than so-called Hindu Dalits

Defence experts opposed to the UID, claim that the PMO, defence sites, and more than a thousand government sites were attacked 4,000 times by China in 2010 alone “and things seem no different in this case”.

“The UIDAI has been foolish in its approach towards setting up the UID database,” says Mathew Thomas, former army officer and a vehement critic. “In this programme, fingerprint technology is provided by a US-based company whose directors are former CIA and FBI officers. The database is set up by Accenture. The database is to be linked to other databases like banks, phone companies, etc. Once a person hacks into the UID database, s/he can gain access to any other database. We are handing over data to anyone who would like to take it.”

“Did you hear about the incident in which 77 million Sony Playstation accounts were hacked? That’s why a London School of Economics report warned that such a central database would be a potential target for terrorists. If the purpose is to reduce corruption in welfare schemes, then why create a database of all people? This is where the government and the UIDAI are telling lies. It’s because if they talk about the real purposes of the UID, people would start resisting. It is meant to track and target people,” adds Thomas.

However, contrary to Thomas, others like Brig (retd) Rumel Dahiya of the Institute for Defence Studies and Analysis don’t find anything wrong with the involvement of foreign firms. “I am not discounting that certain amount of pilferage will take place,” he says. “However, the UIDAI has to make sure that the data being processed isn’t linked to servers abroad and it remains within an Indian system. Information of sensitive nature is protected, vetting of all machines from microchips is done, and physical check is ensured when people are working on a database.”

HOWEVER, UIDAI’S Sharma fends off all this criticism by saying that the “data collected for Aadhaar enrolment will be held by the UIDAI and will not be accessible by outside agencies. Any violation will invoke penalties and legal action. Profiling and tracking info and transaction data will not be collected. The UIDAI will not reveal personal information from the database.”

One of the strongest resistances to the UID comes from legal experts who have been questioning UIDAI’s constitutional validity. According to them, many issues including profiling, privacy safeguards, civil liberties protection, and e-surveillance have been totally neglected from the Bill.

“The UIDAI should have been preceded by a constitutionally-sound legal framework and parliamentary oversight. Both of these are missing, making it an unconstitutional project,” says Supreme Court lawyer Praveen Dalal. “Constitutionally, preparation of a legislation/Bill is the duty of the Indian government and it must be passed by Parliament. But in this case, an authority like UIDAI is suggesting the Bill which is itself devoid of any constitutional validity,” says Dalal, adding the enrolment procedures and the exercise of taking biometric details too is “unconstitutional”.

Noted Supreme Court lawyer Rajeev Dhawan believes that internally displaced and refugees “are likely to be harassed”. “If the UID carries with it any other info that is kept in the government databases, it would be an invitation to big brother governance,” he explains. In an earlier interview to TEHELKA (Why Nandan Wants To Tag You 6 November 2010), UID Chairman Nandan Nilekani had himself argued that India needs a well-debated and pervasive privacy law, not restricted to UID.

Still in control UIDAI Director-General Ram Sewak Sharma 

has rubbished fears of data loss
Photo: Shailendra Pandey

Many critics argue that the UID is mainly a security project. And as far as socio-economic benefits of the UID are concerned, the UIDAI itself has stated that it is only in the identity business and the responsibility of tracking beneficiaries and the governance of service delivery will remain with the respective agencies.

“The UID cannot address the bulk of the delivery problems in two of the biggest social sector programmes like MGNREGA and PDS,” says writer and activist Ruchika Gupta. Coupled with technological challenges, the fact that only about half the villages in the country have the mobile connectivity required for UID to work, that biometric readers are error prone, susceptible to damage — linking UID with social sector legislation is completely baseless.

“Without assessing the relationship between an individual and the State, the programme was advertised with the name that corruption is the fundamental problem, but they are handing over all the details to those very people who we are accusing of corruption,” says independent law researcher Usha Ramanathan.

Then there is a strong criticism of the credibility of the UIDAI’s claims in the field of social policy too. “Scrutinising the UIDAI’s documents reveals their poor understanding of how PDS and MGNREGA leakages occur and little evidence of creative thinking on plugging them,” says Reetika Khera, a development economist and assistant professor at IIT, Delhi. She has been critical of the UIDAI’s assertions that the scheme is voluntary. “The UIDAI is eager to enrol people. Till enrolment remains voluntary, people are likely to come in a trickle. To encourage them, government departments will make it a pre-requisite, by linking issue of new job cards to UID enrolment.”

Data collected for Aadhaar enrolment won’t be 

accessible to outside agencies,’ says UIDAI’s 

Sharma

Khera has a point. Because recently the district administrations in Mysore and Bengaluru initiated steps making UID numbers compulsory at various levels in state government offices. The move leaves no chance to stay away from the scheme.

Similarly, India’s national payment gateway, National Payments Corporation of India (NPCI) aims to link Rupay, its soon to- be-launched domestic payment gateway on the pattern of Visa and MasterCard, with the UID programme. The move will allow customers to use their UID numbers as their banking passwords. All this makes UID a compulsory card that will link with it a person’s other information too which is contrary to UIDAI’s policy.

Even as Rajana Sonawane of Tembhali, the first Indian to receive the UID card wonders what benefits the card will offer him, the arguments continue elsewhere about the efficacy of this unique project.

Baba Umar is a Correspondent with Tehelka.
babaumar@tehelka.com